Fedora Legacy Update Advisory
Synopsis: Updated mozilla packages fix security issues
Advisory ID: FLSA:180036-1
Issue date: 2006-02-23
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-4134 CVE-2006-0292 CVE-2006-0296
---------------------------------------------------------------------
---------------------------------------------------------------------
1. Topic:
Updated mozilla packages that fix several security bugs are now
available.
Mozilla is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64
3. Problem description:
Igor Bukanov discovered a bug in the way Mozilla's Javascript
interpreter dereferences objects. If a user visits a malicious web page,
Mozilla could crash or execute arbitrary code as the user running
Mozilla. The Common Vulnerabilities and Exposures project assigned the
name CVE-2006-0292 to this issue.
moz_bug_r_a4 discovered a bug in Mozilla's XULDocument.persist()
function. A malicious web page could inject arbitrary RDF data into a
user's localstore.rdf file, which can cause Mozilla to execute arbitrary
javascript when a user runs Mozilla. (CVE-2006-0296)
A denial of service bug was found in the way Mozilla saves history
information. If a user visits a web page with a very long title, it is
possible Mozilla will crash or take a very long time the next time it is
run. (CVE-2005-4134)
Users of Mozilla are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=180036
6. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/mozilla-1.7.12-0.73.3.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-chat-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-devel-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-js-debugger-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-mail-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-devel-1.7.12-0.73.3.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/mozilla-1.7.12-0.90.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-chat-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-devel-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-dom-inspector-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-js-debugger-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-mail-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-devel-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-devel-1.7.12-0.90.2.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/mozilla-1.7.12-1.1.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-chat-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-devel-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-dom-inspector-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-js-debugger-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-mail-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-devel-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-devel-1.7.12-1.1.2.legacy.i386.rpm
Fedora Core 2:
SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/mozilla-1.7.12-1.2.3.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-chat-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-devel-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-dom-inspector-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-js-debugger-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-mail-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-devel-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-devel-1.7.12-1.2.3.legacy.i386.rpm
Fedora Core 3:
SRPM:
