Security Advisory New Netscape packages available

Advisory: RHSA-2000:109-05
Type: Security Advisory
Severity: N/A
Issued on: 2000-11-27
Last updated on: 2000-11-27
Affected Products: Red Hat Linux 6.2
Red Hat Linux 7.0
OVAL: N/A
CVEs (cve.mitre.org): CVE-2000-1187

Details

New Netscape packages are available that fix a buffer overflow
in parsing HTML.

It is recommended that all Netscape users update to the fixed packages.

2000-11-27: Added packages for Red Hat Linux 7 for Alpha

A buffer overflow exists in Netscape's HTML parsing code. By
using specially designed code, a remote website could cause
arbitrary code to be run on the local machine.


Solution

For each RPM for your particular architecture, run:



rpm -Fvh [filename]



where filename is the name of the RPM.

Updated packages

Red Hat Linux 6.2
alpha:
ftp://updates.redhat.com/6.2/alpha/netscape-common-4.76-0.6.2.alpha.rpm
Missing file		     acbb0bcbca33eb41e396a9c7013e2d3d
ftp://updates.redhat.com/6.2/alpha/netscape-communicator-4.76-0.6.2.alpha.rpm
Missing file		     5709be8e1656a2eff9fafe719f5528d2
ftp://updates.redhat.com/6.2/alpha/netscape-navigator-4.76-0.6.2.alpha.rpm
Missing file		     9aa6f256592c3f96ee60c57b879618b2
 
i386:
ftp://updates.redhat.com/6.2/i386/netscape-common-4.76-0.6.2.i386.rpm
Missing file		     b4a875d94e0947b16b9a973d23f6222b
ftp://updates.redhat.com/6.2/i386/netscape-communicator-4.76-0.6.2.i386.rpm
Missing file		     fcde6218d7de0e9e009892c57e7f88ca
ftp://updates.redhat.com/6.2/i386/netscape-navigator-4.76-0.6.2.i386.rpm
Missing file		     670b08cbad1097f4ca923071c202b5dd
 
Red Hat Linux 7.0
alpha:
ftp://updates.redhat.com/7.0/alpha/netscape-common-4.76-1.alpha.rpm
Missing file		     199832fec88401961e33203adf3a27c2
ftp://updates.redhat.com/7.0/alpha/netscape-communicator-4.76-1.alpha.rpm
Missing file		     29848ea9545c21d3bb0d8318265fd918
ftp://updates.redhat.com/7.0/alpha/netscape-navigator-4.76-1.alpha.rpm
Missing file		     1f27bf46ccf8c7d0bfa7106240cc8174
 
i386:
ftp://updates.redhat.com/7.0/i386/netscape-common-4.76-1.i386.rpm
Missing file		     3bb98e22f094236211955579c7ce49ad
ftp://updates.redhat.com/7.0/i386/netscape-communicator-4.76-1.i386.rpm
Missing file		     fc03263dbbbe7f8f1031200d9a8e2022
ftp://updates.redhat.com/7.0/i386/netscape-navigator-4.76-1.i386.rpm
Missing file		     3a12fb2d8d0187c7d3684b2a7cf4a9fc
 

Bugs fixed (see bugzilla for more information)

20462 - Netscape 4.75 buffer overflow


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1187
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A66.netscape.asc

Keywords

overflow

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/