Gentoo Bug 154449 - www-client/seamonkey: security bump to 1.0.6

Description:

Opened: 2006-11-08 02:49 0000

multiple vulnerabilities fixed in seamonkey 1.0.6

 http://www.mozilla.org/security/announce/2006/mfsa2006-65.html
Title: Crashes with evidence of memory corruption (rv:1.8.0.8)
Impact: Critical
Announced: November 7, 2006
Reporter: Mozilla Developers
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 1.5.0.8
  Thunderbird 1.5.0.8
  SeaMonkey 1.0.6
Description
As part of the Firefox 1.5.0.8 release we fixed several bugs to improve the
stability of the product. Some of these were crashes that showed evidence of
memory corruption and we presume that at least some of these could be exploited
to run arbitrary code with enough effort.

Note: Thunderbird shares the browser engine with Firefox and could be
vulnerable if JavaScript were to be enabled in mail. This is not the default
setting and we strongly discourage users from running JavaScript in mail.
Without further investigation we cannot rule out the possibility that for some
of these an attacker might be able to prepare memory for exploitation through
some means other than JavaScript, such as large images or plugin data.
Workaround
Upgrade to the fixed versions. Do not enable JavaScript in Thunderbird or the
mail portions of SeaMonkey.
References

Jesse Ruderman and Martijn Wargers reported crashes in the layout engine
https://bugzilla.mozilla.org/show_bug.cgi?id=307809
https://bugzilla.mozilla.org/show_bug.cgi?id=310267
https://bugzilla.mozilla.org/show_bug.cgi?id=350370
https://bugzilla.mozilla.org/show_bug.cgi?id=351328
CVE-2006-5464

shutdown demonstrated that a crash in XML.prototype.hasOwnProperty was
exploitable
https://bugzilla.mozilla.org/show_bug.cgi?id=355569
CVE-2006-5747

Igor Bukanov and Jesse Ruderman reported potential memory corruption in the
JavaScript engine
https://bugzilla.mozilla.org/show_bug.cgi?id=349527
https://bugzilla.mozilla.org/show_bug.cgi?id=351973
https://bugzilla.mozilla.org/show_bug.cgi?id=353165
https://bugzilla.mozilla.org/show_bug.cgi?id=354145
https://bugzilla.mozilla.org/show_bug.cgi?id=354151
https://bugzilla.mozilla.org/show_bug.cgi?id=350238
https://bugzilla.mozilla.org/show_bug.cgi?id=351116
https://bugzilla.mozilla.org/show_bug.cgi?id=352271
https://bugzilla.mozilla.org/show_bug.cgi?id=352606
https://bugzilla.mozilla.org/show_bug.cgi?id=354924
CVE-2006-5748

    * Site Map
    * Security Updates
    * Contact Us
http://www.mozilla.org/security/announce/2006/mfsa2006-64.html
Mozilla Foundation Security Advisory 2006-64
Title: Crashes with evidence of memory corruption (rv:1.8.0.7)
Impact: Critical
Announced: September 14, 2006
Reporter: Mozilla Developers
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 1.5.0.7
  Thunderbird 1.5.0.7
  SeaMonkey 1.0.5
Description
As part of the Firefox 1.5.0.7 release we fixed several bugs to improve the
stability of the product. Some of these were crashes that showed evidence of
memory corruption and we presume that at least some of these could be exploited
to run arbitrary code with enough effort.

We thank Bernd Mielke, Georgi Guninski, Igor Bukanov, Jesse Ruderman, Martijn
Wargers, Mats Palmgren, Olli Pettay, shutdown, and Weston Carloss for
discovering and reporting these crashes.

Note: Thunderbird shares the browser engine with Firefox and could be
vulnerable if JavaScript were to be enabled in mail. This is not the default
setting and we strongly discourage users from running JavaScript in mail.
Without further investigation we cannot rule out the possibility that for some
of these an attacker might be able to prepare memory for exploitation through
some means other than JavaScript, such as large images or plugin data.
Workaround
Upgrade to the fixed versions. Do not enable JavaScript in Thunderbird or the
mail portions of SeaMonkey.
References
CVE-2006-4571

Bernd Mielke and Mats Palmgren reported crashes involving tables
https://bugzilla.mozilla.org/show_bug.cgi?id=339130
https://bugzilla.mozilla.org/show_bug.cgi?id=339170
https://bugzilla.mozilla.org/show_bug.cgi?id=339246
https://bugzilla.mozilla.org/show_bug.cgi?id=343087
https://bugzilla.mozilla.org/show_bug.cgi?id=344000
https://bugzilla.mozilla.org/show_bug.cgi?id=346980

Georgi Guninski discovered heap corruption using XSLTProcessor
https://bugzilla.mozilla.org/show_bug.cgi?id=348511

Igor Bukanov reported potential memory corruption in the JavaScript engine
https://bugzilla.mozilla.org/show_bug.cgi?id=345967
https://bugzilla.mozilla.org/show_bug.cgi?id=346968
https://bugzilla.mozilla.org/show_bug.cgi?id=348532
https://bugzilla.mozilla.org/show_bug.cgi?id=350312

Jesse Ruderman, Martijn Wargers, Mats Palmgren, Olli Pettay, and Weston Carloss
reported crashes involving DHTML
https://bugzilla.mozilla.org/show_bug.cgi?id=306940
https://bugzilla.mozilla.org/show_bug.cgi?id=307826
https://bugzilla.mozilla.org/show_bug.cgi?id=336999
https://bugzilla.mozilla.org/show_bug.cgi?id=337419
https://bugzilla.mozilla.org/show_bug.cgi?id=337883
https://bugzilla.mozilla.org/show_bug.cgi?id=347355
https://bugzilla.mozilla.org/show_bug.cgi?id=348049
https://bugzilla.mozilla.org/show_bug.cgi?id=205735
https://bugzilla.mozilla.org/show_bug.cgi?id=344291
https://bugzilla.mozilla.org/show_bug.cgi?id=344557
https://bugzilla.mozilla.org/show_bug.cgi?id=348062
https://bugzilla.mozilla.org/show_bug.cgi?id=348729
https://bugzilla.mozilla.org/show_bug.cgi?id=348887
https://bugzilla.mozilla.org/show_bug.cgi?id=321299
https://bugzilla.mozilla.org/show_bug.cgi?id=343457
https://bugzilla.mozilla.org/show_bug.cgi?id=349201
https://bugzilla.mozilla.org/show_bug.cgi?id=348688

shutdown reported it was still possible to corrupt memory via
content-implemented tree views despite the fix for bug 326501
https://bugzilla.mozilla.org/show_bug.cgi?id=344085

http://www.mozilla.org/security/announce/2006/mfsa2006-66.htmlMozilla
Foundation Security Advisory 2006-66
Title: RSA Signature Forgery (variant)
Impact: Critical
Announced: November 7, 2006
Reporter: Ulrich Kuehn
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 1.5.0.8
  Thunderbird 1.5.0.8
  SeaMonkey 1.0.6
Description
MFSA 2006-60 reported that RSA digital signatures with a low exponent
(typically 3) could be forged. This flaw was corrected in the Mozilla Network
Security Services (NSS) library version 3.11.3 used by Firefox 2.0 and current
development versions of Mozilla clients.

Ulrich Kuehn reported that Firefox 1.5.0.7, which incorporated NSS version
3.10.2, was incompletely patched and remained vulnerable to a variant of this
attack.
Workaround
None, upgrade to a fixed version.
References
https://bugzilla.mozilla.org/show_bug.cgi?id=356215
CVE-2006-5462

MFSA 2006-60


rgds
Daxomatic

------- Comment #9 From Michael Weyershäuser 2006-11-10 17:33:42 0000 -------

Emerges and works fine on amd64.

Portage 2.1.1-r1 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.4-r4,
2.6.18-suspend2-Dudebox-Edition x86_64)
=================================================================
System uname: 2.6.18-suspend2-Dudebox-Edition x86_64 AMD Athlon(tm) 64
Processor 3200+
Gentoo Base System version 1.12.6
Last Sync: Wed, 08 Nov 2006 05:00:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632)
[enabled]
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -msse3 -Os -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=k8 -msse3 -Os -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distcc distlocks
metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/
ftp:///ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/"
LDFLAGS="-Wl,-O1"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage_overlay"
SYNC="rsync://server/gentoo-portage"
USE="amd64 X alsa apache2 berkdb bitmap-fonts cairo cdr cli cracklib crypt cups
dbus dlloader dri dvd dvdr eds elibc_glibc emboss encode esd fam firefox
fortran gcj gdbm gif gpm gstreamer gtk gtk2 hal iconv imap
input_devices_keyboard input_devices_mouse isdnlog jpeg kde kdeenablefinal
kdehiddenvisibility kernel_linux libg++ mad mikmod mp3 mpeg mysql ncurses nls
nptl nptlonly objc objc++ ogg oss pam pcre perl png ppds pppd python qt3 qt4
quicktime readline reflection sdl session spell spl sqlite ssl tcpd test
truetype truetype-fonts type1-fonts udev unicode userland_GNU
video_cards_radeon vorbis xml xorg xv zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LINGUAS,
PORTAGE_RSYNC_EXTRA_OPTS

Bug 154449 depends on:			Show dependency tree
Bug 154449 blocks:			Show dependency tree

Bugzilla Bug 154449

www-client/seamonkey: security bump to 1.0.6

Last modified: 2006-12-10 15:16:05 0000