-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  Mozilla  (SSA:2004-223-01)

New Mozilla packages are available for Slackware 9.1, 10.0, and -current
to fix a number of security issues.  Slackware 10.0 and -current were
upgraded to Mozilla 1.7.2, and Slackware 9.1 was upgraded to Mozilla 1.4.3.
As usual, new versions of Mozilla require new versions of things that link
with the Mozilla libraries, so for Slackware 10.0 and -current new versions
of epiphany, galeon, gaim, and mozilla-plugins have also been provided.
There don't appear to be epiphany and galeon versions that are compatible
with Mozilla 1.4.3 and the GNOME in Slackware 9.1, so these are not
provided and Epiphany and Galeon will be broken on Slackware 9.1 if the
new Mozilla package is installed.  Furthermore, earlier versions of
Mozilla (such as the 1.3 series) were not fixed upstream, so versions
of Slackware earlier than 9.1 will remain vulnerable to these browser
issues.  If you still use Slackware 9.0 or earlier, you may want to
consider removing Mozilla or upgrading to a newer version.

More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

    Issues fixed in Mozilla 1.7.2:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0763
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0758

    Issues fixed in Mozilla 1.4.3:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0718
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0722
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0757
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0758
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0759
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0760
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0761
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0762
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0763
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0764
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0765


Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Mon Aug  9 01:56:43 PDT 2004
patches/packages/epiphany-1.2.7-i486-1.tgz:  Upgraded to epiphany-1.2.7.
  (compiled against Mozilla 1.7.2)
patches/packages/gaim-0.81-i486-1.tgz:  Upgraded to gaim-0.81.
  (compiled against Mozilla 1.7.2)
patches/packages/galeon-1.3.17-i486-1.tgz:  Upgraded to galeon-1.3.17.
  (compiled against Mozilla 1.7.2)
patches/packages/mozilla-1.7.2-i486-1.tgz:  Upgraded to Mozilla 1.7.2.  This
  fixes three security vulnerabilities.  For details, see:
    https://www.mozilla.org/en-US/security/known-vulnerabilities/
  (* Security fix *)
patches/packages/mozilla-plugins-1.7.2-noarch-1.tgz:  Changed plugin symlinks
  for Mozilla 1.7.2.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated packages for Slackware 9.1:

Updated packages for Slackware 10.0:

Updated packages for Slackware -current:


MD5 signatures:
+-------------+

Slackware 9.1 packages:
29515193166b9b618be405a71b5e9a59  mozilla-1.4.3-i486-1.tgz
49d537be814de72a3d62a5cc9f6e3b15  mozilla-plugins-1.4.3-noarch-1.tgz

Slackware 10.0 packages:
612a65758f03fe08a44e004b1ae92d70  mozilla-1.7.2-i486-1.tgz
55da20d3c7acdd50a3b4abfe12191069  mozilla-plugins-1.7.2-noarch-1.tgz
86034039fbf6b52584e05701a0598ca4  epiphany-1.2.7-i486-1.tgz
c3f238fdba8684948d8817d7cf0db567  gaim-0.81-i486-1.tgz
0e8393b8f1b992dc7804fe925a839755  galeon-1.3.17-i486-1.tgz

Slackware -current packages:
612a65758f03fe08a44e004b1ae92d70  mozilla-1.7.2-i486-1.tgz
55da20d3c7acdd50a3b4abfe12191069  mozilla-plugins-1.7.2-noarch-1.tgz
86034039fbf6b52584e05701a0598ca4  epiphany-1.2.7-i486-1.tgz
0e8393b8f1b992dc7804fe925a839755  galeon-1.3.17-i486-1.tgz
ddb7281b985c6b7efb20afc69e5c2ffb  gaim-0.81-i486-1.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg mozilla-1.7.2-i486-1.tgz \
    mozilla-plugins-1.7.2-noarch-1.tgz \
    epiphany-1.2.7-i486-1.tgz \
    gaim-0.81-i486-1.tgz \
    galeon-1.3.17-i486-1.tgz


+-----+

Slackware: 2004-223-01: Mozilla Security Update

August 10, 2004
New Mozilla packages are available for Slackware 9.1, 10.0, and -current to fix a number of security issues

Summary

Here are the details from the Slackware 10.0 ChangeLog: Mon Aug 9 01:56:43 PDT 2004 patches/packages/epiphany-1.2.7-i486-1.tgz: Upgraded to epiphany-1.2.7. (compiled against Mozilla 1.7.2) patches/packages/gaim-0.81-i486-1.tgz: Upgraded to gaim-0.81. (compiled against Mozilla 1.7.2) patches/packages/galeon-1.3.17-i486-1.tgz: Upgraded to galeon-1.3.17. (compiled against Mozilla 1.7.2) patches/packages/mozilla-1.7.2-i486-1.tgz: Upgraded to Mozilla 1.7.2. This fixes three security vulnerabilities. For details, see: https://www.mozilla.org/en-US/security/known-vulnerabilities/ (* Security fix *) patches/packages/mozilla-plugins-1.7.2-noarch-1.tgz: Changed plugin symlinks for Mozilla 1.7.2.

Where Find New Packages

Updated packages for Slackware 9.1:
Updated packages for Slackware 10.0:
Updated packages for Slackware -current:

MD5 Signatures

Slackware 9.1 packages: 29515193166b9b618be405a71b5e9a59 mozilla-1.4.3-i486-1.tgz 49d537be814de72a3d62a5cc9f6e3b15 mozilla-plugins-1.4.3-noarch-1.tgz
Slackware 10.0 packages: 612a65758f03fe08a44e004b1ae92d70 mozilla-1.7.2-i486-1.tgz 55da20d3c7acdd50a3b4abfe12191069 mozilla-plugins-1.7.2-noarch-1.tgz 86034039fbf6b52584e05701a0598ca4 epiphany-1.2.7-i486-1.tgz c3f238fdba8684948d8817d7cf0db567 gaim-0.81-i486-1.tgz 0e8393b8f1b992dc7804fe925a839755 galeon-1.3.17-i486-1.tgz
Slackware -current packages: 612a65758f03fe08a44e004b1ae92d70 mozilla-1.7.2-i486-1.tgz 55da20d3c7acdd50a3b4abfe12191069 mozilla-plugins-1.7.2-noarch-1.tgz 86034039fbf6b52584e05701a0598ca4 epiphany-1.2.7-i486-1.tgz 0e8393b8f1b992dc7804fe925a839755 galeon-1.3.17-i486-1.tgz ddb7281b985c6b7efb20afc69e5c2ffb gaim-0.81-i486-1.tgz

Severity
[slackware-security] Mozilla (SSA:2004-223-01)
New Mozilla packages are available for Slackware 9.1, 10.0, and -current to fix a number of security issues. Slackware 10.0 and -current were upgraded to Mozilla 1.7.2, and Slackware 9.1 was upgraded to Mozilla 1.4.3. As usual, new versions of Mozilla require new versions of things that link with the Mozilla libraries, so for Slackware 10.0 and -current new versions of epiphany, galeon, gaim, and mozilla-plugins have also been provided. There don't appear to be epiphany and galeon versions that are compatible with Mozilla 1.4.3 and the GNOME in Slackware 9.1, so these are not provided and Epiphany and Galeon will be broken on Slackware 9.1 if the new Mozilla package is installed. Furthermore, earlier versions of Mozilla (such as the 1.3 series) were not fixed upstream, so versions of Slackware earlier than 9.1 will remain vulnerable to these browser issues. If you still use Slackware 9.0 or earlier, you may want to consider removing Mozilla or upgrading to a newer version.
More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database:
Issues fixed in Mozilla 1.7.2: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0763 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0758
Issues fixed in Mozilla 1.4.3: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0722 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0757 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0763 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0765

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg mozilla-1.7.2-i486-1.tgz \ mozilla-plugins-1.7.2-noarch-1.tgz \ epiphany-1.2.7-i486-1.tgz \ gaim-0.81-i486-1.tgz \ galeon-1.3.17-i486-1.tgz

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security
32.Lock Code Circular Esm H320
2 - 3 min read
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its
4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved