 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Fri, 6 May 2005 11:16:14 -0500 |
| Content-Type: | TEXT/PLAIN |
| Parts/Attachments: |
|
|
Andy,
Will research.
-connie
On Fri, 6 May 2005, Andy Wettstein wrote:
> Hello
>
> On Wed, May 04, 2005 at 04:51:46PM -0500, Connie Sieh wrote:
> > On Wed, 4 May 2005, Connie Sieh wrote:
> >
> > > The following ERRATA for SL 302/303/304 i386 are now available from:
> > > ftp://ftp.scientificlinux.org/linux/scientific/302/i386/errata/SL/RPMS/
> > > ftp://ftp.scientificlinux.org/linux/scientific/303/i386/errata/SL/RPMS/
> > > ftp://ftp.scientificlinux.org/linux/scientific/304/i386/errata/SL/RPMS/
> > >
> > > Synopsis: Important: Mozilla security update
> > > Advisory ID: RHSA-2005:384-01
> > > CVE Names: CAN-2004-1156 CAN-2005-0142 CAN-2005-0143 CAN-2005-0146
> > > CAN-2005-0231 CAN-2005-0232 CAN-2005-0233 CAN-2005-0401 CAN-2005-0527
> > > CAN-2005-0578 CAN-2005-0584 CAN-2005-0585 CAN-2005-0586 CAN-2005-0588
> > > CAN-2005-0590 CAN-2005-0591 CAN-2005-0593 CAN-2005-0989 CAN-2005-1153
> > > CAN-2005-1154 CAN-2005-1155 CAN-2005-1156 CAN-2005-1157 CAN-2005-1159
> > > CAN-2005-1160
> > >
> > > mozilla-1.7.7-1.1.3.4.SL.i386.rpm
> > > mozilla-chat-1.7.7-1.1.3.4.SL.i386.rpm
> > > mozilla-devel-1.7.7-1.1.3.4.SL.i386.rpm
> > > mozilla-dom-inspector-1.7.7-1.1.3.4.SL.i386.rpm
> > > mozilla-js-debugger-1.7.7-1.1.3.4.SL.i386.rpm
> > > mozilla-mail-1.7.7-1.1.3.4.SL.i386.rpm
> > > mozilla-nspr-1.7.7-1.1.3.4.SL.i386.rpm
> > > mozilla-nspr-devel-1.7.7-1.1.3.4.SL.i386.rpm
> > > mozilla-nss-1.7.7-1.1.3.4.SL.i386.rpm
> > > mozilla-nss-devel-1.7.7-1.1.3.4.SL.i386.rpm
>
> I think there may be a package problem with these packages. Mozilla got
> updated with our nightly software update and
>
> /usr/lib/mozilla-1.7.7/greprefs and
> /usr/lib/mozilla-1.7.7/init.d
>
> had root ownership with mode 700. Which makes mozilla act quite oddly
> for non-root users. Our yum updater ran with umask 077, so the
> permissions for those directories aren't explicit I would guess.
>
|
|
|
