Oval Definition:oval:com.redhat.rhsa:def:20120143
Revision Date:2012-02-16Version:634
Title:RHSA-2012:0143: xulrunner security update (Critical)
Description:XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine.

  • A heap-based buffer overflow flaw was found in the way XULRunner handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause an application linked against XULRunner (such as Firefox) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026)

    All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2011-3026
    CVE-2011-3026
    RHSA-2012:0143
    RHSA-2012:0143-01
    RHSA-2012:0143-01
    Platform(s):Red Hat Enterprise Linux 5
    Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • xulrunner is earlier than 0:1.9.2.26-2.el5_7
  • AND xulrunner is signed with Red Hat redhatrelease2 key
  • xulrunner-devel is earlier than 0:1.9.2.26-2.el5_7
  • AND xulrunner-devel is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • xulrunner is earlier than 0:1.9.2.26-2.el6_2
  • AND xulrunner is signed with Red Hat redhatrelease2 key
  • xulrunner-devel is earlier than 0:1.9.2.26-2.el6_2
  • AND xulrunner-devel is signed with Red Hat redhatrelease2 key
    • BACK