LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: December 22nd, 2014
Linux Advisory Watch: December 19th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New Mozilla Firefox packages fix denial of service Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 837-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 2nd, 2005                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla-firefox
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2871
Debian Bug     : 327452

Tom Ferris discovered a bug in the IDN hostname handling of Mozilla
Firefox, which is also present in the other browsers from the same
family that allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a hostname with dashes.

For the stable distribution (sarge) this problem has been fixed in
version 1.0.4-2sarge4.

For the unstable distribution (sid) this problem has been fixed in
version 1.0.6-5.

We recommend that you upgrade your mozilla-firefox package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4.dsc
      Size/MD5 checksum:     1001 8da49448d0292379ed213ed55b50f636
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4.diff.gz
      Size/MD5 checksum:   323756 9badf2bda14c11b86ab011d90ec281f6
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
      Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_alpha.deb
      Size/MD5 checksum: 11163256 741a6fe56dbd1c917f70ea4a83f5d4f5
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_alpha.deb
      Size/MD5 checksum:   166972 e694067de0f9e51eba3b71fed7192fad
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_alpha.deb
      Size/MD5 checksum:    58796 066536b71dd6ed961be9a17aa79f9ca1

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_amd64.deb
      Size/MD5 checksum:  9398022 6bc930760808bc9d9b61fb1f01bd860d
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_amd64.deb
      Size/MD5 checksum:   161704 b602c78f8f7ff6071d85639ead31b0d1
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_amd64.deb
      Size/MD5 checksum:    57272 d9f98cb3de4145f0866772bc599f5573

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_arm.deb
      Size/MD5 checksum:  8216838 391be886f3e02b83cbdf198fc9e64f43
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_arm.deb
      Size/MD5 checksum:   153148 e320c57a33a8d2f90db51e8ccd1fdcbf
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_arm.deb
      Size/MD5 checksum:    52626 f011883c695c1f62417810a7046bfb18

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_i386.deb
      Size/MD5 checksum:  8889628 c2dae022a03416af59f47a124ac04771
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_i386.deb
      Size/MD5 checksum:   156932 f3c968bdc962762016ab5ce7de6c3d49
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_i386.deb
      Size/MD5 checksum:    54188 9c2479ab8ebd935c40f52dc516d1ef9b

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_ia64.deb
      Size/MD5 checksum: 11617372 9e64ba01ab67c89e3496f658495e2d6b
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_ia64.deb
      Size/MD5 checksum:   167278 6c518d35da2f88bc1387391bc413af6e
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_ia64.deb
      Size/MD5 checksum:    61972 b413956fa64c1339729ca8c5fb069d0c

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_hppa.deb
      Size/MD5 checksum: 10266508 9985b2364613b496578d5aa58335f193
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_hppa.deb
      Size/MD5 checksum:   164684 8d34b3fb5b1d4085eb1905cf8f4b4169
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_hppa.deb
      Size/MD5 checksum:    57774 3c1f6134aa0bedd285693c272156dadf

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_m68k.deb
      Size/MD5 checksum:  8167076 9fbcdcc9c20c9c53bfe0c2e8867505ee
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_m68k.deb
      Size/MD5 checksum:   155844 5e17dab94ba264505d9e976b6cada360
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_m68k.deb
      Size/MD5 checksum:    53438 d65525a81b47a3ffb818044ff0f6c082

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_mips.deb
      Size/MD5 checksum:  9919764 dad3b9c7736be1a76182805decbe4226
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_mips.deb
      Size/MD5 checksum:   154698 ddcb26a6501acc4bfb01f84679c71df1
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_mips.deb
      Size/MD5 checksum:    54444 b05103132d75b1398fd4ac93210f8fa0

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_mipsel.deb
      Size/MD5 checksum:  9803612 9277b9d3635327414a54a0fa5bc43fab
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_mipsel.deb
      Size/MD5 checksum:   154254 9aae814cc1d5dc31ac24a4c573a3d54d
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_mipsel.deb
      Size/MD5 checksum:    54270 df2809a9996ea6eaf4d940420f22e654

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_powerpc.deb
      Size/MD5 checksum:  8561724 53cb5d60984f432cfb7ae7c1ee917a60
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_powerpc.deb
      Size/MD5 checksum:   155320 09439c02519d6082619a356c2e568649
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_powerpc.deb
      Size/MD5 checksum:    56564 71de49e9fe39bc3e0873d9ea09627edb

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_s390.deb
      Size/MD5 checksum:  9635928 4288345b4f7a1f65483220fe9e26615e
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_s390.deb
      Size/MD5 checksum:   162324 f7a9b952749be394d1743c0cc0442d78
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_s390.deb
      Size/MD5 checksum:    56758 eea32af660a5d5a5b63214c476fa8a29

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_sparc.deb
      Size/MD5 checksum:  8651566 2255aa4861022395d74e7ba0e7eeef0f
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_sparc.deb
      Size/MD5 checksum:   155558 b9110a9180419dc9437e5ab610176139
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_sparc.deb
      Size/MD5 checksum:    52998 658a72bc8e0a9d496ef9553da5676acb


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Report: U.S. planning “proportional response” to Sony hack, blamed on North Korea
Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.