Security Advisory Updated Mozilla packages fix security vulnerability.

Advisory: RHSA-2003:162-17
Type: Security Advisory
Severity: N/A
Issued on: 2003-07-15
Last updated on: 2003-07-31
Affected Products: Red Hat Linux 7.1
Red Hat Linux 7.1 for iSeries
Red Hat Linux 7.1 for pSeries
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
OVAL: N/A
CVEs (cve.mitre.org): CVE-2002-1308

Details

Updated Mozilla packages fixing various bugs and security issues are now
available.

[Updated 18 July 2003]
Our Mozilla packages were found to be incompatible with Galeon. Updated
versions of Galeon are now included for Red Hat Linux 7.2, 7.3, and 8.0.
In addition new builds of Mozilla for Red Hat Linux 8.0 are included as the
previous packages were built with the wrong compiler.

[Updated 31 July 2003]
Added packages for Red Hat Linux on IBM iSeries and pSeries systems.

Mozilla is an open source Web browser.

A heap-based buffer overflow in Netscape and Mozilla allows remote
attackers to execute arbitrary code via a jar: URL referencing a
malformed .jar file, which overflows a buffer during decompression. This
issue affects versions Mozilla packages for Red Hat Linux 7.1, 7.2, 7.3,
and 8.0.

These errata packages upgrade Mozilla to version 1.0.2, which is not
vulnerable to this issue. Mozilla 1.0.2 also contains a number of other
stability and security enhancements.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Linux 7.1
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/mozilla-1.0.2-2.7.1.src.rpm
Missing file		     0ea62d7694ed12283afb3950082500d6
 
IA-32:
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-1.0.2-2.7.1.i386.rpm
Missing file		     53bff095e62748c16d015aa9b593daf3
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-chat-1.0.2-2.7.1.i386.rpm
Missing file		     e28aa8324f807b6e6d6c68756094b16c
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-devel-1.0.2-2.7.1.i386.rpm
Missing file		     8efe869efa87cc7077541cf6feb4589d
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-dom-inspector-1.0.2-2.7.1.i386.rpm
Missing file		     9feb61104257d1c768327862df98fe85
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-js-debugger-1.0.2-2.7.1.i386.rpm
Missing file		     f135db91f8340fadb0dd366c428c316b
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-mail-1.0.2-2.7.1.i386.rpm
Missing file		     35c65b77f6e5e43889299e03a2b69c57
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-nspr-1.0.2-2.7.1.i386.rpm
Missing file		     d6e0875fd0ef5e5289f0965316132d85
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-nspr-devel-1.0.2-2.7.1.i386.rpm
Missing file		     2145ef81c9556b8257e3f8a5360fd949
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-nss-1.0.2-2.7.1.i386.rpm
Missing file		     4fb06f7ab7c8878922589bf88f1bd590
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-nss-devel-1.0.2-2.7.1.i386.rpm
Missing file		     86dc7c08ce51c6e5a77642935e082464
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-psm-1.0.2-2.7.1.i386.rpm
Missing file		     d7e1b8fe2afa76cee0495d38f619a20d
 
Red Hat Linux 7.1 for iSeries
SRPMS:
ftp://updates.redhat.com/7.1/en/os/iSeries/SRPMS/mozilla-1.0.2-2.7.1.0p.src.rpm
Missing file		     f883fc0a68d14ed76a6e1ba70ccf0b32
 
iSeries:
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/mozilla-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     5f437516e533b6f498e6e42a36137dce
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/mozilla-chat-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     3d11755b4aa3faeab98792a7d96e9e1c
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/mozilla-devel-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     a7e502d282439aa7c53ad2a7b114f38f
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/mozilla-dom-inspector-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     5a14117f8d7b6b6aef2ce5beeacae806
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/mozilla-js-debugger-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     e5616e78564ddaa42ad5ee89708b44bc
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/mozilla-mail-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     dc32a918546428ea0b5ebad8950397c0
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/mozilla-nspr-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     1d72e61fe4f7c560c5837ffe41dc3757
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/mozilla-nspr-devel-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     df7da2420a2753265b1a19a9648b770b
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/mozilla-nss-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     5cdaec5be4f39875451df7c336cb924f
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/mozilla-nss-devel-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     a4b21459f8cfeafb012f14c1bdc958bb
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/mozilla-psm-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     896584d079d920ca7789e7eed185dbfb
 
