Netscape security update
| Advisory: | RHSA-2004:429-07 |
|---|---|
| Type: | Security Advisory |
| Severity: | Critical |
| Issued on: | 2004-08-18 |
| Last updated on: | 2004-08-18 |
| Affected Products: | |
| CVEs (cve.mitre.org): |
CVE-2004-0597 CVE-2004-0598 CVE-2004-0599 |
Details
Netscape Navigator and Netscape Communicator 4.8 as distributed with Red
Hat Enterprise Linux 2.1 contain security flaws and should not be used.
Netscape Navigator and Netscape Communicator have been removed from the Red
Hat Enterprise Linux 2.1 CD-ROM distribution as part of Update 5. These
packages were based on Netscape 4.8, which is known to be vulnerable to
recent critical security issues, such as CAN-2004-0597, CAN-2004-0598, and
CAN-2004-0599.
Netscape 7.2 contains fixes for these issues and is available from
http://www.netscape.com/. Netscape 4.8 packages will also remain available
via Red Hat Network for those who choose to use them despite their known
security vulnerabilities.
Users of Netscape 4.8 are advised to switch to Mozilla, which is included
and supported in Red Hat Enterprise Linux 2.1, and offers comparable
functionality.
Solution
4.8 should uninstall the netscape packages.
Updated packages
References
https://www.redhat.com/security/data/cve/CVE-2004-0598.html
https://www.redhat.com/security/data/cve/CVE-2004-0599.html
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
