Hello
On Wed, May 04, 2005 at 04:51:46PM -0500, Connie Sieh wrote:
> On Wed, 4 May 2005, Connie Sieh wrote:
>
> > The following ERRATA for SL 302/303/304 i386 are now available from:
> > ftp://ftp.scientificlinux.org/linux/scientific/302/i386/errata/SL/RPMS/
> > ftp://ftp.scientificlinux.org/linux/scientific/303/i386/errata/SL/RPMS/
> > ftp://ftp.scientificlinux.org/linux/scientific/304/i386/errata/SL/RPMS/
> >
> > Synopsis: Important: Mozilla security update
> > Advisory ID: RHSA-2005:384-01
> > CVE Names: CAN-2004-1156 CAN-2005-0142 CAN-2005-0143 CAN-2005-0146
> > CAN-2005-0231 CAN-2005-0232 CAN-2005-0233 CAN-2005-0401 CAN-2005-0527
> > CAN-2005-0578 CAN-2005-0584 CAN-2005-0585 CAN-2005-0586 CAN-2005-0588
> > CAN-2005-0590 CAN-2005-0591 CAN-2005-0593 CAN-2005-0989 CAN-2005-1153
> > CAN-2005-1154 CAN-2005-1155 CAN-2005-1156 CAN-2005-1157 CAN-2005-1159
> > CAN-2005-1160
> >
> > mozilla-1.7.7-1.1.3.4.SL.i386.rpm
> > mozilla-chat-1.7.7-1.1.3.4.SL.i386.rpm
> > mozilla-devel-1.7.7-1.1.3.4.SL.i386.rpm
> > mozilla-dom-inspector-1.7.7-1.1.3.4.SL.i386.rpm
> > mozilla-js-debugger-1.7.7-1.1.3.4.SL.i386.rpm
> > mozilla-mail-1.7.7-1.1.3.4.SL.i386.rpm
> > mozilla-nspr-1.7.7-1.1.3.4.SL.i386.rpm
> > mozilla-nspr-devel-1.7.7-1.1.3.4.SL.i386.rpm
> > mozilla-nss-1.7.7-1.1.3.4.SL.i386.rpm
> > mozilla-nss-devel-1.7.7-1.1.3.4.SL.i386.rpm
I think there may be a package problem with these packages. Mozilla got
updated with our nightly software update and
/usr/lib/mozilla-1.7.7/greprefs and
/usr/lib/mozilla-1.7.7/init.d
had root ownership with mode 700. Which makes mozilla act quite oddly
for non-root users. Our yum updater ran with umask 077, so the
permissions for those directories aren't explicit I would guess.