Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: October 02, 2006
Statement Date: September 29, 2006
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Debian has published Debian Security Advisory DSA 1185 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 21, 2006
Statement Date: September 21, 2006
Affected
For F5 products BIG-IP, FirePass and EM, this is a local vulnerability, and per our policy, will be addressed during the next maintenance release for each product.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: July 22, 2011
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 28, 2006
Statement Date: September 28, 2006
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The FreeBSD project has published FreeBSD Security Advisory FreeBSD-SA-06:23.openssl in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 29, 2006
Statement Date: September 28, 2006
Not Affected
We are investigating this issue. No affected products have been found.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 18, 2006
Statement Date: September 18, 2006
Not Affected
Global Technology Associates, Inc. has examined this issue and is pleased to report this issue does not impact any versions (current and past) of the GTA firewall products. To report potential security vulnerabilities in GTA products, send an E-mail message to: security-alert@gta.com .
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Updated: October 02, 2006
Statement Date: September 29, 2006
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The OpenPKG team has published OpenPKG Security Advisory OpenPKG-SA-2006.021 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Notified: September 06, 2006 Updated: September 28, 2006
Statement Date: September 28, 2006
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The OpenSSL development team has published OpenSSL Security Advisory [28th September 2006] in response to this issue. Users or redistributors who compile OpenSSL from the original source code distribution are encouraged to review this advisory and upgrade to the appropriate fixed version of the software.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Updated: January 17, 2007
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Refer to http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: October 02, 2006
Statement Date: September 29, 2006
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Red Hat has published Red Hat Security Advisory RHSA-2006:0695 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Updated: October 02, 2006
Statement Date: September 29, 2006
Affected
rPath Security Advisory: 2006-0175-5 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com at rpl:devel//1/0.9.7f-10.6-1 openssl-scripts=/conary.rpath.com at rpl:devel//1/0.9.7f-10.6-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613 Description: Previous versions of the openssl package are vulnerable to multiple attacks. Three of the vulnerabilities are denials of service, but the other is a buffer overflow that is expected to create remote unauthorized access vulnerabilities in other applications. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable. 29 September 2006 Update: The initial fix for this vulnerability was incomplete, and the fault in the fix could enable a Denial of Service attack in some cases of the attack described in CVE-2006-2940.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 22, 2006 Updated: September 22, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: October 02, 2006
Statement Date: September 29, 2006
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Slackware has published Slackware Security Advisory SSA:2006-272-01 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 29, 2006
Statement Date: September 29, 2006
Affected
Stonesoft has published a Security Advisory on this issue. The advisory is available at Stonesoft's web site: http://www.stonesoft.com/en/support/security_advisories/2909_2006.html
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: October 02, 2006
Statement Date: September 29, 2006
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 SUSE Security Announcement Package: MozillaFirefox,MozillaThunderbird,seamonkey
Announcement ID: SUSE-SA:2006:054
Date: Fri, 22 Sep 2006 15:00:00 +0000
Affected Products: Novell Linux Desktop 9
SUSE LINUX 10.1
SUSE LINUX 10.0
SUSE LINUX 9.3
SUSE LINUX 9.2
SUSE SLED 10
SUSE SLES 10
Vulnerability Type: remote code execution
Severity (1-10): 8
SUSE Default Package: yes
Cross-References: CVE-2006-4253, CVE-2006-4340, CVE-2006-4565
CVE-2006-4566, CVE-2006-4567, CVE-2006-4568
CVE-2006-4569, CVE-2006-4570, CVE-2006-4571
MFSA 2006-57, MFSA 2006-58, MFSA 2006-59
MFSA 2006-60, MFSA 2006-61, MFSA 2006-62
MFSA 2006-63, MFSA 2006-64 Content of This Advisory: 1) Security Vulnerability Resolved: various Mozilla security problems
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information 1) Problem Description and Brief Discussion Security updates have been released that bring Mozilla Firefox to
version 1.5.0.7, Mozilla Thunderbird to version 1.5.0.7 and Mozilla
Seamonkey to 1.0.5. Seamonkey and Thunderbird were released early this week, Firefox was
released today. Please also see
http://www.mozilla.org/projects/security/known-vulnerabilities.html
for more details. The updates fix the following security problems: MFSA 2006-64/CVE-2006-4571: Crashes with evidence of memory corruption
MFSA 2006-63/CVE-2006-4570: Executing JavaScript within E-Mail using XBL
MFSA 2006-62/CVE-2006-4569: Pop up-blocker cross-site scripting (XSS)
MFSA 2006-61/CVE-2006-4568: Frame spoofing using document.open()
MFSA 2006-60/CVE-2006-4340/CERT VU#845620: RSA Signature Forgery
MFSA 2006-59/CVE-2006-4253: Concurrency-related vulnerability
MFSA 2006-58/CVE-2006-4567: Auto-Update compromise through DNS and SSL
spoofing
MFSA 2006-57/CVE-2006-4565/CVE-2006-4566: JavaScript Regular Expression Heap
Corruption 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please close and restart all running instances of Mozilla, Firefox
or Thunderbird after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command rpm -Fhv
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: October 02, 2006
Statement Date: September 29, 2006
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Trustix has published Trustix Secure Linux Security Advisory #2006-0054 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 28, 2006
Statement Date: September 28, 2006
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Ubuntu has published Ubuntu Security Notice USN-353-1 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2006 Updated: September 15, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.