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/mozilla-1.7.12-1.3.3.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-chat-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-devel-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-dom-inspector-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-js-debugger-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-mail-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nspr-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nspr-devel-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nss-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nss-devel-1.7.12-1.3.3.legacy.i386.rpm
x86_64:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-chat-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-devel-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-dom-inspector-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-js-debugger-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-mail-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-devel-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-devel-1.7.12-1.3.3.legacy.x86_64.rpm
7. Verification:
SHA1 sum Package Name
---------------------------------------------------------------------
baf937574b92b01271c70169e5e6465eb7736c81
redhat/7.3/updates/i386/mozilla-1.7.12-0.73.3.legacy.i386.rpm
4e401f2064201c290aa00527d148141904532d8a
redhat/7.3/updates/i386/mozilla-chat-1.7.12-0.73.3.legacy.i386.rpm
d97acf0463781ac5600754b02b5a902125df5fd4
redhat/7.3/updates/i386/mozilla-devel-1.7.12-0.73.3.legacy.i386.rpm
251eb4a2d0e0f8cf63b7b7975c9819a7e58fd5b3
redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.12-0.73.3.legacy.i386.rpm
584062b1c063fb8c2375693b49e48b8ae7530a00
redhat/7.3/updates/i386/mozilla-js-debugger-1.7.12-0.73.3.legacy.i386.rpm
aa3594680a3224f6b8b7abb9a6b9585fa6f519c1
redhat/7.3/updates/i386/mozilla-mail-1.7.12-0.73.3.legacy.i386.rpm
1676c32cd8143b9ff939b45269b2423b50d062f1
redhat/7.3/updates/i386/mozilla-nspr-1.7.12-0.73.3.legacy.i386.rpm
9d9d350082b38b94d45e458e02f3345b0a4e3ed0
redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.12-0.73.3.legacy.i386.rpm
33753a720edea798966550963426db05a409a6c4
redhat/7.3/updates/i386/mozilla-nss-1.7.12-0.73.3.legacy.i386.rpm
b17dec4e9eab3acca07dc0345d01fa522c3f43d8
redhat/7.3/updates/i386/mozilla-nss-devel-1.7.12-0.73.3.legacy.i386.rpm
169c96bd3eae5e8f4220ed87291ceb176bf1f6b2
redhat/7.3/updates/SRPMS/mozilla-1.7.12-0.73.3.legacy.src.rpm
ffa6d9ff83d69b2aa32fb92a660775cbb92f2b53
redhat/9/updates/i386/mozilla-1.7.12-0.90.2.legacy.i386.rpm
d4bc650d1652ae30bb4df3037bcd1f9f77781774
redhat/9/updates/i386/mozilla-chat-1.7.12-0.90.2.legacy.i386.rpm
0148688359ca6168c0c77160c8891315ac319147
redhat/9/updates/i386/mozilla-devel-1.7.12-0.90.2.legacy.i386.rpm
2be970089280e3b23401402e5ea5019cc57b95ba
redhat/9/updates/i386/mozilla-dom-inspector-1.7.12-0.90.2.legacy.i386.rpm
653ceef20cbbd2d415ab8453b5c6d6e81193b6b3
redhat/9/updates/i386/mozilla-js-debugger-1.7.12-0.90.2.legacy.i386.rpm
1c576446d6eef094adf576310d6fa773ee52259b
redhat/9/updates/i386/mozilla-mail-1.7.12-0.90.2.legacy.i386.rpm
a2bf3a3f3cbf90a1d0f73bc3ecba5b3d48a8e151
redhat/9/updates/i386/mozilla-nspr-1.7.12-0.90.2.legacy.i386.rpm
8eb53c3254fdbfcb78c229672a28c22d4ef0e4c7
redhat/9/updates/i386/mozilla-nspr-devel-1.7.12-0.90.2.legacy.i386.rpm
4ca88669c7390d9181673af47c954512d6dd7eef
redhat/9/updates/i386/mozilla-nss-1.7.12-0.90.2.legacy.i386.rpm
ccc8207ee4ee6dac6b23715884c011dd023acfb0
redhat/9/updates/i386/mozilla-nss-devel-1.7.12-0.90.2.legacy.i386.rpm
9f0c42c95eee533f46cb69e9ca24983d598b7c19
redhat/9/updates/SRPMS/mozilla-1.7.12-0.90.2.legacy.src.rpm
ccc9f1f2f0a31d46cc69af0a7b3fc8279347c855
fedora/1/updates/i386/mozilla-1.7.12-1.1.2.legacy.i386.rpm
22fb3e89d2484c03774aa28756082ad7fd68c9a9
fedora/1/updates/i386/mozilla-chat-1.7.12-1.1.2.legacy.i386.rpm
971284c2c887c7de98cae3fc5fc48c542ff6934f
fedora/1/updates/i386/mozilla-devel-1.7.12-1.1.2.legacy.i386.rpm
e7c1727896f18603d38ad40a6f209d19d3049f0a
fedora/1/updates/i386/mozilla-dom-inspector-1.7.12-1.1.2.legacy.i386.rpm
938aa693e2a7a499a33c6605cfa3a74e8673df27
fedora/1/updates/i386/mozilla-js-debugger-1.7.12-1.1.2.legacy.i386.rpm
d6a2a1f6974ab09ec1d02af7592e782c27f578e6
fedora/1/updates/i386/mozilla-mail-1.7.12-1.1.2.legacy.i386.rpm
67cb0d096878aed78036e5ea0970f1147bf74d44
fedora/1/updates/i386/mozilla-nspr-1.7.12-1.1.2.legacy.i386.rpm
cd48424e01cfe88b1f438c932a673b97f2101704
fedora/1/updates/i386/mozilla-nspr-devel-1.7.12-1.1.2.legacy.i386.rpm
dd89685756cbe81a3928075f14310f58ce409af3
fedora/1/updates/i386/mozilla-nss-1.7.12-1.1.2.legacy.i386.rpm
e193799b982e920ebb932fcc06c49a5228f704f6
fedora/1/updates/i386/mozilla-nss-devel-1.7.12-1.1.2.legacy.i386.rpm
a07447de816fe5b143dd3f6a3476d3334e01576c
fedora/1/updates/SRPMS/mozilla-1.7.12-1.1.2.legacy.src.rpm
f22f8ad6584a2e8ff16f52858181f145a27ad88e
fedora/2/updates/i386/mozilla-1.7.12-1.2.3.legacy.i386.rpm
9c1600eb0de0484a292b4b556b6e13d579cba87a
fedora/2/updates/i386/mozilla-chat-1.7.12-1.2.3.legacy.i386.rpm
86859e409dc365f5bec29d0a93b175ac0bcba1b7
fedora/2/updates/i386/mozilla-devel-1.7.12-1.2.3.legacy.i386.rpm
2d9fccb410dc48ec08d16a34924db7be85b5270e
fedora/2/updates/i386/mozilla-dom-inspector-1.7.12-1.2.3.legacy.i386.rpm
089f2798d5a48d3dbff41b750c0fa263d3c084b2
fedora/2/updates/i386/mozilla-js-debugger-1.7.12-1.2.3.legacy.i386.rpm
7f7cfb22bab08e5cafb4179ab400fb20f9f0e92d
fedora/2/updates/i386/mozilla-mail-1.7.12-1.2.3.legacy.i386.rpm
122072963825101d273120c4efc5e0b414d8363c
fedora/2/updates/i386/mozilla-nspr-1.7.12-1.2.3.legacy.i386.rpm
377d51c94a02e610a0085a3805a51d97896c56ed
fedora/2/updates/i386/mozilla-nspr-devel-1.7.12-1.2.3.legacy.i386.rpm
255a282fed707f6730d559e5e182e15db1a2c647
fedora/2/updates/i386/mozilla-nss-1.7.12-1.2.3.legacy.i386.rpm
63f3f43a95d43c8d03a63a7d9914544d020e36af
fedora/2/updates/i386/mozilla-nss-devel-1.7.12-1.2.3.legacy.i386.rpm
3763ccd5bb56555376b15e3b6719addea3d72e94
fedora/2/updates/SRPMS/mozilla-1.7.12-1.2.3.legacy.src.rpm
1dc7f066ff6b1edc46037b874c88871b92e689bd
fedora/3/updates/i386/mozilla-1.7.12-1.3.3.legacy.i386.rpm
d42189ed08ecb23f10fa811233191da00a6d2b86
fedora/3/updates/i386/mozilla-chat-1.7.12-1.3.3.legacy.i386.rpm
178fde65f593bfb2c97feef7a9368acd6a85e0a1
fedora/3/updates/i386/mozilla-devel-1.7.12-1.3.3.legacy.i386.rpm
934df1335c0409c5d200d3afcf0c5d1bb619d7a0
fedora/3/updates/i386/mozilla-dom-inspector-1.7.12-1.3.3.legacy.i386.rpm
44a98a9a93f06916e80028e436f3cb5a7e757403
fedora/3/updates/i386/mozilla-js-debugger-1.7.12-1.3.3.legacy.i386.rpm
d70a4a67cae1c047ddd515ff466cc3964dc21639
fedora/3/updates/i386/mozilla-mail-1.7.12-1.3.3.legacy.i386.rpm
628cb7537726199cf5ecd459e7cbf2bb27acdca5
fedora/3/updates/i386/mozilla-nspr-1.7.12-1.3.3.legacy.i386.rpm
6c4a6afd3c1b3538a1ab0f691af18b75ae910f0a
fedora/3/updates/i386/mozilla-nspr-devel-1.7.12-1.3.3.legacy.i386.rpm
6df7e4d99d0b5b0634eaf71816aff3a76308850c
fedora/3/updates/i386/mozilla-nss-1.7.12-1.3.3.legacy.i386.rpm
86a0ea171fa09f02a13307cfd742aa4d7669dbf3
fedora/3/updates/i386/mozilla-nss-devel-1.7.12-1.3.3.legacy.i386.rpm
cc1ee55af3e20e520347b8d54604c49a3a687a68
fedora/3/updates/x86_64/mozilla-1.7.12-1.3.3.legacy.x86_64.rpm
