Debian Linux Security Advisory 837-1

Debian Linux Security Advisory 837-1: Posted Oct 5, 2005; Authored by Debian | Site security.debian.org; Debian Security Advisory DSA 837-1 - Tom Ferris discovered a bug in the IDN hostname handling of Mozilla Firefox, which is also present in the other browsers from the same family that allows remote attackers to cause a denial of service and possibly execute arbitrary code via a hostname with dashes.; tags | advisory, remote, denial of service, arbitrary; systems | linux, debian; SHA-256 | 49bc0c05281aaf4e20d394fcf17dcd789b912b7427420a71eca8714fe7d02cb0; Download | Favorite | View

Debian Linux Security Advisory 837-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 837-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 2nd, 2005                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla-firefox
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2871
Debian Bug     : 327452

Tom Ferris discovered a bug in the IDN hostname handling of Mozilla
Firefox, which is also present in the other browsers from the same
family that allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a hostname with dashes.

For the stable distribution (sarge) this problem has been fixed in
version 1.0.4-2sarge4.

For the unstable distribution (sid) this problem has been fixed in
version 1.0.6-5.

We recommend that you upgrade your mozilla-firefox package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4.dsc
      Size/MD5 checksum:     1001 8da49448d0292379ed213ed55b50f636
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4.diff.gz
      Size/MD5 checksum:   323756 9badf2bda14c11b86ab011d90ec281f6
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
      Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_alpha.deb
      Size/MD5 checksum: 11163256 741a6fe56dbd1c917f70ea4a83f5d4f5
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_alpha.deb
      Size/MD5 checksum:   166972 e694067de0f9e51eba3b71fed7192fad
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_alpha.deb
      Size/MD5 checksum:    58796 066536b71dd6ed961be9a17aa79f9ca1

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_amd64.deb
      Size/MD5 checksum:  9398022 6bc930760808bc9d9b61fb1f01bd860d
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_amd64.deb
      Size/MD5 checksum:   161704 b602c78f8f7ff6071d85639ead31b0d1
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_amd64.deb
      Size/MD5 checksum:    57272 d9f98cb3de4145f0866772bc599f5573

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_arm.deb
      Size/MD5 checksum:  8216838 391be886f3e02b83cbdf198fc9e64f43
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_arm.deb
      Size/MD5 checksum:   153148 e320c57a33a8d2f90db51e8ccd1fdcbf
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_arm.deb
      Size/MD5 checksum:    52626 f011883c695c1f62417810a7046bfb18

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_i386.deb
      Size/MD5 checksum:  8889628 c2dae022a03416af59f47a124ac04771
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_i386.deb
      Size/MD5 checksum:   156932 f3c968bdc962762016ab5ce7de6c3d49
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_i386.deb
      Size/MD5 checksum:    54188 9c2479ab8ebd935c40f52dc516d1ef9b

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_ia64.deb
      Size/MD5 checksum: 11617372 9e64ba01ab67c89e3496f658495e2d6b
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_ia64.deb
      Size/MD5 checksum:   167278 6c518d35da2f88bc1387391bc413af6e
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_ia64.deb
      Size/MD5 checksum:    61972 b413956fa64c1339729ca8c5fb069d0c

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_hppa.deb
      Size/MD5 checksum: 10266508 9985b2364613b496578d5aa58335f193
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_hppa.deb
      Size/MD5 checksum:   164684 8d34b3fb5b1d4085eb1905cf8f4b4169
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_hppa.deb
      Size/MD5 checksum:    57774 3c1f6134aa0bedd285693c272156dadf

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_m68k.deb
      Size/MD5 checksum:  8167076 9fbcdcc9c20c9c53bfe0c2e8867505ee
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_m68k.deb
      Size/MD5 checksum:   155844 5e17dab94ba264505d9e976b6cada360
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_m68k.deb
      Size/MD5 checksum:    53438 d65525a81b47a3ffb818044ff0f6c082

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_mips.deb
      Size/MD5 checksum:  9919764 dad3b9c7736be1a76182805decbe4226
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_mips.deb
      Size/MD5 checksum:   154698 ddcb26a6501acc4bfb01f84679c71df1
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_mips.deb
      Size/MD5 checksum:    54444 b05103132d75b1398fd4ac93210f8fa0

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_mipsel.deb
      Size/MD5 checksum:  9803612 9277b9d3635327414a54a0fa5bc43fab
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_mipsel.deb
      Size/MD5 checksum:   154254 9aae814cc1d5dc31ac24a4c573a3d54d
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_mipsel.deb
      Size/MD5 checksum:    54270 df2809a9996ea6eaf4d940420f22e654

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_powerpc.deb
      Size/MD5 checksum:  8561724 53cb5d60984f432cfb7ae7c1ee917a60
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_powerpc.deb
      Size/MD5 checksum:   155320 09439c02519d6082619a356c2e568649
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_powerpc.deb
      Size/MD5 checksum:    56564 71de49e9fe39bc3e0873d9ea09627edb

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_s390.deb
      Size/MD5 checksum:  9635928 4288345b4f7a1f65483220fe9e26615e
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_s390.deb
      Size/MD5 checksum:   162324 f7a9b952749be394d1743c0cc0442d78
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_s390.deb
      Size/MD5 checksum:    56758 eea32af660a5d5a5b63214c476fa8a29

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_sparc.deb
      Size/MD5 checksum:  8651566 2255aa4861022395d74e7ba0e7eeef0f
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_sparc.deb
      Size/MD5 checksum:   155558 b9110a9180419dc9437e5ab610176139
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_sparc.deb
      Size/MD5 checksum:    52998 658a72bc8e0a9d496ef9553da5676acb


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDP3k8W5ql+IAeqTIRAoLgAKConrHbOanuQtMNbRdGXewUlqaxfgCggNoQ
XnBtwQC3a4epZGXzwZoiqgc=
=vtEo
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Debian Linux Security Advisory 837-1

Debian Linux Security Advisory 837-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Linux Security Advisory 837-1

Share This

Debian Linux Security Advisory 837-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems