Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
89
security advisorysecurity issueFedoraFedora 10: 2009:7961 Critical: Devhelp Remote Code Execution
Update to new upstream Firefox version 3.0.12, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-7961 2009-07-23 18:32:19 -------------------------------------------------------------------------------- Name : devhelp Product : Fedora 10 Version : 0.22 Release : 10.fc10 URL : Summary : API document browser Description : An API document browser for GNOME 2. -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.0.12, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 21 2009 Jan Horak - 0.22-10 - Rebuild against newer gecko * Thu Jun 11 2009 Christopher Aillon - 0.22-9 - Rebuild against newer gecko * Mon Apr 27 2009 Christopher Aillon - 0.22-8 - Rebuild against newer gecko * Tue Apr 21 2009 Christopher Aillon - 0.22-7 - Rebuild against newer gecko * Fri Mar 27 2009 Christopher Aillon - 0.22-6 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 0.22-5 - Rebuild against newer gecko * Mon Feb 16 2009 - Bastien Nocera - 0.22-4 - Remove gecko BRs - Fix displaying web pages, WebKit doesn't like local filenames as URIs * Wed Feb 4 2009 Christopher Aillon - 0.22-3 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 0.22-2 - Rebuild against newer gecko * Mon Dec 1 2008 Matthew Barnes - 0.22-1 - Update to 0.22 - Add BR:WebKit-gtk-devel -------------------------------------------------------------------------------- References: [ 1 ] Bug #512131 - CVE-2009-2463 Mozilla Base64 decoding crash https://bugzilla.redhat.com/show_bug.cgi?id=512131 [ 2 ] Bug #512133 - CVE-2009-2464 Mozilla crash with multiple RDFs in XUL tree https://bugzilla.redhat.com/show_bug.cgi?id=512133 [ 3 ] Bug #512135 - CVE-2009-2465 Mozilla double frame construction crashes https://bugzilla.redhat.com/show_bug.cgi?id=512135 [ 4 ] Bug #512128 - CVE-2009-2462 Mozilla Browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=512128 [ 5 ] Bug #512136 - CVE-2009-2466 Mozilla JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=512136 [ 6 ] Bug #512137 - CVE-2009-2467 Mozilla remote code execution during Flash player unloading https://bugzilla.redhat.com/show_bug.cgi?id=512137 [ 7 ] Bug #512142 - CVE-2009-2469 Mozilla remote code execution using watch and __defineSetter__ on SVG element https://bugzilla.redhat.com/show_bug.cgi?id=512142 [ 8 ] Bug #512146 - CVE-2009-2471 Mozilla setTimeout loses XPCNativeWrappers https://bugzilla.redhat.com/show_bug.cgi?id=512146 [ 9 ] Bug #512147 - CVE-2009-2472 Mozilla multiple cross origin wrapper bypasses https://bugzilla.redhat.com/show_bug.cgi?id=512147 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update devhelp' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailinglist
Jul 23, 2009
•Critical
Fedora
89
security advisoryFedorasoftware patchFedora 9: 2009-6411 Moderate: Devhelp Update for Firefox Issues
Update to new upstream Firefox version 3.0.11, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Update also includes all packages depending on gecko-libs rebuild against new version of Firefox / XULRunner.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-6411 2009-06-15 22:07:28 -------------------------------------------------------------------------------- Name : devhelp Product : Fedora 9 Version : 0.19.1 Release : 13.fc9 URL : Summary : API document browser Description : An API document browser for GNOME 2. -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.0.11, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Update also includes all packages depending on gecko-libs rebuild against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2009 Christopher Aillon - 0.19.1-13 - Rebuild against newer gecko * Mon Apr 27 2009 Christopher Aillon - 0.19.1-12 - Rebuild against newer gecko * Tue Apr 21 2009 Christopher Aillon - 0.19.1-11 - Rebuild against newer gecko * Fri Mar 27 2009 Christopher Aillon - 0.19.1-10 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 0.19.1-9 - Rebuild against newer gecko * Wed Feb 4 2009 Christopher Aillon - 0.19.1-8 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 0.19.1-7 - Rebuild against newer gecko * Wed Nov 12 2008 Christopher Aillon - 0.19.1-6 - Rebuild against newer gecko * Thu Oct 23 2008 Martin Stransky - 0.19.1-5 - fixed #399441 - devhelp compiled against xulrunner doesn't seem to pick up css * Wed Sep 24 2008 Christopher Aillon - 0.19.1-4 -Rebuild against newer gecko * Wed Jul 16 2008 Christopher Aillon - 0.19.1-3 - Rebuild against newer gecko * Wed Jun 18 2008 Owen Taylor - 0.19.1-2 - Rebuild against xulrunner-1.9 * Mon May 26 2008 Matthew Barnes - 0.19.1-1 - Update to 0.19.1 * Sun May 4 2008 Matthias Clasen - 0.19-5 - Fix source url -------------------------------------------------------------------------------- References: [ 1 ] Bug #503568 - CVE-2009-1392 Firefox browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=503568 [ 2 ] Bug #503569 - CVE-2009-1832 Firefox double frame construction flaw https://bugzilla.redhat.com/show_bug.cgi?id=503569 [ 3 ] Bug #503570 - CVE-2009-1833 Firefox JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=503570 [ 4 ] Bug #503573 - CVE-2009-1834 Firefox URL spoofing with invalid unicode characters https://bugzilla.redhat.com/show_bug.cgi?id=503573 [ 5 ] Bug #503576 - CVE-2009-1835 Firefox Arbitrary domain cookie access by local file: resources https://bugzilla.redhat.com/show_bug.cgi?id=503576 [ 6 ] Bug #503578 - CVE-2009-1836 Firefox SSL tampering via non-200 responses to proxy CONNECT requests https://bugzilla.redhat.com/show_bug.cgi?id=503578 [ 7 ] Bug #503579 - CVE-2009-1837 Firefox Race condition while accessing the private data of a NPObject JS wrapper class object https://bugzilla.redhat.com/show_bug.cgi?id=503579 [ 8 ] Bug #503580 - CVE-2009-1838 Firefox arbitrary code execution flaw https://bugzilla.redhat.com/show_bug.cgi?id=503580 [ 9 ] Bug #503581 - CVE-2009-1839 Firefox information disclosure flaw https://bugzilla.redhat.com/show_bug.cgi?id=503581 [ 10 ] Bug #503582 - CVE-2009-1840 Firefox XUL scripts skip some security checks https://bugzilla.redhat.com/show_bug.cgi?id=503582 [ 11 ] Bug #503583 - CVE-2009-1841 Firefox JavaScript arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=503583 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update devhelp' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Jun 15, 2009
•Important
Fedora
89
security advisorysecurity issuefedoraFedora 10: 2009-4083 Moderate: Firefox Fix for Devhelp Package
Update to Firefox 3.0.10 fixing one security issue: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Depending packages rebuilt against new Firefox are also included in this update. Additional bugs fixed in other packages: - totem: Fix YouTube plugin following web site changes. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-4083 2009-04-28 00:41:58 -------------------------------------------------------------------------------- Name : devhelp Product : Fedora 10 Version : 0.22 Release : 8.fc10 URL : Summary : API document browser Description : An API document browser for GNOME 2. -------------------------------------------------------------------------------- Update Information: Update to Firefox 3.0.10 fixing one security issue: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Depending packages rebuilt against new Firefox are also included in this update. Additional bugs fixed in other packages: - totem: Fix YouTube plugin following web site changes -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 27 2009 Christopher Aillon - 0.22-8 - Rebuild against newer gecko * Tue Apr 21 2009 Christopher Aillon - 0.22-7 - Rebuild against newer gecko * Fri Mar 27 2009 Christopher Aillon - 0.22-6 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 0.22-5 - Rebuild against newer gecko * Mon Feb 16 2009 - Bastien Nocera - 0.22-4 - Remove gecko BRs - Fix displaying web pages, WebKit doesn't like local filenames as URIs * Wed Feb 4 2009 Christopher Aillon - 0.22-3 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 0.22-2 - Rebuild against newer gecko * Mon Dec 1 2008 Matthew Barnes - 0.22-1 - Update to 0.22 - Add BR: WebKit-gtk-devel -------------------------------------------------------------------------------- References: [ 1 ] Bug #497447 - CVE-2009-1313Firefox crash in nsTextFrame::ClearTextRun() https://bugzilla.redhat.com/show_bug.cgi?id=497447 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update devhelp' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Apr 27, 2009
•Important
Fedora
89
security advisorycriticalsoftware updateFedora 9: 2009-4078 Critical: Devhelp Fixes Firefox Crash
