U radu programskog paketa Firefox uočeno je više sigurnosnih ranjivosti. Udaljeni napadač ih može iskoristiti za izvođenje napada uskraćivanja usluge, proizvoljno pokretanje programskog koda, umetanje HTML ili skriptnog koda, neovlašteni pristup sustavu i osjetljivim podacima.
Paket:
Firefox 3.x, Firefox 5.x
Operacijski sustavi:
Slackware Linux 13.0, Slackware Linux 13.1, Slackware Linux 13.37
Problem:
cjelobrojno prepisivanje, korupcija memorije, pogreška u programskoj komponenti, XSS
Iskorištavanje:
udaljeno
Posljedica:
izmjena podataka, neovlašteni pristup sustavu, otkrivanje osjetljivih informacija, proizvoljno izvršavanje programskog koda, umetanje HTML i skriptnog koda, uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
Izvorni ID preporuke:
SSA:2011-174-01
Izvor:
Slackware
Problem:
Sigurnosne ranjivosti se javljaju zbog cjelobrojnog prepisivanja u polju "Array.reduceRight()", XSS ranjivosti, pogreške u "WebGL" komponenti, neodgovarajućeg rukovanja SVG i XUL dokumentima, korupcije memorije u "multipart/x-mixed-replace", itd.
Posljedica:
Udaljeni napadač ranjivosti može iskoristiti za DoS napad, neovlašteni pristup sustavu, čitanje i promjenu osjetljivih podataka, proizvoljno pokretanje programskog i skriptnog koda te slične zloćudne radnje.
Rješenje:
Svim se korisnicima savjetuje korištenje dostupnih programskih nadogradnji i zakrpa.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] mozilla-firefox (SSA:2011-174-01)
New mozilla-firefox packages are available for Slackware 13.0, 13.1,
13.37, and -current to fix security issues.
Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-5.0-i486-1_slack13.37.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox.html
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/mozilla-firefox-3.6.18-i686-1.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/mozilla-firefox-3.6.18-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mozilla-firefox-3.6.18-i686-1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mozilla-firefox-3.6.18-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mozilla-firefox-5.0-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mozilla-firefox-5.0-x86_64-1_slack13.37.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-5.0-i486-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-5.0-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 13.0 package:
6bae11a48ff0dbd131535523da47dfa3 mozilla-firefox-3.6.18-i686-1.txz
Slackware x86_64 13.0 package:
9c6b5b65cb74692f8e51e92a9af1b174
mozilla-firefox-3.6.18-x86_64-1_slack13.0.txz
Slackware 13.1 package:
5de7a771024cf248144cc84bf22e6c0b mozilla-firefox-3.6.18-i686-1.txz
Slackware x86_64 13.1 package:
9868ece365ad9c8fb88492e98124e989
mozilla-firefox-3.6.18-x86_64-1_slack13.1.txz
Slackware 13.37 package:
0f44d12d4cab622f99c20025090cc344 mozilla-firefox-5.0-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
cd7eb8f9e363e10026b1ecfa88a927b1 mozilla-firefox-5.0-x86_64-1_slack13.37.txz
Slackware -current package:
082655c72f19e52b4d6b97881d3b4388 xap/mozilla-firefox-5.0-i486-1.txz
Slackware x86_64 -current package:
a9dd701bf34e6141b386530ad38d4292 xap/mozilla-firefox-5.0-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg mozilla-firefox-5.0-i486-1_slack13.37.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite. with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk4EBSMACgkQakRjwEAQIjMwHwCfSJ6RGhyqjlfcuGfui6zU9luK
+nQAniMYu/CkNbxvCIyKZExZGJhBAa0z
=HW74
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke