CompatDB Updates 07/30/10  

Posted by Daniela Mehler

Here the latest updates of the CompatDB compatiblity lists. There are today 16 Windows updates, 1 Linux update and 1 Mac OS update

Windows

Applications:
360Amigo System Speedup (360Amigo)
Advanced System Restore (Evonsoft)
CCleaner Slim (No Toolbar) (Piriform Ltd. )
Corel Draw 4 (Corel)
EVEREST Free Edition 2.20 (Lavalys Consulting Group, Inc.)
IObit Security 360 (IObit)
Kaspersky Rescue Disk (Kaspersky)
Malwarebytes Anti-Malware (Malwarebytes)
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint File Formats (Microsoft Corp.)
Nero Multimedia Suite (Nero AG)
Pagedefrag (Sysinternals)
Realtek High Definition Audio for 2K/XP/03 (Realtek)
The Application Compatibility Toolkit (Microsoft)
VIA HyperionPro 4in1 Driver (VIA Technologies)

Hardware:
Intel 536EP V.92 Modem (Intel)
Realtek RTL810X/RTL8130/ RTL8139(A/B/C/D) PCI Series Drivers For Vista (Realtek)

Linux

Hardware:
ATI Radeon 9600 Pro (ATI)

Mac OS

Hardware:
Canon CanoScan LiDE 60 (Canon)

CompatDB Updates 07/30/10



Athlete announce ‘The Singles Tour’More CentOS Updates

java-1.4.2-ibm security update  

Posted by Daniela Mehler

A java security update has been released for Red Hat Enterprise Linux 3, 4, and 5

=====================================================================
Red Hat Security Advisory

Synopsis: Critical: java-1.4.2-ibm security update
Advisory ID: RHSA-2010:0574-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0574.html
Issue date: 2010-07-29
CVE Names: CVE-2010-0084 CVE-2010-0085 CVE-2010-0087
CVE-2010-0088 CVE-2010-0089 CVE-2010-0091
CVE-2010-0095 CVE-2010-0839 CVE-2010-0840
CVE-2010-0841 CVE-2010-0842 CVE-2010-0843
CVE-2010-0844 CVE-2010-0846 CVE-2010-0847
CVE-2010-0848 CVE-2010-0849
=====================================================================

1. Summary:

Updated java-1.4.2-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4
Extras, and Red Hat Enterprise Linux 5 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Desktop version 3 Extras - i386, x86_64
Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 3 Extras - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux ES version 3 Extras - i386, ia64, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 Extras - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64

3. Description:

The IBM 1.4.2 SR13-FP5 Java release includes the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit.

This update fixes several vulnerabilities in the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit. These
vulnerabilities are summarized on the IBM "Security alerts" page listed in
the References section. (CVE-2010-0084, CVE-2010-0085, CVE-2010-0087,
CVE-2010-0088, CVE-2010-0089, CVE-2010-0091, CVE-2010-0095, CVE-2010-0839,
CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844,
CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849)

All users of java-1.4.2-ibm are advised to upgrade to these updated
packages, which contain the IBM 1.4.2 SR13-FP5 Java release. All running
instances of IBM Java must be restarted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

575740 - CVE-2010-0084 OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)
575747 - CVE-2010-0085 OpenJDK File TOCTOU deserialization vulnerability (6736390)
575755 - CVE-2010-0088 OpenJDK Inflater/Deflater clone issues (6745393)
575756 - CVE-2010-0091 OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)
575772 - CVE-2010-0095 OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)
575846 - CVE-2010-0840 OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
575854 - CVE-2010-0841 OpenJDK JPEGImageReader stepX Integer Overflow Vulnerability (6909597)
575865 - CVE-2010-0848 OpenJDK AWT Library Invalid Index Vulnerability (6914823)
575871 - CVE-2010-0847 OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)
578430 - CVE-2010-0846 JDK unspecified vulnerability in ImageIO component
578432 - CVE-2010-0849 JDK unspecified vulnerability in Java2D component
578433 - CVE-2010-0087 JDK unspecified vulnerability in JWS/Plugin component
578436 - CVE-2010-0839 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 JDK multiple unspecified vulnerabilities
578440 - CVE-2010-0089 JDK unspecified vulnerability in JavaWS/Plugin component

6. Package List:

Red Hat Enterprise Linux AS version 3 Extras:

i386:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.i386.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.i386.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.i386.rpm
java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el3.i386.rpm
java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el3.i386.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.i386.rpm

ia64:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.ia64.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.ia64.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.ia64.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.ia64.rpm

ppc:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.ppc.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.ppc.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.ppc.rpm
java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el3.ppc.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.ppc.rpm

s390:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.s390.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.s390.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.s390.rpm
java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el3.s390.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.s390.rpm

s390x:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.s390x.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.s390x.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.s390x.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.s390x.rpm

x86_64:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.x86_64.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.x86_64.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.x86_64.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.x86_64.rpm

Red Hat Desktop version 3 Extras:

i386:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.i386.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.i386.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.i386.rpm
java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el3.i386.rpm
java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el3.i386.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.i386.rpm

x86_64:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.x86_64.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.x86_64.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.x86_64.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.x86_64.rpm

Red Hat Enterprise Linux ES version 3 Extras:

i386:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.i386.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.i386.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.i386.rpm
java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el3.i386.rpm
java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el3.i386.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.i386.rpm

ia64:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.ia64.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.ia64.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.ia64.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.ia64.rpm

x86_64:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.x86_64.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.x86_64.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.x86_64.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.x86_64.rpm

Red Hat Enterprise Linux WS version 3 Extras:

i386:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.i386.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.i386.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.i386.rpm
java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el3.i386.rpm
java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el3.i386.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.i386.rpm

ia64:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.ia64.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.ia64.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.ia64.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.ia64.rpm

x86_64:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.x86_64.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.x86_64.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.x86_64.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.x86_64.rpm

Red Hat Enterprise Linux AS version 4 Extras:

i386:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.i386.rpm

ia64:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.ia64.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.ia64.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.ia64.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.ia64.rpm

ppc:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.ppc.rpm
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.ppc64.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.ppc.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.ppc64.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.ppc.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.ppc64.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4.ppc.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4.ppc64.rpm
java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el4.ppc.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.ppc.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.ppc64.rpm

s390:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.s390.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.s390.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.s390.rpm
java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el4.s390.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.s390.rpm

s390x:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.s390x.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.s390x.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.s390x.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.s390x.rpm

x86_64:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.x86_64.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.x86_64.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.x86_64.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4.x86_64.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.x86_64.rpm

Red Hat Desktop version 4 Extras:

i386:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.i386.rpm

x86_64:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.x86_64.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.x86_64.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.x86_64.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4.x86_64.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.i386.rpm

ia64:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.ia64.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.ia64.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.ia64.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.ia64.rpm

x86_64:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.x86_64.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.x86_64.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.x86_64.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4.x86_64.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el4.i386.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.i386.rpm

ia64:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.ia64.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.ia64.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.ia64.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.ia64.rpm

x86_64:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.x86_64.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.x86_64.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.x86_64.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4.x86_64.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.x86_64.rpm

RHEL Desktop Supplementary (v. 5 client):

i386:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.i386.rpm

x86_64:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.x86_64.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.x86_64.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.x86_64.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el5.x86_64.rpm
java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.x86_64.rpm

RHEL Supplementary (v. 5 server):

i386:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.i386.rpm

ia64:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.ia64.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.ia64.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.ia64.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.ia64.rpm

ppc:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.ppc.rpm
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.ppc64.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.ppc.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.ppc64.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.ppc.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.ppc64.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el5.ppc.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el5.ppc64.rpm
java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el5.ppc.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.ppc.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.ppc64.rpm

s390x:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.s390.rpm
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.s390x.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.s390.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.s390x.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.s390.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.s390x.rpm
java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el5.s390.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.s390.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.s390x.rpm

x86_64:
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.x86_64.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.x86_64.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.x86_64.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el5.x86_64.rpm
java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.i386.rpm
java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-0084.html
https://www.redhat.com/security/data/cve/CVE-2010-0085.html
https://www.redhat.com/security/data/cve/CVE-2010-0087.html
https://www.redhat.com/security/data/cve/CVE-2010-0088.html
https://www.redhat.com/security/data/cve/CVE-2010-0089.html
https://www.redhat.com/security/data/cve/CVE-2010-0091.html
https://www.redhat.com/security/data/cve/CVE-2010-0095.html
https://www.redhat.com/security/data/cve/CVE-2010-0839.html
https://www.redhat.com/security/data/cve/CVE-2010-0840.html
https://www.redhat.com/security/data/cve/CVE-2010-0841.html
https://www.redhat.com/security/data/cve/CVE-2010-0842.html
https://www.redhat.com/security/data/cve/CVE-2010-0843.html
https://www.redhat.com/security/data/cve/CVE-2010-0844.html
https://www.redhat.com/security/data/cve/CVE-2010-0846.html
https://www.redhat.com/security/data/cve/CVE-2010-0847.html
https://www.redhat.com/security/data/cve/CVE-2010-0848.html
https://www.redhat.com/security/data/cve/CVE-2010-0849.html
http://www.redhat.com/security/updates/classification/#critical
http://www.ibm.com/developerworks/java/jdk/alerts/

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.

