【TWCERT/CC安全通報】TW-CA-2005-026-[RHSA-2005:277-01: Critical:
※ 本文轉錄自 [Lan] 信箱
作者: twcert@cert.org.tw (TWCERT/CC Fellows)
標題: 【TWCERT/CC安全通報】TW-CA-2005-026-[RHSA-2005
時間: Thu Mar 10 15:55:15 2005
-----BEGIN PGP SIGNED MESSAGE-----
TW-CA-2005-026-[RHSA-2005:277-01: Critical: mozilla security update]
────────────────────────────────────────
TWCERT/CC發布日期:2005-03-10
原漏洞發布日期:2005-03-04
原漏洞最新更新日期:--
通用安全漏洞編號:CAN-2005-0255
分類:Gain Privilege
來源參考:RHSA-2005:277-01
──── 簡述 ─────────────────────────────────
更新 mozilla 套件,修正一個緩衝區溢位問題。
Red Hat Security Response Team 將此列為關鍵的安全性更新。
──── 說明 ─────────────────────────────────
Mozilla 是個開放原始碼的網頁瀏覽器、進階的郵件和新聞群組客戶端、IRC 聊天客戶端
與 HTML 編輯器。
在 Mozilla 的字串處理函式中發現了一個程式錯誤。若有惡意網站能耗光系統記憶體,則
可能被攻擊者執行任意程式碼。CVE (cve.mitre.org) 已將此問題命名為 CAN-2005-0255。
請注意,尚有其他影響 Mozilla 安全性的問題被發現,但那些問題的危險程度較低,預計
在未來的額外安全更新中釋出。
建議 Mozilla 使用者更新此勘誤套件,如此即不會受這些問題影響。
──── 影響平台 ───────────────────────────────
‧Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
‧Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
‧Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
‧Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
──── 修正方式 ───────────────────────────────
在安裝更新之前,確定已安裝之前所有跟系統相關的錯誤修正。使用 Red Hat Network 來
下載及更新套件,輸入以下指令啟動 Red Hat Update Agent:
up2date
若要獲得更多手動安裝套件的資訊,請參閱下面網址,尋求適合您系統的指引手冊:
http://www.redhat.com/docs/manuals/enterprise/
Bug IDs fixed(詳見 http://bugzilla.redhat.com/):
150124 - CAN-2005-0255 字串函式庫中的記憶體溢位問題
RPM 需求:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mozilla-1.7.3-19.EL4.src.rpm
f38dbc4a876a2e8a7d22bf87b76fd615 mozilla-1.7.3-19.EL4.src.rpm
i386:
39ae3210517d35d921e930006841ee43 mozilla-1.7.3-19.EL4.i386.rpm
4ee1aef2c3beaa885da379f3269e8c6d mozilla-chat-1.7.3-19.EL4.i386.rpm
29012dae4a799da739161abbb2d92191 mozilla-devel-1.7.3-19.EL4.i386.rpm
eb579278872aa0c63991657c267709d9 mozilla-dom-inspector-1.7.3-19.EL4.i386.rpm
c35b92bcb3231bddb30ee8c5b085f7f1 mozilla-js-debugger-1.7.3-19.EL4.i386.rpm
55e70ed5c693b518abd3e6655b2756c3 mozilla-mail-1.7.3-19.EL4.i386.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
51c68d470ff73cda32e53faccf0d09de mozilla-nspr-devel-1.7.3-19.EL4.i386.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
998c5006ebadb4dc0667dd45c062481a mozilla-nss-devel-1.7.3-19.EL4.i386.rpm
ia64:
ca68d27df9d703f28caf702f03a2c815 mozilla-1.7.3-19.EL4.ia64.rpm
c9613d7843931c8f307e7d030bcfeebb mozilla-chat-1.7.3-19.EL4.ia64.rpm
50112396b34bd6724f61db2bdda37f3c mozilla-devel-1.7.3-19.EL4.ia64.rpm
08f955d73348162bc74d205b1afcb2f4 mozilla-dom-inspector-1.7.3-19.EL4.ia64.rpm
bcbad4d5cf1df6b85c25d5718c3297e7 mozilla-js-debugger-1.7.3-19.EL4.ia64.rpm
246c4095425ed95cf3d4e7524eabafc6 mozilla-mail-1.7.3-19.EL4.ia64.rpm
a0c490f4e9cd7f9d89b72a84fc8382b0 mozilla-nspr-1.7.3-19.EL4.ia64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
2bb0039d09b0b9e90ec2ba2a45b349d3 mozilla-nspr-devel-1.7.3-19.EL4.ia64.rpm
b6566d37c099e89a790247f5ee01511b mozilla-nss-1.7.3-19.EL4.ia64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
162f10e927ac46eb5c997fb8fb8aef31 mozilla-nss-devel-1.7.3-19.EL4.ia64.rpm
ppc:
4f14f23c3f82b7cd991c8c307346c3b4 mozilla-1.7.3-19.EL4.ppc.rpm
8929adbac27a0119b282fe1afc98f0ef mozilla-chat-1.7.3-19.EL4.ppc.rpm
b899f513c30ace575ab4e9b83162bb5e mozilla-devel-1.7.3-19.EL4.ppc.rpm
105b7865dc67efa9f589f805a64ec9af mozilla-dom-inspector-1.7.3-19.EL4.ppc.rpm
bf2755837521d659b2d497949dfc86c0 mozilla-js-debugger-1.7.3-19.EL4.ppc.rpm
