LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: netscape vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux New netscape packages are available that fix a potential overflow due to improper input verification in netscape's JPEGprocessing code.
---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          New netscape packages available to fix JPEG problem
Advisory ID:       RHSA-2000:046-02
Issue date:        2000-07-28
Updated on:        2000-07-28
Product:           Red Hat Linux
Keywords:          netscpae JPEG
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

New netscape packages are available that fix a potential 
overflow due to improper input verification in netscape's JPEG
processing code. It is recommended that users of netscape update
to the fixed packages. Users of Red Hat Linux 6.0 and 6.1 
should use the packages for Red Hat Linux 6.2.

2. Relevant releases/architectures:

Red Hat Linux 5.2 - i386
Red Hat Linux 6.0 - i386
Red Hat Linux 6.1 - i386
Red Hat Linux 6.2 - i386, alpha

3. Problem description:

Netscape's processing of JPEG comments trusted the length parameter
for comment fields; by manipulating this value, it would be possible
to cause netscape to read in an excessive amount of data, overwriting
memory. Specially designed data could allow a remote site to execute
arbitrary code as the user of netscape.

This vulnerability is fixed in Netscape 4.74.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed  (http://bugzilla.Red Hat.com/bugzilla for more info):

10165 - Netscape mail client does not compact folders anymore
13695 - Small glitch in German translation
14506 - Upgrade of netscape-common fails
14657 - /usr/lib/netscape/de_DE: cpio: unlinkfailed


6. RPMs required:

Red Hat Linux 5.2:

i386: 
ftp://updates.Red Hat.com/5.2/i386/netscape-common-4.74-0.5.2.i386.rpm 
ftp://updates.Red Hat.com/5.2/i386/netscape-communicator-4.74-0.5.2.i386.rpm 
ftp://updates.Red Hat.com/5.2/i386/netscape-navigator-4.74-0.5.2.i386.rpm

sources: 
ftp://updates.Red Hat.com/5.2/SRPMS/netscape-4.74-0.5.2.src.rpm

Red Hat Linux 6.2:

alpha: 
ftp://updates.Red Hat.com/6.2/alpha/netscape-common-4.74-1.alpha.rpm 
ftp://updates.Red Hat.com/6.2/alpha/netscape-communicator-4.74-1.alpha.rpm 
ftp://updates.Red Hat.com/6.2/alpha/netscape-navigator-4.74-1.alpha.rpm

i386: 
ftp://updates.Red Hat.com/6.2/i386/netscape-common-4.74-0.6.2.i386.rpm 
ftp://updates.Red Hat.com/6.2/i386/netscape-communicator-4.74-0.6.2.i386.rpm 
ftp://updates.Red Hat.com/6.2/i386/netscape-navigator-4.74-0.6.2.i386.rpm

sources: 
ftp://updates.Red Hat.com/6.2/SRPMS/netscape-alpha-4.74-1.src.rpm 
ftp://updates.Red Hat.com/6.2/SRPMS/netscape-4.74-0.6.2.src.rpm

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
2520f9f234010f483d14ec524898ad29  5.2/SRPMS/netscape-4.74-0.5.2.src.rpm
2dd30f35857c05304e54253e7564634b  5.2/i386/netscape-common-4.74-0.5.2.i386.rpm
765fc5c8be9638560544379a3c7e1004  5.2/i386/netscape-communicator-4.74-0.5.2.i386.rpm
d6ecb766f5d979e2787f239fefcce8fd  5.2/i386/netscape-navigator-4.74-0.5.2.i386.rpm
64999688cbd3b6be723c72d94dcb0f72  6.2/SRPMS/netscape-4.74-0.6.2.src.rpm
e75ad6a500fa4ac0ef919f65aa8871bd  6.2/SRPMS/netscape-alpha-4.74-1.src.rpm
2796178bd0f400800d1fb5fccd39880b  6.2/alpha/netscape-common-4.74-1.alpha.rpm
2f2260eb8030751838f9d14a4eca71ae  6.2/alpha/netscape-communicator-4.74-1.alpha.rpm
db641b2f9b63c3f986dece1ecc482d32  6.2/alpha/netscape-navigator-4.74-1.alpha.rpm
2f2f1be58b481030eb2da12dcd9a6a54  6.2/i386/netscape-common-4.74-0.6.2.i386.rpm
6b2045ecf408024a64962705c6395a1f  6.2/i386/netscape-communicator-4.74-0.6.2.i386.rpm
03b93972ba0f114d4be9ef50a2a21fa5  6.2/i386/netscape-navigator-4.74-0.6.2.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     http://www.Red Hat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:
 
http://www.securityfocus.com/vdb/bottom.html?vid=15


Copyright(c) 2000 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Heartbleed: Security experts reality-check the 3 most hysterical fears
Open source trounces proprietary software for code defects, Coverity analysis finds
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.