Date:         Tue, 21 Apr 2009 14:19:09 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      FASTBUGS for SL 5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

The following FASTBUGS have been uploaded to



         i386:
cpuspeed-1.2.1-7.el5.i386.rpm
device-mapper-multipath-0.4.7-23.el5_3.4.i386.rpm
dump-0.4b41-4.el5.i386.rpm
kpartx-0.4.7-23.el5_3.4.i386.rpm
rmt-0.4b41-4.el5.i386.rpm
rsh-0.17-40.el5.i386.rpm
rsh-server-0.17-40.el5.i386.rpm
scim-bridge-0.4.5-9.el5.i386.rpm
scim-bridge-gtk-0.4.5-9.el5.i386.rpm
        x86_64:
cpuspeed-1.2.1-7.el5.x86_64.rpm
device-mapper-multipath-0.4.7-23.el5_3.4.x86_64.rpm
dump-0.4b41-4.el5.x86_64.rpm
kpartx-0.4.7-23.el5_3.4.x86_64.rpm
rmt-0.4b41-4.el5.x86_64.rpm
rsh-0.17-40.el5.x86_64.rpm
rsh-server-0.17-40.el5.x86_64.rpm
scim-bridge-0.4.5-9.el5.x86_64.rpm
scim-bridge-gtk-0.4.5-9.el5.i386.rpm
scim-bridge-gtk-0.4.5-9.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson
Date:         Thu, 23 Apr 2009 15:25:56 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Critical: seamonkey on SL3.x, SL4.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Critical: seamonkey security update
Issue date:	2009-04-21
CVE Names:	CVE-2009-0652 CVE-2009-1303 CVE-2009-1305
                   CVE-2009-1306 CVE-2009-1307 CVE-2009-1309
                   CVE-2009-1311 CVE-2009-1312

Several flaws were found in the processing of malformed web content. A 
web page containing malicious content could cause SeaMonkey to crash or,
potentially, execute arbitrary code as the user running SeaMonkey.
(CVE-2009-1303, CVE-2009-1305)

Several flaws were found in the way malformed web content was processed. 
A web page containing malicious content could execute arbitrary 
JavaScript in the context of the site, possibly presenting misleading 
data to a user, or stealing sensitive information such as login 
credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, 
CVE-2009-1309, CVE-2009-1312)

A flaw was found in the way SeaMonkey saved certain web pages to a local
file. If a user saved the inner frame of a web page containing POST 
data, the POST data could be revealed to the inner frame, possibly 
surrendering sensitive information such as login credentials. 
(CVE-2009-1311)

SeaMonkey must be restarted for the changes to take effect.

SL 3.0.x

      SRPMS:
seamonkey-1.0.9-0.37.el3.src.rpm
      i386:
seamonkey-1.0.9-0.37.el3.i386.rpm
seamonkey-chat-1.0.9-0.37.el3.i386.rpm
seamonkey-devel-1.0.9-0.37.el3.i386.rpm
seamonkey-dom-inspector-1.0.9-0.37.el3.i386.rpm
seamonkey-js-debugger-1.0.9-0.37.el3.i386.rpm
seamonkey-mail-1.0.9-0.37.el3.i386.rpm
seamonkey-nspr-1.0.9-0.37.el3.i386.rpm
seamonkey-nspr-devel-1.0.9-0.37.el3.i386.rpm
seamonkey-nss-1.0.9-0.37.el3.i386.rpm
seamonkey-nss-devel-1.0.9-0.37.el3.i386.rpm
      x86_64:
seamonkey-1.0.9-0.37.el3.i386.rpm
seamonkey-1.0.9-0.37.el3.x86_64.rpm
seamonkey-chat-1.0.9-0.37.el3.i386.rpm
seamonkey-chat-1.0.9-0.37.el3.x86_64.rpm
seamonkey-devel-1.0.9-0.37.el3.x86_64.rpm
seamonkey-dom-inspector-1.0.9-0.37.el3.i386.rpm
seamonkey-dom-inspector-1.0.9-0.37.el3.x86_64.rpm
seamonkey-js-debugger-1.0.9-0.37.el3.i386.rpm
seamonkey-js-debugger-1.0.9-0.37.el3.x86_64.rpm
seamonkey-mail-1.0.9-0.37.el3.i386.rpm
seamonkey-mail-1.0.9-0.37.el3.x86_64.rpm
seamonkey-nspr-1.0.9-0.37.el3.i386.rpm
seamonkey-nspr-1.0.9-0.37.el3.x86_64.rpm
seamonkey-nspr-devel-1.0.9-0.37.el3.x86_64.rpm
seamonkey-nss-1.0.9-0.37.el3.i386.rpm
seamonkey-nss-1.0.9-0.37.el3.x86_64.rpm
seamonkey-nss-devel-1.0.9-0.37.el3.x86_64.rpm

SL 4.x

      SRPMS:
seamonkey-1.0.9-41.el4.src.rpm
      i386:
seamonkey-1.0.9-41.el4.i386.rpm
seamonkey-chat-1.0.9-41.el4.i386.rpm
seamonkey-devel-1.0.9-41.el4.i386.rpm
seamonkey-dom-inspector-1.0.9-41.el4.i386.rpm
seamonkey-js-debugger-1.0.9-41.el4.i386.rpm
seamonkey-mail-1.0.9-41.el4.i386.rpm
      x86_64:
seamonkey-1.0.9-41.el4.i386.rpm
seamonkey-1.0.9-41.el4.x86_64.rpm
seamonkey-chat-1.0.9-41.el4.i386.rpm
seamonkey-chat-1.0.9-41.el4.x86_64.rpm
seamonkey-devel-1.0.9-41.el4.x86_64.rpm
seamonkey-dom-inspector-1.0.9-41.el4.i386.rpm
seamonkey-dom-inspector-1.0.9-41.el4.x86_64.rpm
seamonkey-js-debugger-1.0.9-41.el4.i386.rpm
seamonkey-js-debugger-1.0.9-41.el4.x86_64.rpm
seamonkey-mail-1.0.9-41.el4.i386.rpm
seamonkey-mail-1.0.9-41.el4.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2009-0652 Critical: seamonkey SL3.x, SL4.x i386/x86_64

Critical: seamonkey security update

Summary

Date:         Tue, 21 Apr 2009 14:19:09 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      FASTBUGS for SL 5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          The following FASTBUGS have been uploaded to         i386:cpuspeed-1.2.1-7.el5.i386.rpmdevice-mapper-multipath-0.4.7-23.el5_3.4.i386.rpmdump-0.4b41-4.el5.i386.rpmkpartx-0.4.7-23.el5_3.4.i386.rpmrmt-0.4b41-4.el5.i386.rpmrsh-0.17-40.el5.i386.rpmrsh-server-0.17-40.el5.i386.rpmscim-bridge-0.4.5-9.el5.i386.rpmscim-bridge-gtk-0.4.5-9.el5.i386.rpm        x86_64:cpuspeed-1.2.1-7.el5.x86_64.rpmdevice-mapper-multipath-0.4.7-23.el5_3.4.x86_64.rpmdump-0.4b41-4.el5.x86_64.rpmkpartx-0.4.7-23.el5_3.4.x86_64.rpmrmt-0.4b41-4.el5.x86_64.rpmrsh-0.17-40.el5.x86_64.rpmrsh-server-0.17-40.el5.x86_64.rpmscim-bridge-0.4.5-9.el5.x86_64.rpmscim-bridge-gtk-0.4.5-9.el5.i386.rpmscim-bridge-gtk-0.4.5-9.el5.x86_64.rpm-Connie Sieh-Troy DawsonDate:         Thu, 23 Apr 2009 15:25:56 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA Critical: seamonkey on SL3.x, SL4.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Critical: seamonkey security updateIssue date:	2009-04-21CVE Names:	CVE-2009-0652 CVE-2009-1303 CVE-2009-1305                   CVE-2009-1306 CVE-2009-1307 CVE-2009-1309                   CVE-2009-1311 CVE-2009-1312Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or,potentially, execute arbitrary code as the user running SeaMonkey.(CVE-2009-1303, CVE-2009-1305)Several flaws were found in the way malformed web content was processed. A web page containing malicious content could execute arbitrary JavaScript in the context of the site, possibly presenting misleading data to a user, or stealing sensitive information such as login credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1309, CVE-2009-1312)A flaw was found in the way SeaMonkey saved certain web pages to a localfile. If a user saved the inner frame of a web page containing POST data, the POST data could be revealed to the inner frame, possibly surrendering sensitive information such as login credentials. (CVE-2009-1311)SeaMonkey must be restarted for the changes to take effect.SL 3.0.x      SRPMS:seamonkey-1.0.9-0.37.el3.src.rpm      i386:seamonkey-1.0.9-0.37.el3.i386.rpmseamonkey-chat-1.0.9-0.37.el3.i386.rpmseamonkey-devel-1.0.9-0.37.el3.i386.rpmseamonkey-dom-inspector-1.0.9-0.37.el3.i386.rpmseamonkey-js-debugger-1.0.9-0.37.el3.i386.rpmseamonkey-mail-1.0.9-0.37.el3.i386.rpmseamonkey-nspr-1.0.9-0.37.el3.i386.rpmseamonkey-nspr-devel-1.0.9-0.37.el3.i386.rpmseamonkey-nss-1.0.9-0.37.el3.i386.rpmseamonkey-nss-devel-1.0.9-0.37.el3.i386.rpm      x86_64:seamonkey-1.0.9-0.37.el3.i386.rpmseamonkey-1.0.9-0.37.el3.x86_64.rpmseamonkey-chat-1.0.9-0.37.el3.i386.rpmseamonkey-chat-1.0.9-0.37.el3.x86_64.rpmseamonkey-devel-1.0.9-0.37.el3.x86_64.rpmseamonkey-dom-inspector-1.0.9-0.37.el3.i386.rpmseamonkey-dom-inspector-1.0.9-0.37.el3.x86_64.rpmseamonkey-js-debugger-1.0.9-0.37.el3.i386.rpmseamonkey-js-debugger-1.0.9-0.37.el3.x86_64.rpmseamonkey-mail-1.0.9-0.37.el3.i386.rpmseamonkey-mail-1.0.9-0.37.el3.x86_64.rpmseamonkey-nspr-1.0.9-0.37.el3.i386.rpmseamonkey-nspr-1.0.9-0.37.el3.x86_64.rpmseamonkey-nspr-devel-1.0.9-0.37.el3.x86_64.rpmseamonkey-nss-1.0.9-0.37.el3.i386.rpmseamonkey-nss-1.0.9-0.37.el3.x86_64.rpmseamonkey-nss-devel-1.0.9-0.37.el3.x86_64.rpmSL 4.x      SRPMS:seamonkey-1.0.9-41.el4.src.rpm      i386:seamonkey-1.0.9-41.el4.i386.rpmseamonkey-chat-1.0.9-41.el4.i386.rpmseamonkey-devel-1.0.9-41.el4.i386.rpmseamonkey-dom-inspector-1.0.9-41.el4.i386.rpmseamonkey-js-debugger-1.0.9-41.el4.i386.rpmseamonkey-mail-1.0.9-41.el4.i386.rpm      x86_64:seamonkey-1.0.9-41.el4.i386.rpmseamonkey-1.0.9-41.el4.x86_64.rpmseamonkey-chat-1.0.9-41.el4.i386.rpmseamonkey-chat-1.0.9-41.el4.x86_64.rpmseamonkey-devel-1.0.9-41.el4.x86_64.rpmseamonkey-dom-inspector-1.0.9-41.el4.i386.rpmseamonkey-dom-inspector-1.0.9-41.el4.x86_64.rpmseamonkey-js-debugger-1.0.9-41.el4.i386.rpmseamonkey-js-debugger-1.0.9-41.el4.x86_64.rpmseamonkey-mail-1.0.9-41.el4.i386.rpmseamonkey-mail-1.0.9-41.el4.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News