LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: mozilla multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux Versions of Mozilla previous to version 1.0.1 contain various security vulnerabilities.

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated Mozilla packages fix security vulnerabilities
Advisory ID:       RHSA-2002:192-13
Issue date:        2002-08-28
Updated on:        2002-10-09
Product:           Red Hat Linux
Keywords:          
Cross references:  
Obsoletes:         RHSA-2002:079
CVE Names:         CAN-2002-1126 CAN-2002-1091
---------------------------------------------------------------------

1. Topic:

Updated Mozilla packages are now available for Red Hat Linux.  These new
packages fix vulnerabilities in previous versions of Mozilla.

2. Relevant releases/architectures:

Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386

3. Problem description:

Mozilla is an open source web browser.  Versions of Mozilla previous to
version 1.0.1 contain various security vulnerabilities.  These
vulnerabilities could be used by an attacker to read data off of the local
hard drive, to gain information that should normally be kept private, and
in some cases to execute arbitrary code.  For more information on the
specific vulnerabilities fixed please see the references below.

All users of Mozilla should update to these errata packages containing
Mozilla version 1.0.1 which is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. RPMs required:

Red Hat Linux 7.2:

SRPMS: 
ftp://updates.Red Hat.com/7.2/en/os/SRPMS/mozilla-1.0.1-2.7.2.src.rpm 
ftp://updates.Red Hat.com/7.2/en/os/SRPMS/galeon-1.2.6-0.7.2.src.rpm 
ftp://updates.Red Hat.com/7.2/en/os/SRPMS/nautilus-1.0.4-48.src.rpm 
ftp://updates.Red Hat.com/7.2/en/os/SRPMS/gdk-pixbuf-0.14.0-0.7.2.src.rpm

i386: 
ftp://updates.Red Hat.com/7.2/en/os/i386/mozilla-1.0.1-2.7.2.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/mozilla-chat-1.0.1-2.7.2.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/mozilla-devel-1.0.1-2.7.2.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/mozilla-dom-inspector-1.0.1-2.7.2.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/mozilla-js-debugger-1.0.1-2.7.2.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/mozilla-mail-1.0.1-2.7.2.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/mozilla-nspr-1.0.1-2.7.2.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/mozilla-nspr-devel-1.0.1-2.7.2.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/mozilla-nss-1.0.1-2.7.2.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/mozilla-nss-devel-1.0.1-2.7.2.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/mozilla-psm-1.0.1-2.7.2.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/galeon-1.2.6-0.7.2.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/nautilus-1.0.4-48.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/nautilus-mozilla-1.0.4-48.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/nautilus-devel-1.0.4-48.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/gdk-pixbuf-0.14.0-0.7.2.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/gdk-pixbuf-gnome-0.14.0-0.7.2.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/gdk-pixbuf-devel-0.14.0-0.7.2.i386.rpm

ia64: 
ftp://updates.Red Hat.com/7.2/en/os/ia64/nautilus-1.0.4-48.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/nautilus-devel-1.0.4-48.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/gdk-pixbuf-0.14.0-0.7.2.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/gdk-pixbuf-gnome-0.14.0-0.7.2.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/gdk-pixbuf-devel-0.14.0-0.7.2.ia64.rpm

Red Hat Linux 7.3:

SRPMS: 
ftp://updates.Red Hat.com/7.3/en/os/SRPMS/mozilla-1.0.1-2.7.3.src.rpm 
ftp://updates.Red Hat.com/7.3/en/os/SRPMS/galeon-1.2.6-0.7.3.src.rpm 
ftp://updates.Red Hat.com/7.3/en/os/SRPMS/nautilus-1.0.6-16.src.rpm

i386: 
ftp://updates.Red Hat.com/7.3/en/os/i386/mozilla-1.0.1-2.7.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/mozilla-chat-1.0.1-2.7.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/mozilla-devel-1.0.1-2.7.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/mozilla-dom-inspector-1.0.1-2.7.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/mozilla-js-debugger-1.0.1-2.7.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/mozilla-mail-1.0.1-2.7.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/mozilla-nspr-1.0.1-2.7.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/mozilla-nspr-devel-1.0.1-2.7.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/mozilla-nss-1.0.1-2.7.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/mozilla-nss-devel-1.0.1-2.7.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/mozilla-psm-1.0.1-2.7.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/galeon-1.2.6-0.7.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/nautilus-1.0.6-16.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/nautilus-mozilla-1.0.6-16.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/nautilus-devel-1.0.6-16.i386.rpm

Red Hat Linux 8.0:

SRPMS: 
ftp://updates.Red Hat.com/8.0/en/os/SRPMS/galeon-1.2.6-0.8.0.src.rpm 
ftp://updates.Red Hat.com/8.0/en/os/SRPMS/mozilla-1.0.1-26.src.rpm

i386: 
ftp://updates.Red Hat.com/8.0/en/os/i386/galeon-1.2.6-0.8.0.i386.rpm 
ftp://updates.Red Hat.com/8.0/en/os/i386/mozilla-1.0.1-26.i386.rpm 
ftp://updates.Red Hat.com/8.0/en/os/i386/mozilla-chat-1.0.1-26.i386.rpm 
ftp://updates.Red Hat.com/8.0/en/os/i386/mozilla-devel-1.0.1-26.i386.rpm 
ftp://updates.Red Hat.com/8.0/en/os/i386/mozilla-dom-inspector-1.0.1-26.i386.rpm 
ftp://updates.Red Hat.com/8.0/en/os/i386/mozilla-js-debugger-1.0.1-26.i386.rpm 
ftp://updates.Red Hat.com/8.0/en/os/i386/mozilla-mail-1.0.1-26.i386.rpm 
ftp://updates.Red Hat.com/8.0/en/os/i386/mozilla-nspr-1.0.1-26.i386.rpm 
ftp://updates.Red Hat.com/8.0/en/os/i386/mozilla-nspr-devel-1.0.1-26.i386.rpm 
ftp://updates.Red Hat.com/8.0/en/os/i386/mozilla-nss-1.0.1-26.i386.rpm 
ftp://updates.Red Hat.com/8.0/en/os/i386/mozilla-nss-devel-1.0.1-26.i386.rpm 
ftp://updates.Red Hat.com/8.0/en/os/i386/mozilla-psm-1.0.1-26.i386.rpm



6. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
2c9290ece68000873e629ce86552a196 7.2/en/os/SRPMS/galeon-1.2.6-0.7.2.src.rpm
45ac827625017ff0fbf6d5cef7435aeb 7.2/en/os/SRPMS/gdk-pixbuf-0.14.0-0.7.2.src.rpm
f92260127e30ed4da890502653b0e029 7.2/en/os/SRPMS/mozilla-1.0.1-2.7.2.src.rpm
edf75a33af3af645257bd16d35637664 7.2/en/os/SRPMS/nautilus-1.0.4-48.src.rpm
bce50acc0675f468a9b08d125d0f4be2 7.2/en/os/i386/galeon-1.2.6-0.7.2.i386.rpm
bbaa3bf0948a2889644db081355ccfdf 7.2/en/os/i386/gdk-pixbuf-0.14.0-0.7.2.i386.rpm
35043786032f1399077cb42021e3b372 7.2/en/os/i386/gdk-pixbuf-devel-0.14.0-0.7.2.i386.rpm
37f9cf9f4fe3619c1d7e88a5a0f6ccca 7.2/en/os/i386/gdk-pixbuf-gnome-0.14.0-0.7.2.i386.rpm
55cae02cdb3588ecdb5c98162658dcf0 7.2/en/os/i386/mozilla-1.0.1-2.7.2.i386.rpm
f02f614a369d697f72d4668306b429a3 7.2/en/os/i386/mozilla-chat-1.0.1-2.7.2.i386.rpm
c837cb4b7e86c203e3826e154bdd53bc 7.2/en/os/i386/mozilla-devel-1.0.1-2.7.2.i386.rpm
eb96ae6280da1b4e9af11320e466d95a 7.2/en/os/i386/mozilla-dom-inspector-1.0.1-2.7.2.i386.rpm
9c3612262d14acf6453c6e12d2931cd8 7.2/en/os/i386/mozilla-js-debugger-1.0.1-2.7.2.i386.rpm
4049e74e502d396c6de586f23d1e6543 7.2/en/os/i386/mozilla-mail-1.0.1-2.7.2.i386.rpm
b7845d71694282593fab8d7e59761592 7.2/en/os/i386/mozilla-nspr-1.0.1-2.7.2.i386.rpm
caf0ad56986e6be4c7e2143c26729e09 7.2/en/os/i386/mozilla-nspr-devel-1.0.1-2.7.2.i386.rpm
8fa96d2226a69d3e90042bd96ff755ef 7.2/en/os/i386/mozilla-nss-1.0.1-2.7.2.i386.rpm
4fbd4d48b9fed65d1d78790dd8f1df6c 7.2/en/os/i386/mozilla-nss-devel-1.0.1-2.7.2.i386.rpm
1153effb7a20ba940d84ccf4d2d1ba6d 7.2/en/os/i386/mozilla-psm-1.0.1-2.7.2.i386.rpm
e0719ff530dceeaf85c0b35a076ff248 7.2/en/os/i386/nautilus-1.0.4-48.i386.rpm
5733116ad2f47d7af6f28e96c2d96545 7.2/en/os/i386/nautilus-devel-1.0.4-48.i386.rpm
a35343068ce221c7cae6c321b8999c6f 7.2/en/os/i386/nautilus-mozilla-1.0.4-48.i386.rpm
a214992d302e65c74547cb4f76754037 7.2/en/os/ia64/gdk-pixbuf-0.14.0-0.7.2.ia64.rpm
ee37c010271bdef5d716cb9893ce86a2 7.2/en/os/ia64/gdk-pixbuf-devel-0.14.0-0.7.2.ia64.rpm
ba5982cf9c1ab63b92206bd9b599504c 7.2/en/os/ia64/gdk-pixbuf-gnome-0.14.0-0.7.2.ia64.rpm
dc7707c2e2e580801ef4e56628a73abb 7.2/en/os/ia64/nautilus-1.0.4-48.ia64.rpm
4e7d0a6909c132733dc9e9d935155626 7.2/en/os/ia64/nautilus-devel-1.0.4-48.ia64.rpm
fb77474103240a26f072c20a7fd882aa 7.3/en/os/SRPMS/galeon-1.2.6-0.7.3.src.rpm
413fdcc522366c152052a45c04cbd514 7.3/en/os/SRPMS/mozilla-1.0.1-2.7.3.src.rpm
96f43ccc321db5a6c94aa8918bd67276 7.3/en/os/SRPMS/nautilus-1.0.6-16.src.rpm
9e6581d0c1130fe9c5b586fef8b801fd 7.3/en/os/i386/galeon-1.2.6-0.7.3.i386.rpm
3b7cbffce1e495fa0e7ab35524b6d8a7 7.3/en/os/i386/mozilla-1.0.1-2.7.3.i386.rpm
c904e415dd240afd88858fc190e434f1 7.3/en/os/i386/mozilla-chat-1.0.1-2.7.3.i386.rpm
bc8b506c8ba8ef533cb7aee51463d1fc 7.3/en/os/i386/mozilla-devel-1.0.1-2.7.3.i386.rpm
23e6364b844beda678b47d4eec6fd7c7 7.3/en/os/i386/mozilla-dom-inspector-1.0.1-2.7.3.i386.rpm
d9d5da9c42bb40629be4e2f569a535f8 7.3/en/os/i386/mozilla-js-debugger-1.0.1-2.7.3.i386.rpm
1002a1657091994e2b6c641efccd3084 7.3/en/os/i386/mozilla-mail-1.0.1-2.7.3.i386.rpm
e5088a329b5b370f99d1bcdc91fd1da5 7.3/en/os/i386/mozilla-nspr-1.0.1-2.7.3.i386.rpm
4d91282c418fd138d463a4f597fbe0c8 7.3/en/os/i386/mozilla-nspr-devel-1.0.1-2.7.3.i386.rpm
5cc1495b12fcb7aa2c5bd12cc8f3cb00 7.3/en/os/i386/mozilla-nss-1.0.1-2.7.3.i386.rpm
6bece76a0b4c597a2e421c9dff5abf37 7.3/en/os/i386/mozilla-nss-devel-1.0.1-2.7.3.i386.rpm
e14c15e957472c4e1258df02821c9a42 7.3/en/os/i386/mozilla-psm-1.0.1-2.7.3.i386.rpm
d35b4a163ae71d132a1f54abb04c6dfc 7.3/en/os/i386/nautilus-1.0.6-16.i386.rpm
379c05ad14b9a8154a9afe1259fe9435 7.3/en/os/i386/nautilus-devel-1.0.6-16.i386.rpm
bfea3b16bf8ef7a706c796a26ea4afdb 7.3/en/os/i386/nautilus-mozilla-1.0.6-16.i386.rpm
ad145735d93c8ab0e1a6ae067ce8087d 8.0/en/os/SRPMS/galeon-1.2.6-0.8.0.src.rpm
a72e5a350f3d8060510cbae91ac0f7a2 8.0/en/os/SRPMS/mozilla-1.0.1-26.src.rpm
d8d8b5eb226c715b6f2caadd891f3589 8.0/en/os/i386/galeon-1.2.6-0.8.0.i386.rpm
8970dd4ed15dc723b69981a759dc276d 8.0/en/os/i386/mozilla-1.0.1-26.i386.rpm
c937a851972b2dc0b5fc3fcb1102b271 8.0/en/os/i386/mozilla-chat-1.0.1-26.i386.rpm
dea17caeaecf5409b109c159c103b79f 8.0/en/os/i386/mozilla-devel-1.0.1-26.i386.rpm
e076a16d042773e89e12b28b7881b0d3 8.0/en/os/i386/mozilla-dom-inspector-1.0.1-26.i386.rpm
4e598807c3deb705bb1acaf49d27bdc1 8.0/en/os/i386/mozilla-js-debugger-1.0.1-26.i386.rpm
738ab97dc4b45cdfc2f2183b34094b0e 8.0/en/os/i386/mozilla-mail-1.0.1-26.i386.rpm
dafdc4e139a1b472facce214480de017 8.0/en/os/i386/mozilla-nspr-1.0.1-26.i386.rpm
1f5436dcc047c4957235abde0c7d635f 8.0/en/os/i386/mozilla-nspr-devel-1.0.1-26.i386.rpm
8e9bdb03a9ddd07a48fa1dac1268a89d 8.0/en/os/i386/mozilla-nss-1.0.1-26.i386.rpm
8c943caa6cfb3f885ecaed505682fdba 8.0/en/os/i386/mozilla-nss-devel-1.0.1-26.i386.rpm
e626196daf83519788f137637c9599d1 8.0/en/os/i386/mozilla-psm-1.0.1-26.i386.rpm


These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     http://www.Red Hat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 


7. References:
 
http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html 
http://bugzilla.mozilla.org/show_bug.cgi?id=145579 
http://bugzilla.mozilla.org/show_bug.cgi?id=169982 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1126 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1091


Copyright(c) 2000, 2001, 2002 Red Hat, Inc. 



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Mobile Device Encryption Could Lead to a ‘Very, Very Dark Place’, FBI Director Says
What a hacker can learn about your life from the coffee shop’s Wi-Fi network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.