SL 4.5 and earlier versions needed several evolution28 libraries for the new firefox 3.0.2. They are now added. NOTE: For people running SL 4 x86_64, that have the 32 bit (i386) version of firefox installed. You will need to install the 32 bit versions of evolution28 by hand, because yum probrubly will pull in the x86_64 version. To install the correct versions by hand you should do yum install evolution28-glib2.i386 evolution28-gtk2.i386 yum install evolution28-pango.i386 evolution28-cairo.i386 SL 4.x i386: evolution28-2.8.0-61.el4.i386.rpm evolution28-atk-1.12.2-4.el4.i386.rpm evolution28-atk-devel-1.12.2-4.el4.i386.rpm evolution28-cairo-1.2.4-6.el4.i386.rpm evolution28-cairo-devel-1.2.4-6.el4.i386.rpm evolution28-devel-2.8.0-61.el4.i386.rpm evolution28-evolution-connector-2.8.0-16.el4.i386.rpm evolution28-evolution-data-server-1.8.0-37.el4.i386.rpm evolution28-evolution-data-server-devel-1.8.0-37.el4.i386.rpm evolution28-glib2-2.12.3-6.el4.i386.rpm evolution28-glib2-devel-2.12.3-6.el4.i386.rpm evolution28-gtk2-2.10.4-22.el4.i386.rpm evolution28-gtk2-devel-2.10.4-22.el4.i386.rpm evolution28-gtkhtml3-3.12.0-11.el4.i386.rpm evolution28-gtkhtml3-devel-3.12.0-11.el4.i386.rpm evolution28-libsoup-2.2.98-5.el4.i386.rpm evolution28-libsoup-devel-2.2.98-5.el4.i386.rpm evolution28-pango-1.14.9-7.el4.i386.rpm evolution28-pango-devel-1.14.9-7.el4.i386.rpm x86_64: evolution28-2.8.0-61.el4.x86_64.rpm evolution28-atk-1.12.2-4.el4.x86_64.rpm evolution28-atk-devel-1.12.2-4.el4.x86_64.rpm evolution28-cairo-1.2.4-6.el4.i386.rpm evolution28-cairo-1.2.4-6.el4.x86_64.rpm evolution28-cairo-devel-1.2.4-6.el4.x86_64.rpm evolution28-devel-2.8.0-61.el4.x86_64.rpm evolution28-evolution-connector-2.8.0-16.el4.x86_64.rpm evolution28-evolution-data-server-1.8.0-37.el4.x86_64.rpm evolution28-evolution-data-server-devel-1.8.0-37.el4.x86_64.rpm evolution28-glib2-2.12.3-6.el4.i386.rpm evolution28-glib2-2.12.3-6.el4.x86_64.rpm evolution28-glib2-devel-2.12.3-6.el4.x86_64.rpm evolution28-gtk2-2.10.4-22.el4.i386.rpm evolution28-gtk2-2.10.4-22.el4.x86_64.rpm evolution28-gtk2-devel-2.10.4-22.el4.x86_64.rpm evolution28-gtkhtml3-3.12.0-11.el4.x86_64.rpm evolution28-gtkhtml3-devel-3.12.0-11.el4.x86_64.rpm evolution28-libsoup-2.2.98-5.el4.x86_64.rpm evolution28-libsoup-devel-2.2.98-5.el4.x86_64.rpm evolution28-pango-1.14.9-7.el4.i386.rpm evolution28-pango-1.14.9-7.el4.x86_64.rpm evolution28-pango-devel-1.14.9-7.el4.x86_64.rpm Troy J Dawson wrote: > Synopsis: Critical: firefox security update > Issue date: 2008-09-23 > CVE Names: CVE-2008-3837 CVE-2008-4058 CVE-2008-4060 > CVE-2008-4061 CVE-2008-4062 CVE-2008-4063 > CVE-2008-4064 CVE-2008-4065 CVE-2008-4067 > CVE-2008-4068 > > > Several flaws were found in the processing of malformed web content. A web > page containing malicious content could cause Firefox to crash or, > potentially, execute arbitrary code as the user running Firefox. > (CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, > CVE-2008-4063, CVE-2008-4064) > > Several flaws were found in the way malformed web content was displayed. A > web page containing specially crafted content could potentially trick a > Firefox user into surrendering sensitive information. (CVE-2008-4067, > CVE-2008-4068) > > A flaw was found in the way Firefox handles mouse click events. A web page > containing specially crafted JavaScript code could move the content window > while a mouse-button was pressed, causing any item under the pointer to be > dragged. This could, potentially, cause the user to perform an unsafe > drag-and-drop action. (CVE-2008-3837) > > A flaw was found in Firefox that caused certain characters to be stripped > from JavaScript code. This flaw could allow malicious JavaScript to bypass > or evade script filters. (CVE-2008-4065) > > For technical details regarding these flaws, please see the Mozilla > security advisories for Firefox 3.0.2. You can find a link to the Mozilla > advisories in the References section. > > SL 4.x > > SRPMS: > firefox-3.0.2-3.el4.src.rpm > i386: > nspr-4.7.0.99.2-2.el4.i386.rpm > nspr-devel-4.7.0.99.2-2.el4.i386.rpm > nss-3.11.99.5-3.el4.i386.rpm > nss-devel-3.11.99.5-3.el4.i386.rpm > firefox-3.0.2-3.el4.i386.rpm > x86_64: > nspr-4.7.0.99.2-2.el4.i386.rpm > nspr-4.7.0.99.2-2.el4.x86_64.rpm > nspr-devel-4.7.0.99.2-2.el4.x86_64.rpm > nss-3.11.99.5-3.el4.i386.rpm > nss-3.11.99.5-3.el4.x86_64.rpm > nss-devel-3.11.99.5-3.el4.x86_64.rpm > firefox-3.0.2-3.el4.i386.rpm > firefox-3.0.2-3.el4.x86_64.rpm > > SL 5.x > > SRPMS: > devhelp-0.12-19.el5.src.rpm > firefox-3.0.2-3.el5.src.rpm > nss-3.12.1.1-1.el5.src.rpm > xulrunner-1.9.0.2-5.el5.src.rpm > yelp-2.16.0-21.el5.src.rpm > i386: > devhelp-0.12-19.el5.i386.rpm > devhelp-devel-0.12-19.el5.i386.rpm > firefox-3.0.2-3.el5.i386.rpm > nss-3.12.1.1-1.el5.i386.rpm > nss-devel-3.12.1.1-1.el5.i386.rpm > nss-pkcs11-devel-3.12.1.1-1.el5.i386.rpm > nss-tools-3.12.1.1-1.el5.i386.rpm > xulrunner-1.9.0.2-5.el5.i386.rpm > xulrunner-devel-1.9.0.2-5.el5.i386.rpm > xulrunner-devel-unstable-1.9.0.2-5.el5.i386.rpm > yelp-2.16.0-21.el5.i386.rpm > x86_64: > devhelp-0.12-19.el5.i386.rpm > devhelp-0.12-19.el5.x86_64.rpm > devhelp-devel-0.12-19.el5.i386.rpm > devhelp-devel-0.12-19.el5.x86_64.rpm > firefox-3.0.2-3.el5.i386.rpm > firefox-3.0.2-3.el5.x86_64.rpm > nss-3.12.1.1-1.el5.i386.rpm > nss-3.12.1.1-1.el5.x86_64.rpm > nss-devel-3.12.1.1-1.el5.i386.rpm > nss-devel-3.12.1.1-1.el5.x86_64.rpm > nss-pkcs11-devel-3.12.1.1-1.el5.i386.rpm > nss-pkcs11-devel-3.12.1.1-1.el5.x86_64.rpm > nss-tools-3.12.1.1-1.el5.x86_64.rpm > xulrunner-1.9.0.2-5.el5.i386.rpm > xulrunner-1.9.0.2-5.el5.x86_64.rpm > xulrunner-devel-1.9.0.2-5.el5.i386.rpm > xulrunner-devel-1.9.0.2-5.el5.x86_64.rpm > xulrunner-devel-unstable-1.9.0.2-5.el5.x86_64.rpm > yelp-2.16.0-21.el5.x86_64.rpm > > -Connie Sieh > -Troy Dawson > > > -- __________________________________________________ Troy Dawson [log in to unmask] (630)840-6468 Fermilab ComputingDivision/LCSI/CSI DSS Group __________________________________________________