[SECURITY] Fedora 7 Update: seamonkey-1.1.3-1.fc7

updates at fedoraproject.org updates at fedoraproject.org
Fri Jul 20 19:32:57 UTC 2007


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-1181
2007-07-20 12:32:40.556461
--------------------------------------------------------------------------------

Name        : seamonkey
Product     : Fedora 7
Version     : 1.1.3
Release     : 1.fc7
Summary     : Web browser, e-mail, news, IRC client, HTML editor
Description :
SeaMonkey is an all-in-one Internet application suite. It includes
a browser, mail/news client, IRC client, JavaScript debugger, and
a tool to inspect the DOM for web pages. It is derived from the
application formerly known as Mozilla Application Suite.

--------------------------------------------------------------------------------
Update Information:

SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738)

Several content injection flaws were found in the way SeaMonkey handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089)

A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656)

Users of SeaMonkey are advised to upgrade to these erratum packages, which contain patches that correct these issues.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 20 2007 Kai Engert <kengert at redhat.com> - 1.1.3-1
- SeaMonkey 1.1.3
* Thu May 31 2007 Kai Engert <kengert at redhat.com> 1.1.2-1
- SeaMonkey 1.1.2
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #248518
        https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248518
  [ 2 ] CVE-2007-3734
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734
  [ 3 ] CVE-2007-3735
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3735
  [ 4 ] CVE-2007-3736
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3736
  [ 5 ] CVE-2007-3089
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3089
  [ 6 ] CVE-2007-3737
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3737
  [ 7 ] CVE-2007-3656
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3656
  [ 8 ] CVE-2007-3738
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3738
--------------------------------------------------------------------------------
Updated packages:

5c751bb8d48e168c4eaf97d7e039c0368d35ff5d seamonkey-debuginfo-1.1.3-1.fc7.ppc64.rpm
5c32e2b7896d73b435a246b7657d661f1aa8928d seamonkey-1.1.3-1.fc7.ppc64.rpm
b5c5b0f54ef0c757bd9abc0826ccd54826171096 seamonkey-debuginfo-1.1.3-1.fc7.i386.rpm
d00f0b7d75bc2b93b04f3d36f0c6cdb8a4e5c5ef seamonkey-1.1.3-1.fc7.i386.rpm
f5084ac1bfd2c7bf479d9e3c3be0c1c2a5b50af3 seamonkey-debuginfo-1.1.3-1.fc7.x86_64.rpm
395a32d934a1a717a0a025f14914b58516abd1f8 seamonkey-1.1.3-1.fc7.x86_64.rpm
eaff41df4a1891cc80c3368e559f589ec92d1211 seamonkey-1.1.3-1.fc7.ppc.rpm
e05847842fac05bc647666ef6bab651bb9bf8985 seamonkey-debuginfo-1.1.3-1.fc7.ppc.rpm
f50ab54a29f019925c494e1e1d3339c832825f2b seamonkey-1.1.3-1.fc7.src.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------




More information about the Fedora-package-announce mailing list