[SECURITY] Fedora 7 Update: Miro-1.0-2.fc7

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:45:27 UTC 2007


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-3952
2007-11-29 01:44:21.449766
--------------------------------------------------------------------------------

Name        : Miro
Product     : Fedora 7
Version     : 1.0
Release     : 2.fc7
URL         : http://www.getmiro.com/
Summary     : Miro - Internet TV Player
Description :
Miro is a free application that turns your computer into an
internet TV video player. This release is still a beta version, which means
that there are some bugs, but we're moving quickly to fix them and will be
releasing bug fixes on a regular basis.

--------------------------------------------------------------------------------
Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 7.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
--------------------------------------------------------------------------------
Updated packages:

23e0fa8a88a85cbf8f823dc5f0519e7a2491b703 Miro-debuginfo-1.0-2.fc7.ppc64.rpm
d825cdd85f81c7fb62ae269cfd384513fc6ebd11 Miro-1.0-2.fc7.ppc64.rpm
c29d578595fd9dc275dd143ea6532f40eff7193b Miro-debuginfo-1.0-2.fc7.i386.rpm
9b56d51df24d56210a35c1eb7038cdc553b9b155 Miro-1.0-2.fc7.i386.rpm
9b604bd9c4daae7fd0d5a8370bf8871afec71968 Miro-1.0-2.fc7.x86_64.rpm
518d593e22bad2afac6dee24a755e1c2e1697ab7 Miro-debuginfo-1.0-2.fc7.x86_64.rpm
02d2b85df45395ebb4c8b2a791ec0fa887b313a7 Miro-1.0-2.fc7.ppc.rpm
bbcf7ba910f08dffdb166972c455671d3a4ce053 Miro-debuginfo-1.0-2.fc7.ppc.rpm
3b8f1234fa010362fa3c2740d5caac3123b3764c Miro-1.0-2.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update Miro' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------




More information about the package-announce mailing list