Mandriva has issued an advisory today (June 9): http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:088 The SRPMS that need to be included are: nspr nss xulrunner firefox firefox-l10n and possibly icedtea-web (MDV rebuilt this for their update) I've already submitted nspr and nss. Last I checked, xulrunner had not been submitted yet, firefox had been, and firefox-l10n also had been but not totally successfully (incomplete build on Mageia 2). Speaking of Mageia 2, it needs this update as well. When all of the packages are built and ready for QA, I'll split a separate bug to make this one easier for QA.
CC: (none) => dmorganec
CC: (none) => fundawang
Other packages that may be rebuilt with this update: perl-Gtk2-MozEmbed (rebuilt last time) gnome-python-extras (wouldn't build last time, should build now thanks to pterjan) gjs (needs to be updated to be able to build, see Bug 6382) eclipse (for swt, needs updated also, D Morgan said he might do that)
Version: 1 => 2Whiteboard: (none) => MGA1TOO
Mandriva has provided this update for MDV 2010.2 today (June 23): http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:088-1
Version: 2 => 1Depends on: (none) => 6548Whiteboard: MGA1TOO => (none)
Updates ready for testing. Source RPM list at the bottom of this post, I'll gather up the full RPM list later. Note to QA: Mandriva has rebuilt icedtea-web for this update and we haven't. Please test that icedtea-web still works fine. If there are any problems, I'll submit a rebuild for it. gjs may be updated later and will be handled in Bug 6382 for now. eclipse may be updated later and will have its own bug report if so. Advisory: ======================== Updated firefox packages fix security vulnerabilities: Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure (CVE-2012-1947) Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column (CVE-2012-1940). Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns (CVE-2012-1941). Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node (CVE-2012-1946). Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba (CVE-2012-1945). The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document (CVE-2012-1944). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components (CVE-2012-1938). jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code (CVE-2012-1939). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2012-1937). Ken Russell of Google reported a bug in NVIDIA graphics drivers that they needed to work around in the Chromium WebGL implementation. Mozilla has done the same in Firefox 13 and ESR 10.0.5 (CVE-2011-3101). Additionally, the nspr and nss libraries have been upgraded to the latest versions which resolve various upstream bugs. Also, perl-Gtk2-MozEmbed and gnome-python-gtkmozembed have been rebuilt against the updated xulrunner library. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1941 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1944 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1945 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1946 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947 http://www.mozilla.org/security/announce/2012/mfsa2012-34.html http://www.mozilla.org/security/announce/2012/mfsa2012-36.html http://www.mozilla.org/security/announce/2012/mfsa2012-37.html http://www.mozilla.org/security/announce/2012/mfsa2012-38.html http://www.mozilla.org/security/announce/2012/mfsa2012-40.html http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:088-1 ======================== Source RPMs: nspr-4.9.1-1.mga1.src.rpm nss-3.13.5-1.mga1.src.rpm xulrunner-10.0.5-1.1.mga1.src.rpm firefox-10.0.5-1.mga1.src.rpm firefox-l10n-10.0.5-1.mga1.src.rpm perl-Gtk2-MozEmbed-0.80.0-10.5.mga1.src.rpm gnome-python-extras-2.25.3-24.3.mga1.src.rpm