More CentOS Updates

More CentOS Updates  

Posted by Daniela Mehler

8 new updates are available for CentOS:

- CESA-2010:0556 Critical CentOS 5 x86_64 firefox Update
- CESA-2010:0556 Critical CentOS 5 i386 firefox Update
- CEBA-2010:0563 CentOS 5 i386 vnc Update
- CEBA-2010:0563 CentOS 5 x86_64 vnc Update
- CESA-2010:0557 Critical CentOS 4 i386 seamonkey Update
- CESA-2010:0557 Critical CentOS 4 x86_64 seamonkey Update
- CESA-2010:0565 Moderate CentOS 5 i386 w3m Update
- CESA-2010:0565 Moderate CentOS 5 x86_64 w3m Update

[CentOS-announce] CESA-2010:0556 Critical CentOS 5 x86_64 firefox Update
CentOS Errata and Security Advisory 2010:0556 Critical

Upstream details at : rhn.redhat.com | Red Hat Support

The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename )

x86_64:
f2e33f1c88df500369f3c9a48f207a6e firefox-3.6.7-3.el5.centos.i386.rpm
03ddd3494c58e0fe172d14fa20cd079a firefox-3.6.7-3.el5.centos.x86_64.rpm
1c1a0e5a487fcc0b2920bc7807803116 xulrunner-1.9.2.7-3.el5.i386.rpm
3fd8d3110243061bd3d4dd11300c03cd xulrunner-1.9.2.7-3.el5.x86_64.rpm
d5b18c5c2781810cef002c59b2177289 xulrunner-devel-1.9.2.7-3.el5.i386.rpm
3c2d9ebbb7f6a9c9dc2068dc7e009221 xulrunner-devel-1.9.2.7-3.el5.x86_64.rpm

Source:
c0be0beb256c3e761733c87d77a87adf firefox-3.6.7-3.el5.centos.src.rpm
6ffe2ab64da8976cacd163d4412059ba xulrunner-1.9.2.7-3.el5.src.rpm

[CentOS-announce] CESA-2010:0556 Critical CentOS 5 i386 firefox Update
CentOS Errata and Security Advisory 2010:0556 Critical

Upstream details at : rhn.redhat.com | Red Hat Support

The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename )

i386:
baed9de8f1d8ad1744433244271a78cc firefox-3.6.7-3.el5.centos.i386.rpm
26f1da18c56d8be81ba8934758600bbf xulrunner-1.9.2.7-3.el5.i386.rpm
d902b362f7af2bb8d8a65b4af23bef6a xulrunner-devel-1.9.2.7-3.el5.i386.rpm

Source:
c0be0beb256c3e761733c87d77a87adf firefox-3.6.7-3.el5.centos.src.rpm
6ffe2ab64da8976cacd163d4412059ba xulrunner-1.9.2.7-3.el5.src.rpm

[CentOS-announce] CEBA-2010:0563 CentOS 5 i386 vnc Update
CentOS Errata and Bugfix Advisory 2010:0563

Upstream details at : rhn.redhat.com | Red Hat Support

The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename )

i386:
a7ba11dd49fbec8f2f33a52fee19c409 vnc-4.1.2-14.el5_5.4.i386.rpm
c069cf96662060506f423792c8ea3e80 vnc-server-4.1.2-14.el5_5.4.i386.rpm

Source:
c2a08e13abeac11223252a0102fd9f71 vnc-4.1.2-14.el5_5.4.src.rpm

[CentOS-announce] CEBA-2010:0563 CentOS 5 x86_64 vnc Update
CentOS Errata and Bugfix Advisory 2010:0563

Upstream details at : rhn.redhat.com | Red Hat Support

The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename )

x86_64:
1f6770cfe798366e1e4b1ea16b13878c vnc-4.1.2-14.el5_5.4.x86_64.rpm
2fd25cf290ce734078e78758cf808997 vnc-server-4.1.2-14.el5_5.4.x86_64.rpm

Source:
c2a08e13abeac11223252a0102fd9f71 vnc-4.1.2-14.el5_5.4.src.rpm

[CentOS-announce] CESA-2010:0557 Critical CentOS 4 i386 seamonkey Update
CentOS Errata and Security Advisory 2010:0557 Critical

Upstream details at : rhn.redhat.com | Red Hat Support

The following updated files have been uploaded and are currently syncing to the mirrors:

i386:
seamonkey-1.0.9-60.el4.centos.i386.rpm
seamonkey-chat-1.0.9-60.el4.centos.i386.rpm
seamonkey-devel-1.0.9-60.el4.centos.i386.rpm
seamonkey-dom-inspector-1.0.9-60.el4.centos.i386.rpm
seamonkey-js-debugger-1.0.9-60.el4.centos.i386.rpm
seamonkey-mail-1.0.9-60.el4.centos.i386.rpm

Source:
seamonkey-1.0.9-60.el4.centos.src.rpm

[CentOS-announce] CESA-2010:0557 Critical CentOS 4 x86_64 seamonkey Update
CentOS Errata and Security Advisory 2010:0557 Critical

Upstream details at : rhn.redhat.com | Red Hat Support

The following updated files have been uploaded and are currently syncing to the mirrors:

x86_64:
seamonkey-1.0.9-60.el4.centos.x86_64.rpm
seamonkey-chat-1.0.9-60.el4.centos.x86_64.rpm
seamonkey-devel-1.0.9-60.el4.centos.x86_64.rpm
seamonkey-dom-inspector-1.0.9-60.el4.centos.x86_64.rpm
seamonkey-js-debugger-1.0.9-60.el4.centos.x86_64.rpm
seamonkey-mail-1.0.9-60.el4.centos.x86_64.rpm

Source:
seamonkey-1.0.9-60.el4.centos.src.rpm

[CentOS-announce] CESA-2010:0565 Moderate CentOS 5 i386 w3m Update
CentOS Errata and Security Advisory 2010:0565 Moderate

Upstream details at : rhn.redhat.com | Red Hat Support

The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename )

i386:
c9e0b63702ef70d3b78dd46852fa4b23 w3m-0.5.1-17.el5_5.i386.rpm
c3081a2e21d7224175a66d7296849a90 w3m-img-0.5.1-17.el5_5.i386.rpm

Source:
abeda2330f334ae13feee490e8c4ca2c w3m-0.5.1-17.el5_5.src.rpm

[CentOS-announce] CESA-2010:0565 Moderate CentOS 5 x86_64 w3m Update
CentOS Errata and Security Advisory 2010:0565 Moderate

Upstream details at : rhn.redhat.com | Red Hat Support

The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename )

x86_64:
f4408f41ba9acd88188d38a21caf2374 w3m-0.5.1-17.el5_5.x86_64.rpm
3408117309aff16618a74f11d859a386 w3m-img-0.5.1-17.el5_5.x86_64.rpm

Source:
abeda2330f334ae13feee490e8c4ca2c w3m-0.5.1-17.el5_5.src.rpm

Thunderbird/Firefox/Seamonkey Update for Slackware

lvm2-cluster security update for RHEL  

Posted by Daniela Mehler

A lvm2-cluster security update is available for Red Hat Enterprise Linux 5

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: lvm2-cluster security update
Advisory ID: RHSA-2010:0567-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0567.html
Issue date: 2010-07-28
CVE Names: CVE-2010-2526
=====================================================================

1. Summary:

An updated lvm2-cluster package that fixes one security issue is now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Cluster-Storage (v. 5 server) - i386, ia64, ppc, x86_64

3. Description:

The lvm2-cluster package contains support for Logical Volume Management
(LVM) in a clustered environment.

It was discovered that the cluster logical volume manager daemon (clvmd)
did not verify the credentials of clients connecting to its control UNIX
abstract socket, allowing local, unprivileged users to send control
commands that were intended to only be available to the privileged root
user. This could allow a local, unprivileged user to cause clvmd to exit,
or request clvmd to activate, deactivate, or reload any logical volume on
the local system or another system in the cluster. (CVE-2010-2526)

Note: This update changes clvmd to use a pathname-based socket rather than
an abstract socket. As such, the lvm2 update RHBA-2010:0569, which changes
LVM to also use this pathname-based socket, must also be installed for LVM
to be able to communicate with the updated clvmd.

All lvm2-cluster users should upgrade to this updated package, which
contains a backported patch to correct this issue. After installing the
updated package, clvmd must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

614248 - CVE-2010-2526 lvm2-cluster: insecurity when communicating between lvm2 and clvmd

6. Package List:

RHEL Cluster-Storage (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/lvm2-cluster-2.02.56-7.el5_5.4.src.rpm

i386:
lvm2-cluster-2.02.56-7.el5_5.4.i386.rpm
lvm2-cluster-debuginfo-2.02.56-7.el5_5.4.i386.rpm

ia64:
lvm2-cluster-2.02.56-7.el5_5.4.ia64.rpm
lvm2-cluster-debuginfo-2.02.56-7.el5_5.4.ia64.rpm

ppc:
lvm2-cluster-2.02.56-7.el5_5.4.ppc.rpm
lvm2-cluster-debuginfo-2.02.56-7.el5_5.4.ppc.rpm

x86_64:
lvm2-cluster-2.02.56-7.el5_5.4.x86_64.rpm
lvm2-cluster-debuginfo-2.02.56-7.el5_5.4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-2526.html
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.

Thunderbird/Firefox/Seamonkey Update for Slackware

Arch + XFCE: The perfect Desktop (for now)  

Posted by Daniela Mehler

Celettu's posted a review on Arch with XFCE

While Ubuntu and Mint are both excellent, and very user-friendly, they both had a problem with Rhythmbox import errors. Basically every song with a strange character in the name (e.g. Alizée – A quoi rève une jeune fille) gave an import error, even though it was imported correctly. Switching to Banshee didn’t help much: it only found 214 songs out of close to 7000. Mint, being Ubuntu based, did the exact same thing.

Banshee in Arch found my collection just fine, but with GNOME startup took way too long. There’s still some kind of issue there, because I’ve had the same problem since 2.26. Arch with XFCE proved to be the winner though, being fast, functional and beautiful, all at the same time. Some things take a bit more time to configure, like multimedia keyboard button shortcuts, which should have worked out of the box with banshee, but didn’t, things like that. Nothing major.

Arch + XFCE: The perfect Desktop (for now)


The perfect Desktop (for now)



The Perfect Desktop - Mandriva One 2010.1 Spring With GNOMEEminem releases new video

A few Ubuntu 10.04 fixes  

Posted by Daniela Mehler

GHacks.net posted a few workaround to some Ubuntu 10.04 issues

Ubuntu 10.04 has been out for a while now…long enough so that some of the more pestering issues have been finally fixed. But in some cases those issues continue on. What do you do? Some of these issues are hardly noticeable. Some, on the other hand, are fairly annoying.

In this article I am going to show you some fixes for the more annoying Ubuntu 10.04 issues. They aren’t many, but in some cases, for some people, they have been real show stoppers. I hope that’s not you, but if it is let’s see if we can remedy what ails you. If a fix for a problem you are having isn’t listed, contact Ghacks and let us know what issues you are having so we can know what to cover.

A few Ubuntu 10.04 fixes


A few Ubuntu 10.04 fixes



PHP 5.2.14 for Debian LennyHanson and Drake gig ends in riot

Thunderbird/Firefox/Seamonkey Update for Slackware  

Posted by Daniela Mehler

3 new security updates are available for Slackware Linux

[slackware-security] mozilla-thunderbird (SSA:2010-202-02)
New mozilla-thunderbird packages are available for Slackware 13.1and -current to fix security issues.

Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-3.0.6-i686-1.txz: Upgraded.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mozilla-thunderbird-3.0.6-i686-1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mozilla-thunderbird-3.0.6-x86_64-1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-3.1.1-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-3.1.1-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.1 package:
e589b7c96b219b47ec014083ae434299 mozilla-thunderbird-3.0.6-i686-1.txz

Slackware x86_64 13.1 package:
ca6ce46af239cd95a066298f03138a75 mozilla-thunderbird-3.0.6-x86_64-1.txz

Slackware -current package:
a3a835332a544f626c998c9bbfac0b65 xap/mozilla-thunderbird-3.1.1-i686-1.txz

Slackware x86_64 -current package:
6c7c9e216d8e2d89a6e51999ef308ecf xap/mozilla-thunderbird-3.1.1-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-thunderbird-3.0.6-i686-1.txz

[slackware-security] mozilla-firefox (SSA:2010-202-01)
New mozilla-firefox packages are available for Slackware 12.2, 13.0, 13.1, and -current to fix security issues.

Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-3.6.7-i686-1.txz: Upgraded.
This fixes some security issues.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/mozilla-firefox-3.0.19-i686-1.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/mozilla-firefox-3.6.7-i686-1.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/mozilla-firefox-3.6.7-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mozilla-firefox-3.6.7-i686-1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mozilla-firefox-3.6.7-x86_64-1_slack13.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-3.6.7-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-3.6.7-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 12.2 package:
44a3d85cb39de9b698fc266ea54ce1fa mozilla-firefox-3.0.19-i686-1.tgz

Slackware 13.0 package:
27251b1c809031585d3619af9206d109 mozilla-firefox-3.6.7-i686-1.txz

Slackware x86_64 13.0 package:
bf7ea6920981a4f378f750db463ad4b6 mozilla-firefox-3.6.7-x86_64-1_slack13.0.txz

Slackware 13.1 package:
27251b1c809031585d3619af9206d109 mozilla-firefox-3.6.7-i686-1.txz

Slackware x86_64 13.1 package:
eab7c07941ee876df8aca72d1254c10d mozilla-firefox-3.6.7-x86_64-1_slack13.1.txz

Slackware -current package:
27251b1c809031585d3619af9206d109 xap/mozilla-firefox-3.6.7-i686-1.txz

Slackware x86_64 -current package:
eef82fb1cd79faeeb209b1f1cc3fe04a xap/mozilla-firefox-3.6.7-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-firefox-3.6.7-i686-1.txz

[slackware-security] seamonkey (SSA:2010-202-03)
New seamonkey packages are available for Slackware 12.2, 13.0, 13.1, and -current to fix security issues.

Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/seamonkey-2.0.6-i486-1_slack13.1.txz: Upgraded.
This release fixes some more security vulnerabilities.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/seamonkey-solibs-2.0.6-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/seamonkey-2.0.6-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/seamonkey-2.0.6-i486-1_slack13.0.txz seamonkey-solibs-2.0.6-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/seamonkey-2.0.6-x86_64-1_slack13.0.txz seamonkey-solibs-2.0.6-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/seamonkey-2.0.6-i486-1_slack13.1.txz seamonkey-solibs-2.0.6-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/seamonkey-2.0.6-x86_64-1_slack13.1.txz seamonkey-solibs-2.0.6-x86_64-1_slack13.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/seamonkey-solibs-2.0.6-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/seamonkey-2.0.6-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/seamonkey-solibs-2.0.6-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/seamonkey-2.0.6-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 12.2 package:
4c55bb853a8686ccb10b4039bbe7ad63 seamonkey-2.0.6-i486-1_slack12.2.tgz
efea54f758932f3decdefdda2b1daa23 seamonkey-solibs-2.0.6-i486-1_slack12.2.tgz

Slackware 13.0 package:
2e8e454452d94020ba56bce95335e809 seamonkey-2.0.6-i486-1_slack13.0.txz
fbab2e8d8b454f8b7ea2afb6e99706c3 seamonkey-solibs-2.0.6-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
acc1ab6da9b63a473f18f1161d83f76f seamonkey-2.0.6-x86_64-1_slack13.0.txz
312de679b48bfec84635b5bab7fa57ab seamonkey-solibs-2.0.6-x86_64-1_slack13.0.txz

Slackware 13.1 package:
a3a18ccdfaff4cc1d89c2ddf83d66078 seamonkey-2.0.6-i486-1_slack13.1.txz
6383393026c73fbfcb4b25fabd40b200 seamonkey-solibs-2.0.6-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
861ad1b4317aedbdcab2969a3a290a8b seamonkey-2.0.6-x86_64-1_slack13.1.txz
1de96a60146252ef53118f6178ebd995 seamonkey-solibs-2.0.6-x86_64-1_slack13.1.txz

Slackware -current package:
5be899b1f8aa124ccf31b8e0eb7b07a8 l/seamonkey-solibs-2.0.6-i486-1.txz
ea9f96856e357a690729d9e9d1f657e8 xap/seamonkey-2.0.6-i486-1.txz

Slackware x86_64 -current package:
1b4fb337150387124e350c8d4f0cabd7 l/seamonkey-solibs-2.0.6-x86_64-1.txz
04f921b7c18893de63bd59b16f98c001 xap/seamonkey-2.0.6-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg seamonkey-2.0.6-i486-1_slack13.1.txz seamonkey-solibs-2.0.6-i486-1_slack13.1.txz

PHP 5.3.3 packages for Debian Lenny are available

Which Is Faster: Debian Linux or FreeBSD?  

Posted by Daniela Mehler

Phoronix compared the performance of Debian Linux and FreeBSD

Back in January, we published the first benchmarks of Debian GNU/kFreeBSD: the spin of Debian that replaces the Linux kernel with the FreeBSD kernel while retaining most of the same GNU user-land and it uses the GNU C library. With those original tests comparing Debian GNU/Linux to Debian GNU/kFreeBSD, the Linux version ended up winning in 18 of the 27 tests. However, over the past six months, the Debian GNU/kFreeBSD port has matured and it's also moved to using the FreeBSD 7.3 kernel by default (compared to 7.2 back in January) and the FreeBSD 8.0 kernel is also emerging as a viable option that can be obtained using Debian's package management system. Today we have updated test numbers looking at the performance of Debian with the FreeBSD kernel using two different notebooks where we ran the latest Debian GNU/kFreeBSD packages with both the FreeBSD 7.3 and 8.0 kernels, Debian GNU/Linux with the Linux 2.6.32 kernel, and then finally we tested the pure FreeBSD 7.3 and FreeBSD 8.0 operating systems.

Which Is Faster: Debian Linux or FreeBSD?


Debian Linux or FreeBSD?



Merc Mix It Up with In store live Summer SessionsPHP 5.2.14 for Debian Lenny

PHP 5.3.3 packages for Debian Lenny are available  

Posted by Daniela Mehler

Guillaume Plessis has released PHP 5.3.3 packages for Debian GNU/Linux

On july, 22nd, the PHP Group released PHP 5.3.3 :

The PHP development team would like to announce the immediate availability of PHP 5.3.3. This release focuses on improving the stability and security of the PHP 5.3.x branch with over 100 bug fixes, some of which are security related. All users are encouraged to upgrade to this release.

The packages for Debian “Lenny” are now available on Dotdeb on the usual repository.

Of course, you should read the full announcement, the PHP 5.3 migration guide and consult the Changelog.

Caution : (to PHP-FPM users) with the inclusion of PHP-FPM in the PHP 5.3 core, the syntax of the configuration file (/etc/php5/fpm/php5-fpm.conf) has changed. It switched from a XML syntax to an INI one. Please prepare your new configuration file before upgrading, by reading carefully the PHP documentation and this page.

And thanks to Stefan Esser and the Month of PHP security for improving PHP.

PHP 5.3.3 packages for Debian Lenny are available


PHP 5.3.3 packages for Debian Lenny are available



The Pipettes release new singlePHP 5.2.14 for Debian Lenny

PHP 5.2.14 for Debian Lenny  

Posted by Daniela Mehler

Dotdeb.org has released PHP 5.2.14 packages for Debian GNU/Linux 5.0

On july, 22nd, the PHP Group released PHP 5.2.14 :

The PHP development team would like to announce the immediate availability of PHP 5.2.14. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related.

This release marks the end of the active support for PHP 5.2. Following this release the PHP 5.2 series will receive no further active bug maintenance. Security fixes for PHP 5.2 might be published on a case by cases basis. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.

The packages for Debian “Lenny” are now available on Dotdeb.

Of course, you’re advised to read the full announcement and the Changelog before upgrading.

Thanks (again) to Stefan Esser and the Month of PHP security for improving PHP.

PHP 5.2.14 for Debian Lenny


PHP 5.2.14 for Debian Lenny



PHP 5.3.3 and 5.2.14 releasedThe Pipettes release new single

The Perfect Desktop - Mandriva One 2010.1 Spring With GNOME  

Posted by Daniela Mehler

Howtoforge posted a guide about setting up Mandriva One 2010.1 Spring with GNOME as Linux desktop

This tutorial shows how you can set up a Mandriva One 2010.1 Spring desktop (with the GNOME desktop environment) that is a full-fledged replacement for a Windows desktop, i.e. that has all the software that people need to do the things they do on their Windows desktops. The advantages are clear: you get a secure system without DRM restrictions that works even on old hardware, and the best thing is: all software comes free of charge.

The Perfect Desktop - Mandriva One 2010.1 Spring With GNOME


The Perfect Desktop - Mandriva One 2010.1 Spring With GNOME



Russell Brand says Katy Perry brings out his masculine sidePHP 5.3.3 and 5.2.14 released

PHP 5.3.3 and 5.2.14 released  

Posted by Daniela Mehler

PHP 5.3.3 and 5.2.14 is now available

PHP 5.3.3 Released
The PHP development team would like to announce the immediate availability of PHP 5.3.3. This release focuses on improving the stability and security of the PHP 5.3.x branch with over 100 bug fixes, some of which are security related. All users are encouraged to upgrade to this release.

Backwards incompatible change:

Methods with the same name as the last element of a namespaced class name will no longer be treated as constructor. This change doesn't affect non-namespaced classes.


There is no impact on migration from 5.2.x because namespaces were only introduced in PHP 5.3.

Security Enhancements and Fixes in PHP 5.3.3:

Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531).
Fixed a possible resource destruction issues in shm_put_var().
Fixed a possible information leak because of interruption of XOR operator.
Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.
Fixed a possible memory corruption in ArrayObject::uasort().
Fixed a possible memory corruption in parse_str().
Fixed a possible memory corruption in pack().
Fixed a possible memory corruption in substr_replace().
Fixed a possible memory corruption in addcslashes().
Fixed a possible stack exhaustion inside fnmatch().
Fixed a possible dechunking filter buffer overflow.
Fixed a possible arbitrary memory access inside sqlite extension.
Fixed string format validation inside phar extension.
Fixed handling of session variable serialization on certain prefix characters.
Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user.
Fixed possible buffer overflows when handling error packets in mysqlnd.
Key enhancements in PHP 5.3.3 include:

Upgraded bundled sqlite to version 3.6.23.1.
Upgraded bundled PCRE to version 8.02.
Added FastCGI Process Manager (FPM) SAPI.
Added stream filter support to mcrypt extension.
Added full_special_chars filter to ext/filter.
Fixed a possible crash because of recursive GC invocation.
Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
Fixed bug #52060 (Memory leak when passing a closure to method_exists()).
Fixed bug #52001 (Memory allocation problems after using variable variables).
Fixed bug #51723 (Content-length header is limited to 32bit integer with Apache2 on Windows).
Fixed bug #48930 (__COMPILER_HALT_OFFSET__ incorrect in PHP >= 5.3).
For users upgrading from PHP 5.2 there is a migration guide available on http://php.net/migration53 , detailing the changes between those releases and PHP 5.3.

For a full list of changes in PHP 5.3.3, see the ChangeLog.

PHP 5.2.14 Released
The PHP development team would like to announce the immediate availability of PHP 5.2.14. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related.

This release marks the end of the active support for PHP 5.2. Following this release the PHP 5.2 series will receive no further active bug maintenance. Security fixes for PHP 5.2 might be published on a case by cases basis. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.

Security Enhancements and Fixes in PHP 5.2.14:

Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs.
Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)
Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().
Fixed a possible memory corruption in substr_replace().
Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
Fixed a possible stack exaustion inside fnmatch().
Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
Fixed handling of session variable serialization on certain prefix characters.
Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.
Key enhancements in PHP 5.2.14 include:

Upgraded bundled PCRE to version 8.02.
Updated timezone database to version 2010.5.
Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
Fixed bug #52237 (Crash when passing the reference of the property of a non-object).
Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
Fixed bug #51822 (Segfault with strange __destruct() for static class variables).
Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues).
Fixed bug #49267 (Linking fails for iconv on MacOS: "Undefined symbols: _libiconv").
To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a migration guide available on http://php.net/migration53 , details the changes between PHP 5.2 and PHP 5.3.

For a full list of changes in PHP 5.2.14 see the ChangeLog at PHP: PHP 5 ChangeLog .

PHP 5.3.3 and 5.2.14 released


PHP 5.3.3 and 5.2.14 released



The Pipettes release new single

Firefox/Seamonkey/Thunderbird Update for RHEL  

Posted by Daniela Mehler

Red Hat has released the following security advisories for Red Hat Enterprise Linux

- [RHSA-2010:0547-01] Critical: firefox security update
- [RHSA-2010:0546-01] Critical: seamonkey security update
- [RHSA-2010:0544-01] Moderate: thunderbird security update
- [RHSA-2010:0545-01] Critical: thunderbird security update

[RHSA-2010:0547-01] Critical: firefox security update
=====================================================================
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2010:0547-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0547.html
Issue date: 2010-07-20
CVE Names: CVE-2010-0654 CVE-2010-1205 CVE-2010-1206
CVE-2010-1207 CVE-2010-1208 CVE-2010-1209
CVE-2010-1210 CVE-2010-1211 CVE-2010-1212
CVE-2010-1213 CVE-2010-1214 CVE-2010-1215
CVE-2010-2751 CVE-2010-2752 CVE-2010-2753
CVE-2010-2754
=====================================================================

1. Summary:

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212,
CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753)

A memory corruption flaw was found in the way Firefox decoded certain PNG
images. An attacker could create a specially-crafted PNG image that, when
opened, could cause Firefox to crash or, potentially, execute arbitrary
code with the privileges of the user running Firefox. (CVE-2010-1205)

Several same-origin policy bypass flaws were found in Firefox. An attacker
could create a malicious web page that, when viewed by a victim, could
steal private data from a different website the victim has loaded with
Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754)

A flaw was found in the way Firefox presented the location bar to a user. A
malicious website could trick a user into thinking they are visiting the
site reported by the location bar, when the page is actually content
controlled by an attacker. (CVE-2010-1206)

A flaw was found in the way Firefox displayed the location bar when
visiting a secure web page. A malicious server could use this flaw to
present data that appears to originate from a secure server, even though it
does not. (CVE-2010-2751)

A flaw was found in the way Firefox displayed certain malformed characters.
A malicious web page could use this flaw to bypass certain string
sanitization methods, allowing it to display malicious information to
users. (CVE-2010-1210)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.6.7. You can find a link to the Mozilla advisories
in the References section of this erratum.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.6.7, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

568231 - CVE-2010-0654 firefox: cross-domain information disclosure
608238 - CVE-2010-1205 libpng: out-of-bounds memory write
608763 - CVE-2010-1206 Firefox: Spoofing attacks via vectors involving 'No Content' status code or via a windows.stop call
615455 - CVE-2010-1211 Mozilla miscellaneous memory safety hazards
615456 - CVE-2010-1212 Mozilla miscellaneous memory safety hazards
615458 - CVE-2010-1208 Mozilla DOM attribute cloning remote code execution vulnerability
615459 - CVE-2010-1209 Mozilla Use-after-free error in NodeIterator
615462 - CVE-2010-1214 Mozilla Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
615463 - CVE-2010-1215 Mozilla Arbitrary code execution using SJOW and fast native function
615464 - CVE-2010-2752 Mozilla nsCSSValue::Array index integer overflow
615466 - CVE-2010-2753 Mozilla nsTreeSelection dangling pointer remote code execution vulnerability
615471 - CVE-2010-1213 Mozilla Cross-origin data disclosure via Web Workers and importScripts
615472 - CVE-2010-1207 Mozilla Same-origin bypass using canvas context
615474 - CVE-2010-1210 Mozilla Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
615480 - CVE-2010-2751 Mozilla SSL spoofing with history.back() and history.forward()
615488 - CVE-2010-2754 Mozilla Cross-origin data leakage from script filename in error messages

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.7-2.el4.src.rpm

i386:
firefox-3.6.7-2.el4.i386.rpm
firefox-debuginfo-3.6.7-2.el4.i386.rpm

ia64:
firefox-3.6.7-2.el4.ia64.rpm
firefox-debuginfo-3.6.7-2.el4.ia64.rpm

ppc:
firefox-3.6.7-2.el4.ppc.rpm
firefox-debuginfo-3.6.7-2.el4.ppc.rpm

s390:
firefox-3.6.7-2.el4.s390.rpm
firefox-debuginfo-3.6.7-2.el4.s390.rpm

s390x:
firefox-3.6.7-2.el4.s390x.rpm
firefox-debuginfo-3.6.7-2.el4.s390x.rpm

x86_64:
firefox-3.6.7-2.el4.x86_64.rpm
firefox-debuginfo-3.6.7-2.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.7-2.el4.src.rpm

i386:
firefox-3.6.7-2.el4.i386.rpm
firefox-debuginfo-3.6.7-2.el4.i386.rpm

x86_64:
firefox-3.6.7-2.el4.x86_64.rpm
firefox-debuginfo-3.6.7-2.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.7-2.el4.src.rpm

i386:
firefox-3.6.7-2.el4.i386.rpm
firefox-debuginfo-3.6.7-2.el4.i386.rpm

ia64:
firefox-3.6.7-2.el4.ia64.rpm
firefox-debuginfo-3.6.7-2.el4.ia64.rpm

x86_64:
firefox-3.6.7-2.el4.x86_64.rpm
firefox-debuginfo-3.6.7-2.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.7-2.el4.src.rpm

i386:
firefox-3.6.7-2.el4.i386.rpm
firefox-debuginfo-3.6.7-2.el4.i386.rpm

ia64:
firefox-3.6.7-2.el4.ia64.rpm
firefox-debuginfo-3.6.7-2.el4.ia64.rpm

x86_64:
firefox-3.6.7-2.el4.x86_64.rpm
firefox-debuginfo-3.6.7-2.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.6.7-2.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.7-2.el5.src.rpm

i386:
firefox-3.6.7-2.el5.i386.rpm
firefox-debuginfo-3.6.7-2.el5.i386.rpm
xulrunner-1.9.2.7-2.el5.i386.rpm
xulrunner-debuginfo-1.9.2.7-2.el5.i386.rpm
xulrunner-devel-1.9.2.7-2.el5.i386.rpm

x86_64:
firefox-3.6.7-2.el5.i386.rpm
firefox-3.6.7-2.el5.x86_64.rpm
firefox-debuginfo-3.6.7-2.el5.i386.rpm
firefox-debuginfo-3.6.7-2.el5.x86_64.rpm
xulrunner-1.9.2.7-2.el5.i386.rpm
xulrunner-1.9.2.7-2.el5.x86_64.rpm
xulrunner-debuginfo-1.9.2.7-2.el5.i386.rpm
xulrunner-debuginfo-1.9.2.7-2.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.7-2.el5.src.rpm

i386:
xulrunner-debuginfo-1.9.2.7-2.el5.i386.rpm
xulrunner-devel-1.9.2.7-2.el5.i386.rpm

x86_64:
xulrunner-debuginfo-1.9.2.7-2.el5.i386.rpm
xulrunner-debuginfo-1.9.2.7-2.el5.x86_64.rpm
xulrunner-devel-1.9.2.7-2.el5.i386.rpm
xulrunner-devel-1.9.2.7-2.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.6.7-2.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.2.7-2.el5.src.rpm

i386:
firefox-3.6.7-2.el5.i386.rpm
firefox-debuginfo-3.6.7-2.el5.i386.rpm
xulrunner-1.9.2.7-2.el5.i386.rpm
xulrunner-debuginfo-1.9.2.7-2.el5.i386.rpm
xulrunner-devel-1.9.2.7-2.el5.i386.rpm

ia64:
firefox-3.6.7-2.el5.ia64.rpm
firefox-debuginfo-3.6.7-2.el5.ia64.rpm
xulrunner-1.9.2.7-2.el5.ia64.rpm
xulrunner-debuginfo-1.9.2.7-2.el5.ia64.rpm
xulrunner-devel-1.9.2.7-2.el5.ia64.rpm

ppc:
firefox-3.6.7-2.el5.ppc.rpm
firefox-debuginfo-3.6.7-2.el5.ppc.rpm
xulrunner-1.9.2.7-2.el5.ppc.rpm
xulrunner-1.9.2.7-2.el5.ppc64.rpm
xulrunner-debuginfo-1.9.2.7-2.el5.ppc.rpm
xulrunner-debuginfo-1.9.2.7-2.el5.ppc64.rpm
xulrunner-devel-1.9.2.7-2.el5.ppc.rpm
xulrunner-devel-1.9.2.7-2.el5.ppc64.rpm

s390x:
firefox-3.6.7-2.el5.s390.rpm
firefox-3.6.7-2.el5.s390x.rpm
firefox-debuginfo-3.6.7-2.el5.s390.rpm
firefox-debuginfo-3.6.7-2.el5.s390x.rpm
xulrunner-1.9.2.7-2.el5.s390.rpm
xulrunner-1.9.2.7-2.el5.s390x.rpm
xulrunner-debuginfo-1.9.2.7-2.el5.s390.rpm
xulrunner-debuginfo-1.9.2.7-2.el5.s390x.rpm
xulrunner-devel-1.9.2.7-2.el5.s390.rpm
xulrunner-devel-1.9.2.7-2.el5.s390x.rpm

x86_64:
firefox-3.6.7-2.el5.i386.rpm
firefox-3.6.7-2.el5.x86_64.rpm
firefox-debuginfo-3.6.7-2.el5.i386.rpm
firefox-debuginfo-3.6.7-2.el5.x86_64.rpm
xulrunner-1.9.2.7-2.el5.i386.rpm
xulrunner-1.9.2.7-2.el5.x86_64.rpm
xulrunner-debuginfo-1.9.2.7-2.el5.i386.rpm
xulrunner-debuginfo-1.9.2.7-2.el5.x86_64.rpm
xulrunner-devel-1.9.2.7-2.el5.i386.rpm
xulrunner-devel-1.9.2.7-2.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-0654.html
https://www.redhat.com/security/data/cve/CVE-2010-1205.html
https://www.redhat.com/security/data/cve/CVE-2010-1206.html
https://www.redhat.com/security/data/cve/CVE-2010-1207.html
https://www.redhat.com/security/data/cve/CVE-2010-1208.html
https://www.redhat.com/security/data/cve/CVE-2010-1209.html
https://www.redhat.com/security/data/cve/CVE-2010-1210.html
https://www.redhat.com/security/data/cve/CVE-2010-1211.html
https://www.redhat.com/security/data/cve/CVE-2010-1212.html
https://www.redhat.com/security/data/cve/CVE-2010-1213.html
https://www.redhat.com/security/data/cve/CVE-2010-1214.html
https://www.redhat.com/security/data/cve/CVE-2010-1215.html
https://www.redhat.com/security/data/cve/CVE-2010-2751.html
https://www.redhat.com/security/data/cve/CVE-2010-2752.html
https://www.redhat.com/security/data/cve/CVE-2010-2753.html
https://www.redhat.com/security/data/cve/CVE-2010-2754.html
http://www.redhat.com/security/updates/classification/#critical
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.7

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.

[RHSA-2010:0546-01] Critical: seamonkey security update
=====================================================================
Red Hat Security Advisory

Synopsis: Critical: seamonkey security update
Advisory ID: RHSA-2010:0546-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0546.html
Issue date: 2010-07-20
CVE Names: CVE-2010-1205 CVE-2010-1211 CVE-2010-1214
CVE-2010-2751 CVE-2010-2753 CVE-2010-2754
=====================================================================

1. Summary:

Updated seamonkey packages that fix several security issues are now
available for Red Hat Enterprise Linux 3 and 4.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

SeaMonkey is an open source web browser, email and newsgroup client, IRC
chat client, and HTML editor.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause SeaMonkey to crash or,
potentially, execute arbitrary code with the privileges of the user running
SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214)

A memory corruption flaw was found in the way SeaMonkey decoded certain PNG
images. An attacker could create a specially-crafted PNG image that, when
opened, could cause SeaMonkey to crash or, potentially, execute arbitrary
code with the privileges of the user running SeaMonkey. (CVE-2010-1205)

A same-origin policy bypass flaw was found in SeaMonkey. An attacker could
create a malicious web page that, when viewed by a victim, could steal
private data from a different website the victim has loaded with SeaMonkey.
(CVE-2010-2754)

A flaw was found in the way SeaMonkey displayed the location bar when
visiting a secure web page. A malicious server could use this flaw to
present data that appears to originate from a secure server, even though it
does not. (CVE-2010-2751)

All SeaMonkey users should upgrade to these updated packages, which correct
these issues. After installing the update, SeaMonkey must be restarted for
the changes to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

608238 - CVE-2010-1205 libpng: out-of-bounds memory write
615455 - CVE-2010-1211 Mozilla miscellaneous memory safety hazards
615462 - CVE-2010-1214 Mozilla Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
615466 - CVE-2010-2753 Mozilla nsTreeSelection dangling pointer remote code execution vulnerability
615480 - CVE-2010-2751 Mozilla SSL spoofing with history.back() and history.forward()
615488 - CVE-2010-2754 Mozilla Cross-origin data leakage from script filename in error messages

6. Package List:

Red Hat Enterprise Linux AS version 3:

Source:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/seamonkey-1.0.9-0.57.el3.src.rpm

i386:
seamonkey-1.0.9-0.57.el3.i386.rpm
seamonkey-chat-1.0.9-0.57.el3.i386.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm
seamonkey-devel-1.0.9-0.57.el3.i386.rpm
seamonkey-dom-inspector-1.0.9-0.57.el3.i386.rpm
seamonkey-js-debugger-1.0.9-0.57.el3.i386.rpm
seamonkey-mail-1.0.9-0.57.el3.i386.rpm
seamonkey-nspr-1.0.9-0.57.el3.i386.rpm
seamonkey-nspr-devel-1.0.9-0.57.el3.i386.rpm
seamonkey-nss-1.0.9-0.57.el3.i386.rpm
seamonkey-nss-devel-1.0.9-0.57.el3.i386.rpm

ia64:
seamonkey-1.0.9-0.57.el3.ia64.rpm
seamonkey-chat-1.0.9-0.57.el3.ia64.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.ia64.rpm
seamonkey-devel-1.0.9-0.57.el3.ia64.rpm
seamonkey-dom-inspector-1.0.9-0.57.el3.ia64.rpm
seamonkey-js-debugger-1.0.9-0.57.el3.ia64.rpm
seamonkey-mail-1.0.9-0.57.el3.ia64.rpm
seamonkey-nspr-1.0.9-0.57.el3.i386.rpm
seamonkey-nspr-1.0.9-0.57.el3.ia64.rpm
seamonkey-nspr-devel-1.0.9-0.57.el3.ia64.rpm
seamonkey-nss-1.0.9-0.57.el3.i386.rpm
seamonkey-nss-1.0.9-0.57.el3.ia64.rpm
seamonkey-nss-devel-1.0.9-0.57.el3.ia64.rpm

ppc:
seamonkey-1.0.9-0.57.el3.ppc.rpm
seamonkey-chat-1.0.9-0.57.el3.ppc.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.ppc.rpm
seamonkey-devel-1.0.9-0.57.el3.ppc.rpm
seamonkey-dom-inspector-1.0.9-0.57.el3.ppc.rpm
seamonkey-js-debugger-1.0.9-0.57.el3.ppc.rpm
seamonkey-mail-1.0.9-0.57.el3.ppc.rpm
seamonkey-nspr-1.0.9-0.57.el3.ppc.rpm
seamonkey-nspr-devel-1.0.9-0.57.el3.ppc.rpm
seamonkey-nss-1.0.9-0.57.el3.ppc.rpm
seamonkey-nss-devel-1.0.9-0.57.el3.ppc.rpm

s390:
seamonkey-1.0.9-0.57.el3.s390.rpm
seamonkey-chat-1.0.9-0.57.el3.s390.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.s390.rpm
seamonkey-devel-1.0.9-0.57.el3.s390.rpm
seamonkey-dom-inspector-1.0.9-0.57.el3.s390.rpm
seamonkey-js-debugger-1.0.9-0.57.el3.s390.rpm
seamonkey-mail-1.0.9-0.57.el3.s390.rpm
seamonkey-nspr-1.0.9-0.57.el3.s390.rpm
seamonkey-nspr-devel-1.0.9-0.57.el3.s390.rpm
seamonkey-nss-1.0.9-0.57.el3.s390.rpm
seamonkey-nss-devel-1.0.9-0.57.el3.s390.rpm

s390x:
seamonkey-1.0.9-0.57.el3.s390x.rpm
seamonkey-chat-1.0.9-0.57.el3.s390x.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.s390.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.s390x.rpm
seamonkey-devel-1.0.9-0.57.el3.s390x.rpm
seamonkey-dom-inspector-1.0.9-0.57.el3.s390x.rpm
seamonkey-js-debugger-1.0.9-0.57.el3.s390x.rpm
seamonkey-mail-1.0.9-0.57.el3.s390x.rpm
seamonkey-nspr-1.0.9-0.57.el3.s390.rpm
seamonkey-nspr-1.0.9-0.57.el3.s390x.rpm
seamonkey-nspr-devel-1.0.9-0.57.el3.s390x.rpm
seamonkey-nss-1.0.9-0.57.el3.s390.rpm
seamonkey-nss-1.0.9-0.57.el3.s390x.rpm
seamonkey-nss-devel-1.0.9-0.57.el3.s390x.rpm

x86_64:
seamonkey-1.0.9-0.57.el3.i386.rpm
seamonkey-1.0.9-0.57.el3.x86_64.rpm
seamonkey-chat-1.0.9-0.57.el3.x86_64.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.x86_64.rpm
seamonkey-devel-1.0.9-0.57.el3.x86_64.rpm
seamonkey-dom-inspector-1.0.9-0.57.el3.x86_64.rpm
seamonkey-js-debugger-1.0.9-0.57.el3.x86_64.rpm
seamonkey-mail-1.0.9-0.57.el3.x86_64.rpm
seamonkey-nspr-1.0.9-0.57.el3.i386.rpm
seamonkey-nspr-1.0.9-0.57.el3.x86_64.rpm
seamonkey-nspr-devel-1.0.9-0.57.el3.x86_64.rpm
seamonkey-nss-1.0.9-0.57.el3.i386.rpm
seamonkey-nss-1.0.9-0.57.el3.x86_64.rpm
seamonkey-nss-devel-1.0.9-0.57.el3.x86_64.rpm

Red Hat Desktop version 3:

Source:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/seamonkey-1.0.9-0.57.el3.src.rpm

i386:
seamonkey-1.0.9-0.57.el3.i386.rpm
seamonkey-chat-1.0.9-0.57.el3.i386.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm
seamonkey-devel-1.0.9-0.57.el3.i386.rpm
seamonkey-dom-inspector-1.0.9-0.57.el3.i386.rpm
seamonkey-js-debugger-1.0.9-0.57.el3.i386.rpm
seamonkey-mail-1.0.9-0.57.el3.i386.rpm
seamonkey-nspr-1.0.9-0.57.el3.i386.rpm
seamonkey-nspr-devel-1.0.9-0.57.el3.i386.rpm
seamonkey-nss-1.0.9-0.57.el3.i386.rpm
seamonkey-nss-devel-1.0.9-0.57.el3.i386.rpm

x86_64:
seamonkey-1.0.9-0.57.el3.i386.rpm
seamonkey-1.0.9-0.57.el3.x86_64.rpm
seamonkey-chat-1.0.9-0.57.el3.x86_64.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.x86_64.rpm
seamonkey-devel-1.0.9-0.57.el3.x86_64.rpm
seamonkey-dom-inspector-1.0.9-0.57.el3.x86_64.rpm
seamonkey-js-debugger-1.0.9-0.57.el3.x86_64.rpm
seamonkey-mail-1.0.9-0.57.el3.x86_64.rpm
seamonkey-nspr-1.0.9-0.57.el3.i386.rpm
seamonkey-nspr-1.0.9-0.57.el3.x86_64.rpm
seamonkey-nspr-devel-1.0.9-0.57.el3.x86_64.rpm
seamonkey-nss-1.0.9-0.57.el3.i386.rpm
seamonkey-nss-1.0.9-0.57.el3.x86_64.rpm
seamonkey-nss-devel-1.0.9-0.57.el3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

Source:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/seamonkey-1.0.9-0.57.el3.src.rpm

i386:
seamonkey-1.0.9-0.57.el3.i386.rpm
seamonkey-chat-1.0.9-0.57.el3.i386.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm
seamonkey-devel-1.0.9-0.57.el3.i386.rpm
seamonkey-dom-inspector-1.0.9-0.57.el3.i386.rpm
seamonkey-js-debugger-1.0.9-0.57.el3.i386.rpm
seamonkey-mail-1.0.9-0.57.el3.i386.rpm
seamonkey-nspr-1.0.9-0.57.el3.i386.rpm
seamonkey-nspr-devel-1.0.9-0.57.el3.i386.rpm
seamonkey-nss-1.0.9-0.57.el3.i386.rpm
seamonkey-nss-devel-1.0.9-0.57.el3.i386.rpm

ia64:
seamonkey-1.0.9-0.57.el3.ia64.rpm
seamonkey-chat-1.0.9-0.57.el3.ia64.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.ia64.rpm
seamonkey-devel-1.0.9-0.57.el3.ia64.rpm
seamonkey-dom-inspector-1.0.9-0.57.el3.ia64.rpm
seamonkey-js-debugger-1.0.9-0.57.el3.ia64.rpm
seamonkey-mail-1.0.9-0.57.el3.ia64.rpm
seamonkey-nspr-1.0.9-0.57.el3.i386.rpm
seamonkey-nspr-1.0.9-0.57.el3.ia64.rpm
seamonkey-nspr-devel-1.0.9-0.57.el3.ia64.rpm
seamonkey-nss-1.0.9-0.57.el3.i386.rpm
seamonkey-nss-1.0.9-0.57.el3.ia64.rpm
seamonkey-nss-devel-1.0.9-0.57.el3.ia64.rpm

x86_64:
seamonkey-1.0.9-0.57.el3.i386.rpm
seamonkey-1.0.9-0.57.el3.x86_64.rpm
seamonkey-chat-1.0.9-0.57.el3.x86_64.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.x86_64.rpm
seamonkey-devel-1.0.9-0.57.el3.x86_64.rpm
seamonkey-dom-inspector-1.0.9-0.57.el3.x86_64.rpm
seamonkey-js-debugger-1.0.9-0.57.el3.x86_64.rpm
seamonkey-mail-1.0.9-0.57.el3.x86_64.rpm
seamonkey-nspr-1.0.9-0.57.el3.i386.rpm
seamonkey-nspr-1.0.9-0.57.el3.x86_64.rpm
seamonkey-nspr-devel-1.0.9-0.57.el3.x86_64.rpm
seamonkey-nss-1.0.9-0.57.el3.i386.rpm
seamonkey-nss-1.0.9-0.57.el3.x86_64.rpm
seamonkey-nss-devel-1.0.9-0.57.el3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

Source:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/seamonkey-1.0.9-0.57.el3.src.rpm

i386:
seamonkey-1.0.9-0.57.el3.i386.rpm
seamonkey-chat-1.0.9-0.57.el3.i386.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm
seamonkey-devel-1.0.9-0.57.el3.i386.rpm
seamonkey-dom-inspector-1.0.9-0.57.el3.i386.rpm
seamonkey-js-debugger-1.0.9-0.57.el3.i386.rpm
seamonkey-mail-1.0.9-0.57.el3.i386.rpm
seamonkey-nspr-1.0.9-0.57.el3.i386.rpm
seamonkey-nspr-devel-1.0.9-0.57.el3.i386.rpm
seamonkey-nss-1.0.9-0.57.el3.i386.rpm
seamonkey-nss-devel-1.0.9-0.57.el3.i386.rpm

ia64:
seamonkey-1.0.9-0.57.el3.ia64.rpm
seamonkey-chat-1.0.9-0.57.el3.ia64.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.ia64.rpm
seamonkey-devel-1.0.9-0.57.el3.ia64.rpm
seamonkey-dom-inspector-1.0.9-0.57.el3.ia64.rpm
seamonkey-js-debugger-1.0.9-0.57.el3.ia64.rpm
seamonkey-mail-1.0.9-0.57.el3.ia64.rpm
seamonkey-nspr-1.0.9-0.57.el3.i386.rpm
seamonkey-nspr-1.0.9-0.57.el3.ia64.rpm
seamonkey-nspr-devel-1.0.9-0.57.el3.ia64.rpm
seamonkey-nss-1.0.9-0.57.el3.i386.rpm
seamonkey-nss-1.0.9-0.57.el3.ia64.rpm
seamonkey-nss-devel-1.0.9-0.57.el3.ia64.rpm

x86_64:
seamonkey-1.0.9-0.57.el3.i386.rpm
seamonkey-1.0.9-0.57.el3.x86_64.rpm
seamonkey-chat-1.0.9-0.57.el3.x86_64.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm
seamonkey-debuginfo-1.0.9-0.57.el3.x86_64.rpm
seamonkey-devel-1.0.9-0.57.el3.x86_64.rpm
seamonkey-dom-inspector-1.0.9-0.57.el3.x86_64.rpm
seamonkey-js-debugger-1.0.9-0.57.el3.x86_64.rpm
seamonkey-mail-1.0.9-0.57.el3.x86_64.rpm
seamonkey-nspr-1.0.9-0.57.el3.i386.rpm
seamonkey-nspr-1.0.9-0.57.el3.x86_64.rpm
seamonkey-nspr-devel-1.0.9-0.57.el3.x86_64.rpm
seamonkey-nss-1.0.9-0.57.el3.i386.rpm
seamonkey-nss-1.0.9-0.57.el3.x86_64.rpm
seamonkey-nss-devel-1.0.9-0.57.el3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-60.el4.src.rpm

i386:
seamonkey-1.0.9-60.el4.i386.rpm
seamonkey-chat-1.0.9-60.el4.i386.rpm
seamonkey-debuginfo-1.0.9-60.el4.i386.rpm
seamonkey-devel-1.0.9-60.el4.i386.rpm
seamonkey-dom-inspector-1.0.9-60.el4.i386.rpm
seamonkey-js-debugger-1.0.9-60.el4.i386.rpm
seamonkey-mail-1.0.9-60.el4.i386.rpm

ia64:
seamonkey-1.0.9-60.el4.ia64.rpm
seamonkey-chat-1.0.9-60.el4.ia64.rpm
seamonkey-debuginfo-1.0.9-60.el4.ia64.rpm
seamonkey-devel-1.0.9-60.el4.ia64.rpm
seamonkey-dom-inspector-1.0.9-60.el4.ia64.rpm
seamonkey-js-debugger-1.0.9-60.el4.ia64.rpm
seamonkey-mail-1.0.9-60.el4.ia64.rpm

ppc:
seamonkey-1.0.9-60.el4.ppc.rpm
seamonkey-chat-1.0.9-60.el4.ppc.rpm
seamonkey-debuginfo-1.0.9-60.el4.ppc.rpm
seamonkey-devel-1.0.9-60.el4.ppc.rpm
seamonkey-dom-inspector-1.0.9-60.el4.ppc.rpm
seamonkey-js-debugger-1.0.9-60.el4.ppc.rpm
seamonkey-mail-1.0.9-60.el4.ppc.rpm

s390:
seamonkey-1.0.9-60.el4.s390.rpm
seamonkey-chat-1.0.9-60.el4.s390.rpm
seamonkey-debuginfo-1.0.9-60.el4.s390.rpm
seamonkey-devel-1.0.9-60.el4.s390.rpm
seamonkey-dom-inspector-1.0.9-60.el4.s390.rpm
seamonkey-js-debugger-1.0.9-60.el4.s390.rpm
seamonkey-mail-1.0.9-60.el4.s390.rpm

s390x:
seamonkey-1.0.9-60.el4.s390x.rpm
seamonkey-chat-1.0.9-60.el4.s390x.rpm
seamonkey-debuginfo-1.0.9-60.el4.s390x.rpm
seamonkey-devel-1.0.9-60.el4.s390x.rpm
seamonkey-dom-inspector-1.0.9-60.el4.s390x.rpm
seamonkey-js-debugger-1.0.9-60.el4.s390x.rpm
seamonkey-mail-1.0.9-60.el4.s390x.rpm

x86_64:
seamonkey-1.0.9-60.el4.x86_64.rpm
seamonkey-chat-1.0.9-60.el4.x86_64.rpm
seamonkey-debuginfo-1.0.9-60.el4.x86_64.rpm
seamonkey-devel-1.0.9-60.el4.x86_64.rpm
seamonkey-dom-inspector-1.0.9-60.el4.x86_64.rpm
seamonkey-js-debugger-1.0.9-60.el4.x86_64.rpm
seamonkey-mail-1.0.9-60.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-60.el4.src.rpm

i386:
seamonkey-1.0.9-60.el4.i386.rpm
seamonkey-chat-1.0.9-60.el4.i386.rpm
seamonkey-debuginfo-1.0.9-60.el4.i386.rpm
seamonkey-devel-1.0.9-60.el4.i386.rpm
seamonkey-dom-inspector-1.0.9-60.el4.i386.rpm
seamonkey-js-debugger-1.0.9-60.el4.i386.rpm
seamonkey-mail-1.0.9-60.el4.i386.rpm

x86_64:
seamonkey-1.0.9-60.el4.x86_64.rpm
seamonkey-chat-1.0.9-60.el4.x86_64.rpm
seamonkey-debuginfo-1.0.9-60.el4.x86_64.rpm
seamonkey-devel-1.0.9-60.el4.x86_64.rpm
seamonkey-dom-inspector-1.0.9-60.el4.x86_64.rpm
seamonkey-js-debugger-1.0.9-60.el4.x86_64.rpm
seamonkey-mail-1.0.9-60.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-60.el4.src.rpm

i386:
seamonkey-1.0.9-60.el4.i386.rpm
seamonkey-chat-1.0.9-60.el4.i386.rpm
seamonkey-debuginfo-1.0.9-60.el4.i386.rpm
seamonkey-devel-1.0.9-60.el4.i386.rpm
seamonkey-dom-inspector-1.0.9-60.el4.i386.rpm
seamonkey-js-debugger-1.0.9-60.el4.i386.rpm
seamonkey-mail-1.0.9-60.el4.i386.rpm

ia64:
seamonkey-1.0.9-60.el4.ia64.rpm
seamonkey-chat-1.0.9-60.el4.ia64.rpm
seamonkey-debuginfo-1.0.9-60.el4.ia64.rpm
seamonkey-devel-1.0.9-60.el4.ia64.rpm
seamonkey-dom-inspector-1.0.9-60.el4.ia64.rpm
seamonkey-js-debugger-1.0.9-60.el4.ia64.rpm
seamonkey-mail-1.0.9-60.el4.ia64.rpm

x86_64:
seamonkey-1.0.9-60.el4.x86_64.rpm
seamonkey-chat-1.0.9-60.el4.x86_64.rpm
seamonkey-debuginfo-1.0.9-60.el4.x86_64.rpm
seamonkey-devel-1.0.9-60.el4.x86_64.rpm
seamonkey-dom-inspector-1.0.9-60.el4.x86_64.rpm
seamonkey-js-debugger-1.0.9-60.el4.x86_64.rpm
seamonkey-mail-1.0.9-60.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-60.el4.src.rpm

i386:
seamonkey-1.0.9-60.el4.i386.rpm
seamonkey-chat-1.0.9-60.el4.i386.rpm
seamonkey-debuginfo-1.0.9-60.el4.i386.rpm
seamonkey-devel-1.0.9-60.el4.i386.rpm
seamonkey-dom-inspector-1.0.9-60.el4.i386.rpm
seamonkey-js-debugger-1.0.9-60.el4.i386.rpm
seamonkey-mail-1.0.9-60.el4.i386.rpm

ia64:
seamonkey-1.0.9-60.el4.ia64.rpm
seamonkey-chat-1.0.9-60.el4.ia64.rpm
seamonkey-debuginfo-1.0.9-60.el4.ia64.rpm
seamonkey-devel-1.0.9-60.el4.ia64.rpm
seamonkey-dom-inspector-1.0.9-60.el4.ia64.rpm
seamonkey-js-debugger-1.0.9-60.el4.ia64.rpm
seamonkey-mail-1.0.9-60.el4.ia64.rpm

x86_64:
seamonkey-1.0.9-60.el4.x86_64.rpm
seamonkey-chat-1.0.9-60.el4.x86_64.rpm
seamonkey-debuginfo-1.0.9-60.el4.x86_64.rpm
seamonkey-devel-1.0.9-60.el4.x86_64.rpm
seamonkey-dom-inspector-1.0.9-60.el4.x86_64.rpm
seamonkey-js-debugger-1.0.9-60.el4.x86_64.rpm
seamonkey-mail-1.0.9-60.el4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-1205.html
https://www.redhat.com/security/data/cve/CVE-2010-1211.html
https://www.redhat.com/security/data/cve/CVE-2010-1214.html
https://www.redhat.com/security/data/cve/CVE-2010-2751.html
https://www.redhat.com/security/data/cve/CVE-2010-2753.html
https://www.redhat.com/security/data/cve/CVE-2010-2754.html
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.

[RHSA-2010:0544-01] Moderate: thunderbird security update
=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: thunderbird security update
Advisory ID: RHSA-2010:0544-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0544.html
Issue date: 2010-07-20
CVE Names: CVE-2010-0174 CVE-2010-0175 CVE-2010-0176
CVE-2010-0177 CVE-2010-1197 CVE-2010-1198
CVE-2010-1199 CVE-2010-1200 CVE-2010-1211
CVE-2010-1214 CVE-2010-2753 CVE-2010-2754
=====================================================================

1. Summary:

An updated thunderbird package that fixes several security issues is now
available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code with the privileges of the
user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,
CVE-2010-1214, CVE-2010-2753)

An integer overflow flaw was found in the processing of malformed HTML mail
content. An HTML mail message containing malicious content could cause
Thunderbird to crash or, potentially, execute arbitrary code with the
privileges of the user running Thunderbird. (CVE-2010-1199)

Several use-after-free flaws were found in Thunderbird. Viewing an HTML
mail message containing malicious content could result in Thunderbird
executing arbitrary code with the privileges of the user running
Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)

A flaw was found in the way Thunderbird plug-ins interact. It was possible
for a plug-in to reference the freed memory from a different plug-in,
resulting in the execution of arbitrary code with the privileges of the
user running Thunderbird. (CVE-2010-1198)

A flaw was found in the way Thunderbird handled the "Content-Disposition:
attachment" HTTP header when the "Content-Type: multipart" HTTP header was
also present. Loading remote HTTP content that allows arbitrary uploads and
relies on the "Content-Disposition: attachment" HTTP header to prevent
content from being displayed inline, could be used by an attacker to serve
malicious content to users. (CVE-2010-1197)

A same-origin policy bypass flaw was found in Thunderbird. Remote HTML
content could steal private data from different remote HTML content
Thunderbird has loaded. (CVE-2010-2754)

All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

578147 - CVE-2010-0174 Mozilla crashes with evidence of memory corruption
578149 - CVE-2010-0175 Mozilla remote code execution with use-after-free in nsTreeSelection
578150 - CVE-2010-0176 Mozilla Dangling pointer vulnerability in nsTreeContentView
578152 - CVE-2010-0177 Mozilla Dangling pointer vulnerability in nsPluginArray
590804 - CVE-2010-1200 Mozilla Crashes with evidence of memory corruption
590828 - CVE-2010-1198 Mozilla Freed object reuse across plugin instances
590833 - CVE-2010-1199 Mozilla Integer Overflow in XSLT Node Sorting
590850 - CVE-2010-1197 Mozilla Content-Disposition: attachment ignored if Content-Type: multipart also present
615455 - CVE-2010-1211 Mozilla miscellaneous memory safety hazards
615462 - CVE-2010-1214 Mozilla Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
615466 - CVE-2010-2753 Mozilla nsTreeSelection dangling pointer remote code execution vulnerability
615488 - CVE-2010-2754 Mozilla Cross-origin data leakage from script filename in error messages

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.12-28.el4.src.rpm

i386:
thunderbird-1.5.0.12-28.el4.i386.rpm
thunderbird-debuginfo-1.5.0.12-28.el4.i386.rpm

ia64:
thunderbird-1.5.0.12-28.el4.ia64.rpm
thunderbird-debuginfo-1.5.0.12-28.el4.ia64.rpm

ppc:
thunderbird-1.5.0.12-28.el4.ppc.rpm
thunderbird-debuginfo-1.5.0.12-28.el4.ppc.rpm

s390:
thunderbird-1.5.0.12-28.el4.s390.rpm
thunderbird-debuginfo-1.5.0.12-28.el4.s390.rpm

s390x:
thunderbird-1.5.0.12-28.el4.s390x.rpm
thunderbird-debuginfo-1.5.0.12-28.el4.s390x.rpm

x86_64:
thunderbird-1.5.0.12-28.el4.x86_64.rpm
thunderbird-debuginfo-1.5.0.12-28.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.12-28.el4.src.rpm

i386:
thunderbird-1.5.0.12-28.el4.i386.rpm
thunderbird-debuginfo-1.5.0.12-28.el4.i386.rpm

x86_64:
thunderbird-1.5.0.12-28.el4.x86_64.rpm
thunderbird-debuginfo-1.5.0.12-28.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.12-28.el4.src.rpm

i386:
thunderbird-1.5.0.12-28.el4.i386.rpm
thunderbird-debuginfo-1.5.0.12-28.el4.i386.rpm

ia64:
thunderbird-1.5.0.12-28.el4.ia64.rpm
thunderbird-debuginfo-1.5.0.12-28.el4.ia64.rpm

x86_64:
thunderbird-1.5.0.12-28.el4.x86_64.rpm
thunderbird-debuginfo-1.5.0.12-28.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.12-28.el4.src.rpm

i386:
thunderbird-1.5.0.12-28.el4.i386.rpm
thunderbird-debuginfo-1.5.0.12-28.el4.i386.rpm

ia64:
thunderbird-1.5.0.12-28.el4.ia64.rpm
thunderbird-debuginfo-1.5.0.12-28.el4.ia64.rpm

x86_64:
thunderbird-1.5.0.12-28.el4.x86_64.rpm
thunderbird-debuginfo-1.5.0.12-28.el4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-0174.html
https://www.redhat.com/security/data/cve/CVE-2010-0175.html
https://www.redhat.com/security/data/cve/CVE-2010-0176.html
https://www.redhat.com/security/data/cve/CVE-2010-0177.html
https://www.redhat.com/security/data/cve/CVE-2010-1197.html
https://www.redhat.com/security/data/cve/CVE-2010-1198.html
https://www.redhat.com/security/data/cve/CVE-2010-1199.html
https://www.redhat.com/security/data/cve/CVE-2010-1200.html
https://www.redhat.com/security/data/cve/CVE-2010-1211.html
https://www.redhat.com/security/data/cve/CVE-2010-1214.html
https://www.redhat.com/security/data/cve/CVE-2010-2753.html
https://www.redhat.com/security/data/cve/CVE-2010-2754.html
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.

[RHSA-2010:0545-01] Critical: thunderbird security update
=====================================================================
Red Hat Security Advisory

Synopsis: Critical: thunderbird security update
Advisory ID: RHSA-2010:0545-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0545.html
Issue date: 2010-07-20
CVE Names: CVE-2010-0174 CVE-2010-0175 CVE-2010-0176
CVE-2010-0177 CVE-2010-1197 CVE-2010-1198
CVE-2010-1199 CVE-2010-1200 CVE-2010-1205
CVE-2010-1211 CVE-2010-1214 CVE-2010-2753
CVE-2010-2754
=====================================================================

1. Summary:

An updated thunderbird package that fixes several security issues is now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

A memory corruption flaw was found in the way Thunderbird decoded certain
PNG images. An attacker could create a mail message containing a
specially-crafted PNG image that, when opened, could cause Thunderbird to
crash or, potentially, execute arbitrary code with the privileges of the
user running Thunderbird. (CVE-2010-1205)

Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code with the privileges of the
user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,
CVE-2010-1214, CVE-2010-2753)

An integer overflow flaw was found in the processing of malformed HTML mail
content. An HTML mail message containing malicious content could cause
Thunderbird to crash or, potentially, execute arbitrary code with the
privileges of the user running Thunderbird. (CVE-2010-1199)

Several use-after-free flaws were found in Thunderbird. Viewing an HTML
mail message containing malicious content could result in Thunderbird
executing arbitrary code with the privileges of the user running
Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)

A flaw was found in the way Thunderbird plug-ins interact. It was possible
for a plug-in to reference the freed memory from a different plug-in,
resulting in the execution of arbitrary code with the privileges of the
user running Thunderbird. (CVE-2010-1198)

A flaw was found in the way Thunderbird handled the "Content-Disposition:
attachment" HTTP header when the "Content-Type: multipart" HTTP header was
also present. Loading remote HTTP content that allows arbitrary uploads and
relies on the "Content-Disposition: attachment" HTTP header to prevent
content from being displayed inline, could be used by an attacker to serve
malicious content to users. (CVE-2010-1197)

A same-origin policy bypass flaw was found in Thunderbird. Remote HTML
content could steal private data from different remote HTML content
Thunderbird has loaded. (CVE-2010-2754)

All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

578147 - CVE-2010-0174 Mozilla crashes with evidence of memory corruption
578149 - CVE-2010-0175 Mozilla remote code execution with use-after-free in nsTreeSelection
578150 - CVE-2010-0176 Mozilla Dangling pointer vulnerability in nsTreeContentView
578152 - CVE-2010-0177 Mozilla Dangling pointer vulnerability in nsPluginArray
590804 - CVE-2010-1200 Mozilla Crashes with evidence of memory corruption
590828 - CVE-2010-1198 Mozilla Freed object reuse across plugin instances
590833 - CVE-2010-1199 Mozilla Integer Overflow in XSLT Node Sorting
590850 - CVE-2010-1197 Mozilla Content-Disposition: attachment ignored if Content-Type: multipart also present
608238 - CVE-2010-1205 libpng: out-of-bounds memory write
615455 - CVE-2010-1211 Mozilla miscellaneous memory safety hazards
615462 - CVE-2010-1214 Mozilla Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
615466 - CVE-2010-2753 Mozilla nsTreeSelection dangling pointer remote code execution vulnerability
615488 - CVE-2010-2754 Mozilla Cross-origin data leakage from script filename in error messages

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-2.0.0.24-6.el5.src.rpm

i386:
thunderbird-2.0.0.24-6.el5.i386.rpm
thunderbird-debuginfo-2.0.0.24-6.el5.i386.rpm

x86_64:
thunderbird-2.0.0.24-6.el5.x86_64.rpm
thunderbird-debuginfo-2.0.0.24-6.el5.x86_64.rpm

RHEL Optional Productivity Applications (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-2.0.0.24-6.el5.src.rpm

i386:
thunderbird-2.0.0.24-6.el5.i386.rpm
thunderbird-debuginfo-2.0.0.24-6.el5.i386.rpm

x86_64:
thunderbird-2.0.0.24-6.el5.x86_64.rpm
thunderbird-debuginfo-2.0.0.24-6.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-0174.html
https://www.redhat.com/security/data/cve/CVE-2010-0175.html
https://www.redhat.com/security/data/cve/CVE-2010-0176.html
https://www.redhat.com/security/data/cve/CVE-2010-0177.html
https://www.redhat.com/security/data/cve/CVE-2010-1197.html
https://www.redhat.com/security/data/cve/CVE-2010-1198.html
https://www.redhat.com/security/data/cve/CVE-2010-1199.html
https://www.redhat.com/security/data/cve/CVE-2010-1200.html
https://www.redhat.com/security/data/cve/CVE-2010-1205.html
https://www.redhat.com/security/data/cve/CVE-2010-1211.html
https://www.redhat.com/security/data/cve/CVE-2010-1214.html
https://www.redhat.com/security/data/cve/CVE-2010-2753.html
https://www.redhat.com/security/data/cve/CVE-2010-2754.html
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.

RHSA-2010:0401-01 Moderate: tetex security updateLady Gaga slept in a car park on Saturday