Netscape security update

Advisory:	RHSA-2004:429-07
Type:	Security Advisory
Severity:	Critical
Issued on:	2004-08-18
Last updated on:	2004-08-18
Affected Products:
OVAL:	N/A
CVEs (cve.mitre.org):	CVE-2004-0597 CVE-2004-0598 CVE-2004-0599

Details

Netscape Navigator and Netscape Communicator 4.8 as distributed with Red
Hat Enterprise Linux 2.1 contain security flaws and should not be used.

Netscape Navigator and Netscape Communicator have been removed from the Red
Hat Enterprise Linux 2.1 CD-ROM distribution as part of Update 5. These
packages were based on Netscape 4.8, which is known to be vulnerable to
recent critical security issues, such as CAN-2004-0597, CAN-2004-0598, and
CAN-2004-0599.

Netscape 7.2 contains fixes for these issues and is available from
http://www.netscape.com/. Netscape 4.8 packages will also remain available
via Red Hat Network for those who choose to use them despite their known
security vulnerabilities.

Users of Netscape 4.8 are advised to switch to Mozilla, which is included
and supported in Red Hat Enterprise Linux 2.1, and offers comparable
functionality.

Solution

Red Hat Enterprise 2.1 users who do not need the functionality of Netscape
4.8 should uninstall the netscape packages.

Updated packages

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0599

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/