Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 527
Alerts This Week
Warning Icon 1 527

Scientific Linux 3: CVE-2009-2404 Critical: SeaMonkey Heap Overflow

Scientific Large Esm H446
Critical: seamonkey security update
Date: Tue, 11 Aug 2009 14:28:38 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Critical: seamonkey on SL3.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Critical: seamonkey security update
Issue date:	2009-07-30
CVE Names:	CVE-2009-2404

CVE-2009-2404 nss regexp heap overflow

Moxie Marlinspike reported a heap overflow flaw in a regular expression
parser in the NSS library (provided by SeaMonkey) used to match common
names in certificates. A malicious website could present a
carefully-crafted certificate in such a way as to trigger the heap
overflow, leading to a crash or, possibly, arbitrary code execution with
the permissions of the user running SeaMonkey. (CVE-2009-2404)

Note: in order to exploit this issue without further user interaction,
the carefully-crafted certificate would need to be signed by a
Certificate Authority trusted by SeaMonkey, otherwise SeaMonkey presents
the victim with a warning that the certificate is untrusted. Only if the
user then accepts the certificate will the overflow take place.

After installing the updated packages, SeaMonkey must be restarted for
the update to take effect.

SL 3.0.x

 SRPMS:
seamonkey-1.0.9-0.41.el3.src.rpm
 i386:
seamonkey-1.0.9-0.41.el3.i386.rpm
seamonkey-chat-1.0.9-0.41.el3.i386.rpm
seamonkey-devel-1.0.9-0.41.el3.i386.rpm
seamonkey-dom-inspector-1.0.9-0.41.el3.i386.rpm
seamonkey-js-debugger-1.0.9-0.41.el3.i386.rpm
seamonkey-mail-1.0.9-0.41.el3.i386.rpm
seamonkey-nspr-1.0.9-0.41.el3.i386.rpm
seamonkey-nspr-devel-1.0.9-0.41.el3.i386.rpm
seamonkey-nss-1.0.9-0.41.el3.i386.rpm
seamonkey-nss-devel-1.0.9-0.41.el3.i386.rpm
 x86_64:
seamonkey-1.0.9-0.41.el3.i386.rpm
seamonkey-1.0.9-0.41.el3.x86_64.rpm
seamonkey-chat-1.0.9-0.41.el3.i386.rpm
seamonkey-chat-1.0.9-0.41.el3.x86_64.rpm
seamonkey-devel-1.0.9-0.41.el3.x86_64.rpm
seamonkey-dom-inspector-1.0.9-0.41.el3.i386.rpm
seamonkey-dom-inspector-1.0.9-0.41.el3.x86_64.rpm
seamonkey-js-debugger-1.0.9-0.41.el3.i386.rpm
seamonkey-js-debugger-1.0.9-0.41.el3.x86_64.rpm
seamonkey-mail-1.0.9-0.41.el3.i386.rpm
seamonkey-mail-1.0.9-0.41.el3.x86_64.rpm
seamonkey-nspr-1.0.9-0.41.el3.i386.rpm
seamonkey-nspr-1.0.9-0.41.el3.x86_64.rpm
seamonkey-nspr-devel-1.0.9-0.41.el3.x86_64.rpm
seamonkey-nss-1.0.9-0.41.el3.i386.rpm
seamonkey-nss-1.0.9-0.41.el3.x86_64.rpm
seamonkey-nss-devel-1.0.9-0.41.el3.x86_64.rpm

-Connie Sieh
-Troy Dawson