Red Hat Linux 7.1 for pSeries
SRPMS:
ftp://updates.redhat.com/7.1/en/os/pSeries/SRPMS/mozilla-1.0.2-2.7.1.0p.src.rpm
Missing file		     f883fc0a68d14ed76a6e1ba70ccf0b32
 
pSeries:
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/mozilla-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     5f437516e533b6f498e6e42a36137dce
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/mozilla-chat-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     3d11755b4aa3faeab98792a7d96e9e1c
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/mozilla-devel-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     a7e502d282439aa7c53ad2a7b114f38f
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/mozilla-dom-inspector-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     5a14117f8d7b6b6aef2ce5beeacae806
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/mozilla-js-debugger-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     e5616e78564ddaa42ad5ee89708b44bc
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/mozilla-mail-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     dc32a918546428ea0b5ebad8950397c0
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/mozilla-nspr-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     1d72e61fe4f7c560c5837ffe41dc3757
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/mozilla-nspr-devel-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     df7da2420a2753265b1a19a9648b770b
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/mozilla-nss-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     5cdaec5be4f39875451df7c336cb924f
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/mozilla-nss-devel-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     a4b21459f8cfeafb012f14c1bdc958bb
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/mozilla-psm-1.0.2-2.7.1.0p.ppc.rpm
Missing file		     896584d079d920ca7789e7eed185dbfb
 
Red Hat Linux 7.2
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/galeon-1.2.11-1.7.2.src.rpm
Missing file		     b656ecde82c58b171f2e2b9698067d62
ftp://updates.redhat.com/7.2/en/os/SRPMS/mozilla-1.0.2-2.7.2.src.rpm
Missing file		     091e7c8bed97714370a13edc59e541e5
 
IA-32:
ftp://updates.redhat.com/7.2/en/os/i386/galeon-1.2.11-1.7.2.i386.rpm
Missing file		     381995eb6ec4563f9adbd18d258cde58
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-1.0.2-2.7.2.i386.rpm
Missing file		     8faed3fce6e562ab92e160ce50a3902f
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-chat-1.0.2-2.7.2.i386.rpm
Missing file		     ccdf0868d4ec2be860ee9611d37edf5c
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-devel-1.0.2-2.7.2.i386.rpm
Missing file		     e20342d6f5dfb1af33ee5287f9432a4b
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-dom-inspector-1.0.2-2.7.2.i386.rpm
Missing file		     db5315ec67e24ad2e25eb927ffd26fcd
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-js-debugger-1.0.2-2.7.2.i386.rpm
Missing file		     3be5ea19103267fc7e9a21250f19b0ba
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-mail-1.0.2-2.7.2.i386.rpm
Missing file		     282f5191699ad803e36e6c245dc12204
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nspr-1.0.2-2.7.2.i386.rpm
Missing file		     be8fba8aa43a219135df619873214291
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nspr-devel-1.0.2-2.7.2.i386.rpm
Missing file		     d3aea764a15e0b4da18f5c2d361481a6
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nss-1.0.2-2.7.2.i386.rpm
Missing file		     7c3c988b12406f4fdca1482a597415f0
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nss-devel-1.0.2-2.7.2.i386.rpm
Missing file		     9b4d4c39e477aacc273050f8ed29603d
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-psm-1.0.2-2.7.2.i386.rpm
Missing file		     254af66bbd9e2ff5a5c5fc674051be73
 
Red Hat Linux 7.3
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/galeon-1.2.11-1.7.3.src.rpm
Missing file		     7e771546d00f1ebb212081b70ea20da5
ftp://updates.redhat.com/7.3/en/os/SRPMS/mozilla-1.0.2-2.7.3.src.rpm
Missing file		     1422c777f85d9cf8c389d26b0409c884
 
IA-32:
ftp://updates.redhat.com/7.3/en/os/i386/galeon-1.2.11-1.7.3.i386.rpm
Missing file		     3f067f07f0c07594a7a4caebe18e8d64
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-1.0.2-2.7.3.i386.rpm
Missing file		     79f4c4d5f606c44b99e0ba41541bf11c
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-chat-1.0.2-2.7.3.i386.rpm
Missing file		     005d46a9a1548bcbbd912327f908bb49
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-devel-1.0.2-2.7.3.i386.rpm
Missing file		     6ceff96da5dfab5ab11dacbc8a91a25a
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-dom-inspector-1.0.2-2.7.3.i386.rpm
Missing file		     6dc44762c79a1fe09e24b4197e788068
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-js-debugger-1.0.2-2.7.3.i386.rpm
Missing file		     2d0638f0319d3caffa17143fc137a9e9
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-mail-1.0.2-2.7.3.i386.rpm
Missing file		     37cf0ed35c4468baa063f4d675ea80b1
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nspr-1.0.2-2.7.3.i386.rpm
Missing file		     4f5d57a79a3e09d189dbfcb3c3b68965
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nspr-devel-1.0.2-2.7.3.i386.rpm
Missing file		     983ae99e55402c47f4d75f082799603b
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nss-1.0.2-2.7.3.i386.rpm
Missing file		     5b2a2c126e2a22e737e2613c27f25172
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nss-devel-1.0.2-2.7.3.i386.rpm
Missing file		     e94fc6cd89ea1d34ab7c863674b10633
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-psm-1.0.2-2.7.3.i386.rpm
Missing file		     80eeba8d0ff8c10871bba5df19602d08
 
Red Hat Linux 8.0
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/galeon-1.2.11-1.8.0.src.rpm
Missing file		     72dc632e0d5da76c74ba92c0c26997ba
ftp://updates.redhat.com/8.0/en/os/SRPMS/mozilla-1.0.2-2.8.0.src.rpm
Missing file		     ad372d6a2c6b8255bd172e55c3446c4b
 
IA-32:
ftp://updates.redhat.com/8.0/en/os/i386/galeon-1.2.11-1.8.0.i386.rpm
Missing file		     11461c125fcd9eeaf9af372393e65062
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-1.0.2-2.8.0.i386.rpm
Missing file		     78bc7ca090ccead804b873fc8a16eec8
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-chat-1.0.2-2.8.0.i386.rpm
Missing file		     46498b472e13f19760c031ed636396b3
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-devel-1.0.2-2.8.0.i386.rpm
Missing file		     4674b8ef2dcca69196ed47e54c8ba038
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-dom-inspector-1.0.2-2.8.0.i386.rpm
Missing file		     8a1cc220c9c441fd006d2dd0a6167348
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-js-debugger-1.0.2-2.8.0.i386.rpm
Missing file		     5a760c866bdb8cedbe3ee1c04c8ec834
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-mail-1.0.2-2.8.0.i386.rpm
Missing file		     31d278cd13edb9f78767d09e4bf38c6f
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nspr-1.0.2-2.8.0.i386.rpm
Missing file		     369fdbc3b8293c7279623d8adb4d130a
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nspr-devel-1.0.2-2.8.0.i386.rpm
Missing file		     fd3a65967c53bb08fadf9022db4d446a
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nss-1.0.2-2.8.0.i386.rpm
Missing file		     2f00e1d57540af49f075d48418cd5f1c
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nss-devel-1.0.2-2.8.0.i386.rpm
Missing file		     0a375873ce70d9ee453321e35959fa85
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-psm-1.0.2-2.8.0.i386.rpm
Missing file		     add62bfa139ba242e3e908f607b958f0
 

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1308
http://www.mozilla.org/releases/mozilla1.0.2/

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/