[SECURITY] Fedora 8 Update: yelp-2.20.0-6.fc8

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:48:08 UTC 2007

Fedora Update Notification
2007-11-29 01:46:57.290638

Name        : yelp
Product     : Fedora 8
Version     : 2.20.0
Release     : 6.fc8
URL         : http://live.gnome.org/Yelp
Summary     : A system documentation reader from the Gnome project
Description :
Yelp is the Gnome 2 help/documentation browser. It is designed
to help you browse all the documentation on your system in
one central tool.

Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 8.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.


* Tue Nov 27 2007 Christopher Aillon <caillon at redhat.com> - 2.20.0-6
- Rebuild against newer gecko
* Mon Nov  5 2007 Matthias Clasen <mclasen at redhat.com> - 2.20.0-5
- Fix a crash in search (#361041)
* Mon Nov  5 2007 Martin Stransky <stransky at redhat.com> - 2.20.0-4
- Rebuild against new firefox
* Sun Nov  4 2007 Matthias Clasen <mclasen at redhat.com> - 2.20.0-3
- Fix a crash when loading the rarian docs
Updated packages:

411dbbed76fa4f5e49bda42971e20721accdf327 yelp-debuginfo-2.20.0-6.fc8.ppc64.rpm
414a77884d93ecde459aad0833e76b455c636ffb yelp-2.20.0-6.fc8.ppc64.rpm
b8095b6ecdb47570ee7b2032515e0dcedb0d871e yelp-debuginfo-2.20.0-6.fc8.i386.rpm
eda1926a021f9ed629e69e0f617ee8987394a806 yelp-2.20.0-6.fc8.i386.rpm
ab6b92022e5a2866624c7093982ae252d94c2052 yelp-debuginfo-2.20.0-6.fc8.x86_64.rpm
c99ecfcb5f63cfd8ad26241af5d061d50615f4b9 yelp-2.20.0-6.fc8.x86_64.rpm
1375710fa2e141ff34da214195230a1e58ce1e93 yelp-debuginfo-2.20.0-6.fc8.ppc.rpm
2f056ed4fa5f8cb58c772c50d113b1ac6b1dbdbc yelp-2.20.0-6.fc8.ppc.rpm
620f1becf6c545183b0b57cba9b7422a2083eed0 yelp-2.20.0-6.fc8.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update yelp' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.

More information about the Fedora-package-announce mailing list