Slackware Local Security Checks : Slackware: Security Advisory (SSA:2005-085-01)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.53962

Categoría: Slackware Local Security Checks

Título: Slackware: Security Advisory (SSA:2005-085-01)

Resumen: The remote host is missing an update for the 'Mozilla/Firefox/Thunderbird' package(s) announced via the SSA:2005-085-01 advisory.

Descripción: Summary:
The remote host is missing an update for the 'Mozilla/Firefox/Thunderbird' package(s) announced via the SSA:2005-085-01 advisory.

Vulnerability Insight:
New Mozilla packages are available for Slackware 9.1, 10.0, 10.1, and -current
to fix various security issues and bugs. See the Mozilla site for a complete
list of the issues patched:

[link moved to references]

Also updated are Firefox and Thunderbird in Slackware -current, and GAIM in
Slackware 9.1, 10.0, and 10.1 (which uses the Mozilla NSS libraries).

New versions of the mozilla-plugins symlink creation package are also out for
Slackware 9.1, 10.0, and 10.1.

Just a little note on Slackware security -- I believe the state of Slackware
right now is quite secure. I know there have been issues announced and fixed
elsewhere, and I am assessing the reality of them (to be honest, it seems the
level of proof needed to announce a security hole these days has fallen close
to zero -- where are the proof-of-concept exploits?) It is, as always, my
firm intent to keep Slackware as secure as it can possibly be. I'm still
getting back up to speed (and I do not believe that anything exploitable in
real life is being allowed to slide), but I'm continuing to look over the
various reports and would welcome input at security@slackware.com if you feel
anything important has been overlooked and is in need of attention. Please
remember that I do read BugTraq and many other security lists. I am not
asking for duplicates of BugTraq posts unless you have additional proof or
information on the issues, or can explain how an issue affects your own
servers. This will help me to priorite any work that remains to be done.
Thanks in advance for any helpful comments.

Here are the details from the Slackware 10.1 ChangeLog:
+--------------------------+
patches/packages/gaim-1.2.0-i486-1.tgz: Upgraded to gaim-1.2.0 and
gaim-encryption-2.36 (compiled against mozilla-1.7.6).
patches/packages/mozilla-1.7.6-i486-1.tgz: Upgraded to mozilla-1.7.6.
Fixes some security issues. Please see mozilla.org for a complete list.
(* Security fix *)
patches/packages/mozilla-plugins-1.7.6-noarch-1.tgz: Adjusted plugin
symlinks for Mozilla 1.7.6.
+--------------------------+

Affected Software/OS:
'Mozilla/Firefox/Thunderbird' package(s) on Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.53962
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2005-085-01)
Resumen:	The remote host is missing an update for the 'Mozilla/Firefox/Thunderbird' package(s) announced via the SSA:2005-085-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'Mozilla/Firefox/Thunderbird' package(s) announced via the SSA:2005-085-01 advisory. Vulnerability Insight: New Mozilla packages are available for Slackware 9.1, 10.0, 10.1, and -current to fix various security issues and bugs. See the Mozilla site for a complete list of the issues patched: [link moved to references] Also updated are Firefox and Thunderbird in Slackware -current, and GAIM in Slackware 9.1, 10.0, and 10.1 (which uses the Mozilla NSS libraries). New versions of the mozilla-plugins symlink creation package are also out for Slackware 9.1, 10.0, and 10.1. Just a little note on Slackware security -- I believe the state of Slackware right now is quite secure. I know there have been issues announced and fixed elsewhere, and I am assessing the reality of them (to be honest, it seems the level of proof needed to announce a security hole these days has fallen close to zero -- where are the proof-of-concept exploits?) It is, as always, my firm intent to keep Slackware as secure as it can possibly be. I'm still getting back up to speed (and I do not believe that anything exploitable in real life is being allowed to slide), but I'm continuing to look over the various reports and would welcome input at security@slackware.com if you feel anything important has been overlooked and is in need of attention. Please remember that I do read BugTraq and many other security lists. I am not asking for duplicates of BugTraq posts unless you have additional proof or information on the issues, or can explain how an issue affects your own servers. This will help me to priorite any work that remains to be done. Thanks in advance for any helpful comments. Here are the details from the Slackware 10.1 ChangeLog: +--------------------------+ patches/packages/gaim-1.2.0-i486-1.tgz: Upgraded to gaim-1.2.0 and gaim-encryption-2.36 (compiled against mozilla-1.7.6). patches/packages/mozilla-1.7.6-i486-1.tgz: Upgraded to mozilla-1.7.6. Fixes some security issues. Please see mozilla.org for a complete list. (* Security fix *) patches/packages/mozilla-plugins-1.7.6-noarch-1.tgz: Adjusted plugin symlinks for Mozilla 1.7.6. +--------------------------+ Affected Software/OS: 'Mozilla/Firefox/Thunderbird' package(s) on Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware current. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Copyright	Copyright (C) 2012 Greenbone AG