Update to Firefox 3.0.10 fixing one security issue: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Depending packages rebuilt against new Firefox are also included in this update. Additional bugs fixed in other packages: - totem: Fix YouTube plugin following web site changes. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-4078 2009-04-28 00:41:54 -------------------------------------------------------------------------------- Name : devhelp Product : Fedora 9 Version : 0.19.1 Release : 12.fc9 URL : Summary : API document browser Description : An API document browser for GNOME 2. -------------------------------------------------------------------------------- Update Information: Update to Firefox 3.0.10 fixing one security issue: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Depending packages rebuilt against new Firefox are also included in this update. Additional bugs fixed in other packages: - totem: Fix YouTube plugin following web site changes -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 27 2009 Christopher Aillon - 0.19.1-12 - Rebuild against newer gecko * Tue Apr 21 2009 Christopher Aillon - 0.19.1-11 - Rebuild against newer gecko * Fri Mar 27 2009 Christopher Aillon - 0.19.1-10 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 0.19.1-9 - Rebuild against newer gecko * Wed Feb 4 2009 Christopher Aillon - 0.19.1-8 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 0.19.1-7 - Rebuild against newer gecko * Wed Nov 12 2008 Christopher Aillon - 0.19.1-6 - Rebuild against newer gecko * Thu Oct 23 2008 Martin Stransky - 0.19.1-5 - fixed #399441 - devhelp compiled against xulrunner doesn't seem to pick up css * Wed Sep 24 2008 Christopher Aillon - 0.19.1-4 - Rebuild against newer gecko * Wed Jul 16 2008 Christopher Aillon - 0.19.1-3 -Rebuild against newer gecko * Wed Jun 18 2008 Owen Taylor - 0.19.1-2 - Rebuild against xulrunner-1.9 * Mon May 26 2008 Matthew Barnes - 0.19.1-1 - Update to 0.19.1 * Sun May 4 2008 Matthias Clasen - 0.19-5 - Fix source url -------------------------------------------------------------------------------- References: [ 1 ] Bug #497447 - CVE-2009-1313 Firefox crash in nsTextFrame::ClearTextRun() https://bugzilla.redhat.com/show_bug.cgi?id=497447 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update devhelp' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Apr 27, 2009
•Critical
Fedora
89
security advisorysoftware updateFedoraFedora 10 Devhelp 0.22-7 Moderate: Multiple Crash Issues Resolved
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-3893 2009-04-22 19:42:31 -------------------------------------------------------------------------------- Name : devhelp Product : Fedora 10 Version : 0.22 Release : 7.fc10 URL : Summary : API document browser Description : An API document browser for GNOME 2. -------------------------------------------------------------------------------- Update Information: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 21 2009 Christopher Aillon - 0.22-7 - Rebuild against newer gecko * Fri Mar 27 2009 Christopher Aillon - 0.22-6 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 0.22-5 - Rebuild against newer gecko * Mon Feb 16 2009 - Bastien Nocera - 0.22-4 - Remove gecko BRs - Fix displaying web pages, WebKit doesn't like local filenames as URIs * Wed Feb 4 2009 Christopher Aillon - 0.22-3 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 0.22-2 - Rebuild against newer gecko * Mon Dec 1 2008 Matthew Barnes - 0.22-1 - Update to 0.22 - Add BR: WebKit-gtk-devel -------------------------------------------------------------------------------- References: [ 1 ] Bug #496252 - CVE-2009-1302 Firefox 3 Layout engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=496252 [ 2 ] Bug #496253 - CVE-2009-1303 Firefox 2 and 3 Layout engine crash https://bugzilla.redhat.com/show_bug.cgi?id=496253 [ 3 ] Bug #496255 - CVE-2009-1304 Firefox 3 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=496255 [ 4 ] Bug #496256 - CVE-2009-1305 Firefox 2 and 3 JavaScript engine crash https://bugzilla.redhat.com/show_bug.cgi?id=496256 [ 5 ] Bug #486704 - CVE-2009-0652 firefox: does notproperly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks) https://bugzilla.redhat.com/show_bug.cgi?id=486704 [ 6 ] Bug #496262 - CVE-2009-1306 Firefox jar: scheme ignores the content-disposition: header on the inner URI https://bugzilla.redhat.com/show_bug.cgi?id=496262 [ 7 ] Bug #496263 - CVE-2009-1307 Firefox Same-origin violations when Adobe Flash loaded via view-source: protocol https://bugzilla.redhat.com/show_bug.cgi?id=496263 [ 8 ] Bug #496266 - CVE-2009-1308 Firefox XSS hazard using third-party stylesheets and XBL bindings https://bugzilla.redhat.com/show_bug.cgi?id=496266 [ 9 ] Bug #496267 - CVE-2009-1309 Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString https://bugzilla.redhat.com/show_bug.cgi?id=496267 [ 10 ] Bug #496270 - CVE-2009-1310 Firefox Malicious search plugins can inject code into arbitrary sites https://bugzilla.redhat.com/show_bug.cgi?id=496270 [ 11 ] Bug #496271 - CVE-2009-1311 Firefox POST data sent to wrong site when saving web page with embedded frame https://bugzilla.redhat.com/show_bug.cgi?id=496271 [ 12 ] Bug #496274 - CVE-2009-1312 Firefox allows Refresh header to redirect to javascript: URIs https://bugzilla.redhat.com/show_bug.cgi?id=496274 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update devhelp' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailinglist
Apr 24, 2009
Fedora
89
security advisorycriticalsoftware updateFedora 9: 2009-3875 Critical Update For Devhelp Software
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-3875 2009-04-22 19:42:15 -------------------------------------------------------------------------------- Name : devhelp Product : Fedora 9 Version : 0.19.1 Release : 11.fc9 URL : Summary : API document browser Description : An API document browser for GNOME 2. -------------------------------------------------------------------------------- Update Information: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 21 2009 Christopher Aillon - 0.19.1-11 - Rebuild against newer gecko * Fri Mar 27 2009 Christopher Aillon - 0.19.1-10 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 0.19.1-9 - Rebuild against newer gecko * Wed Feb 4 2009 Christopher Aillon - 0.19.1-8 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 0.19.1-7 - Rebuild against newer gecko * Wed Nov 12 2008 Christopher Aillon - 0.19.1-6 - Rebuild against newer gecko * Thu Oct 23 2008 Martin Stransky - 0.19.1-5 - fixed #399441 - devhelp compiled against xulrunner doesn't seem to pick up css * Wed Sep 24 2008 Christopher Aillon - 0.19.1-4 - Rebuild against newer gecko * Wed Jul 16 2008 Christopher Aillon - 0.19.1-3 - Rebuild against newer gecko * Wed Jun 18 2008 Owen Taylor - 0.19.1-2 - Rebuild against xulrunner-1.9 * Mon May 26 2008 Matthew Barnes - 0.19.1-1 - Update to 0.19.1 * Sun May 4 2008 Matthias Clasen - 0.19-5 - Fix source url -------------------------------------------------------------------------------- References: [ 1 ] Bug #496252 - CVE-2009-1302 Firefox 3 Layout engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=496252 [ 2 ] Bug #496253 - CVE-2009-1303 Firefox 2 and 3 Layout engine crash https://bugzilla.redhat.com/show_bug.cgi?id=496253 [ 3 ] Bug #496255 - CVE-2009-1304 Firefox 3 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=496255 [ 4 ] Bug #496256 - CVE-2009-1305 Firefox 2 and 3 JavaScript engine crash https://bugzilla.redhat.com/show_bug.cgi?id=496256 [ 5 ] Bug #486704 - CVE-2009-0652 firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks) https://bugzilla.redhat.com/show_bug.cgi?id=486704 [ 6 ] Bug #496262 - CVE-2009-1306 Firefox jar: scheme ignores the content-disposition: header on the inner URI https://bugzilla.redhat.com/show_bug.cgi?id=496262 [ 7 ] Bug #496263 - CVE-2009-1307 Firefox Same-origin violations when Adobe Flash loaded via view-source: protocol https://bugzilla.redhat.com/show_bug.cgi?id=496263 [ 8 ] Bug #496266 - CVE-2009-1308 Firefox XSS hazard using third-party stylesheets and XBL bindings https://bugzilla.redhat.com/show_bug.cgi?id=496266 [ 9 ] Bug #496267 - CVE-2009-1309 Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString https://bugzilla.redhat.com/show_bug.cgi?id=496267 [ 10 ] Bug #496270 - CVE-2009-1310 Firefox Malicious search plugins can inject code into arbitrary sites https://bugzilla.redhat.com/show_bug.cgi?id=496270 [ 11 ] Bug #496271 - CVE-2009-1311 Firefox POST data sent to wrong site when saving web page with embedded frame https://bugzilla.redhat.com/show_bug.cgi?id=496271 [ 12 ] Bug #496274 - CVE-2009-1312 Firefox allows Refresh header to redirect to javascript: URIs https://bugzilla.redhat.com/show_bug.cgi?id=496274 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update devhelp' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with theFedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Apr 23, 2009
•Critical
Fedora
89
security advisoryFedoraremote code executionFedora: 2009-3100 Critical: Firefox Memory Issue and Remote Code Execution
A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-3100 2009-03-28 00:57:36 --------------------------------------------------------------------------------Name : devhelp Product : Fedora 10 Version : 0.22 Release : 6.fc10 URL : Summary : API document browser Description : An API document browser for GNOME 2. --------------------------------------------------------------------------------Update Information: A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) --------------------------------------------------------------------------------ChangeLog: * Fri Mar 27 2009 Christopher Aillon - 0.22-6 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 0.22-5 - Rebuild against newer gecko * Mon Feb 16 2009 - Bastien Nocera - 0.22-4 - Remove gecko BRs - Fix displaying web pages, WebKit doesn't like local filenames as URIs * Wed Feb 4 2009 Christopher Aillon - 0.22-3 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 0.22-2 - Rebuild against newer gecko *Mon Dec 1 2008 Matthew Barnes - 0.22-1 - Update to 0.22 - Add BR: WebKit-gtk-devel --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update devhelp' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list
Mar 28, 2009
•Critical
Fedora
89
security advisorysoftware updateFedoraFedora 9: 2009-2421 Moderate: Firefox Devhelp Vulnerability Fix
Update to the new upstream Firefox 3.0.7 / XULRunner 1.9.0.7 fixing multiple security issues: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ This update also contains new builds of all applications depending on Gecko libraries, built against the new version. Note: after the updated packages are installed, Firefox must be restarted for the update to take effect.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-2421 2009-03-08 06:09:09 --------------------------------------------------------------------------------Name : devhelp Product : Fedora 9 Version : 0.19.1 Release : 9.fc9 URL : Summary : API document browser Description : An API document browser for GNOME 2. --------------------------------------------------------------------------------Update Information: Update to the new upstream Firefox 3.0.7 / XULRunner 1.9.0.7 fixing multiple security issues: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ This update also contains new builds of all applications depending on Gecko libraries, built against the new version. Note: after the updated packages are installed, Firefox must be restarted for the update to take effect. --------------------------------------------------------------------------------ChangeLog: * Fri Mar 6 2009 Jan Horak - 0.19.1-9 - Rebuild against newer gecko * Wed Feb 4 2009 Christopher Aillon - 0.19.1-8 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 0.19.1-7 - Rebuild against newer gecko * Wed Nov 12 2008 Christopher Aillon - 0.19.1-6 - Rebuild against newer gecko * Thu Oct 23 2008 Martin Stransky - 0.19.1-5 - fixed #399441 - devhelp compiled against xulrunner doesn't seem to pick up css * Wed Sep 24 2008 Christopher Aillon - 0.19.1-4 - Rebuild against newer gecko * Wed Jul 16 2008 Christopher Aillon - 0.19.1-3 - Rebuild against newer gecko *Wed Jun 18 2008 Owen Taylor - 0.19.1-2 - Rebuild against xulrunner-1.9 * Mon May 26 2008 Matthew Barnes - 0.19.1-1 - Update to 0.19.1 * Sun May 4 2008 Matthias Clasen - 0.19-5 - Fix source url --------------------------------------------------------------------------------References: [ 1 ] Bug #488272 - CVE-2009-0771 Firefox 3 Layout Engine Crashes https://bugzilla.redhat.com/show_bug.cgi?id=488272 [ 2 ] Bug #488273 - CVE-2009-0772 Firefox 2 and 3 - Layout engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=488273 [ 3 ] Bug #488276 - CVE-2009-0773 Firefox 3 crashes in the JavaScript engine https://bugzilla.redhat.com/show_bug.cgi?id=488276 [ 4 ] Bug #488283 - CVE-2009-0774 Firefox 2 and 3 crashes in the JavaScript engine https://bugzilla.redhat.com/show_bug.cgi?id=488283 [ 5 ] Bug #488287 - CVE-2009-0775 Firefox XUL Linked Clones Double Free Vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=488287 [ 6 ] Bug #488290 - CVE-2009-0776 Firefox XML data theft via RDFXMLDataSource and cross-domain redirect https://bugzilla.redhat.com/show_bug.cgi?id=488290 [ 7 ] Bug #488292 - CVE-2009-0777 Firefox URL spoofing with invisible control characters https://bugzilla.redhat.com/show_bug.cgi?id=488292 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update devhelp' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailinglist
Mar 08, 2009
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!