Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59758
Category:Fedora Local Security Checks
Title:Fedora Core 7 FEDORA-2007-1155 (epiphany-extensions)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to epiphany-extensions
announced via advisory FEDORA-2007-1155.

Epiphany Extensions is a collection of extensions for Epiphany, the
GNOME web browser.

Update Information:

Updated Firefox packages that fix several security bugs are now available for Fedora 7.

Users of epiphany-extensions are advised to upgrade to this errata package, which has been rebuilt against the updated Firefox package.


ChangeLog:

* Wed Jul 18 2007 Peter Gordon - 2.18.3-2
- Rebuild against new Gecko release (Firefox 2.0.0.5).
* Wed Jul 4 2007 Peter Gordon - 2.18.3-1
- Update to new upstream release (2.18.3).
* Wed Jun 6 2007 Christopher Aillon - 2.18.2-3
- Specfiles should _NOT_ call rpm directly. Fix the previous bug the
correct way, by doing explicit requires on the exact versions instead
of via rpm -q
* Tue Jun 5 2007 Peter Gordon - 2.18.2-2
- Add %{_target_cpu} to versioned Firefox dependency to avoid multilib
updating issues such as bug 242318, wherein the 32-bit older Firefox build
matches the versioned dependency, but the updated 64-bit Firefox build
matches the 64-bit shared library dependencies. (Thanks to Frederik Hertzum
for the bug report.)
* Wed May 30 2007 Peter Gordon - 2.18.2-1
- Update to new upstream bugfix release (2.18.2)
and rebuild for newer
Firefox/Gecko version (2.0.0.4).
References:

[ 1 ] Bug #248518
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248518
[ 2 ] CVE-2007-3734
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734
[ 3 ] CVE-2007-3735
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3735
[ 4 ] CVE-2007-3736
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3736
[ 5 ] CVE-2007-3089
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3089
[ 6 ] CVE-2007-3737
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3737
[ 7 ] CVE-2007-3656
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3656
[ 8 ] CVE-2007-3738
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3738
Updated packages:

09e0f52430e459f13eb9bfee9ec644b6a00a8ac5 epiphany-extensions-2.18.3-2.ppc64.rpm
729db8ef221b4dbd9e1286c0102d7af359831c2b epiphany-extensions-debuginfo-2.18.3-2.ppc64.rpm
5bc029911fc09b7351070afbe5d486619f924215 epiphany-extensions-2.18.3-2.i386.rpm
2a1f4984f3d1b2af8a8733d43f598b49bd61c36b epiphany-extensions-debuginfo-2.18.3-2.i386.rpm
26b52098ee0b9f1b76c47c015d4269c5e75d4349 epiphany-extensions-2.18.3-2.x86_64.rpm
108f4159a537962ea755f47dacc5ff3894db72cc epiphany-extensions-debuginfo-2.18.3-2.x86_64.rpm
0dd417f28ed97f05003cb9d33eb5ceac471eedea epiphany-extensions-2.18.3-2.ppc.rpm
0fc7df45d6ef70f0303b5e563577b16b1188aa85 epiphany-extensions-debuginfo-2.18.3-2.ppc.rpm
cc43601a3b450cf0ab7f9f71e225671e53d9a0a0 epiphany-extensions-2.18.3-2.src.rpm

This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.

Solution: Apply the appropriate updates.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-1155

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-3734
BugTraq ID: 24946
http://www.securityfocus.com/bid/24946
Bugtraq: 20070720 rPSA-2007-0148-1 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/474226/100/0/threaded
Bugtraq: 20070724 FLEA-2007-0033-1: firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/474542/100/0/threaded
Debian Security Information: DSA-1337 (Google Search)
http://www.debian.org/security/2007/dsa-1337
Debian Security Information: DSA-1338 (Google Search)
http://www.debian.org/security/2007/dsa-1338
Debian Security Information: DSA-1339 (Google Search)
http://www.debian.org/security/2007/dsa-1339
Debian Security Information: DSA-1391 (Google Search)
http://www.debian.org/security/2007/dsa-1391
http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: HPSBUX02156
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
HPdes Security Advisory: SSRT061181
HPdes Security Advisory: SSRT061236
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10108
http://www.redhat.com/support/errata/RHSA-2007-0722.html
http://www.redhat.com/support/errata/RHSA-2007-0723.html
http://www.redhat.com/support/errata/RHSA-2007-0724.html
http://www.securitytracker.com/id?1018408
http://secunia.com/advisories/25589
http://secunia.com/advisories/26072
http://secunia.com/advisories/26095
http://secunia.com/advisories/26096
http://secunia.com/advisories/26103
http://secunia.com/advisories/26106
http://secunia.com/advisories/26107
http://secunia.com/advisories/26149
http://secunia.com/advisories/26151
http://secunia.com/advisories/26159
http://secunia.com/advisories/26176
http://secunia.com/advisories/26179
http://secunia.com/advisories/26204
http://secunia.com/advisories/26205
http://secunia.com/advisories/26211
http://secunia.com/advisories/26216
http://secunia.com/advisories/26258
http://secunia.com/advisories/26271
http://secunia.com/advisories/26460
http://secunia.com/advisories/26572
http://secunia.com/advisories/27326
http://secunia.com/advisories/28135
http://secunia.com/advisories/28363
SGI Security Advisory: 20070701-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
SuSE Security Announcement: SUSE-SA:2007:049 (Google Search)
http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
http://www.ubuntu.com/usn/usn-490-1
http://www.ubuntu.com/usn/usn-503-1
http://www.vupen.com/english/advisories/2007/2564
http://www.vupen.com/english/advisories/2007/2565
http://www.vupen.com/english/advisories/2007/4256
http://www.vupen.com/english/advisories/2008/0082
XForce ISS Database: mozilla-browser-engine-code-execution(35458)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35458
Common Vulnerability Exposure (CVE) ID: CVE-2007-3735
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11066
XForce ISS Database: mozilla-javascript-eng-code-execution(35459)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35459
Common Vulnerability Exposure (CVE) ID: CVE-2007-3736
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11749
http://www.securitytracker.com/id?1018410
XForce ISS Database: mozilla-addeventlistener-settimeout-xss(35462)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35462
Common Vulnerability Exposure (CVE) ID: CVE-2007-3089
BugTraq ID: 24286
http://www.securityfocus.com/bid/24286
Bugtraq: 20070604 Assorted browser vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/470446/100/0/threaded
Cert/CC Advisory: TA07-199A
http://www.us-cert.gov/cas/techalerts/TA07-199A.html
CERT/CC vulnerability note: VU#143297
http://www.kb.cert.org/vuls/id/143297
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html
http://lcamtuf.coredump.cx/ifsnatch/
https://bugzilla.mozilla.org/show_bug.cgi?id=381300
https://bugzilla.mozilla.org/show_bug.cgi?id=382686
http://osvdb.org/38024
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11122
http://www.securitytracker.com/id?1018412
http://securityreason.com/securityalert/2781
XForce ISS Database: firefox-iframe-security-bypass(34701)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34701
Common Vulnerability Exposure (CVE) ID: CVE-2007-3737
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10009
http://www.securitytracker.com/id?1018409
XForce ISS Database: firefox-eventhandler-code-execution(35461)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35461
Common Vulnerability Exposure (CVE) ID: CVE-2007-3656
BugTraq ID: 24831
http://www.securityfocus.com/bid/24831
Bugtraq: 20070709 Firefox wyciwyg:// cache zone bypass (Google Search)
http://www.securityfocus.com/archive/1/473191/100/0/threaded
http://lcamtuf.coredump.cx/ffcache/
http://osvdb.org/38028
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9105
http://www.securitytracker.com/id?1018411
http://secunia.com/advisories/25990
http://securityreason.com/securityalert/2872
XForce ISS Database: mozilla-wyciwyg-security-bypass(35298)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35298
Common Vulnerability Exposure (CVE) ID: CVE-2007-3738
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9875
http://www.securitytracker.com/id?1018414
SuSE Security Announcement: SUSE-SA:2007:057 (Google Search)
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
XForce ISS Database: firefox-xpcnativewrapper-code-execution(35460)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35460
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.