7b8a29af2710b33b664548c933484f8f mozilla-mail-1.7.3-19.EL4.ppc.rpm
c615451892c2a69503c57a9f4e75e007 mozilla-nspr-1.7.3-19.EL4.ppc.rpm
c2de101cf5751833f149ae4102e21cff mozilla-nspr-devel-1.7.3-19.EL4.ppc.rpm
96b763974d10ac72401f364ff196b290 mozilla-nss-1.7.3-19.EL4.ppc.rpm
f7f3f84a81eae1936be81d1a3d887e58 mozilla-nss-devel-1.7.3-19.EL4.ppc.rpm
s390:
f2e1f2a5d33abf7e1b9350c169a2cc84 mozilla-1.7.3-19.EL4.s390.rpm
0a51da8cec34280604a009e7c09144bc mozilla-chat-1.7.3-19.EL4.s390.rpm
b5280f95e1d4fbcfd2fbe3ebe5c7128b mozilla-devel-1.7.3-19.EL4.s390.rpm
84a2fafb4d8581067fdd255d9ee161a8 mozilla-dom-inspector-1.7.3-19.EL4.s390.rpm
8da4e2d1d8c81cb195b911e8c40ed9f8 mozilla-js-debugger-1.7.3-19.EL4.s390.rpm
a983613094c5b1f2e9f1369c94aa651e mozilla-mail-1.7.3-19.EL4.s390.rpm
2d6ab4a4a5c13efaa9a84ce14393284a mozilla-nspr-1.7.3-19.EL4.s390.rpm
4086ab3ca9b912854a0eea21fd6f9a40 mozilla-nspr-devel-1.7.3-19.EL4.s390.rpm
91042804e7acdc601033c5953021defb mozilla-nss-1.7.3-19.EL4.s390.rpm
68a8b46fa0f9944d822e1f3cfd2582a1 mozilla-nss-devel-1.7.3-19.EL4.s390.rpm
s390x:
1802303fc112de0d5418f1bbb65ffe13 mozilla-1.7.3-19.EL4.s390x.rpm
e080b19af615c3f3fc6c9995c179bfa9 mozilla-chat-1.7.3-19.EL4.s390x.rpm
e66986eda1e3df2916cd01883acb4479 mozilla-devel-1.7.3-19.EL4.s390x.rpm
5269aba3adb89b23321948cfcad311bc mozilla-dom-inspector-1.7.3-19.EL4.s390x.rpm
d06443ccad52994058ee252d16801f87 mozilla-js-debugger-1.7.3-19.EL4.s390x.rpm
a768d5077632f588070be23882b937c2 mozilla-mail-1.7.3-19.EL4.s390x.rpm
baf7c42fdaa423b0c3494ee682a39dd1 mozilla-nspr-1.7.3-19.EL4.s390x.rpm
2d6ab4a4a5c13efaa9a84ce14393284a mozilla-nspr-1.7.3-19.EL4.s390.rpm
05d4351be5e8e1d5c382d9cf0b353713 mozilla-nspr-devel-1.7.3-19.EL4.s390x.rpm
37901c38badcb3d39cb7a64397ec4f93 mozilla-nss-1.7.3-19.EL4.s390x.rpm
91042804e7acdc601033c5953021defb mozilla-nss-1.7.3-19.EL4.s390.rpm
8d67688575c64ad370a5283342be5109 mozilla-nss-devel-1.7.3-19.EL4.s390x.rpm
x86_64:
9f52dbcbe3bf5a56f22eadf2969d9c6a mozilla-1.7.3-19.EL4.x86_64.rpm
598e7b559ed697719b65982ad5797252 mozilla-chat-1.7.3-19.EL4.x86_64.rpm
0ac7afa778ab2b8aaaf6d0f30016d0cd mozilla-devel-1.7.3-19.EL4.x86_64.rpm
97fc7abc0299fa2810ce0d225908433a mozilla-dom-inspector-1.7.3-19.EL4.x86_64.rpm
3d967bdd0340af26c9e8a0ab2ad5b0c6 mozilla-js-debugger-1.7.3-19.EL4.x86_64.rpm
95bc074f815a069613faf291c61a9a69 mozilla-mail-1.7.3-19.EL4.x86_64.rpm
62c81b6dc5d6b86f08a2541980221a11 mozilla-nspr-1.7.3-19.EL4.x86_64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
cb1cb0147b778d54e643576b3a5f2da1 mozilla-nspr-devel-1.7.3-19.EL4.x86_64.rpm
63d679f77661d47ea5b4292976ce756d mozilla-nss-1.7.3-19.EL4.x86_64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
bb682fbbfe26f9b914cee41e6bb27984 mozilla-nss-devel-1.7.3-19.EL4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mozilla-1.7.3-19.EL4.sr
c.rpm
f38dbc4a876a2e8a7d22bf87b76fd615 mozilla-1.7.3-19.EL4.src.rpm
i386:
39ae3210517d35d921e930006841ee43 mozilla-1.7.3-19.EL4.i386.rpm
4ee1aef2c3beaa885da379f3269e8c6d mozilla-chat-1.7.3-19.EL4.i386.rpm
29012dae4a799da739161abbb2d92191 mozilla-devel-1.7.3-19.EL4.i386.rpm
eb579278872aa0c63991657c267709d9 mozilla-dom-inspector-1.7.3-19.EL4.i386.rpm
c35b92bcb3231bddb30ee8c5b085f7f1 mozilla-js-debugger-1.7.3-19.EL4.i386.rpm
55e70ed5c693b518abd3e6655b2756c3 mozilla-mail-1.7.3-19.EL4.i386.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
51c68d470ff73cda32e53faccf0d09de mozilla-nspr-devel-1.7.3-19.EL4.i386.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
998c5006ebadb4dc0667dd45c062481a mozilla-nss-devel-1.7.3-19.EL4.i386.rpm
x86_64:
9f52dbcbe3bf5a56f22eadf2969d9c6a mozilla-1.7.3-19.EL4.x86_64.rpm
598e7b559ed697719b65982ad5797252 mozilla-chat-1.7.3-19.EL4.x86_64.rpm
0ac7afa778ab2b8aaaf6d0f30016d0cd mozilla-devel-1.7.3-19.EL4.x86_64.rpm
97fc7abc0299fa2810ce0d225908433a mozilla-dom-inspector-1.7.3-19.EL4.x86_64.rpm
3d967bdd0340af26c9e8a0ab2ad5b0c6 mozilla-js-debugger-1.7.3-19.EL4.x86_64.rpm
95bc074f815a069613faf291c61a9a69 mozilla-mail-1.7.3-19.EL4.x86_64.rpm
62c81b6dc5d6b86f08a2541980221a11 mozilla-nspr-1.7.3-19.EL4.x86_64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
cb1cb0147b778d54e643576b3a5f2da1 mozilla-nspr-devel-1.7.3-19.EL4.x86_64.rpm
63d679f77661d47ea5b4292976ce756d mozilla-nss-1.7.3-19.EL4.x86_64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
bb682fbbfe26f9b914cee41e6bb27984 mozilla-nss-devel-1.7.3-19.EL4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mozilla-1.7.3-19.EL4.src.rpm
f38dbc4a876a2e8a7d22bf87b76fd615 mozilla-1.7.3-19.EL4.src.rpm
i386:
39ae3210517d35d921e930006841ee43 mozilla-1.7.3-19.EL4.i386.rpm
4ee1aef2c3beaa885da379f3269e8c6d mozilla-chat-1.7.3-19.EL4.i386.rpm
29012dae4a799da739161abbb2d92191 mozilla-devel-1.7.3-19.EL4.i386.rpm
eb579278872aa0c63991657c267709d9 mozilla-dom-inspector-1.7.3-19.EL4.i386.rpm
c35b92bcb3231bddb30ee8c5b085f7f1 mozilla-js-debugger-1.7.3-19.EL4.i386.rpm
55e70ed5c693b518abd3e6655b2756c3 mozilla-mail-1.7.3-19.EL4.i386.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
51c68d470ff73cda32e53faccf0d09de mozilla-nspr-devel-1.7.3-19.EL4.i386.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
998c5006ebadb4dc0667dd45c062481a mozilla-nss-devel-1.7.3-19.EL4.i386.rpm
ia64:
ca68d27df9d703f28caf702f03a2c815 mozilla-1.7.3-19.EL4.ia64.rpm
c9613d7843931c8f307e7d030bcfeebb mozilla-chat-1.7.3-19.EL4.ia64.rpm
50112396b34bd6724f61db2bdda37f3c mozilla-devel-1.7.3-19.EL4.ia64.rpm
08f955d73348162bc74d205b1afcb2f4 mozilla-dom-inspector-1.7.3-19.EL4.ia64.rpm
bcbad4d5cf1df6b85c25d5718c3297e7 mozilla-js-debugger-1.7.3-19.EL4.ia64.rpm
246c4095425ed95cf3d4e7524eabafc6 mozilla-mail-1.7.3-19.EL4.ia64.rpm
a0c490f4e9cd7f9d89b72a84fc8382b0 mozilla-nspr-1.7.3-19.EL4.ia64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
2bb0039d09b0b9e90ec2ba2a45b349d3 mozilla-nspr-devel-1.7.3-19.EL4.ia64.rpm
b6566d37c099e89a790247f5ee01511b mozilla-nss-1.7.3-19.EL4.ia64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
162f10e927ac46eb5c997fb8fb8aef31 mozilla-nss-devel-1.7.3-19.EL4.ia64.rpm
x86_64:
9f52dbcbe3bf5a56f22eadf2969d9c6a mozilla-1.7.3-19.EL4.x86_64.rpm
598e7b559ed697719b65982ad5797252 mozilla-chat-1.7.3-19.EL4.x86_64.rpm
0ac7afa778ab2b8aaaf6d0f30016d0cd mozilla-devel-1.7.3-19.EL4.x86_64.rpm
97fc7abc0299fa2810ce0d225908433a mozilla-dom-inspector-1.7.3-19.EL4.x86_64.rpm
3d967bdd0340af26c9e8a0ab2ad5b0c6 mozilla-js-debugger-1.7.3-19.EL4.x86_64.rpm
95bc074f815a069613faf291c61a9a69 mozilla-mail-1.7.3-19.EL4.x86_64.rpm
62c81b6dc5d6b86f08a2541980221a11 mozilla-nspr-1.7.3-19.EL4.x86_64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
cb1cb0147b778d54e643576b3a5f2da1 mozilla-nspr-devel-1.7.3-19.EL4.x86_64.rpm
63d679f77661d47ea5b4292976ce756d mozilla-nss-1.7.3-19.EL4.x86_64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
bb682fbbfe26f9b914cee41e6bb27984 mozilla-nss-devel-1.7.3-19.EL4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mozilla-1.7.3-19.EL4.src.rpm
f38dbc4a876a2e8a7d22bf87b76fd615 mozilla-1.7.3-19.EL4.src.rpm
i386:
39ae3210517d35d921e930006841ee43 mozilla-1.7.3-19.EL4.i386.rpm
4ee1aef2c3beaa885da379f3269e8c6d mozilla-chat-1.7.3-19.EL4.i386.rpm
29012dae4a799da739161abbb2d92191 mozilla-devel-1.7.3-19.EL4.i386.rpm
eb579278872aa0c63991657c267709d9 mozilla-dom-inspector-1.7.3-19.EL4.i386.rpm
c35b92bcb3231bddb30ee8c5b085f7f1 mozilla-js-debugger-1.7.3-19.EL4.i386.rpm
55e70ed5c693b518abd3e6655b2756c3 mozilla-mail-1.7.3-19.EL4.i386.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
51c68d470ff73cda32e53faccf0d09de mozilla-nspr-devel-1.7.3-19.EL4.i386.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
998c5006ebadb4dc0667dd45c062481a mozilla-nss-devel-1.7.3-19.EL4.i386.rpm
ia64:
ca68d27df9d703f28caf702f03a2c815 mozilla-1.7.3-19.EL4.ia64.rpm
c9613d7843931c8f307e7d030bcfeebb mozilla-chat-1.7.3-19.EL4.ia64.rpm
50112396b34bd6724f61db2bdda37f3c mozilla-devel-1.7.3-19.EL4.ia64.rpm
08f955d73348162bc74d205b1afcb2f4 mozilla-dom-inspector-1.7.3-19.EL4.ia64.rpm
bcbad4d5cf1df6b85c25d5718c3297e7 mozilla-js-debugger-1.7.3-19.EL4.ia64.rpm
246c4095425ed95cf3d4e7524eabafc6 mozilla-mail-1.7.3-19.EL4.ia64.rpm
a0c490f4e9cd7f9d89b72a84fc8382b0 mozilla-nspr-1.7.3-19.EL4.ia64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
2bb0039d09b0b9e90ec2ba2a45b349d3 mozilla-nspr-devel-1.7.3-19.EL4.ia64.rpm
b6566d37c099e89a790247f5ee01511b mozilla-nss-1.7.3-19.EL4.ia64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
162f10e927ac46eb5c997fb8fb8aef31 mozilla-nss-devel-1.7.3-19.EL4.ia64.rpm
x86_64:
9f52dbcbe3bf5a56f22eadf2969d9c6a mozilla-1.7.3-19.EL4.x86_64.rpm
598e7b559ed697719b65982ad5797252 mozilla-chat-1.7.3-19.EL4.x86_64.rpm
0ac7afa778ab2b8aaaf6d0f30016d0cd mozilla-devel-1.7.3-19.EL4.x86_64.rpm
97fc7abc0299fa2810ce0d225908433a mozilla-dom-inspector-1.7.3-19.EL4.x86_64.rpm
3d967bdd0340af26c9e8a0ab2ad5b0c6 mozilla-js-debugger-1.7.3-19.EL4.x86_64.rpm
95bc074f815a069613faf291c61a9a69 mozilla-mail-1.7.3-19.EL4.x86_64.rpm
62c81b6dc5d6b86f08a2541980221a11 mozilla-nspr-1.7.3-19.EL4.x86_64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
cb1cb0147b778d54e643576b3a5f2da1 mozilla-nspr-devel-1.7.3-19.EL4.x86_64.rpm
63d679f77661d47ea5b4292976ce756d mozilla-nss-1.7.3-19.EL4.x86_64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
bb682fbbfe26f9b914cee41e6bb27984 mozilla-nss-devel-1.7.3-19.EL4.x86_64.rpm
這些套件基於安全理由,均由 Red Hat 公司使用 GPG 簽章,可至下列網址取得 key:
https://www.redhat.com/security/team/key.html#package
──── 影響結果 ───────────────────────────────
──── 聯絡TWCERT/CC ─────────────────────────────
Tel: 886-7-5250211 FAX: 886-7-5250212
886-2-23563303 886-2-23924082
Email: twcert@cert.org.tw
URL: http://www.cert.org.tw/
PGP key: http://www.cert.org.tw/eng/pgp.htm
────────────────────────────────────────
附件:[Critical: mozilla security update]
──── 原文 ─────────────────────────────────
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Critical: mozilla security update
Advisory ID: RHSA-2005:277-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-277.html
Issue date: 2005-03-04
Updated on: 2005-03-04
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0255
- - ---------------------------------------------------------------------
1. Summary:
Updated mozilla packages that fix a buffer overflow issue are now available.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.
A bug was found in the Mozilla string handling functions. If a malicious
website is able to exhaust a systems memory, it becomes possible to
execute arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0255 to this issue.
Please note that other security issues have been found that affect Mozilla.
These other issues have a lower severity, and are therefore planned to be
released as additional security updates in the future.
Users of Mozilla should upgrade to these updated packages, which contain a
backported patch and are not vulnerable to these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
150124 - CAN-2005-0255 Memory overwrite in string library
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mozilla-1.7.3-19.EL4.src.rpm
f38dbc4a876a2e8a7d22bf87b76fd615 mozilla-1.7.3-19.EL4.src.rpm
i386:
39ae3210517d35d921e930006841ee43 mozilla-1.7.3-19.EL4.i386.rpm
4ee1aef2c3beaa885da379f3269e8c6d mozilla-chat-1.7.3-19.EL4.i386.rpm
29012dae4a799da739161abbb2d92191 mozilla-devel-1.7.3-19.EL4.i386.rpm
eb579278872aa0c63991657c267709d9 mozilla-dom-inspector-1.7.3-19.EL4.i386.rpm
c35b92bcb3231bddb30ee8c5b085f7f1 mozilla-js-debugger-1.7.3-19.EL4.i386.rpm
55e70ed5c693b518abd3e6655b2756c3 mozilla-mail-1.7.3-19.EL4.i386.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
51c68d470ff73cda32e53faccf0d09de mozilla-nspr-devel-1.7.3-19.EL4.i386.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
998c5006ebadb4dc0667dd45c062481a mozilla-nss-devel-1.7.3-19.EL4.i386.rpm
ia64:
ca68d27df9d703f28caf702f03a2c815 mozilla-1.7.3-19.EL4.ia64.rpm
c9613d7843931c8f307e7d030bcfeebb mozilla-chat-1.7.3-19.EL4.ia64.rpm
50112396b34bd6724f61db2bdda37f3c mozilla-devel-1.7.3-19.EL4.ia64.rpm
08f955d73348162bc74d205b1afcb2f4 mozilla-dom-inspector-1.7.3-19.EL4.ia64.rpm
bcbad4d5cf1df6b85c25d5718c3297e7 mozilla-js-debugger-1.7.3-19.EL4.ia64.rpm
246c4095425ed95cf3d4e7524eabafc6 mozilla-mail-1.7.3-19.EL4.ia64.rpm
a0c490f4e9cd7f9d89b72a84fc8382b0 mozilla-nspr-1.7.3-19.EL4.ia64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
2bb0039d09b0b9e90ec2ba2a45b349d3 mozilla-nspr-devel-1.7.3-19.EL4.ia64.rpm
b6566d37c099e89a790247f5ee01511b mozilla-nss-1.7.3-19.EL4.ia64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
162f10e927ac46eb5c997fb8fb8aef31 mozilla-nss-devel-1.7.3-19.EL4.ia64.rpm
ppc:
4f14f23c3f82b7cd991c8c307346c3b4 mozilla-1.7.3-19.EL4.ppc.rpm
8929adbac27a0119b282fe1afc98f0ef mozilla-chat-1.7.3-19.EL4.ppc.rpm
b899f513c30ace575ab4e9b83162bb5e mozilla-devel-1.7.3-19.EL4.ppc.rpm
105b7865dc67efa9f589f805a64ec9af mozilla-dom-inspector-1.7.3-19.EL4.ppc.rpm
bf2755837521d659b2d497949dfc86c0 mozilla-js-debugger-1.7.3-19.EL4.ppc.rpm
7b8a29af2710b33b664548c933484f8f mozilla-mail-1.7.3-19.EL4.ppc.rpm
c615451892c2a69503c57a9f4e75e007 mozilla-nspr-1.7.3-19.EL4.ppc.rpm
c2de101cf5751833f149ae4102e21cff mozilla-nspr-devel-1.7.3-19.EL4.ppc.rpm
96b763974d10ac72401f364ff196b290 mozilla-nss-1.7.3-19.EL4.ppc.rpm
f7f3f84a81eae1936be81d1a3d887e58 mozilla-nss-devel-1.7.3-19.EL4.ppc.rpm
s390:
f2e1f2a5d33abf7e1b9350c169a2cc84 mozilla-1.7.3-19.EL4.s390.rpm
0a51da8cec34280604a009e7c09144bc mozilla-chat-1.7.3-19.EL4.s390.rpm
b5280f95e1d4fbcfd2fbe3ebe5c7128b mozilla-devel-1.7.3-19.EL4.s390.rpm
84a2fafb4d8581067fdd255d9ee161a8 mozilla-dom-inspector-1.7.3-19.EL4.s390.rpm
8da4e2d1d8c81cb195b911e8c40ed9f8 mozilla-js-debugger-1.7.3-19.EL4.s390.rpm
a983613094c5b1f2e9f1369c94aa651e mozilla-mail-1.7.3-19.EL4.s390.rpm
2d6ab4a4a5c13efaa9a84ce14393284a mozilla-nspr-1.7.3-19.EL4.s390.rpm
4086ab3ca9b912854a0eea21fd6f9a40 mozilla-nspr-devel-1.7.3-19.EL4.s390.rpm
91042804e7acdc601033c5953021defb mozilla-nss-1.7.3-19.EL4.s390.rpm
68a8b46fa0f9944d822e1f3cfd2582a1 mozilla-nss-devel-1.7.3-19.EL4.s390.rpm
s390x:
1802303fc112de0d5418f1bbb65ffe13 mozilla-1.7.3-19.EL4.s390x.rpm
e080b19af615c3f3fc6c9995c179bfa9 mozilla-chat-1.7.3-19.EL4.s390x.rpm
e66986eda1e3df2916cd01883acb4479 mozilla-devel-1.7.3-19.EL4.s390x.rpm
5269aba3adb89b23321948cfcad311bc mozilla-dom-inspector-1.7.3-19.EL4.s390x.rpm
d06443ccad52994058ee252d16801f87 mozilla-js-debugger-1.7.3-19.EL4.s390x.rpm
a768d5077632f588070be23882b937c2 mozilla-mail-1.7.3-19.EL4.s390x.rpm
baf7c42fdaa423b0c3494ee682a39dd1 mozilla-nspr-1.7.3-19.EL4.s390x.rpm
2d6ab4a4a5c13efaa9a84ce14393284a mozilla-nspr-1.7.3-19.EL4.s390.rpm
05d4351be5e8e1d5c382d9cf0b353713 mozilla-nspr-devel-1.7.3-19.EL4.s390x.rpm
37901c38badcb3d39cb7a64397ec4f93 mozilla-nss-1.7.3-19.EL4.s390x.rpm
91042804e7acdc601033c5953021defb mozilla-nss-1.7.3-19.EL4.s390.rpm
8d67688575c64ad370a5283342be5109 mozilla-nss-devel-1.7.3-19.EL4.s390x.rpm
x86_64:
9f52dbcbe3bf5a56f22eadf2969d9c6a mozilla-1.7.3-19.EL4.x86_64.rpm
598e7b559ed697719b65982ad5797252 mozilla-chat-1.7.3-19.EL4.x86_64.rpm
0ac7afa778ab2b8aaaf6d0f30016d0cd mozilla-devel-1.7.3-19.EL4.x86_64.rpm
97fc7abc0299fa2810ce0d225908433a mozilla-dom-inspector-1.7.3-19.EL4.x86_64.rpm
3d967bdd0340af26c9e8a0ab2ad5b0c6 mozilla-js-debugger-1.7.3-19.EL4.x86_64.rpm
95bc074f815a069613faf291c61a9a69 mozilla-mail-1.7.3-19.EL4.x86_64.rpm
62c81b6dc5d6b86f08a2541980221a11 mozilla-nspr-1.7.3-19.EL4.x86_64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
cb1cb0147b778d54e643576b3a5f2da1 mozilla-nspr-devel-1.7.3-19.EL4.x86_64.rpm
63d679f77661d47ea5b4292976ce756d mozilla-nss-1.7.3-19.EL4.x86_64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
bb682fbbfe26f9b914cee41e6bb27984 mozilla-nss-devel-1.7.3-19.EL4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mozilla-1.7.3-19.EL4.sr
c.rpm
f38dbc4a876a2e8a7d22bf87b76fd615 mozilla-1.7.3-19.EL4.src.rpm
i386:
39ae3210517d35d921e930006841ee43 mozilla-1.7.3-19.EL4.i386.rpm
4ee1aef2c3beaa885da379f3269e8c6d mozilla-chat-1.7.3-19.EL4.i386.rpm
29012dae4a799da739161abbb2d92191 mozilla-devel-1.7.3-19.EL4.i386.rpm
eb579278872aa0c63991657c267709d9 mozilla-dom-inspector-1.7.3-19.EL4.i386.rpm
c35b92bcb3231bddb30ee8c5b085f7f1 mozilla-js-debugger-1.7.3-19.EL4.i386.rpm
55e70ed5c693b518abd3e6655b2756c3 mozilla-mail-1.7.3-19.EL4.i386.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
51c68d470ff73cda32e53faccf0d09de mozilla-nspr-devel-1.7.3-19.EL4.i386.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
998c5006ebadb4dc0667dd45c062481a mozilla-nss-devel-1.7.3-19.EL4.i386.rpm
x86_64:
9f52dbcbe3bf5a56f22eadf2969d9c6a mozilla-1.7.3-19.EL4.x86_64.rpm
598e7b559ed697719b65982ad5797252 mozilla-chat-1.7.3-19.EL4.x86_64.rpm
0ac7afa778ab2b8aaaf6d0f30016d0cd mozilla-devel-1.7.3-19.EL4.x86_64.rpm
97fc7abc0299fa2810ce0d225908433a mozilla-dom-inspector-1.7.3-19.EL4.x86_64.rpm
3d967bdd0340af26c9e8a0ab2ad5b0c6 mozilla-js-debugger-1.7.3-19.EL4.x86_64.rpm
95bc074f815a069613faf291c61a9a69 mozilla-mail-1.7.3-19.EL4.x86_64.rpm
62c81b6dc5d6b86f08a2541980221a11 mozilla-nspr-1.7.3-19.EL4.x86_64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
cb1cb0147b778d54e643576b3a5f2da1 mozilla-nspr-devel-1.7.3-19.EL4.x86_64.rpm
63d679f77661d47ea5b4292976ce756d mozilla-nss-1.7.3-19.EL4.x86_64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
bb682fbbfe26f9b914cee41e6bb27984 mozilla-nss-devel-1.7.3-19.EL4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mozilla-1.7.3-19.EL4.src.rpm
f38dbc4a876a2e8a7d22bf87b76fd615 mozilla-1.7.3-19.EL4.src.rpm
i386:
39ae3210517d35d921e930006841ee43 mozilla-1.7.3-19.EL4.i386.rpm
4ee1aef2c3beaa885da379f3269e8c6d mozilla-chat-1.7.3-19.EL4.i386.rpm
29012dae4a799da739161abbb2d92191 mozilla-devel-1.7.3-19.EL4.i386.rpm
eb579278872aa0c63991657c267709d9 mozilla-dom-inspector-1.7.3-19.EL4.i386.rpm
c35b92bcb3231bddb30ee8c5b085f7f1 mozilla-js-debugger-1.7.3-19.EL4.i386.rpm
55e70ed5c693b518abd3e6655b2756c3 mozilla-mail-1.7.3-19.EL4.i386.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
51c68d470ff73cda32e53faccf0d09de mozilla-nspr-devel-1.7.3-19.EL4.i386.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
998c5006ebadb4dc0667dd45c062481a mozilla-nss-devel-1.7.3-19.EL4.i386.rpm
ia64:
ca68d27df9d703f28caf702f03a2c815 mozilla-1.7.3-19.EL4.ia64.rpm
c9613d7843931c8f307e7d030bcfeebb mozilla-chat-1.7.3-19.EL4.ia64.rpm
50112396b34bd6724f61db2bdda37f3c mozilla-devel-1.7.3-19.EL4.ia64.rpm
08f955d73348162bc74d205b1afcb2f4 mozilla-dom-inspector-1.7.3-19.EL4.ia64.rpm
bcbad4d5cf1df6b85c25d5718c3297e7 mozilla-js-debugger-1.7.3-19.EL4.ia64.rpm
246c4095425ed95cf3d4e7524eabafc6 mozilla-mail-1.7.3-19.EL4.ia64.rpm
a0c490f4e9cd7f9d89b72a84fc8382b0 mozilla-nspr-1.7.3-19.EL4.ia64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
2bb0039d09b0b9e90ec2ba2a45b349d3 mozilla-nspr-devel-1.7.3-19.EL4.ia64.rpm
b6566d37c099e89a790247f5ee01511b mozilla-nss-1.7.3-19.EL4.ia64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
162f10e927ac46eb5c997fb8fb8aef31 mozilla-nss-devel-1.7.3-19.EL4.ia64.rpm
x86_64:
9f52dbcbe3bf5a56f22eadf2969d9c6a mozilla-1.7.3-19.EL4.x86_64.rpm
598e7b559ed697719b65982ad5797252 mozilla-chat-1.7.3-19.EL4.x86_64.rpm
0ac7afa778ab2b8aaaf6d0f30016d0cd mozilla-devel-1.7.3-19.EL4.x86_64.rpm
97fc7abc0299fa2810ce0d225908433a mozilla-dom-inspector-1.7.3-19.EL4.x86_64.rpm
3d967bdd0340af26c9e8a0ab2ad5b0c6 mozilla-js-debugger-1.7.3-19.EL4.x86_64.rpm
95bc074f815a069613faf291c61a9a69 mozilla-mail-1.7.3-19.EL4.x86_64.rpm
62c81b6dc5d6b86f08a2541980221a11 mozilla-nspr-1.7.3-19.EL4.x86_64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
cb1cb0147b778d54e643576b3a5f2da1 mozilla-nspr-devel-1.7.3-19.EL4.x86_64.rpm
63d679f77661d47ea5b4292976ce756d mozilla-nss-1.7.3-19.EL4.x86_64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
bb682fbbfe26f9b914cee41e6bb27984 mozilla-nss-devel-1.7.3-19.EL4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mozilla-1.7.3-19.EL4.src.rpm
f38dbc4a876a2e8a7d22bf87b76fd615 mozilla-1.7.3-19.EL4.src.rpm
i386:
