On Sun, 9 Aug 2009, Connie Sieh wrote:
On Sun, 9 Aug 2009, Dr Andrew C Aitchison wrote:
The glibc is already built. I will get it out soon.
Thanks very much indeed.
https://rhn.redhat.com/errata/RHBA-2009-1202.html
or for Firefox 3.0.13
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html
Do not know if the latest firefox that was released 1.5 weeks ago has this
fix. You can check the changelog on the firefox rpm for the CVE's that it
fixed.
rpm -q --changelog firefox
I'm afraid it just says:
* Thu Jul 09 2009 Jan Horak <[email protected]> - 3.0.12-1
- Update to 3.0.12
CVE-2009-2404 was reported to Mozilla on 2009-07-15
(see https://bugzilla.mozilla.org/show_bug.cgi?id=504456)
so I doubt RedHat had sneaked an extra fix in.
The flaw seems to have been reported at Black Hat
http://www.wired.com/threatlevel/2009/07/kaminsky/
so I expect attackes will be appearing on websites soon :-(
I fear that this will require a new Firefox.
I am actually on vacation right now and have to checkout of the
hotel in 5 minutes so do not have time to check for you.
Have a great holiday.
Thanks,
--
Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
[email protected] http://www.dpmms.cam.ac.uk/~werdna