Assignee: bugsquad => qa-bugs
Blocks: (none) => 6382
Full RPM list: libnspr4-4.9.1-1.mga1 libnspr-devel-4.9.1-1.mga1 nss-3.13.5-1.mga1 nss-doc-3.13.5-1.mga1 libnss3-3.13.5-1.mga1.i586.rpm libnss-devel-3.13.5-1.mga1 libnss-static-devel-3.13.5-1.mga1 xulrunner-10.0.5-1.1.mga1 libxulrunner10.0.5-10.0.5-1.1.mga1 libxulrunner-devel-10.0.5-1.1.mga1 firefox-10.0.5-1.mga1 firefox-devel-10.0.5-1.mga1 firefox-af-10.0.5-1.mga1 firefox-ar-10.0.5-1.mga1 firefox-ast-10.0.5-1.mga1 firefox-be-10.0.5-1.mga1 firefox-bg-10.0.5-1.mga1 firefox-bn_BD-10.0.5-1.mga1 firefox-bn_IN-10.0.5-1.mga1 firefox-br-10.0.5-1.mga1 firefox-bs-10.0.5-1.mga1 firefox-ca-10.0.5-1.mga1 firefox-cs-10.0.5-1.mga1 firefox-cy-10.0.5-1.mga1 firefox-da-10.0.5-1.mga1 firefox-de-10.0.5-1.mga1 firefox-el-10.0.5-1.mga1 firefox-en_GB-10.0.5-1.mga1 firefox-en_ZA-10.0.5-1.mga1 firefox-eo-10.0.5-1.mga1 firefox-es_AR-10.0.5-1.mga1 firefox-es_CL-10.0.5-1.mga1 firefox-es_ES-10.0.5-1.mga1 firefox-es_MX-10.0.5-1.mga1 firefox-et-10.0.5-1.mga1 firefox-eu-10.0.5-1.mga1 firefox-fa-10.0.5-1.mga1 firefox-fi-10.0.5-1.mga1 firefox-fr-10.0.5-1.mga1 firefox-fy-10.0.5-1.mga1 firefox-ga_IE-10.0.5-1.mga1 firefox-gd-10.0.5-1.mga1 firefox-gl-10.0.5-1.mga1 firefox-gu_IN-10.0.5-1.mga1 firefox-he-10.0.5-1.mga1 firefox-hi-10.0.5-1.mga1 firefox-hr-10.0.5-1.mga1 firefox-hu-10.0.5-1.mga1 firefox-hy-10.0.5-1.mga1 firefox-id-10.0.5-1.mga1 firefox-is-10.0.5-1.mga1 firefox-it-10.0.5-1.mga1 firefox-ja-10.0.5-1.mga1 firefox-kk-10.0.5-1.mga1 firefox-kn-10.0.5-1.mga1 firefox-ko-10.0.5-1.mga1 firefox-ku-10.0.5-1.mga1 firefox-lg-10.0.5-1.mga1 firefox-lt-10.0.5-1.mga1 firefox-lv-10.0.5-1.mga1 firefox-mai-10.0.5-1.mga1 firefox-mk-10.0.5-1.mga1 firefox-ml-10.0.5-1.mga1 firefox-mr-10.0.5-1.mga1 firefox-nb_NO-10.0.5-1.mga1 firefox-nl-10.0.5-1.mga1 firefox-nn_NO-10.0.5-1.mga1 firefox-nso-10.0.5-1.mga1 firefox-or-10.0.5-1.mga1 firefox-pa_IN-10.0.5-1.mga1 firefox-pl-10.0.5-1.mga1 firefox-pt_BR-10.0.5-1.mga1 firefox-pt_PT-10.0.5-1.mga1 firefox-ro-10.0.5-1.mga1 firefox-ru-10.0.5-1.mga1 firefox-si-10.0.5-1.mga1 firefox-sk-10.0.5-1.mga1 firefox-sl-10.0.5-1.mga1 firefox-sq-10.0.5-1.mga1 firefox-sr-10.0.5-1.mga1 firefox-sv_SE-10.0.5-1.mga1 firefox-ta-10.0.5-1.mga1 firefox-ta_LK-10.0.5-1.mga1 firefox-te-10.0.5-1.mga1 firefox-th-10.0.5-1.mga1 firefox-tr-10.0.5-1.mga1 firefox-uk-10.0.5-1.mga1 firefox-vi-10.0.5-1.mga1 perl-Gtk2-MozEmbed-0.80.0-10.5.mga1 gnome-python-extras-2.25.3-24.3.mga1 gnome-python-gda-2.25.3-24.3.mga1 gnome-python-gda-devel-2.25.3-24.3.mga1 gnome-python-gdl-2.25.3-24.3.mga1 gnome-python-gtkspell-2.25.3-24.3.mga1 gnome-python-gtkmozembed-2.25.3-24.3.mga1 gnome-python-gtkhtml2-2.25.3-24.3.mga1
Testing x86_64 Mageia 1 gnome-python-gtkmozembed causes segfaults with Release version. $ python moz.py Segmentation fault $ python moz2.py Segmentation fault $ python moz3.py Segmentation fault I'll attach the scripts. Should lib(64)xulrunner remove previous versions? # rpm -qa | grep lib64xul lib64xulrunner10.0.5-10.0.5-1.1.mga1 lib64xulrunner2.0.1-2.0.1-1.mga1 lib64xulrunner10.0.4-10.0.4-1.mga1 lib64xulrunner-devel-10.0.5-1.1.mga1 mga2 is the same in this respect IINM. Apart from the above, testing firefox itself.. https, flash, java, flash over https, l10n all seems OK
Created attachment 2500 [details] firefox.tar.gz - 3 gnome-python-gtkmozembed test scripts in a firefox directory
Forgot to mention gnome-python-gtkmozembed also segfaults with the update installed.
