[SECURITY] Fedora 7 Update: yelp-2.18.1-8.fc7

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:45:27 UTC 2007

Fedora Update Notification
2007-11-29 01:44:21.449766

Name        : yelp
Product     : Fedora 7
Version     : 2.18.1
Release     : 8.fc7
URL         : http://live.gnome.org/Yelp
Summary     : A system documentation reader from the Gnome project
Description :
Yelp is the Gnome 2 help/documentation browser. It is designed
to help you browse all the documentation on your system in
one central tool.

Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 7.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

* Tue Nov 27 2007 Christopher Aillon <caillon at redhat.com> - 2.18-1-8
- Rebuild against newer gecko
* Mon Nov  5 2007 Martin Stransky <stransky at redhat.com> - 2.18.1-7
- Rebuild against newer gecko
* Fri Oct 19 2007 Christopher Aillon <caillon at redhat.com> - 2.18.1-6
- Rebuild against newer gecko
* Wed Jul 18 2007 Kai Engert <kengert at redhat.com> - 2.18.1-5
- Rebuild against newer gecko
* Fri May 25 2007 Christopher Aillon <caillon at redhat.com> - 2.18.1-4
- Rebuild against newer gecko
* Wed Apr 18 2007 Matthias Clasen <mclasen at redhat.com> - 2.18.1-3
- Improve the man parser a bit
- Fix another crash in the info parser
Updated packages:

86427b6f5b879b7ceb0340d3a12910da502fa777 yelp-2.18.1-8.fc7.ppc64.rpm
68dd885f7fb1ffc7521b5a9b5fca77855f144bd2 yelp-debuginfo-2.18.1-8.fc7.ppc64.rpm
1d90fc66f247dd9207d4eb53149abfa66b39ce00 yelp-2.18.1-8.fc7.i386.rpm
5c61a670ab9cc2065b3c14cc33a2236f93a48580 yelp-debuginfo-2.18.1-8.fc7.i386.rpm
e5bef6e79f192bb19290469e1867cf0a5a38abb8 yelp-2.18.1-8.fc7.x86_64.rpm
34a3c219f4b41eb93c5307af52413fa02b78d74c yelp-debuginfo-2.18.1-8.fc7.x86_64.rpm
3cd1b2a4eb526e52b6a4227a7863e70d5aec0a3e yelp-debuginfo-2.18.1-8.fc7.ppc.rpm
6a95f812c16db9e54ce9b354139a37a48a97ff75 yelp-2.18.1-8.fc7.ppc.rpm
778fa1b04a2a16a12e5ed03ccbe938fd4a8b63b9 yelp-2.18.1-8.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update yelp' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.

More information about the Fedora-package-announce mailing list