Critical: firefox security update
Date: Tue, 8 Jan 2013 08:51:36 -0600
Reply-To: Pat Riehecky
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Organization: Fermilab
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0
The following FASTBUGS have been uploaded to
i386:
biosdevname-0.3.11-1.el6_3.1.i686.rpm
tomcat6-6.0.24-48.el6_3.noarch.rpm
tomcat6-admin-webapps-6.0.24-48.el6_3.noarch.rpm
tomcat6-docs-webapp-6.0.24-48.el6_3.noarch.rpm
tomcat6-el-2.1-api-6.0.24-48.el6_3.noarch.rpm
tomcat6-javadoc-6.0.24-48.el6_3.noarch.rpm
tomcat6-jsp-2.1-api-6.0.24-48.el6_3.noarch.rpm
tomcat6-lib-6.0.24-48.el6_3.noarch.rpm
tomcat6-servlet-2.5-api-6.0.24-48.el6_3.noarch.rpm
tomcat6-webapps-6.0.24-48.el6_3.noarch.rpm
x86_64:
biosdevname-0.3.11-1.el6_3.1.x86_64.rpm
qemu-guest-agent-0.12.1.2-2.295.el6_3.5.x86_64.rpm
qemu-img-0.12.1.2-2.295.el6_3.5.x86_64.rpm
qemu-kvm-0.12.1.2-2.295.el6_3.5.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.295.el6_3.5.x86_64.rpm
tomcat6-6.0.24-48.el6_3.noarch.rpm
tomcat6-admin-webapps-6.0.24-48.el6_3.noarch.rpm
tomcat6-docs-webapp-6.0.24-48.el6_3.noarch.rpm
tomcat6-el-2.1-api-6.0.24-48.el6_3.noarch.rpm
tomcat6-javadoc-6.0.24-48.el6_3.noarch.rpm
tomcat6-jsp-2.1-api-6.0.24-48.el6_3.noarch.rpm
tomcat6-lib-6.0.24-48.el6_3.noarch.rpm
tomcat6-servlet-2.5-api-6.0.24-48.el6_3.noarch.rpm
tomcat6-webapps-6.0.24-48.el6_3.noarch.rpm
Date: Tue, 8 Jan 2013 08:51:37 -0600
Reply-To: Pat Riehecky
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Organization: Fermilab
Subject: FASTBUGS for SL 5x i386, x86_64 now available
MIME-Version: 1.0
The following FASTBUGS have been uploaded to
i386:
bind-9.3.6-20.P1.el5_8.6.i386.rpm
bind97-9.7.0-10.P2.el5_8.5.i386.rpm
bind97-chroot-9.7.0-10.P2.el5_8.5.i386.rpm
bind97-devel-9.7.0-10.P2.el5_8.5.i386.rpm
bind97-libs-9.7.0-10.P2.el5_8.5.i386.rpm
bind97-utils-9.7.0-10.P2.el5_8.5.i386.rpm
bind-chroot-9.3.6-20.P1.el5_8.6.i386.rpm
bind-devel-9.3.6-20.P1.el5_8.6.i386.rpm
bind-libbind-devel-9.3.6-20.P1.el5_8.6.i386.rpm
bind-libs-9.3.6-20.P1.el5_8.6.i386.rpm
bind-sdb-9.3.6-20.P1.el5_8.6.i386.rpm
bind-utils-9.3.6-20.P1.el5_8.6.i386.rpm
caching-nameserver-9.3.6-20.P1.el5_8.6.i386.rpm
device-mapper-multipath-0.4.7-48.el5_8.2.i386.rpm
gtk2-2.10.4-23.el5_8.i386.rpm
gtk2-devel-2.10.4-23.el5_8.i386.rpm
kpartx-0.4.7-48.el5_8.2.i386.rpm
x86_64:
bind-9.3.6-20.P1.el5_8.6.x86_64.rpm
bind97-9.7.0-10.P2.el5_8.5.x86_64.rpm
bind97-chroot-9.7.0-10.P2.el5_8.5.x86_64.rpm
bind97-devel-9.7.0-10.P2.el5_8.5.i386.rpm
bind97-devel-9.7.0-10.P2.el5_8.5.x86_64.rpm
bind97-libs-9.7.0-10.P2.el5_8.5.i386.rpm
bind97-libs-9.7.0-10.P2.el5_8.5.x86_64.rpm
bind97-utils-9.7.0-10.P2.el5_8.5.x86_64.rpm
bind-chroot-9.3.6-20.P1.el5_8.6.x86_64.rpm
bind-devel-9.3.6-20.P1.el5_8.6.i386.rpm
bind-devel-9.3.6-20.P1.el5_8.6.x86_64.rpm
bind-libbind-devel-9.3.6-20.P1.el5_8.6.i386.rpm
bind-libbind-devel-9.3.6-20.P1.el5_8.6.x86_64.rpm
bind-libs-9.3.6-20.P1.el5_8.6.i386.rpm
bind-libs-9.3.6-20.P1.el5_8.6.x86_64.rpm
bind-sdb-9.3.6-20.P1.el5_8.6.x86_64.rpm
bind-utils-9.3.6-20.P1.el5_8.6.x86_64.rpm
caching-nameserver-9.3.6-20.P1.el5_8.6.x86_64.rpm
device-mapper-multipath-0.4.7-48.el5_8.2.x86_64.rpm
gtk2-2.10.4-23.el5_8.i386.rpm
gtk2-2.10.4-23.el5_8.x86_64.rpm
gtk2-devel-2.10.4-23.el5_8.i386.rpm
gtk2-devel-2.10.4-23.el5_8.x86_64.rpm
kpartx-0.4.7-48.el5_8.2.x86_64.rpm
Date: Thu, 10 Jan 2013 10:02:22 -0600
Reply-To: Pat Riehecky
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Organization: Fermilab
Subject: Security ERRATA Critical: firefox on SL5.x, SL6.x i386/x86_64
MIME-Version: 1.0
Synopsis: Critical: firefox security update
Issue Date: 2013-01-08
CVE Numbers: CVE-2013-0769
CVE-2013-0762
CVE-2013-0766
CVE-2013-0767
CVE-2013-0759
CVE-2013-0744
CVE-2013-0746
CVE-2013-0748
CVE-2013-0750
CVE-2013-0758
CVE-2013-0753
CVE-2013-0754
--
Several flaws were found in the processing of malformed web content. A
web page
containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox.
(CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754,
CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769)
A flaw was found in the way Chrome Object Wrappers were implemented.
Malicious
content could be used to cause Firefox to execute arbitrary code via
plug-ins
installed in Firefox. (CVE-2013-0758)
A flaw in the way Firefox displayed URL values in the address bar could
allow a
malicious site or user to perform a phishing attack. (CVE-2013-0759)
An information disclosure flaw was found in the way certain JavaScript
functions were implemented in Firefox. An attacker could use this flaw to
bypass Address Space Layout Randomization (ASLR) and other security
restrictions. (CVE-2013-0748)
After installing the update, Firefox must be restarted for the changes to
take effect.
--
SL5
x86_64
firefox-10.0.12-1.el5_9.i386.rpm
firefox-10.0.12-1.el5_9.x86_64.rpm
firefox-debuginfo-10.0.12-1.el5_9.i386.rpm
firefox-debuginfo-10.0.12-1.el5_9.x86_64.rpm
xulrunner-10.0.12-1.el5_9.i386.rpm
xulrunner-10.0.12-1.el5_9.x86_64.rpm
xulrunner-debuginfo-10.0.12-1.el5_9.i386.rpm
xulrunner-debuginfo-10.0.12-1.el5_9.x86_64.rpm
xulrunner-devel-10.0.12-1.el5_9.i386.rpm
xulrunner-devel-10.0.12-1.el5_9.x86_64.rpm
i386
firefox-10.0.12-1.el5_9.i386.rpm
firefox-debuginfo-10.0.12-1.el5_9.i386.rpm
xulrunner-10.0.12-1.el5_9.i386.rpm
xulrunner-debuginfo-10.0.12-1.el5_9.i386.rpm
xulrunner-devel-10.0.12-1.el5_9.i386.rpm
SL6
x86_64
firefox-10.0.12-1.el6_3.i686.rpm
firefox-10.0.12-1.el6_3.x86_64.rpm
firefox-debuginfo-10.0.12-1.el6_3.i686.rpm
firefox-debuginfo-10.0.12-1.el6_3.x86_64.rpm
xulrunner-10.0.12-1.el6_3.i686.rpm
xulrunner-10.0.12-1.el6_3.x86_64.rpm
xulrunner-debuginfo-10.0.12-1.el6_3.i686.rpm
xulrunner-debuginfo-10.0.12-1.el6_3.x86_64.rpm
xulrunner-devel-10.0.12-1.el6_3.i686.rpm
xulrunner-devel-10.0.12-1.el6_3.x86_64.rpm
i386
firefox-10.0.12-1.el6_3.i686.rpm
firefox-debuginfo-10.0.12-1.el6_3.i686.rpm
xulrunner-10.0.12-1.el6_3.i686.rpm
xulrunner-debuginfo-10.0.12-1.el6_3.i686.rpm
xulrunner-devel-10.0.12-1.el6_3.i686.rpm
- Scientific Linux Development Team