Skip to navigation

Security Advisory Critical: firefox security update

Advisory: RHSA-2012:0142-1
Type: Security Advisory
Severity: Critical
Issued on: 2012-02-16
Last updated on: 2012-02-16
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2011-3026

Details

An updated firefox package that fixes one security issue is now available
for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Mozilla Firefox is an open source web browser.

A heap-based buffer overflow flaw was found in the way Firefox handled
PNG (Portable Network Graphics) images. A web page containing a malicious
PNG image could cause Firefox to crash or, possibly, execute arbitrary
code with the privileges of the user running Firefox. (CVE-2011-3026)

All Firefox users should upgrade to this updated package, which corrects
this issue. After installing the update, Firefox must be restarted for the
changes to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
firefox-3.6.26-3.el4.src.rpm     MD5: 288284dfc9f444f7eec70466043b683f
SHA-256: 6caa13d0761e0e463327149e1f0f509d87f16dfc4088fbe29607786a61e32305
 
IA-32:
firefox-3.6.26-3.el4.i386.rpm     MD5: 638636f57efe245b19f897c3c072cbc8
SHA-256: fe1dd9c661fbe9e4b30aafc64f840fdb8ad74d2e76d21c24b5a02373246e15d8
 
x86_64:
firefox-3.6.26-3.el4.x86_64.rpm     MD5: fb1b44e63ba197a874cbe758af3a1d61
SHA-256: 2ad5797c002f2a8c8e54518c452dae16981403e5850ae98bff9c0769cea2bb8f
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
firefox-3.6.26-3.el4.src.rpm     MD5: 288284dfc9f444f7eec70466043b683f
SHA-256: 6caa13d0761e0e463327149e1f0f509d87f16dfc4088fbe29607786a61e32305
 
IA-32:
firefox-3.6.26-3.el4.i386.rpm     MD5: 638636f57efe245b19f897c3c072cbc8
SHA-256: fe1dd9c661fbe9e4b30aafc64f840fdb8ad74d2e76d21c24b5a02373246e15d8
 
IA-64:
firefox-3.6.26-3.el4.ia64.rpm     MD5: dffb9680f870d344f3bf40727ccb6484
SHA-256: 0214ba88f15acbec7c0294035fa34c4c3516ad3a415c7480e4266b2ad18fff50
 
PPC:
firefox-3.6.26-3.el4.ppc.rpm     MD5: 1a5a12bcdaaf84e6adf1d89405721b62
SHA-256: c55ed1937833bae82946f5891e4757f7671f79df2d1dd1071369601c332f5328
 
s390:
firefox-3.6.26-3.el4.s390.rpm     MD5: 6fe6feecffb5cb65a3528df8b4317c57
SHA-256: aee63160486d605585a287014f1bc47aba661cadc6061422eee9f9deece6691f
 
s390x:
firefox-3.6.26-3.el4.s390x.rpm     MD5: d01afd172ebf27b073f0c7b3d9a6e6f9
SHA-256: bd7a9b18988b8b789c87b08ec704c22ddbe47256b48bd16029ec134569dea146
 
x86_64:
firefox-3.6.26-3.el4.x86_64.rpm     MD5: fb1b44e63ba197a874cbe758af3a1d61
SHA-256: 2ad5797c002f2a8c8e54518c452dae16981403e5850ae98bff9c0769cea2bb8f
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
firefox-3.6.26-3.el4.src.rpm     MD5: 288284dfc9f444f7eec70466043b683f
SHA-256: 6caa13d0761e0e463327149e1f0f509d87f16dfc4088fbe29607786a61e32305
 
IA-32:
firefox-3.6.26-3.el4.i386.rpm     MD5: 638636f57efe245b19f897c3c072cbc8
SHA-256: fe1dd9c661fbe9e4b30aafc64f840fdb8ad74d2e76d21c24b5a02373246e15d8
 
IA-64:
firefox-3.6.26-3.el4.ia64.rpm     MD5: dffb9680f870d344f3bf40727ccb6484
SHA-256: 0214ba88f15acbec7c0294035fa34c4c3516ad3a415c7480e4266b2ad18fff50
 
x86_64:
firefox-3.6.26-3.el4.x86_64.rpm     MD5: fb1b44e63ba197a874cbe758af3a1d61
SHA-256: 2ad5797c002f2a8c8e54518c452dae16981403e5850ae98bff9c0769cea2bb8f
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
firefox-3.6.26-3.el4.src.rpm     MD5: 288284dfc9f444f7eec70466043b683f
SHA-256: 6caa13d0761e0e463327149e1f0f509d87f16dfc4088fbe29607786a61e32305
 
IA-32:
firefox-3.6.26-3.el4.i386.rpm     MD5: 638636f57efe245b19f897c3c072cbc8
SHA-256: fe1dd9c661fbe9e4b30aafc64f840fdb8ad74d2e76d21c24b5a02373246e15d8
 
IA-64:
firefox-3.6.26-3.el4.ia64.rpm     MD5: dffb9680f870d344f3bf40727ccb6484
SHA-256: 0214ba88f15acbec7c0294035fa34c4c3516ad3a415c7480e4266b2ad18fff50
 
x86_64:
firefox-3.6.26-3.el4.x86_64.rpm     MD5: fb1b44e63ba197a874cbe758af3a1d61
SHA-256: 2ad5797c002f2a8c8e54518c452dae16981403e5850ae98bff9c0769cea2bb8f
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

790737 - CVE-2011-3026 libpng: Heap-buffer-overflow in png_decompress_chunk


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/