39ae3210517d35d921e930006841ee43 mozilla-1.7.3-19.EL4.i386.rpm
4ee1aef2c3beaa885da379f3269e8c6d mozilla-chat-1.7.3-19.EL4.i386.rpm
29012dae4a799da739161abbb2d92191 mozilla-devel-1.7.3-19.EL4.i386.rpm
eb579278872aa0c63991657c267709d9 mozilla-dom-inspector-1.7.3-19.EL4.i386.rpm
c35b92bcb3231bddb30ee8c5b085f7f1 mozilla-js-debugger-1.7.3-19.EL4.i386.rpm
55e70ed5c693b518abd3e6655b2756c3 mozilla-mail-1.7.3-19.EL4.i386.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
51c68d470ff73cda32e53faccf0d09de mozilla-nspr-devel-1.7.3-19.EL4.i386.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
998c5006ebadb4dc0667dd45c062481a mozilla-nss-devel-1.7.3-19.EL4.i386.rpm
ia64:
ca68d27df9d703f28caf702f03a2c815 mozilla-1.7.3-19.EL4.ia64.rpm
c9613d7843931c8f307e7d030bcfeebb mozilla-chat-1.7.3-19.EL4.ia64.rpm
50112396b34bd6724f61db2bdda37f3c mozilla-devel-1.7.3-19.EL4.ia64.rpm
08f955d73348162bc74d205b1afcb2f4 mozilla-dom-inspector-1.7.3-19.EL4.ia64.rpm
bcbad4d5cf1df6b85c25d5718c3297e7 mozilla-js-debugger-1.7.3-19.EL4.ia64.rpm
246c4095425ed95cf3d4e7524eabafc6 mozilla-mail-1.7.3-19.EL4.ia64.rpm
a0c490f4e9cd7f9d89b72a84fc8382b0 mozilla-nspr-1.7.3-19.EL4.ia64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
2bb0039d09b0b9e90ec2ba2a45b349d3 mozilla-nspr-devel-1.7.3-19.EL4.ia64.rpm
b6566d37c099e89a790247f5ee01511b mozilla-nss-1.7.3-19.EL4.ia64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
162f10e927ac46eb5c997fb8fb8aef31 mozilla-nss-devel-1.7.3-19.EL4.ia64.rpm
x86_64:
9f52dbcbe3bf5a56f22eadf2969d9c6a mozilla-1.7.3-19.EL4.x86_64.rpm
598e7b559ed697719b65982ad5797252 mozilla-chat-1.7.3-19.EL4.x86_64.rpm
0ac7afa778ab2b8aaaf6d0f30016d0cd mozilla-devel-1.7.3-19.EL4.x86_64.rpm
97fc7abc0299fa2810ce0d225908433a mozilla-dom-inspector-1.7.3-19.EL4.x86_64.rpm
3d967bdd0340af26c9e8a0ab2ad5b0c6 mozilla-js-debugger-1.7.3-19.EL4.x86_64.rpm
95bc074f815a069613faf291c61a9a69 mozilla-mail-1.7.3-19.EL4.x86_64.rpm
62c81b6dc5d6b86f08a2541980221a11 mozilla-nspr-1.7.3-19.EL4.x86_64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
cb1cb0147b778d54e643576b3a5f2da1 mozilla-nspr-devel-1.7.3-19.EL4.x86_64.rpm
63d679f77661d47ea5b4292976ce756d mozilla-nss-1.7.3-19.EL4.x86_64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
bb682fbbfe26f9b914cee41e6bb27984 mozilla-nss-devel-1.7.3-19.EL4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://www.mozilla.org/security/announce/mfsa2005-18.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
────────────────────────────────────────
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQEVAwUBQi/7aKcyQYefg2/NAQHskAgAsdmDU8AWDx07cf72IqmihNVNhVHwJnIZ
NEWA8WlL8a1vSEjClWu1ToT29wgCDOAm1loUqXzpt47kjPEQbA4GJGvqKjdw9zIA
Ud68Bl7EvM0cU+iaiaMkCR2Kt9dVTd1kuUVAOGoQMOC1V35bVtl+huU2jt46GFxh
5W+JbunJHT2klnFtWgWLn9I35eoCGMa9rUVCgt/JE6GAHzCqiL1/f212loyawN+K
mXfWYw7Gjs5Sv0J4BzZQn70nHWgCoyT6ebQCUP4kKHSA/uiOBtnDg5fSTHQt1NAM
mSToPjGLdzejzd/bT4iPafKxIaeQYhdx7ePY3WLQBYu7soiD7H7Czw==
=eRA2
-----END PGP SIGNATURE-----
--
Taiwan Computer Emergency Response Team Security Advisory mailing list.
Mail to : Majordomo@cert.org.tw and include a line "subscribe advisory".
Please visit http://www.cert.org.tw/.
PGP key : http://www.cert.org.tw/eng/pgp.htm
NetSecurity 近期熱門文章
PTT數位生活區 即時熱門文章
