__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN SeaMonkey Security Update (was Mozilla) [Red Hat RHSA-2006:0578-10] July 21, 2006 13:00 GMT Number Q-254 [REVISED 24 Jul 2006] [REVISED 01 Aug 2006] [REVISED 02 Aug 2006] [REVISED 03 Aug 2006] [REVISED 28 Aug 2006] [REVISED 29 Aug 2006] [REVISED 30 Aug 2006] [REVISED 08 Sep 2006] [REVISED 15 Sep 2006] [REVISED 06 Oct 2006] [REVISED 14 Nov 2006] [REVISED 13 Feb 2007] ______________________________________________________________________________ PROBLEM: There are several security vulnerabilities in SeaMonkey. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. 1) A double-free flaw was found in the way Mozilla-mail displayed malformed inline vcard attachments; 2) A form file upload flaw was found in the way Mozilla handled javascript input object mutation; and 3) a double free flaw was found in the way the nslX509::getRawDER method was called. PLATFORM: Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS, ES, WS (v. 3) Debian GNU/Linux 3.1 alias sarge Mozilla v1.7 Solaris 8, 9, 10 Operating System DAMAGE: 1) Could execute arbitrary code as the user running Mozilla-mail; 2) A malicious web page could upload an arbitrary local file at form submission time without user interaction; and 3) Could execute arbitrary code as the user running Mozilla. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is LOW. A malicious web page or email could run ASSESSMENT: arbitrary code as the user viewing the page or email. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-254.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2006-0578.html ADDITIONAL LINKS: Debian Security Advisories DSA-1118-1 and DSA-1120-1 http://www.debian.org/security/2006/dsa-1118 http://www.debian.org/security/2006/dsa-1120 Red Hat Security Advisory-2006:0611-3 https://rhn.redhat.com/errata/RHSA-2006-0611.html Red Hat Security Advisory-2006:0610-4 https://rhn.redhat.com/errata/RHSA-2006-0610.html Debian Security Advisory 1134-1 http://www.debian.org/security/2006/dsa-1134 Red Hat Security Advisory 2006:0609-9 https://rhn.redhat.com/errata/RHSA-2006-0609.html Debian Security Advisory 1159-2 http://www.debian.org/security/2006/dsa-1159 RHSA-2006:0594-9 https://rhn.redhat.com/errata/RHSA-2006-0594.html Debian Security Advisory 1160-2 http://www.debian.org/security/2006/dsa-1160 Debian Security Advisory 1161-1 http://www.debian.org/security/2006/dsa-1161 Debian Security Advisory 1191-1 http://www.debian.org/security/2006/dsa-1191 Debian Security Advisory 1192-1 http://www.debian.org/security/2006/dsa-1192 Debian Security Advisory 1210-1 http://www.debian.org/security/2006/dsa-1210 Sun Alert ID: 102800 http://www.sunsolve.sun.com/search/document.do? assetkey=1-26-102800-1 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2006-2776 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2781 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787 CVE-2006-2788 ______________________________________________________________________________ REVISION HISTORY: 07/24/2006 - revised to add a link to Debian Security Advisories DSA-1118-1 and DSA-1120-1 for Debian GNU/Linux 3.1 alias sarge. 