(In reply to comment #5) > Testing x86_64 Mageia 1 > > gnome-python-gtkmozembed causes segfaults with Release version. This is true in both Mageia 1 and Mageia 2, release and updates versions? > Should lib(64)xulrunner remove previous versions? No. I recommend QA to manually remove previous versions to help make sure we didn't miss anything. Library policy is that the package won't remove them automatically, so sysadmins have to do it manually as well :o( > Apart from the above, testing firefox itself.. > > https, flash, java, flash over https, l10n all seems OK If the answer to my first question is yes, I guess we can validate these updates without gnome-python-extras (and remove mention of it from the advisories).
I removed previous versions of lib64xulrunner but its hasn't helped. $ python moz.py Segmentation fault $ python moz2.py Segmentation fault $ python moz3.py Segmentation fault $ rpm -qa | grep lib64xul lib64xulrunner10.0.5-10.0.5-1.1.mga1 lib64xulrunner-devel-10.0.5-1.1.mga1
It seems to be true in both versions in mga1 & 2 David yes.
I tried perl-Gtk2-MozEmbed with the script on cpan: http://search.cpan.org/~tsch/Gtk2-MozEmbed-0.06/MozEmbed.pm#SEE_ALSO $ perl moz.pl Segmentation fault So seems to be a problem with lib64xulrunner
Perhaps this is relevant David http://mandriva.598463.n5.nabble.com/Bug-30801-perl-Gtk2-MozEmbed-ASSIGNED-perl-Gtk2-MozEmbed-crash-unless-the-firefox-path-is-added-to-ef-td649829.html
Thanks Claire. Yet another Mandriva bug closed as OLD without being fixed :o) I'll ask about it on the -dev list.
Bug 6610 created for the xulrunner problem on mga1 & mga2 dmorgan is rebuilding eclipse without xulrunner so we shouldn't need to worry about that any more. That just leaves firefox itself. Source RPMs: nspr-4.9.1-1.mga1.src.rpm nss-3.13.5-1.mga1.src.rpm firefox-10.0.5-1.mga1.src.rpm firefox-l10n-10.0.5-1.mga1.src.rpm Do you agree for the same thing as mga2 in bug 6548?
(In reply to comment #14) > Do you agree for the same thing as mga2 in bug 6548? I do.
Testing Mageia 1 i586 now.
CC: (none) => davidwhodgins
Testing complete on i586 with https://www.youtube.com, en_GB language pack and other standard browser tests.
Whiteboard: (none) => mga1-32-OK
testing mga1 64
Testing complete x86_64 mga1 Java, flash, flash over https, spellcheck, bookmarks. All seems fine. Validating Advisory: ======================== Updated firefox packages fix security vulnerabilities: Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure (CVE-2012-1947) Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column (CVE-2012-1940). Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns (CVE-2012-1941). Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node (CVE-2012-1946). Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba (CVE-2012-1945). The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document (CVE-2012-1944). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components (CVE-2012-1938). jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code (CVE-2012-1939). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2012-1937). Ken Russell of Google reported a bug in NVIDIA graphics drivers that they needed to work around in the Chromium WebGL implementation. Mozilla has done the same in Firefox 13 and ESR 10.0.5 (CVE-2011-3101). Additionally, the nspr and nss libraries have been upgraded to the latest versions which resolve various upstream bugs. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1941 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1944 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1945 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1946 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947 http://www.mozilla.org/security/announce/2012/mfsa2012-34.html http://www.mozilla.org/security/announce/2012/mfsa2012-36.html http://www.mozilla.org/security/announce/2012/mfsa2012-37.html http://www.mozilla.org/security/announce/2012/mfsa2012-38.html http://www.mozilla.org/security/announce/2012/mfsa2012-40.html http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:088-1 ======================== Source RPMs: nspr-4.9.1-1.mga1.src.rpm nss-3.13.5-1.mga1.src.rpm firefox-10.0.5-1.mga1.src.rpm firefox-l10n-10.0.5-1.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates. Please also remove the following srpm's from Testing: xulrunner-10.0.5-1.1.mga1.src.rpm perl-Gtk2-MozEmbed-0.80.0-10.5.mga1.src.rpm gnome-python-extras-2.25.3-24.3.mga1.src.rpm They are now the subject of bug 6610
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsHardware: i586 => AllWhiteboard: mga1-32-OK => mga1-32-OK mga1-64-OK
xulrunner, perl-Gtk2-MozEmbed and gnome-python-extras removed from updates_testing Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0136
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED