SUSE Security Announcement: Mozilla various security problems (SUSE-SA:2005:045)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: mozilla,MozillaFirefox,epiphany,galeon Announcement ID: SUSE-SA:2005:045 Date: Thu, 11 Aug 2005 15:00:00 +0000 Affected Products: 8.2, 9.0, 9.1, 9.2, 9.3 SUSE Linux Desktop 1.0 SUSE Linux Enterprise Server 8, 9 Novell Linux Desktop 9 Vulnerability Type: information leak Severity (1-10): 7 SUSE Default Package: yes Cross-References: MFSA 2005-56 CAN-2005-2270 MFSA 2005-55 CAN-2005-2269 MFSA 2005-54 CAN-2005-2268 MFSA 2005-53 CAN-2005-2267 MFSA 2005-52 CAN-2005-2266 MFSA 2005-51 CAN-2005-1937 MFSA 2005-50 CAN-2005-2265 MFSA 2005-49 CAN-2005-2264 MFSA 2005-48 CAN-2005-2263 MFSA 2005-47 CAN-2005-2262 MFSA 2005-46 CAN-2005-2261 MFSA 2005-45 CAN-2005-2260 Content of This Advisory: 1) Security Vulnerability Resolved: Various security problems in the Mozilla suite and Mozilla Firefox Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Various security vulnerabilities in the mozilla browser suite and the Mozilla Firefox browser have been reported and fixed upstream. The Mozilla suite browser has been updated to a security fix level of Mozilla 1.7.11, the Mozilla Firefox browser has been updated to a fix level of Firefox 1.0.6. Security relevant bugs that are fixed include (but are not limited to): MFSA 2005-56 Code execution through shared function objects MFSA 2005-55 XHTML node spoofing MFSA 2005-54 Javascript prompt origin spoofing MFSA 2005-52 Same origin violation: frame calling top.focus() MFSA 2005-51 The return of frame-injection spoofing MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo() MFSA 2005-49 Stealing of sensitive information via _search and the Firefox sidebar MFSA 2005-48 Same-origin violation with InstallTrigger callback MFSA 2005-47 "Set as wallpaper" javascript: privilege escalation MFSA 2005-46 XBL scripts ran even when Javascript disabled MFSA 2005-45 Content-generated event vulnerabilities This update also upgrades the version of the Mozilla suite for the following products: * SUSE Linux Desktop 1.0: The original Mozilla 1.4 branch browser is upgraded to the Mozilla 1.7 branch version. We were not able to port the galeon web browser included in SUSE Linux Desktop 1.0 to support Mozilla 1.7 in time, so we no longer support it. The galeon package on SUSE Linux Desktop 1.0 is removed by this update. * SUSE Linux Enterprise Server 8: The original Mozilla 1.4 branch browser is upgraded to the Mozilla 1.7 branch version. * SUSE Linux Enterprise Server 9: The Mozilla version 1.6 shipped with GA of the SUSE Linux Enterprise Server 9 was replaced by the Mozilla 1.7 branch version in Service Pack 2. * SUSE Linux 8.2, 9.0, 9.1: The Mozilla version 1.4 and 1.6 contained in the SUSE Linux versions 8.2 up to 9.1 was replaced by the Mozilla 1.7 branch version. We were not able to port the galeon and the epiphany web browsers included in SUSE Linux 9.0 up to 9.1 to support Mozilla 1.7 in time, so we will no longer support it. The galeon and epiphany packages on SUSE Linux 9.0 and 9.1 are removed by this update. 2) Solution or Work-Around Please install the upgraded packages and make sure you restart your browsers after the update. A workaround would be to deinstall the Mozilla browser suite and/or the Firefox web browser. 3) Special Instructions and Notes Please note that galeon will be de installed by this update on SUSE Linux Desktop 1.0, SUSE Linux 8.2, 9.0 and 9.1. Also note that epiphany will be de installed by this update on SUSE Linux 9.0 and 9.1. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web. x86 Platform: SUSE Linux 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-1.0.6-4.1.i586.rpm 166c3b4abffa53c7a8f6727c25f864fc ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-translations-1.0.6-4.1.i586.rpm 030877cffa160bdb73fb83ecf203beeb ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-1.7.5-17.5.i586.rpm 23b21c1570e805548cbb4ff838ef3a3a ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-calendar-1.7.5-17.5.i586.rpm 357af3e740a6afcbe93d30df2ba6f8c0 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-devel-1.7.5-17.5.i586.rpm 056837d21e79bf9685db9a5a6107e314 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-dom-inspector-1.7.5-17.5.i586.rpm d44ac8b3f9f3a872cce217213fc75d5f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-irc-1.7.5-17.5.i586.rpm c5372426942a4e7edd93e76c262f902b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-mail-1.7.5-17.5.i586.rpm f99441b4557a52f19e691769ff3586bf ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-spellchecker-1.7.5-17.5.i586.rpm dab29a38878bdccb0a2adcfd54695022 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-venkman-1.7.5-17.5.i586.rpm e77fa1183e8550d7d76463ca5175cdff ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-32bit-9.3-7.2.x86_64.rpm 6f31d1cb01eed1b1d824d4997cf9b74e SUSE Linux 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/MozillaFirefox-1.0.6-4.1.i586.rpm 3a5028572220d317b5b36cbd204be28a ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/MozillaFirefox-translations-1.0.6-4.1.i586.rpm 6cf1065e8f4e106bd4b4b7db81279886 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-1.2.10-0.2.i586.rpm 4fb955c43973dcf210cb88bda26eb2bc ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-extensions-0.8.2-4.3.i586.rpm 110ff4ef92560f2c769240a98956501e ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-extensions-devel-0.8.2-4.3.i586.rpm 5315f6fcb9f9948350a3aabd1bff97b7 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/galeon-1.3.19-6.1.i586.rpm 7a6a9eea59e272d8a9c552e614215262 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-1.7.2-17.12.i586.rpm 9ffdaf54b21aa1195d424679060f382b ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-calendar-1.7.2-17.12.i586.rpm a8ed8fc7e43fa6551e6a6df9ea77a2d6 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-devel-1.7.2-17.12.i586.rpm 0d7dff63430002e604b0d3c08a262a2d ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-dom-inspector-1.7.2-17.12.i586.rpm 42a00ad1de897f70e2a73e654213c0a6 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-irc-1.7.2-17.12.i586.rpm ed16008085e96426bf00d7fe2f7f8141 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-mail-1.7.2-17.12.i586.rpm 3bf5bb5e315240b0d8a98382328460f8 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-spellchecker-1.7.2-17.12.i586.rpm 5bfee4a99f2f56c4e0087d26df7317e8 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-venkman-1.7.2-17.12.i586.rpm 8427dc7f4c86e252b74b7bef6abf0738 SUSE Linux 9.1: ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaFirefox-1.0.6-4.2.i586.rpm 478fd9555b6cc78148938cc50d78ff36 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaFirefox-translations-1.0.6-4.2.i586.rpm b2aa6c73c1f63fc73658f10e7d6f3bb8 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-1.7.8-5.10.i586.rpm a0ec30a46e482ed5883b404a2769da9d ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-calendar-1.7.8-5.10.i586.rpm f0ccbea190ddbbdc3af3926de1933965 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-cs-1.7.5-4.4.i586.rpm 793f620d87d5d2226d9c26cbad4f7489 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-deat-1.7.6-0.4.i586.rpm 0eff1dee760d0a9ff60fd796d76e4868 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-devel-1.7.8-5.10.i586.rpm 32d36ec02e9804a218992f7f0246a501 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-dom-inspector-1.7.8-5.10.i586.rpm 6b0f76b8249de7571d87f439da4f00e0 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-hu-1.78-0.5.i586.rpm 59470d7d277f6c99d1568f3fc5767cf7 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-irc-1.7.8-5.10.i586.rpm f71d29d90481552db60eb538f4c0ab73 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-ja-1.7.7-0.5.i586.rpm a7d6df35c11a6b2ac3d5f8a13e4f3ce8 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-ko-1.75-0.5.i586.rpm 1bab3281cd69ae52e5272336f0accff8 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-mail-1.7.8-5.10.i586.rpm 791161e361b85904facfc57ac67a885e ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-spellchecker-1.7.8-5.10.i586.rpm 91f7f6f22ea820290e0cf665d7e52d77 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-venkman-1.7.8-5.10.i586.rpm 04d2a3266da0292833fe9bb3eb6db4a0 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/MozillaFirefox-1.0.6-4.2.src.rpm c5032babc3e8dda2b4fc793e0cedb6e3 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-1.7.8-5.10.src.rpm 7cd385922b4ef615f988d92ed0687c55 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-cs-1.7.5-4.4.src.rpm 09f2a48c0e6db1e9cdb16a31b4bf964e ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-deat-1.7.6-0.4.src.rpm 274b10f06271150d62f110747f84ec7d ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-hu-1.78-0.5.src.rpm d7b82478b0cbe502d192992eb9f32694 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-ja-1.7.7-0.5.src.rpm 88dd71414d170b19227b9e2ca8e438d1 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-ko-1.75-0.5.src.rpm 3577e8db5bfc32928f410a50da21fff0 SUSE Linux 9.0: ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/MozillaFirebird-1.0.6-2.i586.rpm d3f3667784ae8ffdb52d6fd684a60031 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-1.7.8-20.i586.rpm 1ac066a5cc32b7bf315e9865292026e0 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-calendar-1.7.8-20.i586.rpm db3a421e7cc80dc37f9379fd34dc0a50 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-cs-1.7.5-7.i586.rpm 7ae7dada10e5d594d37770fccc1a2c91 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-deat-1.7.6-4.i586.rpm 47820d48cab860da0c0e5284f3dd2151 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-devel-1.7.8-20.i586.rpm 1d11b924771353eb0e8446f734991869 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-dom-inspector-1.7.8-20.i586.rpm b5197d58cc39907749fada7860458088 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-hu-1.78-4.i586.rpm 2c8f3366d8d4b4f4d1db9e5f629c99f4 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-irc-1.7.8-20.i586.rpm 2af9df9ba55ff5a598bf9a2770531545 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-mail-1.7.8-20.i586.rpm 68b6bfdc62e530180e4e41025c6d690d ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-spellchecker-1.7.8-20.i586.rpm 05448c90532d7b138798342c933a086d ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-venkman-1.7.8-20.i586.rpm 5c44dd021e2b6ba4fd1c2d1252360d45 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/MozillaFirebird-1.0.6-2.src.rpm e73b37663812b9707e2bfb4598f10bf8 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mozilla-1.7.8-20.src.rpm af55dfd829630d7665bedf2c78ae6a4c ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mozilla-cs-1.7.5-7.src.rpm 459bbc0404efe46db849e018a1e0a044 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mozilla-deat-1.7.6-4.src.rpm 0dda29c6a940747cc0c5e4b57bc994b7 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mozilla-hu-1.78-4.src.rpm 7c4316c175697f25667833a108bf4d38 SUSE Linux 8.2: ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mozilla-1.7.8-19.i586.rpm ecf646af23f7acae815f96e75b05eb61 ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mozilla-devel-1.7.8-19.i586.rpm 181d77f2943f788e68f3f73505620406 ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mozilla-dom-inspector-1.7.8-19.i586.rpm 1c1337d1632b5e9e96f73d62ed6bd108 ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mozilla-irc-1.7.8-19.i586.rpm 7a28a07a12804eb60830e383fde3229b ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mozilla-mail-1.7.8-19.i586.rpm 7d6d403e5032b118e4f805d90522f32e ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mozilla-venkman-1.7.8-19.i586.rpm 3cbaf034630575f8d10de1fedb0d105f ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/noarch/mozilla-cs-1.4-158.noarch.rpm d7cc46deafd264d296b096d10fc66ab7 ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/noarch/mozilla-deat-1.4.1-11.noarch.rpm aab00041a2f06eeacb4490cf0bbb3a20 ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/noarch/mozilla-hu-1.4-159.noarch.rpm b7ae80a54d0f25aae696351da8508c6d source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/mozilla-1.7.8-19.src.rpm fb01cf105b4f7a16955408863b99812d ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/mozilla-cs-1.4-158.src.rpm e126a11f03476c844390c0d5b148cf9b ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/mozilla-deat-1.4.1-11.src.rpm ccbf0ebc3f1b80db016c49591a96e081 ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/mozilla-hu-1.4-159.src.rpm 5805309872e732a6566742ade686f56d x86-64 Platform: SUSE Linux 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-1.7.5-17.5.x86_64.rpm 818cd3658b021375bc60087bc7a61ce3 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-calendar-1.7.5-17.5.x86_64.rpm 3150933846de56e01769a52263be4f73 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-devel-1.7.5-17.5.x86_64.rpm 14606ed7a0e86bc175592b01672eb004 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-dom-inspector-1.7.5-17.5.x86_64.rpm 78472d39ed5aca6da4787f4482afe995 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-irc-1.7.5-17.5.x86_64.rpm 6c9f63d41c2c5ee7d9f2909e3bbddbaa ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-mail-1.7.5-17.5.x86_64.rpm c5cc774513da309d20e550c9ef690e1a ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-spellchecker-1.7.5-17.5.x86_64.rpm 8a9b3c0f8526499bc2a52787fee8ee60 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-venkman-1.7.5-17.5.x86_64.rpm 0641e898ce6072d9e72757318785e0cb source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/mozilla-1.7.5-17.5.src.rpm cacbda15810bd6f5603ca9b9b3e1970e SUSE Linux 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/MozillaFirefox-1.0.6-4.1.x86_64.rpm c4a4504f35d758e0c90def270d3895c4 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/MozillaFirefox-translations-1.0.6-4.1.x86_64.rpm f2e8a8a66901d96b5267fe15650bd0d7 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/epiphany-1.2.10-0.2.x86_64.rpm 63721c65c29312d85e0bd83d7e0e668d ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/epiphany-extensions-0.8.2-4.3.x86_64.rpm 497653dd80813edc7512eaa89181514a ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/epiphany-extensions-devel-0.8.2-4.3.x86_64.rpm fb2aedcb40e7865f50dd751cc8551c72 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/galeon-1.3.19-6.1.x86_64.rpm 9f0cd31c9aace99836540295e0cae57f ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-1.7.2-17.12.x86_64.rpm 3ca6505f0902de095686a066fcd49bcd ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-calendar-1.7.2-17.12.x86_64.rpm 49e14e285e25fec43f5d5f93ad66a98d ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-devel-1.7.2-17.12.x86_64.rpm 1456a79695ccaa1b1887bc74f3eaad28 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-dom-inspector-1.7.2-17.12.x86_64.rpm 381e0a5bd0b1766cdcb21d20099e9005 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-irc-1.7.2-17.12.x86_64.rpm 6ac315c96a9e5f886ec5ae1bc2d58b4b ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-mail-1.7.2-17.12.x86_64.rpm 23e0a2a2da3c8b0c2f54c5cfea54e853 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-spellchecker-1.7.2-17.12.x86_64.rpm 713540470613683cbc2ceda6cd30f32a ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-venkman-1.7.2-17.12.x86_64.rpm 439c9618b88915dd0a9dd51614282926 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/MozillaFirefox-1.0.6-4.1.src.rpm 9465f6d549e794b6bfbe4c1e48dfde5a ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/epiphany-1.2.10-0.2.src.rpm 56a820a30e1719fbe6f15b2333733fb4 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/epiphany-extensions-0.8.2-4.3.src.rpm 6cad0702acba84800382db956ffa20fd ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/galeon-1.3.19-6.1.src.rpm 096926ecce28109356aaef5ea3e5f059 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/mozilla-1.7.2-17.12.src.rpm 4299ffe08939196c1e66df8d8bdd6936 SUSE Linux 9.1: ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/MozillaFirefox-1.0.6-4.2.x86_64.rpm a370814658c6c59b22c0b26f152fd009 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/MozillaFirefox-translations-1.0.6-4.2.x86_64.rpm b63680dbea5cdd2429a16e9ae8b3b62c ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-1.7.8-5.10.x86_64.rpm f47c7eb99e793a4c84506d67598cb79e ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-calendar-1.7.8-5.10.x86_64.rpm 0f2a961352f58614cb09f228037e80b4 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-cs-1.7.5-4.4.x86_64.rpm 06a5a58c043624c2e1f3564a0aac48a5 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-deat-1.7.6-0.4.x86_64.rpm 143567942ced1976c1956aeb13c4e551 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-devel-1.7.8-5.10.x86_64.rpm b19f5a46930dac566ca79684da8072f3 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-dom-inspector-1.7.8-5.10.x86_64.rpm ac5a2a6d97661771af4498729906c20a ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-hu-1.78-0.5.x86_64.rpm 5ba3441864bd620f4df283359b3bf78a ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-irc-1.7.8-5.10.x86_64.rpm bd34182213c1df88c430051e76195e8f ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-ja-1.7.7-0.5.x86_64.rpm 