08/01/2006 - revised to add links to Red Hat Security Advisory-2006:0611-3 and Red Hat Security Advisory-2006:0610-4 08/02/2006 - added a link to Debian Security Advisory 1134-1 08/03/2006 - added a link to Red Hat Security Advisory 2006:0609-9 08/28/2006 - added links to Debian Security Advisory 1159-1 and RHSA-2006:0594-9 08/29/2006 - added a link to Debian Security Advisory 1160 08/30/2006 - added a link to Debian Security Advisory 1161 09/08/2006 - modified link to Debian Security Advisory DSA-1159-2. 09/15/2006 - updated to note that Debian Security Advisory 1160-2 states the latest security updates of Mozilla introduced a regression that led to a disfunctional attachment panel which warrants a correction to fix this issue 10/06/2006 - revised to adda link to Debian Security Advisories DSA-1191-1 & DSA-1192-1 for Debian GNU/Linux 3.1 alias sarge 11/14/2006 - added a link to Debian Security Advisory 1210-1 02/13/2007 - revised to add a link to Sun Alert ID: 102800 for Mozilla v1.7, Solaris 8, 9, 10 Operating System. [***** Start Red Hat RHSA-2006:0578-10 *****] Critical: seamonkey security update (was mozilla) Advisory: RHSA-2006:0578-10 Type: Security Advisory Issued on: 2006-07-20 Last updated on: 2006-07-20 Affected Products: Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux WS (v. 3) CVEs (cve.mitre.org): CVE-2006-2776 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2781 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787 CVE-2006-2788 Details Updated seamonkey packages that fix several security bugs in the mozilla package are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. The Mozilla Foundation has discontinued support for the Mozilla Suite. This update deprecates the Mozilla Suite in Red Hat Enterprise Linux 3 in favor of the supported SeaMonkey Suite. This update also resolves a number of outstanding Mozilla security issues: Several flaws were found in the way Mozilla processed certain javascript actions. A malicious web page could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787) Several denial of service flaws were found in the way Mozilla processed certain web content. A malicious web page could crash firefox or possibly execute arbitrary code. These issues to date were not proven to be exploitable, but do show evidence of memory corruption. (CVE-2006-2779, CVE-2006-2780) A double-free flaw was found in the way Mozilla-mail displayed malformed inline vcard attachments. If a victim viewed an email message containing a carefully crafted vcard it could execute arbitrary code as the user running Mozilla-mail. (CVE-2006-2781) A cross site scripting flaw was found in the way Mozilla processed Unicode Byte-order-Mark (BOM) markers in UTF-8 web pages. A malicious web page could execute a script within the browser that a web input sanitizer could miss due to a malformed "script" tag. (CVE-2006-2783) A form file upload flaw was found in the way Mozilla handled javascript input object mutation. A malicious web page could upload an arbitrary local file at form submission time without user interaction. (CVE-2006-2782) A denial of service flaw was found in the way Mozilla called the crypto.signText() javascript function. A malicious web page could crash the browser if the victim had a client certificate loaded. (CVE-2006-2778) Two HTTP response smuggling flaws were found in the way Mozilla processed certain invalid HTTP response headers. A malicious web site could return specially crafted HTTP response headers which may bypass HTTP proxy restrictions. (CVE-2006-2786) A double free flaw was found in the way the nsIX509::getRawDER method was called. If a victim visited a carefully crafted web page it could execute arbitrary code as the user running Mozilla. (CVE-2006-2788) Users of Mozilla are advised to upgrade to this update, which contains SeaMonkey version 1.0.2 that is not vulnerable to these issues. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Updated packages Red Hat Desktop (v. 3) -------------------------------------------------------------------------------- SRPMS: seamonkey-1.0.2-0.1.0.EL3.src.rpm e7f42fee596ad457febe242c64bd5787 IA-32: seamonkey-1.0.2-0.1.0.EL3.i386.rpm cd2ed103ee013ca0b41987baf48dc6be seamonkey-chat-1.0.2-0.1.0.EL3.i386.rpm 0107a05bf5bf3cd9e5b871aa52e94f02 seamonkey-devel-1.0.2-0.1.0.EL3.i386.rpm cb8e2e0b35f45625fec39d28af1cb6d1 seamonkey-dom-inspector-1.0.2-0.1.0.EL3.i386.rpm d8bf06ddf59a8c26fe176c98b249cf52 seamonkey-js-debugger-1.0.2-0.1.0.EL3.i386.rpm 84ec6859df530a8ea6c1a71b5e9c5369 seamonkey-mail-1.0.2-0.1.0.EL3.i386.rpm 546ce0126786d8dad69cd3d682301556 seamonkey-nspr-1.0.2-0.1.0.EL3.i386.rpm db283c25140cc695d782bae05e30ae87 seamonkey-nspr-devel-1.0.2-0.1.0.EL3.i386.rpm ad831a228128e9e7681b3447aa20ef52 seamonkey-nss-1.0.2-0.1.0.EL3.i386.rpm ed2537362625184a74b04614f93c6c3c seamonkey-nss-devel-1.0.2-0.1.0.EL3.i386.rpm 4ddfa278b3a2ce52f4ec4c13ae8e7d10 x86_64: seamonkey-1.0.2-0.1.0.EL3.i386.rpm cd2ed103ee013ca0b41987baf48dc6be seamonkey-1.0.2-0.1.0.EL3.x86_64.rpm 2e860fe38f090f5c68b9f04ac0d4357d seamonkey-chat-1.0.2-0.1.0.EL3.x86_64.rpm 2a108e026bf9266162279d183954c4e2 seamonkey-devel-1.0.2-0.1.0.EL3.x86_64.rpm df2a0566ad96e13620e9d6c3d4114150 seamonkey-dom-inspector-1.0.2-0.1.0.EL3.x86_64.rpm 1f55d411d82759ce71ef1bee4c1a4f61 seamonkey-js-debugger-1.0.2-0.1.0.EL3.x86_64.rpm b4f0dd224f293363a1bc41e34d8a1c23 seamonkey-mail-1.0.2-0.1.0.EL3.x86_64.rpm c8ef05e371be6ac1ca3338ac9ade1c64 seamonkey-nspr-1.0.2-0.1.0.EL3.i386.rpm db283c25140cc695d782bae05e30ae87 seamonkey-nspr-1.0.2-0.1.0.EL3.x86_64.rpm da40e1ac22751c1df8368d313618bea6 seamonkey-nspr-devel-1.0.2-0.1.0.EL3.x86_64.rpm b0ae6e9b45458a80eeee64722912af59 seamonkey-nss-1.0.2-0.1.0.EL3.i386.rpm ed2537362625184a74b04614f93c6c3c seamonkey-nss-1.0.2-0.1.0.EL3.x86_64.rpm c070487b616f51572d978bc7cd1c3673 seamonkey-nss-devel-1.0.2-0.1.0.EL3.x86_64.rpm 45072a8cf4a7630f4ab39b45fde85608 Red Hat Enterprise Linux AS (v. 3) -------------------------------------------------------------------------------- SRPMS: seamonkey-1.0.2-0.1.0.EL3.src.rpm e7f42fee596ad457febe242c64bd5787 IA-32: seamonkey-1.0.2-0.1.0.EL3.i386.rpm cd2ed103ee013ca0b41987baf48dc6be seamonkey-chat-1.0.2-0.1.0.EL3.i386.rpm 0107a05bf5bf3cd9e5b871aa52e94f02 seamonkey-devel-1.0.2-0.1.0.EL3.i386.rpm cb8e2e0b35f45625fec39d28af1cb6d1 seamonkey-dom-inspector-1.0.2-0.1.0.EL3.i386.rpm d8bf06ddf59a8c26fe176c98b249cf52 seamonkey-js-debugger-1.0.2-0.1.0.EL3.i386.rpm 84ec6859df530a8ea6c1a71b5e9c5369 seamonkey-mail-1.0.2-0.1.0.EL3.i386.rpm 546ce0126786d8dad69cd3d682301556 seamonkey-nspr-1.0.2-0.1.0.EL3.i386.rpm db283c25140cc695d782bae05e30ae87 seamonkey-nspr-devel-1.0.2-0.1.0.EL3.i386.rpm ad831a228128e9e7681b3447aa20ef52 seamonkey-nss-1.0.2-0.1.0.EL3.i386.rpm ed2537362625184a74b04614f93c6c3c seamonkey-nss-devel-1.0.2-0.1.0.EL3.i386.rpm 4ddfa278b3a2ce52f4ec4c13ae8e7d10 IA-64: seamonkey-1.0.2-0.1.0.EL3.ia64.rpm 3a53ec8fa9d4de0c1520f646842533be seamonkey-chat-1.0.2-0.1.0.EL3.ia64.rpm 5248d87146f0e76cd2ec0e618b6cb928 seamonkey-devel-1.0.2-0.1.0.EL3.ia64.rpm d2eaa475714186132a69acc3f30bee43 seamonkey-dom-inspector-1.0.2-0.1.0.EL3.ia64.rpm 9f1024744a669ff06aabf64db507430a seamonkey-js-debugger-1.0.2-0.1.0.EL3.ia64.rpm af2c3b36524f43659f1cba3c7d76a917 seamonkey-mail-1.0.2-0.1.0.EL3.ia64.rpm c5ada6f5c1f0cb073e64b3cd638972a5 seamonkey-nspr-1.0.2-0.1.0.EL3.i386.rpm db283c25140cc695d782bae05e30ae87 seamonkey-nspr-1.0.2-0.1.0.EL3.ia64.rpm 604575dd5d1819600a7c84c1755f103c seamonkey-nspr-devel-1.0.2-0.1.0.EL3.ia64.rpm e7093e53153651f2c501f68f6466618e seamonkey-nss-1.0.2-0.1.0.EL3.i386.rpm ed2537362625184a74b04614f93c6c3c seamonkey-nss-1.0.2-0.1.0.EL3.ia64.rpm 9bed60cdd1e3d2a1dc5817f7b4f6070e seamonkey-nss-devel-1.0.2-0.1.0.EL3.ia64.rpm c9308271dd16088fd21a191782ef2758 PPC: seamonkey-1.0.2-0.1.0.EL3.ppc.rpm b4cf123d709d46d5150962eb67abf700 seamonkey-chat-1.0.2-0.1.0.EL3.ppc.rpm 14da09eb186efccd8ca3c23cb66f316d seamonkey-devel-1.0.2-0.1.0.EL3.ppc.rpm 58596cc9f5ca02f71f33e3e10f8fd906 seamonkey-dom-inspector-1.0.2-0.1.0.EL3.ppc.rpm ea7e430989d0d435b1ec7467f3fb80d1 seamonkey-js-debugger-1.0.2-0.1.0.EL3.ppc.rpm 6c48be8159be70eb982148152db0a2a6 seamonkey-mail-1.0.2-0.1.0.EL3.ppc.rpm dd40c7d1cbd8c965b4d1122e38ee0bc2 seamonkey-nspr-1.0.2-0.1.0.EL3.ppc.rpm 7b189d2e7d5565c0374b80d0d918a635 seamonkey-nspr-devel-1.0.2-0.1.0.EL3.ppc.rpm cacda140b54ee4fb9e36bf210825184a seamonkey-nss-1.0.2-0.1.0.EL3.ppc.rpm 719ee516e9138f3bbca0e62bf7358985 seamonkey-nss-devel-1.0.2-0.1.0.EL3.ppc.rpm 16a0da76d3eeabf94153afcdd5f7fdf9 s390: seamonkey-1.0.2-0.1.0.EL3.s390.rpm 9f9830f66e95027a8196f3814716e1cb seamonkey-chat-1.0.2-0.1.0.EL3.s390.rpm a3f0a08bc16e9c3fd092ca14b0cd3122 seamonkey-devel-1.0.2-0.1.0.EL3.s390.rpm 686e30e1d7f9e2da1104e16bf3919d12 seamonkey-dom-inspector-1.0.2-0.1.0.EL3.s390.rpm 5fadb2060f2a62af9c8f912c82433c37 seamonkey-js-debugger-1.0.2-0.1.0.EL3.s390.rpm 6545d7e7b0a360a3b08807c17f12ebe4 seamonkey-mail-1.0.2-0.1.0.EL3.s390.rpm 6d7915768b31523e3c764e646e53d4d4 seamonkey-nspr-1.0.2-0.1.0.EL3.s390.rpm 19549dc1b8c168d96d71d23f795abe29 seamonkey-nspr-devel-1.0.2-0.1.0.EL3.s390.rpm 623e11a754c9618806bf75c37f043853 seamonkey-nss-1.0.2-0.1.0.EL3.s390.rpm 7f50c7aa247209118565883e755c1a6c seamonkey-nss-devel-1.0.2-0.1.0.EL3.s390.rpm 107e118d82f58c5e67d85c586689fdc5 s390x: seamonkey-1.0.2-0.1.0.EL3.s390x.rpm 8f15d08911c6f86d2053a25f5551c2e0 seamonkey-chat-1.0.2-0.1.0.EL3.s390x.rpm 267406f1e669245d0865a3c99711defb seamonkey-devel-1.0.2-0.1.0.EL3.s390x.rpm 532931ca70eeb234c8ff94f27513af82 seamonkey-dom-inspector-1.0.2-0.1.0.EL3.s390x.rpm 1b8a357a1373ca0b95dd239e2c3919af seamonkey-js-debugger-1.0.2-0.1.0.EL3.s390x.rpm 487ac1817390bc95a070cc463f3844eb seamonkey-mail-1.0.2-0.1.0.EL3.s390x.rpm 5e06808fb3dff165f686ba26ef4835be seamonkey-nspr-1.0.2-0.1.0.EL3.s390.rpm 19549dc1b8c168d96d71d23f795abe29 seamonkey-nspr-1.0.2-0.1.0.EL3.s390x.rpm 5de0519382b91c731a33e32fd4cf0393 seamonkey-nspr-devel-1.0.2-0.1.0.EL3.s390x.rpm b8c7b29d8ba439cb826cad8d624b4db4 seamonkey-nss-1.0.2-0.1.0.EL3.s390.rpm 7f50c7aa247209118565883e755c1a6c seamonkey-nss-1.0.2-0.1.0.EL3.s390x.rpm af5c707597318d62e4236c5bedfcd4ee seamonkey-nss-devel-1.0.2-0.1.0.EL3.s390x.rpm 9f13fc39e28a8c2e3ef43b52e6f3f89d x86_64: seamonkey-1.0.2-0.1.0.EL3.i386.rpm cd2ed103ee013ca0b41987baf48dc6be seamonkey-1.0.2-0.1.0.EL3.x86_64.rpm 2e860fe38f090f5c68b9f04ac0d4357d seamonkey-chat-1.0.2-0.1.0.EL3.x86_64.rpm 2a108e026bf9266162279d183954c4e2 seamonkey-devel-1.0.2-0.1.0.EL3.x86_64.rpm df2a0566ad96e13620e9d6c3d4114150 seamonkey-dom-inspector-1.0.2-0.1.0.EL3.x86_64.rpm 1f55d411d82759ce71ef1bee4c1a4f61 seamonkey-js-debugger-1.0.2-0.1.0.EL3.x86_64.rpm b4f0dd224f293363a1bc41e34d8a1c23 seamonkey-mail-1.0.2-0.1.0.EL3.x86_64.rpm c8ef05e371be6ac1ca3338ac9ade1c64 seamonkey-nspr-1.0.2-0.1.0.EL3.i386.rpm db283c25140cc695d782bae05e30ae87 seamonkey-nspr-1.0.2-0.1.0.EL3.x86_64.rpm da40e1ac22751c1df8368d313618bea6 seamonkey-nspr-devel-1.0.2-0.1.0.EL3.x86_64.rpm b0ae6e9b45458a80eeee64722912af59 seamonkey-nss-1.0.2-0.1.0.EL3.i386.rpm ed2537362625184a74b04614f93c6c3c seamonkey-nss-1.0.2-0.1.0.EL3.x86_64.rpm c070487b616f51572d978bc7cd1c3673 seamonkey-nss-devel-1.0.2-0.1.0.EL3.x86_64.rpm 45072a8cf4a7630f4ab39b45fde85608 Red Hat Enterprise Linux ES (v. 3) -------------------------------------------------------------------------------- SRPMS: seamonkey-1.0.2-0.1.0.EL3.src.rpm e7f42fee596ad457febe242c64bd5787 IA-32: seamonkey-1.0.2-0.1.0.EL3.i386.rpm cd2ed103ee013ca0b41987baf48dc6be seamonkey-chat-1.0.2-0.1.0.EL3.i386.rpm 0107a05bf5bf3cd9e5b871aa52e94f02 seamonkey-devel-1.0.2-0.1.0.EL3.i386.rpm cb8e2e0b35f45625fec39d28af1cb6d1 seamonkey-dom-inspector-1.0.2-0.1.0.EL3.i386.rpm d8bf06ddf59a8c26fe176c98b249cf52 seamonkey-js-debugger-1.0.2-0.1.0.EL3.i386.rpm 84ec6859df530a8ea6c1a71b5e9c5369 seamonkey-mail-1.0.2-0.1.0.EL3.i386.rpm 546ce0126786d8dad69cd3d682301556 seamonkey-nspr-1.0.2-0.1.0.EL3.i386.rpm db283c25140cc695d782bae05e30ae87 seamonkey-nspr-devel-1.0.2-0.1.0.EL3.i386.rpm ad831a228128e9e7681b3447aa20ef52 seamonkey-nss-1.0.2-0.1.0.EL3.i386.rpm ed2537362625184a74b04614f93c6c3c seamonkey-nss-devel-1.0.2-0.1.0.EL3.i386.rpm 4ddfa278b3a2ce52f4ec4c13ae8e7d10 IA-64: seamonkey-1.0.2-0.1.0.EL3.ia64.rpm 3a53ec8fa9d4de0c1520f646842533be seamonkey-chat-1.0.2-0.1.0.EL3.ia64.rpm 5248d87146f0e76cd2ec0e618b6cb928 seamonkey-devel-1.0.2-0.1.0.EL3.ia64.rpm d2eaa475714186132a69acc3f30bee43 seamonkey-dom-inspector-1.0.2-0.1.0.EL3.ia64.rpm 9f1024744a669ff06aabf64db507430a seamonkey-js-debugger-1.0.2-0.1.0.EL3.ia64.rpm af2c3b36524f43659f1cba3c7d76a917 seamonkey-mail-1.0.2-0.1.0.EL3.ia64.rpm c5ada6f5c1f0cb073e64b3cd638972a5 seamonkey-nspr-1.0.2-0.1.0.EL3.i386.rpm db283c25140cc695d782bae05e30ae87 seamonkey-nspr-1.0.2-0.1.0.EL3.ia64.rpm 604575dd5d1819600a7c84c1755f103c seamonkey-nspr-devel-1.0.2-0.1.0.EL3.ia64.rpm e7093e53153651f2c501f68f6466618e seamonkey-nss-1.0.2-0.1.0.EL3.i386.rpm ed2537362625184a74b04614f93c6c3c seamonkey-nss-1.0.2-0.1.0.EL3.ia64.rpm 9bed60cdd1e3d2a1dc5817f7b4f6070e seamonkey-nss-devel-1.0.2-0.1.0.EL3.ia64.rpm c9308271dd16088fd21a191782ef2758 x86_64: seamonkey-1.0.2-0.1.0.EL3.i386.rpm cd2ed103ee013ca0b41987baf48dc6be seamonkey-1.0.2-0.1.0.EL3.x86_64.rpm 2e860fe38f090f5c68b9f04ac0d4357d seamonkey-chat-1.0.2-0.1.0.EL3.x86_64.rpm 2a108e026bf9266162279d183954c4e2 seamonkey-devel-1.0.2-0.1.0.EL3.x86_64.rpm df2a0566ad96e13620e9d6c3d4114150 seamonkey-dom-inspector-1.0.2-0.1.0.EL3.x86_64.rpm 1f55d411d82759ce71ef1bee4c1a4f61 seamonkey-js-debugger-1.0.2-0.1.0.EL3.x86_64.rpm b4f0dd224f293363a1bc41e34d8a1c23 seamonkey-mail-1.0.2-0.1.0.EL3.x86_64.rpm c8ef05e371be6ac1ca3338ac9ade1c64 seamonkey-nspr-1.0.2-0.1.0.EL3.i386.rpm db283c25140cc695d782bae05e30ae87 seamonkey-nspr-1.0.2-0.1.0.EL3.x86_64.rpm da40e1ac22751c1df8368d313618bea6 seamonkey-nspr-devel-1.0.2-0.1.0.EL3.x86_64.rpm b0ae6e9b45458a80eeee64722912af59 seamonkey-nss-1.0.2-0.1.0.EL3.i386.rpm ed2537362625184a74b04614f93c6c3c seamonkey-nss-1.0.2-0.1.0.EL3.x86_64.rpm c070487b616f51572d978bc7cd1c3673 seamonkey-nss-devel-1.0.2-0.1.0.EL3.x86_64.rpm 45072a8cf4a7630f4ab39b45fde85608 Red Hat Enterprise Linux WS (v. 3) -------------------------------------------------------------------------------- SRPMS: seamonkey-1.0.2-0.1.0.EL3.src.rpm e7f42fee596ad457febe242c64bd5787 IA-32: seamonkey-1.0.2-0.1.0.EL3.i386.rpm cd2ed103ee013ca0b41987baf48dc6be seamonkey-chat-1.0.2-0.1.0.EL3.i386.rpm 0107a05bf5bf3cd9e5b871aa52e94f02 seamonkey-devel-1.0.2-0.1.0.EL3.i386.rpm cb8e2e0b35f45625fec39d28af1cb6d1 seamonkey-dom-inspector-1.0.2-0.1.0.EL3.i386.rpm d8bf06ddf59a8c26fe176c98b249cf52 seamonkey-js-debugger-1.0.2-0.1.0.EL3.i386.rpm 84ec6859df530a8ea6c1a71b5e9c5369 seamonkey-mail-1.0.2-0.1.0.EL3.i386.rpm 546ce0126786d8dad69cd3d682301556 seamonkey-nspr-1.0.2-0.1.0.EL3.i386.rpm db283c25140cc695d782bae05e30ae87 seamonkey-nspr-devel-1.0.2-0.1.0.EL3.i386.rpm ad831a228128e9e7681b3447aa20ef52 seamonkey-nss-1.0.2-0.1.0.EL3.i386.rpm ed2537362625184a74b04614f93c6c3c seamonkey-nss-devel-1.0.2-0.1.0.EL3.i386.rpm 4ddfa278b3a2ce52f4ec4c13ae8e7d10 IA-64: seamonkey-1.0.2-0.1.0.EL3.ia64.rpm 3a53ec8fa9d4de0c1520f646842533be seamonkey-chat-1.0.2-0.1.0.EL3.ia64.rpm 5248d87146f0e76cd2ec0e618b6cb928 seamonkey-devel-1.0.2-0.1.0.EL3.ia64.rpm d2eaa475714186132a69acc3f30bee43 seamonkey-dom-inspector-1.0.2-0.1.0.EL3.ia64.rpm 9f1024744a669ff06aabf64db507430a seamonkey-js-debugger-1.0.2-0.1.0.EL3.ia64.rpm af2c3b36524f43659f1cba3c7d76a917 seamonkey-mail-1.0.2-0.1.0.EL3.ia64.rpm c5ada6f5c1f0cb073e64b3cd638972a5 seamonkey-nspr-1.0.2-0.1.0.EL3.i386.rpm db283c25140cc695d782bae05e30ae87 seamonkey-nspr-1.0.2-0.1.0.EL3.ia64.rpm 604575dd5d1819600a7c84c1755f103c seamonkey-nspr-devel-1.0.2-0.1.0.EL3.ia64.rpm e7093e53153651f2c501f68f6466618e seamonkey-nss-1.0.2-0.1.0.EL3.i386.rpm ed2537362625184a74b04614f93c6c3c seamonkey-nss-1.0.2-0.1.0.EL3.ia64.rpm 9bed60cdd1e3d2a1dc5817f7b4f6070e seamonkey-nss-devel-1.0.2-0.1.0.EL3.ia64.rpm c9308271dd16088fd21a191782ef2758 x86_64: seamonkey-1.0.2-0.1.0.EL3.i386.rpm cd2ed103ee013ca0b41987baf48dc6be seamonkey-1.0.2-0.1.0.EL3.x86_64.rpm 2e860fe38f090f5c68b9f04ac0d4357d seamonkey-chat-1.0.2-0.1.0.EL3.x86_64.rpm 2a108e026bf9266162279d183954c4e2 seamonkey-devel-1.0.2-0.1.0.EL3.x86_64.rpm df2a0566ad96e13620e9d6c3d4114150 seamonkey-dom-inspector-1.0.2-0.1.0.EL3.x86_64.rpm 1f55d411d82759ce71ef1bee4c1a4f61 seamonkey-js-debugger-1.0.2-0.1.0.EL3.x86_64.rpm b4f0dd224f293363a1bc41e34d8a1c23 seamonkey-mail-1.0.2-0.1.0.EL3.x86_64.rpm c8ef05e371be6ac1ca3338ac9ade1c64 seamonkey-nspr-1.0.2-0.1.0.EL3.i386.rpm db283c25140cc695d782bae05e30ae87 seamonkey-nspr-1.0.2-0.1.0.EL3.x86_64.rpm da40e1ac22751c1df8368d313618bea6 seamonkey-nspr-devel-1.0.2-0.1.0.EL3.x86_64.rpm b0ae6e9b45458a80eeee64722912af59 seamonkey-nss-1.0.2-0.1.0.EL3.i386.rpm ed2537362625184a74b04614f93c6c3c seamonkey-nss-1.0.2-0.1.0.EL3.x86_64.rpm c070487b616f51572d978bc7cd1c3673 seamonkey-nss-devel-1.0.2-0.1.0.EL3.x86_64.rpm 45072a8cf4a7630f4ab39b45fde85608 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 196971 - CVE-2006-2783 multiple Seamonkey issues (CVE-2006-2782,CVE-2006-2778, CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787, CVE-2006-2788) 198683 - CVE-2006-2779 Multiple Mozilla issues (CVE-2006-2780, CVE-2006-2781) References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2788 http://www.redhat.com/security/updates/classification/#critical -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2006:0578-10 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) Q-244: Vulnerabilities in Microsoft Office Filters Q-245: Multiple Cisco Unified CallManager Vulnerabilities Q-246: Cisco Router Web Setup Ships with Insecure Default IOS Configuration Q-247: vixie-cron Security Update Q-248: kernel-source-2.6.8 et.al. Q-249: Vulnerability in PowerPoint Q-250: Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS) Q-251: Oracle Critical Patch Update - July 2006 Q-252: libwmf Security Update Q-253: gimp Security Update