Conectiva Local Security Checks : Conectiva Security Advisory CLA-2002:490

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.51518

Kategorie: Conectiva Local Security Checks

Titel: Conectiva Security Advisory CLA-2002:490

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

The remote host is missing updates announced in
advisory CLA-2002:490.

Mozilla is an open-source web browser designed for standards
compliance, performance and portability.

GreyMagic Security found[1] a vulnerability[2] in mozilla prior to
version 1.0rc1 which allows a hostile site to read and list user
files. The vulnerability was related to the XMLHTTP, a component that
is primarily used for retrieving XML documents from a web server.

This update also solves other vulnerabilities:
- IRC Buffer Overflow Vulnerability[3]
- Local File Detection Vulnerability[4]
- JavaScript Interpreter Denial Of Service Vulnerability[5]
- Null Character Cookie Stealing Vulnerability[6]*

* Conectiva Linux 8 is not vulnerable.

The packages included with this update are of Mozilla 1.0rc2, which
fixes all the problems listed above.

These vulnerabilities also affect the Galeon web browser, since it
uses the Mozilla engine. There will be no updated Galeon packages for
Conectiva Linux 6.0 and 7.0. Galeon in these versions of the
distribution was in its early stages of development and will not work
with the new Mozilla packages. A new version of Galeon for these
distributions would need many other updated packages and will not be
provided.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://sec.greymagic.com/adv/gm001-ns/
http://bugzilla.mozilla.org/show_bug.cgi?id=141061
http://online.securityfocus.com/archive/1/270249
http://online.securityfocus.com/archive/1/270249
http://online.securityfocus.com/archive/1/262994
http://online.securityfocus.com/archive/1/251788
http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:490
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002

Risk factor : High

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.51518
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2002:490
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2002:490. Mozilla is an open-source web browser designed for standards compliance, performance and portability. GreyMagic Security found[1] a vulnerability[2] in mozilla prior to version 1.0rc1 which allows a hostile site to read and list user files. The vulnerability was related to the XMLHTTP, a component that is primarily used for retrieving XML documents from a web server. This update also solves other vulnerabilities: - IRC Buffer Overflow Vulnerability[3] - Local File Detection Vulnerability[4] - JavaScript Interpreter Denial Of Service Vulnerability[5] - Null Character Cookie Stealing Vulnerability[6]* * Conectiva Linux 8 is not vulnerable. The packages included with this update are of Mozilla 1.0rc2, which fixes all the problems listed above. These vulnerabilities also affect the Galeon web browser, since it uses the Mozilla engine. There will be no updated Galeon packages for Conectiva Linux 6.0 and 7.0. Galeon in these versions of the distribution was in its early stages of development and will not work with the new Mozilla packages. A new version of Galeon for these distributions would need many other updated packages and will not be provided. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://sec.greymagic.com/adv/gm001-ns/ http://bugzilla.mozilla.org/show_bug.cgi?id=141061 http://online.securityfocus.com/archive/1/270249 http://online.securityfocus.com/archive/1/270249 http://online.securityfocus.com/archive/1/262994 http://online.securityfocus.com/archive/1/251788 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:490 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com