[SECURITY] Fedora 7 Update: seamonkey-1.1.5-1.fc7

updates at fedoraproject.org updates at fedoraproject.org
Wed Oct 24 07:02:38 UTC 2007


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-2601
2007-10-24 07:02:15.462544
--------------------------------------------------------------------------------

Name        : seamonkey
Product     : Fedora 7
Version     : 1.1.5
Release     : 1.fc7
URL         : http://www.mozilla.org/projects/seamonkey/
Summary     : Web browser, e-mail, news, IRC client, HTML editor
Description :
SeaMonkey is an all-in-one Internet application suite. It includes
a browser, mail/news client, IRC client, JavaScript debugger, and
a tool to inspect the DOM for web pages. It is derived from the
application formerly known as Mozilla Application Suite.

--------------------------------------------------------------------------------
Update Information:

SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

By leveraging browser flaws, users could be fooled into possibly surrendering sensitive information (CVE-2007-1095, CVE-2007-3511, CVE-2007-3844, CVE-2007-5334).

Malformed web content could result in the execution of arbitrary commands (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340).

Digest Authentication requests can be used to conduct a response splitting attack (CVE-2007-2292).

The sftp protocol handler could be used to view the contents of arbitrary local files (CVE-2007-5337).

Users of SeaMonkey are advised to upgrade to these erratum packages, which contain patches that correct these issues.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 19 2007 Kai Engert <kengert at redhat.com> - 1.1.5-1
- SeaMonkey 1.1.5
* Fri Jul 27 2007 Martin Stransky <stransky at redhat.com> - 1.1.3-2
- added pango patches
* Fri Jul 20 2007 Kai Engert <kengert at redhat.com> - 1.1.3-1
- SeaMonkey 1.1.3
* Thu May 31 2007 Kai Engert <kengert at redhat.com> 1.1.2-1
- SeaMonkey 1.1.2
--------------------------------------------------------------------------------
References:

  [ 1 ] CVE-2007-1095
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1095
  [ 2 ] CVE-2007-3511
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3511
  [ 3 ] CVE-2007-3844
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3844
  [ 4 ] CVE-2007-5334
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5334
  [ 5 ] CVE-2007-5338
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5338
  [ 6 ] CVE-2007-5339
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339
  [ 7 ] CVE-2007-5340
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5340
  [ 8 ] CVE-2007-2292
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2292
  [ 9 ] CVE-2007-5337
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5337
--------------------------------------------------------------------------------
Updated packages:

2aec1a2ee6e4a628ab5932f1fed1781953aad368 seamonkey-debuginfo-1.1.5-1.fc7.ppc64.rpm
8be245f88946492d9873adffc2df8ab3acd02e33 seamonkey-1.1.5-1.fc7.ppc64.rpm
789f959ecf34848f7d2756b46f2a3d6e2008bed4 seamonkey-1.1.5-1.fc7.i386.rpm
ddd04fe9329198119d37db71219c088ad2cb382d seamonkey-debuginfo-1.1.5-1.fc7.i386.rpm
c98e1da7e5dad9b7ffd5b3b63915cc47439de3e4 seamonkey-1.1.5-1.fc7.x86_64.rpm
7e7631a3d5552ff0dc35c8152e707184431c4d90 seamonkey-debuginfo-1.1.5-1.fc7.x86_64.rpm
aaa6c15a699117bc3461bbf7324e0d311ee90ee3 seamonkey-debuginfo-1.1.5-1.fc7.ppc.rpm
921a176932a048252b39202202a9bb78586dc4ce seamonkey-1.1.5-1.fc7.ppc.rpm
aedcef2d03fba3ce19d67a642228614f7430e2fc seamonkey-1.1.5-1.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update seamonkey' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------




More information about the Fedora-package-announce mailing list