RH6.1: netscape (RHSA-1999:039-02)
Posted by LinuxSecurity.com Team   
RedHat Linux A new version of Netscape has been released. This release fixes some security problems in Javascript and form signing.
 
Red Hat, Inc. Security Advisory
Package Netscape

Synopsis New netscape packages available

Advisory ID RHSA-1999:039-02

Issue Date 1999-10-04

Updated on 1999-10-08

Keywords netscape 4.7 communicator navigator

Revision History:
1999-10-08: New packages for Red Hat Linux 6.x, to fix %post script bug. Users of the previous errata packages (4.7-1.1) may want to run: chkfontpath --add /usr/X11R6/lib/X11/fonts/75dpi as opposed to downloading the new packages. Removed bogus Sparc package listing.

1. Topic:
A new version of Netscape has been released. This release fixes some security problems in Javascript and form signing.

2. Bug IDs fixed:
None

3. Relevant releases/architectures:
Red Hat Linux 6.x, Intel Sparc packages will be available if/when Netscape updates their Sparc releases.

4. Obsoleted by:
None

5. Conflicts with:
None

6. RPMs required:

Intel:

ftp://updates.Red Hat.com/6.1/i386/

netscape-common-4.7-1.1.i386.rpm
netscape-communicator-4.7-1.1.i386.rpm
netscape-navigator-4.7-1.1.i386.rpm

Source:

ftp://updates.Red Hat.com/6.1/SRPMS

netscape- 4.7-1.1.src.rpm

Red Hat Linux 6.1, US-only Version:

Intel:

netscape-common-4.7-1.1.i386.rpm.rhmask

netscape-communicator-4.7- 1.1.i386.rpm.rhmask

netscape-navigator-4.7- 1.1.i386.rpm.rhmask

Source:

netscape-4.7-1.1.src.rpm.rhmask

These updates are available in rhmask-ed RPM format. To obtain valid RPMs from rhmask-ed ones you will need to have available the original binary RPMs shipped with your Red Hat Linux 6.1 CD. Copy those rpms to your temporary directory along with the .rhmask files available here. Then you will have to use the rhmask program to obtain the updated RPMs:

rhmask netscape-common-4.61-12us.i386.rpm netscape-common-4.7- 1.1.i386.rpm.rhmask

rhmask netscape-communicator-4.61-12us.i386.rpm netscape-communicator-4.7- 1.1.i386.rpm.rhmask (all on one line)

rhmask netscape-communicator-4.61-12us.i386.rpm netscape-navigator-4.7- 1.1.i386.rpm.rhmask (all on one line)

7. Problem description:
A new version of Netscape has been released. This release fixes some security problems in Javascript and form signing, as well as adding some new features. For more information, please see:

http://home.netscape.com/eng/mozilla/4.7/relnotes/unix-4.7.html

(1999-10-08)
The original packages released for Red Hat Linux 6.0 and 6.1 had an error in the post-install script; the 75dpi font directory was accidentally removed from the font path instead of added. This is fixed in the updated packages. Users of the previous packages may wish to run (as root):

chkfontpath --add /usr/X11R6/lib/X11/fonts/75dpi
/etc/rc.d/init.d/xfs restart

as opposed to downloading the new packages, as the package contents have not changed.

8. Solution:

For each RPM for your particular architecture, run:

rpm -Uvh filename

where filename is the name of the RPM.

9. Verification:


 MD5 sum                           Package Name

 -------------------------------------------------------------------------
 da8414206db834a9cf40c387f1ac2920  netscape-common-4.7-1.1.i386.rpm
b1efd248d95a1a1cd7b9a5a1caef1922  netscape-communicator-4.7-1.1.i386.rpm
d5529c3e2403ff2a3ce4483b6c2eb131  netscape-navigator-4.7-1.1.i386.rpm
c8dd34bd0cad87bfd1d51a0c56713ac3  netscape-4.7-1.1.src.rpm

6d15f2d2fbb49a3603bfcbfad2741142  netscape-common-4.7-1.1us.i386.rpm.rhmask
84bc2680b0344417a99357f58baac962  netscape-communicator-4.7-
1.1us.i386.rpm.rhmask
f69bd8d20b64a699ae48fe59db612034  netscape-navigator-4.7-1.1us.i386.rpm.rhmask
b7f76b259d4f290e525b60ebcfd0a100  netscape-4.7-1.1us.src.rpm.rhmask



These packages are signed with GnuPG by Red Hat Inc. for security. Our key is available at:

http://www.Red Hat.com/corp/contact.html

and is also attached to this annoucement.

You can verify each package with the following command:

rpm --checksig filename

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:

rpm --checksig --nogpg filename

Note that you need RPM >= 3.0 to check GnuPG keys.

10. References: