ID SSA-2010-295-02 Type slackware Reporter Slackware Linux Project Modified 2010-10-22T21:19:42
Description
New mozilla-firefox packages are available for Slackware 13.0, 13.1,
and -current to fix security issues.
Here are the details from the Slackware 13.1 ChangeLog:
patches/packages/mozilla-firefox-3.6.11-i686-1.txz: Upgraded.
This fixes some security issues.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
( Security fix )
Where to find the new packages:
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/mozilla-firefox-3.6.11-i686-1.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/mozilla-firefox-3.6.11-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mozilla-firefox-3.6.11-i686-1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mozilla-firefox-3.6.11-x86_64-1_slack13.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-3.6.11-i686-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-3.6.11-x86_64-1.txz
Upgrade the package as root:
> upgradepkg xap/mozilla-firefox-3.6.11-i686-1.txz
{"id": "SSA-2010-295-02", "type": "slackware", "bulletinFamily": "unix", "title": "[slackware-security] mozilla-firefox", "description": "New mozilla-firefox packages are available for Slackware 13.0, 13.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 13.1 ChangeLog:\n\npatches/packages/mozilla-firefox-3.6.11-i686-1.txz: Upgraded.\n This fixes some security issues.\n For more information, see:\n http://www.mozilla.org/security/known-vulnerabilities/firefox36.html\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/mozilla-firefox-3.6.11-i686-1.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/mozilla-firefox-3.6.11-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mozilla-firefox-3.6.11-i686-1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mozilla-firefox-3.6.11-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-3.6.11-i686-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-3.6.11-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n5fa7ed35759a818994f0325f9944151f mozilla-firefox-3.6.11-i686-1.txz\n\nSlackware x86_64 13.0 package:\nbab4649aab1bd0e4cffe81906a6ae8af mozilla-firefox-3.6.11-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n5fa7ed35759a818994f0325f9944151f mozilla-firefox-3.6.11-i686-1.txz\n\nSlackware x86_64 13.1 package:\n6c0b3d7a98b544cdb806660272d86481 mozilla-firefox-3.6.11-x86_64-1_slack13.1.txz\n\nSlackware -current package:\n5fa7ed35759a818994f0325f9944151f xap/mozilla-firefox-3.6.11-i686-1.txz\n\nSlackware x86_64 -current package:\n87da1e687f5be429422434eb3aa29da3 xap/mozilla-firefox-3.6.11-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg xap/mozilla-firefox-3.6.11-i686-1.txz", "published": "2010-10-22T21:19:42", "modified": "2010-10-22T21:19:42", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.417624", "reporter": "Slackware Linux Project", "references": [], "cvelist": [], "lastseen": "2020-10-25T16:36:06", "viewCount": 1, "enchantments": {"score": {"value": 3.2, "vector": "NONE", "modified": "2020-10-25T16:36:06", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:136141256231068472", "OPENVAS:68472"]}, {"type": "nessus", "idList": ["SLACKWARE_SSA_2010-295-02.NASL"]}], "modified": "2020-10-25T16:36:06", "rev": 2}, "vulnersScore": 3.2}, "affectedPackage": [{"OS": "Slackware", "OSVersion": "13.0", "arch": "i686", "packageName": "mozilla-firefox", "packageVersion": "3.6.11", "packageFilename": "mozilla-firefox-3.6.11-i686-1.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "arch": "x86_64", "packageName": "mozilla-firefox", "packageVersion": "3.6.11", "packageFilename": "mozilla-firefox-3.6.11-x86_64-1_slack13.0.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "arch": "i686", "packageName": "mozilla-firefox", "packageVersion": "3.6.11", "packageFilename": "mozilla-firefox-3.6.11-i686-1.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "arch": "x86_64", "packageName": "mozilla-firefox", "packageVersion": "3.6.11", "packageFilename": "mozilla-firefox-3.6.11-x86_64-1_slack13.1.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "current", "arch": "i686", "packageName": "mozilla-firefox", "packageVersion": "3.6.11", "packageFilename": "mozilla-firefox-3.6.11-i686-1.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "current", "arch": "x86_64", "packageName": "mozilla-firefox", "packageVersion": "3.6.11", "packageFilename": "mozilla-firefox-3.6.11-x86_64-1.txz", "operator": "lt"}]}
{"openvas": [{"lastseen": "2017-07-24T12:50:31", "bulletinFamily": "scanner", "cvelist": [], "description": "The remote host is missing an update as announced\nvia advisory SSA:2010-295-02.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:68472", "href": "http://plugins.openvas.org/nasl.php?oid=68472", "type": "openvas", "title": "Slackware Advisory SSA:2010-295-02 mozilla-firefox ", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2010_295_02.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New mozilla-firefox packages are available for Slackware 13.0, 13.1,\nand -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2010-295-02.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2010-295-02\";\n \nif(description)\n{\n script_id(68472);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n script_name(\"Slackware Advisory SSA:2010-295-02 mozilla-firefox \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"mozilla-firefox\", ver:\"3.6.11-i686-1\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mozilla-firefox\", ver:\"3.6.11-i686-1\", rls:\"SLK13.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-03-18T14:41:43", "bulletinFamily": "scanner", "cvelist": [], "description": "The remote host is missing an update as announced\nvia advisory SSA:2010-295-02.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231068472", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068472", "type": "openvas", "title": "Slackware Advisory SSA:2010-295-02 mozilla-firefox", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2010_295_02.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68472\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2010-295-02 mozilla-firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(13\\.0|13\\.1)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2010-295-02\");\n\n script_tag(name:\"insight\", value:\"New mozilla-firefox packages are available for Slackware 13.0, 13.1,\nand -current to fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2010-295-02.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"mozilla-firefox\", ver:\"3.6.11-i686-1\", rls:\"SLK13.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mozilla-firefox\", ver:\"3.6.11-i686-1\", rls:\"SLK13.1\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2021-01-01T01:09:53", "description": "New mozilla-firefox packages are available for Slackware 13.0, 13.1,\nand -current to fix security issues.", "edition": 21, "published": "2011-05-28T00:00:00", "title": "Slackware 13.0 / 13.1 / current : mozilla-firefox (SSA:2010-295-02)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": [], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux", "p-cpe:/a:slackware:slackware_linux:mozilla-firefox", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2010-295-02.NASL", "href": "https://www.tenable.com/plugins/nessus/54888", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2010-295-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(54888);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/25 13:36:21\");\n\n script_bugtraq_id(42817, 44243, 44245, 44246, 44247, 44248, 44249, 44250, 44251, 44252, 44253);\n script_xref(name:\"SSA\", value:\"2010-295-02\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / current : mozilla-firefox (SSA:2010-295-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mozilla-firefox packages are available for Slackware 13.0, 13.1,\nand -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.417624\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d51f2cbb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"mozilla-firefox\", pkgver:\"3.6.11\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"mozilla-firefox\", pkgver:\"3.6.11\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"mozilla-firefox\", pkgver:\"3.6.11\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"mozilla-firefox\", pkgver:\"3.6.11\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mozilla-firefox\", pkgver:\"3.6.11\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"mozilla-firefox\", pkgver:\"3.6.11\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
