On Sun, 9 Aug 2009, Connie Sieh wrote:
> On Sun, 9 Aug 2009, Dr Andrew C Aitchison wrote:
> The glibc is already built. I will get it out soon.
Thanks very much indeed.
>> https://rhn.redhat.com/errata/RHBA-2009-1202.html
>> or for Firefox 3.0.13
>> http://www.mozilla.org/security/known-vulnerabilities/firefox30.html
>
> Do not know if the latest firefox that was released 1.5 weeks ago has this
> fix. You can check the changelog on the firefox rpm for the CVE's that it
> fixed.
> rpm -q --changelog firefox
I'm afraid it just says:
* Thu Jul 09 2009 Jan Horak <[log in to unmask]> - 3.0.12-1
- Update to 3.0.12
CVE-2009-2404 was reported to Mozilla on 2009-07-15
(see https://bugzilla.mozilla.org/show_bug.cgi?id=504456)
so I doubt RedHat had sneaked an extra fix in.
The flaw seems to have been reported at Black Hat
http://www.wired.com/threatlevel/2009/07/kaminsky/
so I expect attackes will be appearing on websites soon :-(
I fear that this will require a new Firefox.
> I am actually on vacation right now and have to checkout of the
> hotel in 5 minutes so do not have time to check for you.
Have a great holiday.
Thanks,
--
Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
[log in to unmask]http://www.dpmms.cam.ac.uk/~werdna