Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 154449 - www-client/seamonkey: security bump to 1.0.6
Summary: www-client/seamonkey: security bump to 1.0.6
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.mozilla.org/security/annou...
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2006-11-08 02:49 UTC by Dax
Modified: 2006-12-10 15:16 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---
gentoomail: Assigned_To+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dax 2006-11-08 02:49:15 UTC
multiple vulnerabilities fixed in seamonkey 1.0.6

 http://www.mozilla.org/security/announce/2006/mfsa2006-65.html
Title: Crashes with evidence of memory corruption (rv:1.8.0.8)
Impact: Critical
Announced: November 7, 2006
Reporter: Mozilla Developers
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 1.5.0.8
  Thunderbird 1.5.0.8
  SeaMonkey 1.0.6
Description
As part of the Firefox 1.5.0.8 release we fixed several bugs to improve the
stability of the product. Some of these were crashes that showed evidence of
memory corruption and we presume that at least some of these could be exploited
to run arbitrary code with enough effort.

Note: Thunderbird shares the browser engine with Firefox and could be
vulnerable if JavaScript were to be enabled in mail. This is not the default
setting and we strongly discourage users from running JavaScript in mail.
Without further investigation we cannot rule out the possibility that for some
of these an attacker might be able to prepare memory for exploitation through
some means other than JavaScript, such as large images or plugin data.
Workaround
Upgrade to the fixed versions. Do not enable JavaScript in Thunderbird or the
mail portions of SeaMonkey.
References

Jesse Ruderman and Martijn Wargers reported crashes in the layout engine
https://bugzilla.mozilla.org/show_bug.cgi?id=307809
https://bugzilla.mozilla.org/show_bug.cgi?id=310267
https://bugzilla.mozilla.org/show_bug.cgi?id=350370
https://bugzilla.mozilla.org/show_bug.cgi?id=351328
CVE-2006-5464

shutdown demonstrated that a crash in XML.prototype.hasOwnProperty was
exploitable
https://bugzilla.mozilla.org/show_bug.cgi?id=355569
CVE-2006-5747

Igor Bukanov and Jesse Ruderman reported potential memory corruption in the
JavaScript engine
https://bugzilla.mozilla.org/show_bug.cgi?id=349527
https://bugzilla.mozilla.org/show_bug.cgi?id=351973
https://bugzilla.mozilla.org/show_bug.cgi?id=353165
https://bugzilla.mozilla.org/show_bug.cgi?id=354145
https://bugzilla.mozilla.org/show_bug.cgi?id=354151
https://bugzilla.mozilla.org/show_bug.cgi?id=350238
https://bugzilla.mozilla.org/show_bug.cgi?id=351116
https://bugzilla.mozilla.org/show_bug.cgi?id=352271
https://bugzilla.mozilla.org/show_bug.cgi?id=352606
https://bugzilla.mozilla.org/show_bug.cgi?id=354924
CVE-2006-5748

    * Site Map
    * Security Updates
    * Contact Us
http://www.mozilla.org/security/announce/2006/mfsa2006-64.html
Mozilla Foundation Security Advisory 2006-64
Title: Crashes with evidence of memory corruption (rv:1.8.0.7)
Impact: Critical
Announced: September 14, 2006
Reporter: Mozilla Developers
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 1.5.0.7
  Thunderbird 1.5.0.7
  SeaMonkey 1.0.5
Description
As part of the Firefox 1.5.0.7 release we fixed several bugs to improve the
stability of the product. Some of these were crashes that showed evidence of
memory corruption and we presume that at least some of these could be exploited
to run arbitrary code with enough effort.

We thank Bernd Mielke, Georgi Guninski, Igor Bukanov, Jesse Ruderman, Martijn
Wargers, Mats Palmgren, Olli Pettay, shutdown, and Weston Carloss for
discovering and reporting these crashes.

Note: Thunderbird shares the browser engine with Firefox and could be
vulnerable if JavaScript were to be enabled in mail. This is not the default
setting and we strongly discourage users from running JavaScript in mail.
Without further investigation we cannot rule out the possibility that for some
of these an attacker might be able to prepare memory for exploitation through
some means other than JavaScript, such as large images or plugin data.
Workaround
Upgrade to the fixed versions. Do not enable JavaScript in Thunderbird or the
mail portions of SeaMonkey.
References
CVE-2006-4571

Bernd Mielke and Mats Palmgren reported crashes involving tables
https://bugzilla.mozilla.org/show_bug.cgi?id=339130
https://bugzilla.mozilla.org/show_bug.cgi?id=339170
https://bugzilla.mozilla.org/show_bug.cgi?id=339246
https://bugzilla.mozilla.org/show_bug.cgi?id=343087
https://bugzilla.mozilla.org/show_bug.cgi?id=344000
https://bugzilla.mozilla.org/show_bug.cgi?id=346980

Georgi Guninski discovered heap corruption using XSLTProcessor
https://bugzilla.mozilla.org/show_bug.cgi?id=348511

Igor Bukanov reported potential memory corruption in the JavaScript engine
https://bugzilla.mozilla.org/show_bug.cgi?id=345967
https://bugzilla.mozilla.org/show_bug.cgi?id=346968
https://bugzilla.mozilla.org/show_bug.cgi?id=348532
https://bugzilla.mozilla.org/show_bug.cgi?id=350312

Jesse Ruderman, Martijn Wargers, Mats Palmgren, Olli Pettay, and Weston Carloss
reported crashes involving DHTML
https://bugzilla.mozilla.org/show_bug.cgi?id=306940
https://bugzilla.mozilla.org/show_bug.cgi?id=307826
https://bugzilla.mozilla.org/show_bug.cgi?id=336999
https://bugzilla.mozilla.org/show_bug.cgi?id=337419
https://bugzilla.mozilla.org/show_bug.cgi?id=337883
https://bugzilla.mozilla.org/show_bug.cgi?id=347355
https://bugzilla.mozilla.org/show_bug.cgi?id=348049
https://bugzilla.mozilla.org/show_bug.cgi?id=205735
https://bugzilla.mozilla.org/show_bug.cgi?id=344291
https://bugzilla.mozilla.org/show_bug.cgi?id=344557
https://bugzilla.mozilla.org/show_bug.cgi?id=348062
https://bugzilla.mozilla.org/show_bug.cgi?id=348729
https://bugzilla.mozilla.org/show_bug.cgi?id=348887
https://bugzilla.mozilla.org/show_bug.cgi?id=321299
https://bugzilla.mozilla.org/show_bug.cgi?id=343457
https://bugzilla.mozilla.org/show_bug.cgi?id=349201
https://bugzilla.mozilla.org/show_bug.cgi?id=348688

shutdown reported it was still possible to corrupt memory via
content-implemented tree views despite the fix for bug 326501
https://bugzilla.mozilla.org/show_bug.cgi?id=344085

http://www.mozilla.org/security/announce/2006/mfsa2006-66.htmlMozilla
Foundation Security Advisory 2006-66
Title: RSA Signature Forgery (variant)
Impact: Critical
Announced: November 7, 2006
Reporter: Ulrich Kuehn
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 1.5.0.8
  Thunderbird 1.5.0.8
  SeaMonkey 1.0.6
Description
MFSA 2006-60 reported that RSA digital signatures with a low exponent
(typically 3) could be forged. This flaw was corrected in the Mozilla Network
Security Services (NSS) library version 3.11.3 used by Firefox 2.0 and current
development versions of Mozilla clients.

Ulrich Kuehn reported that Firefox 1.5.0.7, which incorporated NSS version
3.10.2, was incompletely patched and remained vulnerable to a variant of this
attack.
Workaround
None, upgrade to a fixed version.
References
https://bugzilla.mozilla.org/show_bug.cgi?id=356215
CVE-2006-5462

MFSA 2006-60


rgds
Daxomatic
Comment 1 Wolf Giesen (RETIRED) gentoo-dev 2006-11-08 02:58:08 UTC
Accepting bug.
Comment 2 Dax 2006-11-08 11:00:03 UTC
Mozilla team, Please advice again for this one too. ;-)

Br
Daxomatic
Comment 3 Jory A. Pratt 2006-11-08 11:15:12 UTC
(In reply to comment #2)
> Mozilla team, Please advice again for this one too. ;-)
> 
> Br
> Daxomatic
> 

This is not needed, your wasting out time with emails asking for us to advise when we are working to get the updates into the tree.
Comment 4 Wolf Giesen (RETIRED) gentoo-dev 2006-11-08 11:30:11 UTC
Please bear with him as he's a Padawan in the SecTeam and not a senior bug wrangler yet. You all have been very kind on my stumbling attempts, so I just beg you to have the same patience with Daxomatic. Thanks a lot!
Comment 5 Bryan Østergaard (RETIRED) gentoo-dev 2006-11-08 13:46:45 UTC
Bumped in cvs.
Comment 6 Dax 2006-11-09 04:05:01 UTC
hi,
Arches, please test & mark stable.

rgds
Daxomatic
Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev 2006-11-09 10:00:43 UTC
ppc stable
Comment 8 Andrej Kacian (RETIRED) gentoo-dev 2006-11-09 12:37:16 UTC
x86 is off the hook
Comment 9 Michael Weyershäuser 2006-11-10 17:33:42 UTC
Emerges and works fine on amd64.

Portage 2.1.1-r1 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.4-r4, 2.6.18-suspend2-Dudebox-Edition x86_64)
=================================================================
System uname: 2.6.18-suspend2-Dudebox-Edition x86_64 AMD Athlon(tm) 64 Processor 3200+
Gentoo Base System version 1.12.6
Last Sync: Wed, 08 Nov 2006 05:00:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled]
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -msse3 -Os -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=k8 -msse3 -Os -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distcc distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ ftp:///ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/"
LDFLAGS="-Wl,-O1"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage_overlay"
SYNC="rsync://server/gentoo-portage"
USE="amd64 X alsa apache2 berkdb bitmap-fonts cairo cdr cli cracklib crypt cups dbus dlloader dri dvd dvdr eds elibc_glibc emboss encode esd fam firefox fortran gcj gdbm gif gpm gstreamer gtk gtk2 hal iconv imap input_devices_keyboard input_devices_mouse isdnlog jpeg kde kdeenablefinal kdehiddenvisibility kernel_linux libg++ mad mikmod mp3 mpeg mysql ncurses nls nptl nptlonly objc objc++ ogg oss pam pcre perl png ppds pppd python qt3 qt4 quicktime readline reflection sdl session spell spl sqlite ssl tcpd test truetype truetype-fonts type1-fonts udev unicode userland_GNU video_cards_radeon vorbis xml xorg xv zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 10 Simon Stelling (RETIRED) gentoo-dev 2006-11-11 04:47:15 UTC
amd64 done then
Comment 11 Bryan Østergaard (RETIRED) gentoo-dev 2006-11-12 10:00:48 UTC
Stable on Alpha.
Comment 12 Jeroen Roovers gentoo-dev 2006-11-13 22:29:36 UTC
Stable for HPPA.
Comment 13 Sune Kloppenborg Jeppesen gentoo-dev 2006-11-20 22:08:59 UTC
This one is ready for GLSA.
Comment 14 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-12-10 15:16:05 UTC
GLSA 200612-08