2365e1dd78f64bfb6888e8a7c5ad16ce10a222f9
fedora/3/updates/x86_64/mozilla-chat-1.7.12-1.3.3.legacy.x86_64.rpm
1dc8b590ba623365a07c33c8a98c5d6eb7057486
fedora/3/updates/x86_64/mozilla-devel-1.7.12-1.3.3.legacy.x86_64.rpm
abdf5d08629556a3335ad70eb565b65dbec226b3
fedora/3/updates/x86_64/mozilla-dom-inspector-1.7.12-1.3.3.legacy.x86_64.rpm
3489b08fbbe7dab2e913c6c79c24296bc0ac0078
fedora/3/updates/x86_64/mozilla-js-debugger-1.7.12-1.3.3.legacy.x86_64.rpm
b544c2a6807963113eb2234ff3d846eb2c435661
fedora/3/updates/x86_64/mozilla-mail-1.7.12-1.3.3.legacy.x86_64.rpm
628cb7537726199cf5ecd459e7cbf2bb27acdca5
fedora/3/updates/x86_64/mozilla-nspr-1.7.12-1.3.3.legacy.i386.rpm
6cf873ef9085f915b38f2bc70f16adfcfa155bfd
fedora/3/updates/x86_64/mozilla-nspr-1.7.12-1.3.3.legacy.x86_64.rpm
5eb2b843489853ea7d395502c492383557d1d7ce
fedora/3/updates/x86_64/mozilla-nspr-devel-1.7.12-1.3.3.legacy.x86_64.rpm
6df7e4d99d0b5b0634eaf71816aff3a76308850c
fedora/3/updates/x86_64/mozilla-nss-1.7.12-1.3.3.legacy.i386.rpm
f7c34c932da9b4f65f134123ee8b86af16c7667d
fedora/3/updates/x86_64/mozilla-nss-1.7.12-1.3.3.legacy.x86_64.rpm
5889b94be3ad690867bf59697b6d4704757d1402
fedora/3/updates/x86_64/mozilla-nss-devel-1.7.12-1.3.3.legacy.x86_64.rpm
c4051d635668658df5f1ce4df69becc721fb752a
fedora/3/updates/SRPMS/mozilla-1.7.12-1.3.3.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum <filename>
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296
9. Contact:
The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
project details at http://www.fedoralegacy.org
Synopsis: Updated mozilla packages fix security issues
Advisory ID: FLSA:180036-1
Issue date: 2006-02-23
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-4134 CVE-2006-0292 CVE-2006-0296
---------------------------------------------------------------------
---------------------------------------------------------------------
1. Topic:
Updated mozilla packages that fix several security bugs are now
available.
Mozilla is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64
3. Problem description:
Igor Bukanov discovered a bug in the way Mozilla's Javascript
interpreter dereferences objects. If a user visits a malicious web page,
Mozilla could crash or execute arbitrary code as the user running
Mozilla. The Common Vulnerabilities and Exposures project assigned the
name CVE-2006-0292 to this issue.
moz_bug_r_a4 discovered a bug in Mozilla's XULDocument.persist()
function. A malicious web page could inject arbitrary RDF data into a
user's localstore.rdf file, which can cause Mozilla to execute arbitrary
javascript when a user runs Mozilla. (CVE-2006-0296)
A denial of service bug was found in the way Mozilla saves history
information. If a user visits a web page with a very long title, it is
possible Mozilla will crash or take a very long time the next time it is
run. (CVE-2005-4134)
Users of Mozilla are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=180036
6. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/mozilla-1.7.12-0.73.3.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-chat-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-devel-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-js-debugger-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-mail-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-1.7.12-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-devel-1.7.12-0.73.3.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/mozilla-1.7.12-0.90.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-chat-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-devel-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-dom-inspector-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-js-debugger-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-mail-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-devel-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-1.7.12-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-devel-1.7.12-0.90.2.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/mozilla-1.7.12-1.1.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-chat-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-devel-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-dom-inspector-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-js-debugger-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-mail-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-devel-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-1.7.12-1.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-devel-1.7.12-1.1.2.legacy.i386.rpm
Fedora Core 2:
SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/mozilla-1.7.12-1.2.3.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-chat-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-devel-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-dom-inspector-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-js-debugger-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-mail-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-devel-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-1.7.12-1.2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-devel-1.7.12-1.2.3.legacy.i386.rpm
Fedora Core 3:
SRPM:
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/mozilla-1.7.12-1.3.3.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-chat-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-devel-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-dom-inspector-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-js-debugger-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-mail-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nspr-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nspr-devel-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nss-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/mozilla-nss-devel-1.7.12-1.3.3.legacy.i386.rpm
x86_64:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-chat-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-devel-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-dom-inspector-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-js-debugger-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-mail-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nspr-devel-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-1.7.12-1.3.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-1.7.12-1.3.3.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/mozilla-nss-devel-1.7.12-1.3.3.legacy.x86_64.rpm
7. Verification:
SHA1 sum Package Name
---------------------------------------------------------------------
baf937574b92b01271c70169e5e6465eb7736c81
redhat/7.3/updates/i386/mozilla-1.7.12-0.73.3.legacy.i386.rpm
4e401f2064201c290aa00527d148141904532d8a
redhat/7.3/updates/i386/mozilla-chat-1.7.12-0.73.3.legacy.i386.rpm
d97acf0463781ac5600754b02b5a902125df5fd4
redhat/7.3/updates/i386/mozilla-devel-1.7.12-0.73.3.legacy.i386.rpm
251eb4a2d0e0f8cf63b7b7975c9819a7e58fd5b3
redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.12-0.73.3.legacy.i386.rpm
584062b1c063fb8c2375693b49e48b8ae7530a00
redhat/7.3/updates/i386/mozilla-js-debugger-1.7.12-0.73.3.legacy.i386.rpm
aa3594680a3224f6b8b7abb9a6b9585fa6f519c1
redhat/7.3/updates/i386/mozilla-mail-1.7.12-0.73.3.legacy.i386.rpm
1676c32cd8143b9ff939b45269b2423b50d062f1
redhat/7.3/updates/i386/mozilla-nspr-1.7.12-0.73.3.legacy.i386.rpm
9d9d350082b38b94d45e458e02f3345b0a4e3ed0
redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.12-0.73.3.legacy.i386.rpm
33753a720edea798966550963426db05a409a6c4
redhat/7.3/updates/i386/mozilla-nss-1.7.12-0.73.3.legacy.i386.rpm
b17dec4e9eab3acca07dc0345d01fa522c3f43d8
redhat/7.3/updates/i386/mozilla-nss-devel-1.7.12-0.73.3.legacy.i386.rpm
169c96bd3eae5e8f4220ed87291ceb176bf1f6b2
redhat/7.3/updates/SRPMS/mozilla-1.7.12-0.73.3.legacy.src.rpm
ffa6d9ff83d69b2aa32fb92a660775cbb92f2b53
redhat/9/updates/i386/mozilla-1.7.12-0.90.2.legacy.i386.rpm
d4bc650d1652ae30bb4df3037bcd1f9f77781774
redhat/9/updates/i386/mozilla-chat-1.7.12-0.90.2.legacy.i386.rpm
0148688359ca6168c0c77160c8891315ac319147
redhat/9/updates/i386/mozilla-devel-1.7.12-0.90.2.legacy.i386.rpm
2be970089280e3b23401402e5ea5019cc57b95ba
redhat/9/updates/i386/mozilla-dom-inspector-1.7.12-0.90.2.legacy.i386.rpm
653ceef20cbbd2d415ab8453b5c6d6e81193b6b3
redhat/9/updates/i386/mozilla-js-debugger-1.7.12-0.90.2.legacy.i386.rpm
1c576446d6eef094adf576310d6fa773ee52259b
redhat/9/updates/i386/mozilla-mail-1.7.12-0.90.2.legacy.i386.rpm
a2bf3a3f3cbf90a1d0f73bc3ecba5b3d48a8e151
redhat/9/updates/i386/mozilla-nspr-1.7.12-0.90.2.legacy.i386.rpm
8eb53c3254fdbfcb78c229672a28c22d4ef0e4c7
redhat/9/updates/i386/mozilla-nspr-devel-1.7.12-0.90.2.legacy.i386.rpm
4ca88669c7390d9181673af47c954512d6dd7eef
redhat/9/updates/i386/mozilla-nss-1.7.12-0.90.2.legacy.i386.rpm
ccc8207ee4ee6dac6b23715884c011dd023acfb0
redhat/9/updates/i386/mozilla-nss-devel-1.7.12-0.90.2.legacy.i386.rpm
9f0c42c95eee533f46cb69e9ca24983d598b7c19
redhat/9/updates/SRPMS/mozilla-1.7.12-0.90.2.legacy.src.rpm
ccc9f1f2f0a31d46cc69af0a7b3fc8279347c855
fedora/1/updates/i386/mozilla-1.7.12-1.1.2.legacy.i386.rpm
22fb3e89d2484c03774aa28756082ad7fd68c9a9
fedora/1/updates/i386/mozilla-chat-1.7.12-1.1.2.legacy.i386.rpm
971284c2c887c7de98cae3fc5fc48c542ff6934f
fedora/1/updates/i386/mozilla-devel-1.7.12-1.1.2.legacy.i386.rpm
e7c1727896f18603d38ad40a6f209d19d3049f0a
fedora/1/updates/i386/mozilla-dom-inspector-1.7.12-1.1.2.legacy.i386.rpm
938aa693e2a7a499a33c6605cfa3a74e8673df27
fedora/1/updates/i386/mozilla-js-debugger-1.7.12-1.1.2.legacy.i386.rpm
d6a2a1f6974ab09ec1d02af7592e782c27f578e6
fedora/1/updates/i386/mozilla-mail-1.7.12-1.1.2.legacy.i386.rpm
67cb0d096878aed78036e5ea0970f1147bf74d44
fedora/1/updates/i386/mozilla-nspr-1.7.12-1.1.2.legacy.i386.rpm
cd48424e01cfe88b1f438c932a673b97f2101704
fedora/1/updates/i386/mozilla-nspr-devel-1.7.12-1.1.2.legacy.i386.rpm
dd89685756cbe81a3928075f14310f58ce409af3
fedora/1/updates/i386/mozilla-nss-1.7.12-1.1.2.legacy.i386.rpm
e193799b982e920ebb932fcc06c49a5228f704f6
fedora/1/updates/i386/mozilla-nss-devel-1.7.12-1.1.2.legacy.i386.rpm
a07447de816fe5b143dd3f6a3476d3334e01576c
fedora/1/updates/SRPMS/mozilla-1.7.12-1.1.2.legacy.src.rpm
f22f8ad6584a2e8ff16f52858181f145a27ad88e
fedora/2/updates/i386/mozilla-1.7.12-1.2.3.legacy.i386.rpm
9c1600eb0de0484a292b4b556b6e13d579cba87a
fedora/2/updates/i386/mozilla-chat-1.7.12-1.2.3.legacy.i386.rpm
86859e409dc365f5bec29d0a93b175ac0bcba1b7
fedora/2/updates/i386/mozilla-devel-1.7.12-1.2.3.legacy.i386.rpm
2d9fccb410dc48ec08d16a34924db7be85b5270e
fedora/2/updates/i386/mozilla-dom-inspector-1.7.12-1.2.3.legacy.i386.rpm
089f2798d5a48d3dbff41b750c0fa263d3c084b2
fedora/2/updates/i386/mozilla-js-debugger-1.7.12-1.2.3.legacy.i386.rpm
7f7cfb22bab08e5cafb4179ab400fb20f9f0e92d
fedora/2/updates/i386/mozilla-mail-1.7.12-1.2.3.legacy.i386.rpm
122072963825101d273120c4efc5e0b414d8363c
fedora/2/updates/i386/mozilla-nspr-1.7.12-1.2.3.legacy.i386.rpm
377d51c94a02e610a0085a3805a51d97896c56ed
fedora/2/updates/i386/mozilla-nspr-devel-1.7.12-1.2.3.legacy.i386.rpm
255a282fed707f6730d559e5e182e15db1a2c647
fedora/2/updates/i386/mozilla-nss-1.7.12-1.2.3.legacy.i386.rpm
63f3f43a95d43c8d03a63a7d9914544d020e36af
fedora/2/updates/i386/mozilla-nss-devel-1.7.12-1.2.3.legacy.i386.rpm
3763ccd5bb56555376b15e3b6719addea3d72e94
fedora/2/updates/SRPMS/mozilla-1.7.12-1.2.3.legacy.src.rpm
1dc7f066ff6b1edc46037b874c88871b92e689bd
fedora/3/updates/i386/mozilla-1.7.12-1.3.3.legacy.i386.rpm
d42189ed08ecb23f10fa811233191da00a6d2b86
fedora/3/updates/i386/mozilla-chat-1.7.12-1.3.3.legacy.i386.rpm
178fde65f593bfb2c97feef7a9368acd6a85e0a1
fedora/3/updates/i386/mozilla-devel-1.7.12-1.3.3.legacy.i386.rpm
934df1335c0409c5d200d3afcf0c5d1bb619d7a0
fedora/3/updates/i386/mozilla-dom-inspector-1.7.12-1.3.3.legacy.i386.rpm
44a98a9a93f06916e80028e436f3cb5a7e757403
fedora/3/updates/i386/mozilla-js-debugger-1.7.12-1.3.3.legacy.i386.rpm
d70a4a67cae1c047ddd515ff466cc3964dc21639
fedora/3/updates/i386/mozilla-mail-1.7.12-1.3.3.legacy.i386.rpm
628cb7537726199cf5ecd459e7cbf2bb27acdca5
fedora/3/updates/i386/mozilla-nspr-1.7.12-1.3.3.legacy.i386.rpm
6c4a6afd3c1b3538a1ab0f691af18b75ae910f0a
fedora/3/updates/i386/mozilla-nspr-devel-1.7.12-1.3.3.legacy.i386.rpm
6df7e4d99d0b5b0634eaf71816aff3a76308850c
fedora/3/updates/i386/mozilla-nss-1.7.12-1.3.3.legacy.i386.rpm
86a0ea171fa09f02a13307cfd742aa4d7669dbf3
fedora/3/updates/i386/mozilla-nss-devel-1.7.12-1.3.3.legacy.i386.rpm
cc1ee55af3e20e520347b8d54604c49a3a687a68
fedora/3/updates/x86_64/mozilla-1.7.12-1.3.3.legacy.x86_64.rpm
2365e1dd78f64bfb6888e8a7c5ad16ce10a222f9
fedora/3/updates/x86_64/mozilla-chat-1.7.12-1.3.3.legacy.x86_64.rpm
1dc8b590ba623365a07c33c8a98c5d6eb7057486
fedora/3/updates/x86_64/mozilla-devel-1.7.12-1.3.3.legacy.x86_64.rpm
abdf5d08629556a3335ad70eb565b65dbec226b3
fedora/3/updates/x86_64/mozilla-dom-inspector-1.7.12-1.3.3.legacy.x86_64.rpm
3489b08fbbe7dab2e913c6c79c24296bc0ac0078
fedora/3/updates/x86_64/mozilla-js-debugger-1.7.12-1.3.3.legacy.x86_64.rpm
b544c2a6807963113eb2234ff3d846eb2c435661
fedora/3/updates/x86_64/mozilla-mail-1.7.12-1.3.3.legacy.x86_64.rpm
628cb7537726199cf5ecd459e7cbf2bb27acdca5
fedora/3/updates/x86_64/mozilla-nspr-1.7.12-1.3.3.legacy.i386.rpm
6cf873ef9085f915b38f2bc70f16adfcfa155bfd
fedora/3/updates/x86_64/mozilla-nspr-1.7.12-1.3.3.legacy.x86_64.rpm
5eb2b843489853ea7d395502c492383557d1d7ce
fedora/3/updates/x86_64/mozilla-nspr-devel-1.7.12-1.3.3.legacy.x86_64.rpm
6df7e4d99d0b5b0634eaf71816aff3a76308850c
fedora/3/updates/x86_64/mozilla-nss-1.7.12-1.3.3.legacy.i386.rpm
f7c34c932da9b4f65f134123ee8b86af16c7667d
fedora/3/updates/x86_64/mozilla-nss-1.7.12-1.3.3.legacy.x86_64.rpm
5889b94be3ad690867bf59697b6d4704757d1402
fedora/3/updates/x86_64/mozilla-nss-devel-1.7.12-1.3.3.legacy.x86_64.rpm
c4051d635668658df5f1ce4df69becc721fb752a
fedora/3/updates/SRPMS/mozilla-1.7.12-1.3.3.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum <filename>
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296
9. Contact:
The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
project details at http://www.fedoralegacy.org