Skip to navigation

Security Advisory New netscape packages available (Red Hat Linux 7.1 added)

Advisory: RHSA-2001:046-05
Type: Security Advisory
Severity: N/A
Issued on: 2001-04-09
Last updated on: 2001-04-16
Affected Products: Red Hat Linux 6.2
Red Hat Linux 7.0
Red Hat Linux 7.1
CVEs (cve.mitre.org): CVE-2001-0596

Details

New netscape packages are availabe to fix a problem with the handling of
JavaScript in certain situations. By exploiting this flaw, a remote site
could gain access to the browser history, and possibly other data.

It is recommended that all users upgrade to the fixed packages.

2001-04-16: netscape-4.77-1 packages are now available for Red Hat Linux
7.1 for Intel.

Netscape does not escape GIF file comments in the image information page;
this allows JavaScript commands embedded therein to be executed. These
commands could access data such as the browser history.

Credit goes to Florian Wesch <fw@divduum.de> for discovering the
vulnerability, and to Netscape for providing fixed packages.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directly *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Linux 6.2
SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/netscape/4.77-0.6.2/SRPMS/netscape-4.77-0.6.2.src.rpm
Missing file		     MD5: 1fde261c2376c8d210f6d72d23ad4de6
ftp://updates.redhat.com/rhn/repository/NULL/netscape-alpha/4.77-0.6.2/SRPMS/netscape-alpha-4.77-0.6.2.src.rpm
Missing file		     MD5: 71b4f8c9d9cb39df21a6d99e0c062b80
 
Alpha:
ftp://updates.redhat.com/rhn/repository/NULL/netscape-common/4.77-0.6.2/alpha/netscape-common-4.77-0.6.2.alpha.rpm
Missing file		     MD5: 0190f8439a1507165230f328dfe46ba2
ftp://updates.redhat.com/rhn/repository/NULL/netscape-communicator/4.77-0.6.2/alpha/netscape-communicator-4.77-0.6.2.alpha.rpm
Missing file		     MD5: a571ee08b6b44aa4cbc3b98b6bef646c
ftp://updates.redhat.com/rhn/repository/NULL/netscape-navigator/4.77-0.6.2/alpha/netscape-navigator-4.77-0.6.2.alpha.rpm
Missing file		     MD5: 304df2ab2e6f052a0e6bb432dd6f0afe
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/netscape-common/4.77-0.6.2/i386/netscape-common-4.77-0.6.2.i386.rpm
Missing file		     MD5: a2a5adb4500d667265a34fb99b59c37c
ftp://updates.redhat.com/rhn/repository/NULL/netscape-communicator/4.77-0.6.2/i386/netscape-communicator-4.77-0.6.2.i386.rpm
Missing file		     MD5: 9f439fa9e54ea82b37c1a3aa7c49d032
ftp://updates.redhat.com/rhn/repository/NULL/netscape-navigator/4.77-0.6.2/i386/netscape-navigator-4.77-0.6.2.i386.rpm
Missing file		     MD5: b0970903ea25f2fe73c8d66afb9218cb
 
Red Hat Linux 7.0
SRPMS:
netscape-4.77-1.src.rpm
File outdated by:  RHSA-2003:026		     MD5: 400709093733a7ccf90da78d179daeb1
ftp://updates.redhat.com/rhn/repository/NULL/netscape-alpha/4.77-1/SRPMS/netscape-alpha-4.77-1.src.rpm
Missing file		     MD5: 29b80daa27fdad309a68f8101830e863
 
Alpha:
ftp://updates.redhat.com/rhn/repository/NULL/netscape-common/4.77-1/alpha/netscape-common-4.77-1.alpha.rpm
Missing file		     MD5: a0fbb89d2dfb86c432f1d190e38981f3
ftp://updates.redhat.com/rhn/repository/NULL/netscape-communicator/4.77-1/alpha/netscape-communicator-4.77-1.alpha.rpm
Missing file		     MD5: 05859fefa5d8cd3b02d2c768b614490b
ftp://updates.redhat.com/rhn/repository/NULL/netscape-navigator/4.77-1/alpha/netscape-navigator-4.77-1.alpha.rpm
Missing file		     MD5: d0681b896b1fee8d5f1783274f4b1f64
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/netscape-common/4.77-1/i386/netscape-common-4.77-1.i386.rpm
Missing file		     MD5: 4bb1bcc4c439531019bcab78cd953f59
ftp://updates.redhat.com/rhn/repository/NULL/netscape-communicator/4.77-1/i386/netscape-communicator-4.77-1.i386.rpm
Missing file		     MD5: 7d6948941a20599b302bc0bc4f1c0999
ftp://updates.redhat.com/rhn/repository/NULL/netscape-navigator/4.77-1/i386/netscape-navigator-4.77-1.i386.rpm
Missing file		     MD5: 7d570955357ad6b8fbb9d9fd4913d5cf
 
Red Hat Linux 7.1
SRPMS:
netscape-4.77-1.src.rpm
File outdated by:  RHSA-2003:026		     MD5: 400709093733a7ccf90da78d179daeb1
 
IA-32:
netscape-common-4.77-1.i386.rpm
File outdated by:  RHSA-2003:026		     MD5: 4bb1bcc4c439531019bcab78cd953f59
netscape-communicator-4.77-1.i386.rpm
File outdated by:  RHSA-2003:026		     MD5: 7d6948941a20599b302bc0bc4f1c0999
netscape-navigator-4.77-1.i386.rpm
File outdated by:  RHSA-2003:026		     MD5: 7d570955357ad6b8fbb9d9fd4913d5cf
 

References

https://www.redhat.com/security/data/cve/CVE-2001-0596.html
http://securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26fromthread%3D0%26threads%3D0%26end%3D2001-04-14%26mid%3D175060%26start%3D2001-04-08%26

Keywords

comment

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/