[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] SCOSA-2005.49 OpenServer 5.0.7 : Mozilla Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenServer 5.0.7 : Mozilla Multiple Vulnerabilities
Advisory number:        SCOSA-2005.49
Issue date:             2005 November 17
Cross reference:        sr892472 fz530640 erg712747
                        sr893377 fz531629 erg712821
                        sr894499 fz532748 erg712884 fz533139
                        CVE-2003-0765 CVE-2004-0597 CVE-2004-0599
                        CVE-2004-0717 CVE-2004-0718 CVE-2004-0719
                        CVE-2004-0720 CVE-2004-0721 CVE-2004-0722
                        CVE-2004-0757 CVE-2004-0758 CVE-2004-0759
                        CVE-2004-0760 CVE-2004-0761 CVE-2004-0762
                        CVE-2004-0763 CVE-2004-0764 CVE-2005-0399
                        CVE-2005-0989 CVE-2005-1153 CVE-2005-1154
                        CVE-2005-1155 CVE-2005-1156 CVE-2005-1157
                        CVE-2005-1159 CVE-2005-1160 CVE-2005-1476
                        CVE-2005-1477 CVE-2005-1531 CVE-2005-1532
                        CVE-2005-2701 CVE-2005-2702 CVE-2005-2703
                        CVE-2005-2704 CVE-2005-2705 CVE-2005-2706
                        CVE-2005-2707 CVE-2005-2968
______________________________________________________________________________


1. Problem Description

        The Mozilla 1.7.12 browser in this update represents a
        significant advancement in features and fixes over the Mozilla
        1.6 released with SCO OpenServer 5.0.7 Maintenance Pack 3.

        For a complete list of security fixes, please see the following:

        
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the following names to these issues:

        CVE-2003-0765 CVE-2004-0597 CVE-2004-0599 CVE-2004-0717
        CVE-2004-0718 CVE-2004-0719 CVE-2004-0720 CVE-2004-0721
        CVE-2004-0722 CVE-2004-0757 CVE-2004-0758 CVE-2004-0759
        CVE-2004-0760 CVE-2004-0761 CVE-2004-0762 CVE-2004-0763
        CVE-2004-0764 CVE-2005-0399 CVE-2005-0989 CVE-2005-1153
        CVE-2005-1154 CVE-2005-1155 CVE-2005-1156 CVE-2005-1157
        CVE-2005-1159 CVE-2005-1160 CVE-2005-1476 CVE-2005-1477
        CVE-2005-1531 CVE-2005-1532 CVE-2005-2701 CVE-2005-2702
        CVE-2005-2703 CVE-2005-2704 CVE-2005-2705 CVE-2005-2706
        CVE-2005-2707 CVE-2005-2968


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        OpenServer 5.0.7                Mozilla 1.6 distribution


3. Solution

        The proper solution is to install the latest packages.


4. OpenServer 5.0.7

        4.1 Location of Fixed Binaries

        The fixes are only available in SCO OpenServer Release 5.0.7
        Maintenance Pack 4 or later.

        ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar


    4.2 Verification

        MD5 (osr507mp4_vol.tar) = 4c87d840ff5b43221258547d19030228

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


    4.3 Installing Fixed Binaries

        See the SCO OpenServer Release 5.0.7 Maintenance Pack 4 Release
        and Installation Notes:

        ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm


5. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0765
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0597
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0599
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0717
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0718
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0719
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0720
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0721
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0722
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0757
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0758
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0759
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0760
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0761
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0762
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0763
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0764
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0399
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0989
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1153
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1154
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1155
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1156
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1157
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1159
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1160
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1476
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1477
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1531
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1532
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2701
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2702
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2703
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2704
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2705
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2706
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2707
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2968
                
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla

        SCO security resources:
                http://www.sco.com/support/security/index.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents sr892472 fz530640
        erg712747 sr893377 fz531629 erg712821 sr894499 fz532748
        erg712884 fz533139.


6. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDfLgdaqoBO7ipriERAn8ZAJ9sB7tdXjE6sSWZhIVomie/w9MHMQCfVk8g
gljcBsvg/s3phWRRTjqO0bM=
=q7a1
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/