[SECURITY] Fedora 8 Update: liferea-1.4.8-2.fc8

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:48:08 UTC 2007 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-3962
2007-11-29 01:46:57.290638
--------------------------------------------------------------------------------

Name        : liferea
Product     : Fedora 8
Version     : 1.4.8
Release     : 2.fc8
URL         : http://liferea.sourceforge.net/
Summary     : An RSS/RDF feed reader
Description :
Liferea (Linux Feed Reader) is an RSS/RDF feed reader.
It's intended to be a clone of the Windows-only FeedReader.
It can be used to maintain a list of subscribed feeds,
browse through their items, and show their contents.

--------------------------------------------------------------------------------
Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 8.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 27 2007 Christopher Aillon <caillon at redhat.com> - 1.4.8-2
- Rebuild against newer gecko
--------------------------------------------------------------------------------
Updated packages:

f3a8735b848a146e641a20e965ee53244d72f7e2 liferea-1.4.8-2.fc8.ppc64.rpm
da23342ccb1fac381d58cab73641cbeaad04c505 liferea-debuginfo-1.4.8-2.fc8.ppc64.rpm
1cb65446c5a6359d58d90139a9daa202177f87b8 liferea-1.4.8-2.fc8.i386.rpm
d57bac3e4f41aac2049cf9c71a049799e497cadd liferea-debuginfo-1.4.8-2.fc8.i386.rpm
74e1dba00d978679318a0b76a924aaf853c41d86 liferea-debuginfo-1.4.8-2.fc8.x86_64.rpm
3a3f550afa0952d0bb80d45b59d113442800dc24 liferea-1.4.8-2.fc8.x86_64.rpm
a220d8f3ddd999771c319323b36a2a9462a9604c liferea-debuginfo-1.4.8-2.fc8.ppc.rpm
a5137b0c65cea0d13a1b9e4b8a91ae3240240095 liferea-1.4.8-2.fc8.ppc.rpm
26f714a59b150ac7fadbab70cf1410fbd6551c18 liferea-1.4.8-2.fc8.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update liferea' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

More information about the package-announce mailing list