Name: xulrunner Version: 1.9.0.1-1.fc9@i386 Priority: 0 Group: Applications/Internet Installed Size: 22.0MB Reference URLs: http://www.mozilla.org/projects/xulrunner/ Flags: security Channels: Fedora 9 Updates - i386 Summary: XUL Runtime for Gecko Applications Description: XULRunner provides the XUL Runtime environment for Gecko applications. Errata: ID: FEDORA-2008-6518 URL: None Type: security Date: 2008-07-18 01:38:11 Summary: xulrunner-1.9.0.1-1.fc9,firefox-3.0.1-1.fc9,epiphany-2.22.2-3.fc9,epiphany-extensions-2.22.1-3.fc9,yelp-2.22.1-4.fc9,devhelp-0.19.1-3.fc9 Description: Updated firefox packages that fix several security issues are now available for Fedora 9. . An integer overflow flaw was found in the way Firefox displayed certain web content. A malicious web site could cause Firefox to crash, or execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-2785) . A flaw was found in the way Firefox handled certain command line URLs. If another application passed Firefox a malformed URL, it could result in Firefox executing local malicious content with chrome privileges. (CVE-2008-2933) . Updated packages update Mozilla Firefox to upstream version 3.0.1 to address these flaws: . http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.1 . This update also contains devhelp, epiphany, epiphany-extensions, and yelp packages rebuilt against new Firefox / Gecko libraries. Name: libgnome Version: 2.22.0-30.2@i586 Priority: 0 Group: Development/Libraries/GNOME Installed Size: 2.1MB Reference URLs: http://www.gnome.org/ Flags: recommended Channels: openSUSE Updates Summary: The GNOME 2.x Desktop Base Libraries Description: This package contains the basic libraries for the GNOME 2.x Desktop platform. GNOME has no specific window manager. You are totally free in your choice. Many GNOME users like Sawfish, Enlightenment, or IceWM as a window manager for GNOME (see those packages). Errata: ID: esound URL: None Type: recommended Date: 2008-08-05 19:02:49 Summary: Fixes for several PulseAudio-related problems in GNOME applications Description: After 11.0 was released, lots of users started complaining about problems when using PulseAudio. This set of fixes covers some of them, like blocking GNOME applications in some hardware, and a very obvious crash (for some people) in pavucontrol that was fixed in the 0.9.6 release, which was announced unfortunately after the freeze for openSUSE 11.0. Name: x11-server-xgl Version: 0.0.1-0.20070917.2.3mdv2008.0@i586 Priority: 0 Group: System/X11 Installed Size: 4.6MB Reference URLs: Flags: security Channels: Mandriva Updates Summary: Xserver that uses OpenGL Description: Errata: ID: MDVSA-2008:116 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:116 Type: security Date: Mon Jun 16 10:59:20 2008 Summary: Description: An input validation flaw was found in X.org's Security and Record extensions. A malicious authorized client could exploit the issue to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server (CVE-2008-1377). . An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server (CVE-2008-1379). . Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could explot these issues to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server (CVE-2008-2360, CVE-2008-2361, CVE-2008-2362). . In addition, this update corrects a problem that could cause memory corruption or segfaults in the render code of the vnc server on Mandriva Linux 2008.1 . The updated packages have been patched to prevent these issues. .