From Fedora Project Wiki

< FSA‎ | F7
Revision as of 14:13, 24 May 2008 by fp-wiki>ImportUser (Imported from MoinMoin)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

[SECURITY] Fedora 7 Update: seamonkey-1.1.3-1.fc7

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-1181
2007-07-20 12:32:40.556461
--------------------------------------------------------------------------------

Name        : seamonkey
Product     : Fedora 7
Version     : 1.1.3
Release     : 1.fc7
Summary     : Web browser, e-mail, news, IRC client, HTML editor
Description :
SeaMonkey is an all-in-one Internet application suite. It includes
a browser, mail/news client, IRC client, JavaScript debugger, and
a tool to inspect the DOM for web pages. It is derived from the
application formerly known as Mozilla Application Suite.

--------------------------------------------------------------------------------
Update Information:

SeaMonkey is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.

Several flaws were found in the way SeaMonkey processed certain malformed JavaScript
code. A web page containing malicious JavaScript code could cause SeaMonkey to crash
or potentially execute arbitrary code as the user running SeaMonkey.
(CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738)

Several content injection flaws were found in the way SeaMonkey handled certain
JavaScript code. A web page containing malicious JavaScript code could inject
arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089)

A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious
web page may be able to inject arbitrary HTML into a browsing session if the user
reloads a targeted site. (CVE-2007-3656)

Users of SeaMonkey are advised to upgrade to these erratum packages, which contain
patches that correct these issues.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 20 2007 Kai Engert <kengert@redhat.com> - 1.1.3-1
- SeaMonkey 1.1.3
* Thu May 31 2007 Kai Engert <kengert@redhat.com> 1.1.2-1
- SeaMonkey 1.1.2
--------------------------------------------------------------------------------
References:

[ 1 ]  Bug #248518
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248518
[ 2 ]  CVE-2007-3734
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734
[ 3 ]  CVE-2007-3735
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3735
[ 4 ]  CVE-2007-3736
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3736
[ 5 ]  CVE-2007-3089
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3089
[ 6 ]  CVE-2007-3737
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3737
[ 7 ]  CVE-2007-3656
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3656
[ 8 ]  CVE-2007-3738
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3738
--------------------------------------------------------------------------------
Updated packages:

5c751bb8d48e168c4eaf97d7e039c0368d35ff5d seamonkey-debuginfo-1.1.3-1.fc7.ppc64.rpm
5c32e2b7896d73b435a246b7657d661f1aa8928d seamonkey-1.1.3-1.fc7.ppc64.rpm
b5c5b0f54ef0c757bd9abc0826ccd54826171096 seamonkey-debuginfo-1.1.3-1.fc7.i386.rpm
d00f0b7d75bc2b93b04f3d36f0c6cdb8a4e5c5ef seamonkey-1.1.3-1.fc7.i386.rpm
f5084ac1bfd2c7bf479d9e3c3be0c1c2a5b50af3 seamonkey-debuginfo-1.1.3-1.fc7.x86_64.rpm
395a32d934a1a717a0a025f14914b58516abd1f8 seamonkey-1.1.3-1.fc7.x86_64.rpm
eaff41df4a1891cc80c3368e559f589ec92d1211 seamonkey-1.1.3-1.fc7.ppc.rpm
e05847842fac05bc647666ef6bab651bb9bf8985 seamonkey-debuginfo-1.1.3-1.fc7.ppc.rpm
f50ab54a29f019925c494e1e1d3339c832825f2b seamonkey-1.1.3-1.fc7.src.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------