Yellow Dog Linux Security Announcement -------------------------------------- Package: mozilla Issue Date: January 05, 2003 Priority: medium Advisory ID: YDU-20030105-1 1. Topic: Updated mozilla packages are available. 2. Problem: "Mozilla is an open source web browser. Versions of Mozilla previous to version 1.0.1 contain various security vulnerabilities. These vulnerabilities could be used by an attacker to read data off of the local hard drive, to gain information that should normally be kept private, and in some cases to execute arbitrary code. For more information on the specific vulnerabilities fixed please see the references below. All users of Mozilla should update to these errata packages containing Mozilla version 1.0.1 which is not vulnerable to these issues." (from Red Hat advisory) 3. Solution: a) Updating via apt... We suggest that you use the apt-get program to keep your system up-to-date. The following command(s) will retrieve and install the fixed version of this update onto your system: apt-get update apt-get install mozilla b) Updating manually... Download the updates below and then run the following rpm command. (Please use a mirror site) rpm -Fvh [filenames] ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/ ppc/mozilla-1.0.1-2.7.2a.ppc.rpm ppc/mozilla-chat-1.0.1-2.7.2a.ppc.rpm ppc/mozilla-devel-1.0.1-2.7.2a.ppc.rpm ppc/mozilla-dom-inspector-1.0.1-2.7.2a.ppc.rpm ppc/mozilla-js-debugger-1.0.1-2.7.2a.ppc.rpm ppc/mozilla-mail-1.0.1-2.7.2a.ppc.rpm ppc/mozilla-nspr-1.0.1-2.7.2a.ppc.rpm ppc/mozilla-nspr-devel-1.0.1-2.7.2a.ppc.rpm ppc/mozilla-nss-1.0.1-2.7.2a.ppc.rpm ppc/mozilla-nss-devel-1.0.1-2.7.2a.ppc.rpm ppc/mozilla-psm-1.0.1-2.7.2a.ppc.rpm ppc/galeon-1.2.6-0.7.2a.ppc.rpm ppc/nautilus-1.0.6-16a.ppc.rpm ppc/nautilus-devel-1.0.6-16a.ppc.rpm ppc/gdk-pixbuf-0.14.0-0.7.2.ppc.rpm ppc/gdk-pixbuf-devel-0.14.0-0.7.2.ppc.rpm ppc/gdk-pixbuf-gnome-0.14.0-0.7.2.ppc.rpm 4. Verification MD5 checksum Package -------------------------------- ---------------------------- f1a109772b9ebdd7ea6375f65d6dfb9e ppc/mozilla-1.0.1-2.7.2a.ppc.rpm dfe1b64197ba35f0d1ec70cd62ee9bca ppc/mozilla-chat-1.0.1-2.7.2a.ppc.rpm 3b7b29709cf303ee473b0fef17fc0df1 ppc/mozilla-devel-1.0.1-2.7.2a.ppc.rpm 21ecd76c4d50115cfcc107725f0f16c5 ppc/mozilla-dom-inspector-1.0.1-2.7.2a.ppc.rpm 132e550e8a76c4a60121f900e3c4eb92 ppc/mozilla-js-debugger-1.0.1-2.7.2a.ppc.rpm 5c4d5ea0c45943f90f494c836b8bf293 ppc/mozilla-mail-1.0.1-2.7.2a.ppc.rpm 56156c10dae5f7c32c6619fe0db4bddb ppc/mozilla-nspr-1.0.1-2.7.2a.ppc.rpm 56e2af05e14099d98fd140403d242981 ppc/mozilla-nspr-devel-1.0.1-2.7.2a.ppc.rpm ad8610961b33e9900ae622d9f2b5efe0 ppc/mozilla-nss-1.0.1-2.7.2a.ppc.rpm 26a9f54108a411ffdd004c4058ffda1d ppc/mozilla-nss-devel-1.0.1-2.7.2a.ppc.rpm d3e985b3666f12a76e1933c7f2001792 ppc/mozilla-psm-1.0.1-2.7.2a.ppc.rpm 310f27f18f1e58315806338b10793a62 ppc/galeon-1.2.6-0.7.2a.ppc.rpm db492ef335b4426e41b334a619aad2a1 ppc/nautilus-1.0.6-16a.ppc.rpm 731ea4175d671e176b3f2505178e885d ppc/nautilus-devel-1.0.6-16a.ppc.rpm ea7e200726e770f68195a573d90e1b6b ppc/gdk-pixbuf-0.14.0-0.7.2.ppc.rpm 4d8991e2b52c0543de4de8305a9b40f1 ppc/gdk-pixbuf-devel-0.14.0-0.7.2.ppc.rpm 378eebf952085d7bc231d9107d0f9c48 ppc/gdk-pixbuf-gnome-0.14.0-0.7.2.ppc.rpm c4e114282ad257cf43b3a6fb5e45a728 SRPMS/mozilla-1.0.1-2.7.2a.src.rpm 5b918f143acef1d2840cbb09514cdafc SRPMS/galeon-1.2.6-0.7.2a.src.rpm 97331a0552145e20fc1841a49faf20be SRPMS/nautilus-1.0.6-16a.src.rpm 78832be8f234bb8ee6ff212a40626743 SRPMS/gdk-pixbuf-0.14.0-0.7.2.src.rpm I wish to verify that each package has not been corrupted or tampered with, examine the md5sum with the following command: rpm --checksig --nogpg filename 5. Misc. Terra Soft has setup a moderated mailing list where these security, bugfix, and package enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more information. For information regarding the usage of apt-get, see: http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml