Bug 488273 (CVE-2009-0772)
| Summary: | CVE-2009-0772 Firefox 2 and 3 - Layout engine crashes | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Josh Bressers <bressers> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | unspecified | CC: | kseifried, mjc, pasteur, security-response-team, vdanen |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-10-25 19:45:13 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Josh Bressers
2009-03-03 16:16:01 UTC
Public now via: http://www.mozilla.org/security/announce/2009/mfsa2009-07.html
https://rhn.redhat.com/errata/RHSA-2009-0325.html is listing
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/seamonkey-1.0.9-0.34.el3.src.rpm
which is NOT GPG signed...
[tru@sillage fasttrack]$ rpm -K seamonkey-1.0.9-0.34.el3.src.rpm
seamonkey-1.0.9-0.34.el3.src.rpm: sha1 md5 OK
[tru@sillage fasttrack]$ md5sum seamonkey-1.0.9-0.34.el3.src.rpm
ad8235da96b7a04d446c4cf0422e5cc2 seamonkey-1.0.9-0.34.el3.src.rpm
[tru@sillage fasttrack]$ rpm -qip seamonkey-1.0.9-0.34.el3.src.rpm
Name : seamonkey Relocations: (not relocatable)
Version : 1.0.9 Vendor: Red Hat, Inc.
Release : 0.34.el3 Build Date: Wed 25 Feb 2009
07:45:23 PM CET
Install Date: (not installed) Build Host:
js20-bc2-10.build.redhat.com
Group : Applications/Internet Source RPM: (none)
Size : 35061546 License: MPL/NPL/GPL/LGPL
Signature : (none)
Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary : Web browser and mail reader
Description :
Mozilla Seamonkey is an open-source web browser, designed for standards
compliance, performance and portability.
Hello Tru, thanks for letting us know about this issue. It looks like a bug in our tool which caused the unsigned rpms for this errata to be pushed to the FTP site. We've confirmed that the rpms (including srpm) pushed to Red Hat Network were signed (there are several layers of checks to ensure this), and so far this looks to have only affected the SeaMonkey errata RHSA-2009:0325 from last night. We've repushed the signed rpms and I've verified they have replaced the unsigned ones on the live ftp site, so please try again. We will also look at our tool to ensure that unsigned rpms can not be pushed to the FTP site in the future. thanks :) [tru@sillage todo]$ rpm -K seamonkey-1.0.9-0.34.el3.src.rpm seamonkey-1.0.9-0.34.el3.src.rpm: (sha1) dsa sha1 md5 gpg OK [tru@sillage todo]$ md5sum seamonkey-1.0.9-0.34.el3.src.rpm e46112fbf4da7569e6ed020b4563dc5e seamonkey-1.0.9-0.34.el3.src.rpm firefox-3.0.7-1.fc9, xulrunner-1.9.0.7-1.fc9, epiphany-2.22.2-8.fc9, epiphany-extensions-2.22.1-8.fc9, blam-1.8.5-6.fc9.1, chmsee-1.0.1-9.fc9, devhelp-0.19.1-9.fc9, galeon-2.0.7-7.fc9, gnome-python2-extras-2.19.1-24.fc9, gnome-web-photo-0.3-18.fc9, google-gadgets-0.10.5-3.fc9, gtkmozembedmm-1.4.2.cvs20060817-26.fc9, kazehakase-0.5.6-1.fc9.4, Miro-1.2.7-5.fc9, mozvoikko-0.9.5-7.fc9, mugshot-1.2.2-6.fc9, ruby-gnome2-0.17.0-6.fc9, totem-2.23.2-12.fc9, yelp-2.22.1-9.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. firefox-3.0.7-1.fc10, xulrunner-1.9.0.7-1.fc10, epiphany-2.24.3-3.fc10, epiphany-extensions-2.24.0-5.fc10, blam-1.8.5-7.fc10, devhelp-0.22-5.fc10, evolution-rss-0.1.2-5.fc10, galeon-2.0.7-7.fc10, gecko-sharp2-0.13-5.fc10, gnome-python2-extras-2.19.1-27.fc10, gnome-web-photo-0.3-15.fc10, google-gadgets-0.10.5-3.fc10, kazehakase-0.5.6-1.fc10.4, Miro-2.0-4.fc10, mozvoikko-0.9.5-7.fc10, mugshot-1.2.2-6.fc10, pcmanx-gtk2-0.3.8-6.fc10, ruby-gnome2-0.18.1-4.fc10, yelp-2.24.0-6.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. thunderbird-2.0.0.21-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. thunderbird-2.0.0.21-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2009:0258 https://rhn.redhat.com/errata/RHSA-2009-0258.html seamonkey-1.1.15-3.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. seamonkey-1.1.15-3.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. seamonkey-1.1.15-3.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following RHSAs: Red Hat Enterprise Linux version 4, Desktop version 5 and Optional Productivity Applications version 5 (thunderbird) RHSA-2009:0258 Red Hat Enterprise Linux version 4 and 5 (firefox) RHSA-2009:0315 Red Hat Enterprise Linux version 2.1, 3 and 4 (seamonkey) RHSA-2009:0325 |