[SECURITY] Fedora 8 Update: galeon-2.0.3-16.fc8

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:48:08 UTC 2007

Fedora Update Notification
2007-11-29 01:46:57.290638

Name        : galeon
Product     : Fedora 8
Version     : 2.0.3
Release     : 16.fc8
URL         : http://galeon.sourceforge.net/
Summary     : GNOME2 Web browser based on Mozilla
Description :
Galeon is a web browser built around Gecko (Mozilla's rendering
engine) and Necko (Mozilla's networking engine). It's a GNOME web
browser, designed to take advantage of as many GNOME technologies as
makes sense. Galeon was written to do just one thing - browse the web.

Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 8.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.


* Tue Nov 27 2007 Denis Leroy <denis at poolshark.org> - 2.0.3-16
- Rebuild with gecko lib
* Mon Nov 19 2007 Martin Stransky <stransky at redhat.com> - 2.0.3-15
- Added support for wrapped plugins
* Tue Nov  6 2007 Denis Leroy <denis at poolshark.org> - 2.0.3-14
- Rebuild with gecko lib
Updated packages:

d0efe4f1df611f49b9726155f3161b8e69c9e2ce galeon-2.0.3-16.fc8.ppc64.rpm
aa4a3fa7e5c4ec178976094f3e053d2ea2f10f9e galeon-debuginfo-2.0.3-16.fc8.ppc64.rpm
f29bba3798d1dd55664c8b3642b0fba52b271f87 galeon-2.0.3-16.fc8.i386.rpm
2297509f46ccf5a83c0883839537310ffda4acec galeon-debuginfo-2.0.3-16.fc8.i386.rpm
a45c0c42b6742ff86b8d0844303e45ffe39fe064 galeon-2.0.3-16.fc8.x86_64.rpm
bbdbf7bca20c7f545d978fe5cb6f7035c4403bf2 galeon-debuginfo-2.0.3-16.fc8.x86_64.rpm
6573ea474bfb0e69d1d272ade8dfefaefbb81b6b galeon-debuginfo-2.0.3-16.fc8.ppc.rpm
250544dfa62449f37ebe8fe5588c9e8583f8544c galeon-2.0.3-16.fc8.ppc.rpm
f2557f2a8d2b1ad1f87544af5d329353f1e633bd galeon-2.0.3-16.fc8.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update galeon' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.

More information about the Fedora-package-announce mailing list