6eae7f6519978d5fc630b65ddc6ea925 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-ko-1.75-0.5.x86_64.rpm cdf0841a48a0c70b01263edad0d1a41d ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-mail-1.7.8-5.10.x86_64.rpm 97d9a2831e01f14416565cda9e0b5893 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-spellchecker-1.7.8-5.10.x86_64.rpm 289f7ca0d17ae052d3d2b8bd3e83b613 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-venkman-1.7.8-5.10.x86_64.rpm 47d7a9ccd5c760260aa23681050d061e source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/MozillaFirefox-1.0.6-4.2.src.rpm 00786352c76255079057effb9a810283 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-1.7.8-5.10.src.rpm cf36f5e3a85d488133b0ebad42ca61c3 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-cs-1.7.5-4.4.src.rpm 592bd5c5902fd8e30f78dde0d2536843 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-deat-1.7.6-0.4.src.rpm 81186f752ad57deb1fe0c201c0f3ea6d ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-hu-1.78-0.5.src.rpm 5ffc830758e55d0496d3d24c0581f16e ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-ja-1.7.7-0.5.src.rpm 7ad0667f296852266e642828f9c6a46b ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-ko-1.75-0.5.src.rpm a41ea52316a6f5a541c90663721f6b23 SUSE Linux 9.0: ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/MozillaFirebird-1.0.6-2.x86_64.rpm 8c424bcb147929ca3b25ede8c6d4230b ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-1.7.8-20.x86_64.rpm 71e2363debdc9ca95ac019a23880d7f0 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-calendar-1.7.8-20.x86_64.rpm b9884210a7608e0470287194b5f81181 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-cs-1.7.5-7.x86_64.rpm b32f908a5d0198bded47c068ecc5dfb7 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-deat-1.7.6-4.x86_64.rpm 365df64a69e4d830059902b412d9f06f ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-devel-1.7.8-20.x86_64.rpm 951445bca390ea36cbddb097ae6fe800 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-dom-inspector-1.7.8-20.x86_64.rpm 1abf2651aefffa6d22c3dcde4f081d45 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-hu-1.78-4.x86_64.rpm a9f2e216f49958302455aca802e3b12d ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-irc-1.7.8-20.x86_64.rpm cc7d440ae25bbfd460892b9efee82664 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-mail-1.7.8-20.x86_64.rpm 2b279158c3a2131b30c54d6bf33c08cc ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-spellchecker-1.7.8-20.x86_64.rpm 994ba3dc0c7e8f2cd925fe92a969a3ad ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-venkman-1.7.8-20.x86_64.rpm 8aa655a52453608c0fd7484f22425899 source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/MozillaFirebird-1.0.6-2.src.rpm 643de31a2b60aad00c33e788f6a676cb ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mozilla-1.7.8-20.src.rpm 420e4ebe9ca47c59e683ecec99fcbfcf ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mozilla-cs-1.7.5-7.src.rpm 7ca8e9bd16cf1fd5b8b176be436e6d9e ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mozilla-deat-1.7.6-4.src.rpm c5d85e3d18ac3eba4b2eda9e777ea1a1 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mozilla-hu-1.78-4.src.rpm cfac61dc8b7ca512f31a31cca35ff9b1 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security@suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security@suse.de), the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security@suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe@suse.com>. suse-security-announce@suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe@suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info@suse.com> or <suse-security-faq@suse.com>. ===================================================================== SUSE's security contact is <security@suse.com> or <security@suse.de>. The <security@suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBQvtuSHey5gA9JdPZAQLg3gf+KRYqHPdXDXMRtT/e5BhX4eaKJC7tLd7O RH/z1CbnhKSXigy7WbrS/hfPpYwE764uXNNt78RX8iPMaDmJ7t90lJCvFWHzpJQm z4MTqrNXpGOCSVGBJs7dbzLAeFj/gDeMhLIWMTZEwMXKNhTYuxO3btKznx9h3lgA WN/nfiRlWaIxtlg1kf4KCvDPZVRlUPCUiT0O3+/Qgfh6FQPg4CCYYepzOns1Ym0/ aI6nhPOK/IczqtwBZPGr+Np9xzddNfdrzRhHmUojoZ5TCNTRHp5Y4I9CoNLctwnl gYkWfPA7q1GoKzthbUzvPBWKh8X8aywYuH6/+upWWR8G5woP86xufw== =ZJnB -----END PGP SIGNATURE-----