[SECURITY] Fedora 7 Update: galeon-2.0.3-14.fc7

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:45:27 UTC 2007

Fedora Update Notification
2007-11-29 01:44:21.449766

Name        : galeon
Product     : Fedora 7
Version     : 2.0.3
Release     : 14.fc7
URL         : http://galeon.sourceforge.net/
Summary     : GNOME2 Web browser based on Mozilla
Description :
Galeon is a web browser built around Gecko (Mozilla's rendering
engine) and Necko (Mozilla's networking engine). It's a GNOME web
browser, designed to take advantage of as many GNOME technologies as
makes sense. Galeon was written to do just one thing - browse the web.

Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 7.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

* Tue Nov 27 2007 Denis Leroy <denis at poolshark.org> - 2.0.3-14
- Rebuild with gecko lib
* Tue Nov  6 2007 Denis Leroy <denis at poolshark.org> - 2.0.3-13
- Rebuild with gecko lib
* Wed Oct 24 2007 Alex Lancaster <alexl at users.sourceforge.net> - 2.0.3-12
- Rebuild with gecko-libs (firefox
* Wed Sep 19 2007 Denis Leroy <denis at poolshark.org> - 2.0.3-11
- Added patch to fix image loading preference
* Wed Jul 18 2007 Denis Leroy <denis at poolshark.org> - 2.0.3-10
- Rebuild with gecko-libs
* Fri Jun  1 2007 Denis Leroy <denis at poolshark.org> - 2.0.3-9
- Rebuild with gecko-libs
Updated packages:

3d00bccb3cdc66277297598943981a51a9148cd2 galeon-2.0.3-14.fc7.ppc64.rpm
14a0264518a022f3738c39d98c507727c24680dd galeon-debuginfo-2.0.3-14.fc7.ppc64.rpm
044d70ac2201b8b8f657fe0dfd73ebcc011192f5 galeon-debuginfo-2.0.3-14.fc7.i386.rpm
63c1417388a19891de642eb8143c9f1872a9684f galeon-2.0.3-14.fc7.i386.rpm
dc4728272b48d7f1ce30652c5979ccd57aa49855 galeon-2.0.3-14.fc7.x86_64.rpm
599fd57570c39015c117f4abff18ec39c653f8ca galeon-debuginfo-2.0.3-14.fc7.x86_64.rpm
4c3f2720ec3823fb54ad0892716f563bf549d3dd galeon-2.0.3-14.fc7.ppc.rpm
c66213cd35cefc27552664a043b742a8b6f4eb68 galeon-debuginfo-2.0.3-14.fc7.ppc.rpm
e20abce5d2a151794f39e4514af92e1af4adf17f galeon-2.0.3-14.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update galeon' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.

More information about the Fedora-package-announce mailing list