` 
---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          New netscape packages available to fix JPEG problem
Advisory ID:       RHSA-2000:046-02
Issue date:        2000-07-28
Updated on:        2000-07-28
Product:           Red Hat Linux
Keywords:          netscpae JPEG
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

New netscape packages are available that fix a potential 
overflow due to improper input verification in netscape's JPEG
processing code. It is recommended that users of netscape update
to the fixed packages. Users of Red Hat Linux 6.0 and 6.1 
should use the packages for Red Hat Linux 6.2.

2. Relevant releases/architectures:

Red Hat Linux 5.2 - i386
Red Hat Linux 6.0 - i386
Red Hat Linux 6.1 - i386
Red Hat Linux 6.2 - i386, alpha

3. Problem description:

Netscape's processing of JPEG comments trusted the length parameter
for comment fields; by manipulating this value, it would be possible
to cause netscape to read in an excessive amount of data, overwriting
memory. Specially designed data could allow a remote site to execute
arbitrary code as the user of netscape.

This vulnerability is fixed in Netscape 4.74.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed  ( for more info):

10165 - Netscape mail client does not compact folders anymore
13695 - Small glitch in German translation
14506 - Upgrade of netscape-common fails
14657 - /usr/lib/netscape/de_DE: cpio: unlinkfailed


6. RPMs required:

Red Hat Linux 5.2:

i386: 
 
 

sources: 

Red Hat Linux 6.2:

alpha: 
 
 

i386: 
 
 

sources: 
 

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
2520f9f234010f483d14ec524898ad29  5.2/SRPMS/netscape-4.74-0.5.2.src.rpm
2dd30f35857c05304e54253e7564634b  5.2/i386/netscape-common-4.74-0.5.2.i386.rpm
765fc5c8be9638560544379a3c7e1004  5.2/i386/netscape-communicator-4.74-0.5.2.i386.rpm
d6ecb766f5d979e2787f239fefcce8fd  5.2/i386/netscape-navigator-4.74-0.5.2.i386.rpm
64999688cbd3b6be723c72d94dcb0f72  6.2/SRPMS/netscape-4.74-0.6.2.src.rpm
e75ad6a500fa4ac0ef919f65aa8871bd  6.2/SRPMS/netscape-alpha-4.74-1.src.rpm
2796178bd0f400800d1fb5fccd39880b  6.2/alpha/netscape-common-4.74-1.alpha.rpm
2f2260eb8030751838f9d14a4eca71ae  6.2/alpha/netscape-communicator-4.74-1.alpha.rpm
db641b2f9b63c3f986dece1ecc482d32  6.2/alpha/netscape-navigator-4.74-1.alpha.rpm
2f2f1be58b481030eb2da12dcd9a6a54  6.2/i386/netscape-common-4.74-0.6.2.i386.rpm
6b2045ecf408024a64962705c6395a1f  6.2/i386/netscape-communicator-4.74-0.6.2.i386.rpm
03b93972ba0f114d4be9ef50a2a21fa5  6.2/i386/netscape-navigator-4.74-0.6.2.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     
You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:
 


Copyright(c) 2000 Red Hat, Inc.
`

RedHat: netscape vulnerability

New netscape packages are available that fix a potential overflow due to improper input verification in netscape's JPEGprocessing code.

Summary



Summary

Netscape's processing of JPEG comments trusted the length parameterfor comment fields; by manipulating this value, it would be possibleto cause netscape to read in an excessive amount of data, overwritingmemory. Specially designed data could allow a remote site to executearbitrary code as the user of netscape.This vulnerability is fixed in Netscape 4.74.


Solution

For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
5. Bug IDs fixed ( for more info):
10165 - Netscape mail client does not compact folders anymore 13695 - Small glitch in German translation 14506 - Upgrade of netscape-common fails 14657 - /usr/lib/netscape/de_DE: cpio: unlinkfailed

6. RPMs required:
Red Hat Linux 5.2:
i386:


sources:
Red Hat Linux 6.2:
alpha:


i386:


sources:

7. Verification:
MD5 sum Package Name 2520f9f234010f483d14ec524898ad29 5.2/SRPMS/netscape-4.74-0.5.2.src.rpm 2dd30f35857c05304e54253e7564634b 5.2/i386/netscape-common-4.74-0.5.2.i386.rpm 765fc5c8be9638560544379a3c7e1004 5.2/i386/netscape-communicator-4.74-0.5.2.i386.rpm d6ecb766f5d979e2787f239fefcce8fd 5.2/i386/netscape-navigator-4.74-0.5.2.i386.rpm 64999688cbd3b6be723c72d94dcb0f72 6.2/SRPMS/netscape-4.74-0.6.2.src.rpm e75ad6a500fa4ac0ef919f65aa8871bd 6.2/SRPMS/netscape-alpha-4.74-1.src.rpm 2796178bd0f400800d1fb5fccd39880b 6.2/alpha/netscape-common-4.74-1.alpha.rpm 2f2260eb8030751838f9d14a4eca71ae 6.2/alpha/netscape-communicator-4.74-1.alpha.rpm db641b2f9b63c3f986dece1ecc482d32 6.2/alpha/netscape-navigator-4.74-1.alpha.rpm 2f2f1be58b481030eb2da12dcd9a6a54 6.2/i386/netscape-common-4.74-0.6.2.i386.rpm 6b2045ecf408024a64962705c6395a1f 6.2/i386/netscape-communicator-4.74-0.6.2.i386.rpm 03b93972ba0f114d4be9ef50a2a21fa5 6.2/i386/netscape-navigator-4.74-0.6.2.i386.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
You can verify each package with the following command: rpm --checksig
If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

References

Copyright(c) 2000 Red Hat, Inc. `

Package List


Severity
Advisory ID: RHSA-2000:046-02
Issued Date: : 2000-07-28
Updated on: 2000-07-28
Product: Red Hat Linux
Keywords: netscpae JPEG
Cross references: N/A

Topic


Topic

New netscape packages are available that fix a potential

overflow due to improper input verification in netscape's JPEG

processing code. It is recommended that users of netscape update

to the fixed packages. Users of Red Hat Linux 6.0 and 6.1

should use the packages for Red Hat Linux 6.2.


 

Relevant Releases Architectures

Red Hat Linux 5.2 - i386

Red Hat Linux 6.0 - i386

Red Hat Linux 6.1 - i386

Red Hat Linux 6.2 - i386, alpha


Bugs Fixed


Related News

28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for
4.Lock AbstractDigital Esm H320
2 - 3 min read
Canonical , the company behind Ubuntu , has introduced Netplan 1.0 , a network configuration tool that simplifies networking configuration on Linux

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved