Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: New Mozilla Firefox packages fix denial of service Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 837-1                                        Martin Schulze
October 2nd, 2005             
- --------------------------------------------------------------------------

Package        : mozilla-firefox
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2871
Debian Bug     : 327452

Tom Ferris discovered a bug in the IDN hostname handling of Mozilla
Firefox, which is also present in the other browsers from the same
family that allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a hostname with dashes.

For the stable distribution (sarge) this problem has been fixed in
version 1.0.4-2sarge4.

For the unstable distribution (sid) this problem has been fixed in
version 1.0.6-5.

We recommend that you upgrade your mozilla-firefox package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:     1001 8da49448d0292379ed213ed55b50f636
      Size/MD5 checksum:   323756 9badf2bda14c11b86ab011d90ec281f6
      Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d

  Alpha architecture:
      Size/MD5 checksum: 11163256 741a6fe56dbd1c917f70ea4a83f5d4f5
      Size/MD5 checksum:   166972 e694067de0f9e51eba3b71fed7192fad
      Size/MD5 checksum:    58796 066536b71dd6ed961be9a17aa79f9ca1

  AMD64 architecture:
      Size/MD5 checksum:  9398022 6bc930760808bc9d9b61fb1f01bd860d
      Size/MD5 checksum:   161704 b602c78f8f7ff6071d85639ead31b0d1
      Size/MD5 checksum:    57272 d9f98cb3de4145f0866772bc599f5573

  ARM architecture:
      Size/MD5 checksum:  8216838 391be886f3e02b83cbdf198fc9e64f43
      Size/MD5 checksum:   153148 e320c57a33a8d2f90db51e8ccd1fdcbf
      Size/MD5 checksum:    52626 f011883c695c1f62417810a7046bfb18

  Intel IA-32 architecture:
      Size/MD5 checksum:  8889628 c2dae022a03416af59f47a124ac04771
      Size/MD5 checksum:   156932 f3c968bdc962762016ab5ce7de6c3d49
      Size/MD5 checksum:    54188 9c2479ab8ebd935c40f52dc516d1ef9b

  Intel IA-64 architecture:
      Size/MD5 checksum: 11617372 9e64ba01ab67c89e3496f658495e2d6b
      Size/MD5 checksum:   167278 6c518d35da2f88bc1387391bc413af6e
      Size/MD5 checksum:    61972 b413956fa64c1339729ca8c5fb069d0c

  HP Precision architecture:
      Size/MD5 checksum: 10266508 9985b2364613b496578d5aa58335f193
      Size/MD5 checksum:   164684 8d34b3fb5b1d4085eb1905cf8f4b4169
      Size/MD5 checksum:    57774 3c1f6134aa0bedd285693c272156dadf

  Motorola 680x0 architecture:
      Size/MD5 checksum:  8167076 9fbcdcc9c20c9c53bfe0c2e8867505ee
      Size/MD5 checksum:   155844 5e17dab94ba264505d9e976b6cada360
      Size/MD5 checksum:    53438 d65525a81b47a3ffb818044ff0f6c082

  Big endian MIPS architecture:
      Size/MD5 checksum:  9919764 dad3b9c7736be1a76182805decbe4226
      Size/MD5 checksum:   154698 ddcb26a6501acc4bfb01f84679c71df1
      Size/MD5 checksum:    54444 b05103132d75b1398fd4ac93210f8fa0

  Little endian MIPS architecture:
      Size/MD5 checksum:  9803612 9277b9d3635327414a54a0fa5bc43fab
      Size/MD5 checksum:   154254 9aae814cc1d5dc31ac24a4c573a3d54d
      Size/MD5 checksum:    54270 df2809a9996ea6eaf4d940420f22e654

  PowerPC architecture:
      Size/MD5 checksum:  8561724 53cb5d60984f432cfb7ae7c1ee917a60
      Size/MD5 checksum:   155320 09439c02519d6082619a356c2e568649
      Size/MD5 checksum:    56564 71de49e9fe39bc3e0873d9ea09627edb

  IBM S/390 architecture:
      Size/MD5 checksum:  9635928 4288345b4f7a1f65483220fe9e26615e
      Size/MD5 checksum:   162324 f7a9b952749be394d1743c0cc0442d78
      Size/MD5 checksum:    56758 eea32af660a5d5a5b63214c476fa8a29

  Sun Sparc architecture:
      Size/MD5 checksum:  8651566 2255aa4861022395d74e7ba0e7eeef0f
      Size/MD5 checksum:   155558 b9110a9180419dc9437e5ab610176139
      Size/MD5 checksum:    52998 658a72bc8e0a9d496ef9553da5676acb

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Feds Charged With Stealing Money During Silk Road Investigation
EFF questions US government's software flaw disclosure policy
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.