Conectiva Local Security Checks : Conectiva Security Advisory CLA-2002:490

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51518

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2002:490

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2002:490.

Mozilla is an open-source web browser designed for standards
compliance, performance and portability.

GreyMagic Security found[1] a vulnerability[2] in mozilla prior to
version 1.0rc1 which allows a hostile site to read and list user
files. The vulnerability was related to the XMLHTTP, a component that
is primarily used for retrieving XML documents from a web server.

This update also solves other vulnerabilities:
- IRC Buffer Overflow Vulnerability[3]
- Local File Detection Vulnerability[4]
- JavaScript Interpreter Denial Of Service Vulnerability[5]
- Null Character Cookie Stealing Vulnerability[6]*

* Conectiva Linux 8 is not vulnerable.

The packages included with this update are of Mozilla 1.0rc2, which
fixes all the problems listed above.

These vulnerabilities also affect the Galeon web browser, since it
uses the Mozilla engine. There will be no updated Galeon packages for
Conectiva Linux 6.0 and 7.0. Galeon in these versions of the
distribution was in its early stages of development and will not work
with the new Mozilla packages. A new version of Galeon for these
distributions would need many other updated packages and will not be
provided.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://sec.greymagic.com/adv/gm001-ns/
http://bugzilla.mozilla.org/show_bug.cgi?id=141061
http://online.securityfocus.com/archive/1/270249
http://online.securityfocus.com/archive/1/270249
http://online.securityfocus.com/archive/1/262994
http://online.securityfocus.com/archive/1/251788
http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:490
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002

Risk factor : High

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51518
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2002:490
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2002:490. Mozilla is an open-source web browser designed for standards compliance, performance and portability. GreyMagic Security found[1] a vulnerability[2] in mozilla prior to version 1.0rc1 which allows a hostile site to read and list user files. The vulnerability was related to the XMLHTTP, a component that is primarily used for retrieving XML documents from a web server. This update also solves other vulnerabilities: - IRC Buffer Overflow Vulnerability[3] - Local File Detection Vulnerability[4] - JavaScript Interpreter Denial Of Service Vulnerability[5] - Null Character Cookie Stealing Vulnerability[6]* * Conectiva Linux 8 is not vulnerable. The packages included with this update are of Mozilla 1.0rc2, which fixes all the problems listed above. These vulnerabilities also affect the Galeon web browser, since it uses the Mozilla engine. There will be no updated Galeon packages for Conectiva Linux 6.0 and 7.0. Galeon in these versions of the distribution was in its early stages of development and will not work with the new Mozilla packages. A new version of Galeon for these distributions would need many other updated packages and will not be provided. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://sec.greymagic.com/adv/gm001-ns/ http://bugzilla.mozilla.org/show_bug.cgi?id=141061 http://online.securityfocus.com/archive/1/270249 http://online.securityfocus.com/archive/1/270249 http://online.securityfocus.com/archive/1/262994 http://online.securityfocus.com/archive/1/251788 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:490 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com