----- Forwarded message from [EMAIL PROTECTED] ----- > From: [EMAIL PROTECTED] > Reply-To: [EMAIL PROTECTED] > Date: Mon, 31 Jul 2000 11:08:00 -0400 > To: [EMAIL PROTECTED] > Subject: [RHSA-2000:046-02] New netscape packages available to fix JPEG > problem > > --------------------------------------------------------------------- > Red Hat, Inc. Security Advisory > > Synopsis: New netscape packages available to fix JPEG problem > Advisory ID: RHSA-2000:046-02 > Issue date: 2000-07-28 > Updated on: 2000-07-28 > Product: Red Hat Linux > Keywords: netscpae JPEG > Cross references: N/A > --------------------------------------------------------------------- > > 1. Topic: > > New netscape packages are available that fix a potential > overflow due to improper input verification in netscape's JPEG > processing code. It is recommended that users of netscape update > to the fixed packages. Users of Red Hat Linux 6.0 and 6.1 > should use the packages for Red Hat Linux 6.2. > > 2. Relevant releases/architectures: > > Red Hat Linux 5.2 - i386 > Red Hat Linux 6.0 - i386 > Red Hat Linux 6.1 - i386 > Red Hat Linux 6.2 - i386, alpha > > 3. Problem description: > > Netscape's processing of JPEG comments trusted the length parameter > for comment fields; by manipulating this value, it would be possible > to cause netscape to read in an excessive amount of data, overwriting > memory. Specially designed data could allow a remote site to execute > arbitrary code as the user of netscape. > > This vulnerability is fixed in Netscape 4.74. > > 4. Solution: > > For each RPM for your particular architecture, run: > > rpm -Fvh [filename] > > where filename is the name of the RPM. > > 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): > > 10165 - Netscape mail client does not compact folders anymore > 13695 - Small glitch in German translation > 14506 - Upgrade of netscape-common fails > 14657 - /usr/lib/netscape/de_DE: cpio: unlinkfailed > > > 6. RPMs required: > > Red Hat Linux 5.2: > > i386: > ftp://updates.redhat.com/5.2/i386/netscape-common-4.74-0.5.2.i386.rpm > ftp://updates.redhat.com/5.2/i386/netscape-communicator-4.74-0.5.2.i386.rpm > ftp://updates.redhat.com/5.2/i386/netscape-navigator-4.74-0.5.2.i386.rpm > > sources: > ftp://updates.redhat.com/5.2/SRPMS/netscape-4.74-0.5.2.src.rpm > > Red Hat Linux 6.2: > > alpha: > ftp://updates.redhat.com/6.2/alpha/netscape-common-4.74-1.alpha.rpm > ftp://updates.redhat.com/6.2/alpha/netscape-communicator-4.74-1.alpha.rpm > ftp://updates.redhat.com/6.2/alpha/netscape-navigator-4.74-1.alpha.rpm > > i386: > ftp://updates.redhat.com/6.2/i386/netscape-common-4.74-0.6.2.i386.rpm > ftp://updates.redhat.com/6.2/i386/netscape-communicator-4.74-0.6.2.i386.rpm > ftp://updates.redhat.com/6.2/i386/netscape-navigator-4.74-0.6.2.i386.rpm > > sources: > ftp://updates.redhat.com/6.2/SRPMS/netscape-alpha-4.74-1.src.rpm > ftp://updates.redhat.com/6.2/SRPMS/netscape-4.74-0.6.2.src.rpm > > 7. Verification: > > MD5 sum Package Name > -------------------------------------------------------------------------- > 2520f9f234010f483d14ec524898ad29 5.2/SRPMS/netscape-4.74-0.5.2.src.rpm > 2dd30f35857c05304e54253e7564634b 5.2/i386/netscape-common-4.74-0.5.2.i386.rpm > 765fc5c8be9638560544379a3c7e1004 5.2/i386/netscape-communicator-4.74-0.5.2.i386.rpm > d6ecb766f5d979e2787f239fefcce8fd 5.2/i386/netscape-navigator-4.74-0.5.2.i386.rpm > 64999688cbd3b6be723c72d94dcb0f72 6.2/SRPMS/netscape-4.74-0.6.2.src.rpm > e75ad6a500fa4ac0ef919f65aa8871bd 6.2/SRPMS/netscape-alpha-4.74-1.src.rpm > 2796178bd0f400800d1fb5fccd39880b 6.2/alpha/netscape-common-4.74-1.alpha.rpm > 2f2260eb8030751838f9d14a4eca71ae 6.2/alpha/netscape-communicator-4.74-1.alpha.rpm > db641b2f9b63c3f986dece1ecc482d32 6.2/alpha/netscape-navigator-4.74-1.alpha.rpm > 2f2f1be58b481030eb2da12dcd9a6a54 6.2/i386/netscape-common-4.74-0.6.2.i386.rpm > 6b2045ecf408024a64962705c6395a1f 6.2/i386/netscape-communicator-4.74-0.6.2.i386.rpm > 03b93972ba0f114d4be9ef50a2a21fa5 6.2/i386/netscape-navigator-4.74-0.6.2.i386.rpm > > These packages are GPG signed by Red Hat, Inc. for security. Our key > is available at: > http://www.redhat.com/corp/contact.html > > You can verify each package with the following command: > rpm --checksig <filename> > > If you only wish to verify that each package has not been corrupted or > tampered with, examine only the md5sum with the following command: > rpm --checksig --nogpg <filename> > > 8. References: > > http://www.securityfocus.com/vdb/bottom.html?vid=15 > > > Copyright(c) 2000 Red Hat, Inc. > > ----- End forwarded message ----- -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
