search.internet.com

Become a Marketplace Partner internet.commerce Be a Commerce Partner Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Technology Jobs LinuxToday Newsletters Subscribe News Subscribe PR Subscribe Security internet.com IT Developer Internet News Small Business Personal Technology Search internet.com Advertise Corporate Info Newsletters Tech Jobs E-mail Offers

Current Newswire: Hands-on: OpenMoko WikiReader is simple, appealing Perl far from dead, more popular than you think Microsoft Exchange alternatives Kubuntu 9.10: A Mixed Bag Could Microsoft switch to Linux? Red Hat Virtualization Manager for Windows Only? Creating Ebooks with Sigil Editor's Note: Making Multi-Channel Firewire Music With Linux Amaya: A Simple, Yet Useful Alternative to Dreamweaver Windows 7 Sales Up, But is it Really a Hit? UNIX System Administrator - SUN Solaris, Veritas, EMC, Shell Scripting, SAN (NYC) Next Step Systems US-NY-New York Post A Job | Post A Resume Red Hat Security Advisory: New netscape packages available to fix JPEG problem Jul 31, 2000, 20 :59 UTC (0 Talkback[s]) (2255 reads) Date: Mon, 31 Jul 2000 11:08:00 -0400 From: bugzilla@REDHAT.COM To: BUGTRAQ@SECURITYFOCUS.COM Subject: [RHSA-2000:046-02] New netscape packages available to fix JPEG problem Red Hat, Inc. Security Advisory Synopsis: New netscape packages available to fix JPEG problem Advisory ID: RHSA-2000:046-02 Issue date: 2000-07-28 Updated on: 2000-07-28 Product: Red Hat Linux Keywords: netscpae JPEG Cross references: N/A 1. Topic: New netscape packages are available that fix a potential overflow due to improper input verification in netscape's JPEG processing code. It is recommended that users of netscape update to the fixed packages. Users of Red Hat Linux 6.0 and 6.1 should use the packages for Red Hat Linux 6.2. 2. Relevant releases/architectures: Red Hat Linux 5.2 - i386 Red Hat Linux 6.0 - i386 Red Hat Linux 6.1 - i386 Red Hat Linux 6.2 - i386, alpha 3. Problem description: Netscape's processing of JPEG comments trusted the length parameter for comment fields; by manipulating this value, it would be possible to cause netscape to read in an excessive amount of data, overwriting memory. Specially designed data could allow a remote site to execute arbitrary code as the user of netscape. This vulnerability is fixed in Netscape 4.74. 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 10165 - Netscape mail client does not compact folders anymore 13695 - Small glitch in German translation 14506 - Upgrade of netscape-common fails 14657 - /usr/lib/netscape/de_DE: cpio: unlinkfailed 6. RPMs required: Red Hat Linux 5.2: i386: ftp://updates.redhat.com/5.2/i386/netscape-common-4.74-0.5.2.i386.rpm ftp://updates.redhat.com/5.2/i386/netscape-communicator-4.74-0.5.2.i386.rpm ftp://updates.redhat.com/5.2/i386/netscape-navigator-4.74-0.5.2.i386.rpm sources: ftp://updates.redhat.com/5.2/SRPMS/netscape-4.74-0.5.2.src.rpm Red Hat Linux 6.2: alpha: ftp://updates.redhat.com/6.2/alpha/netscape-common-4.74-1.alpha.rpm ftp://updates.redhat.com/6.2/alpha/netscape-communicator-4.74-1.alpha.rpm ftp://updates.redhat.com/6.2/alpha/netscape-navigator-4.74-1.alpha.rpm i386: ftp://updates.redhat.com/6.2/i386/netscape-common-4.74-0.6.2.i386.rpm ftp://updates.redhat.com/6.2/i386/netscape-communicator-4.74-0.6.2.i386.rpm ftp://updates.redhat.com/6.2/i386/netscape-navigator-4.74-0.6.2.i386.rpm sources: ftp://updates.redhat.com/6.2/SRPMS/netscape-alpha-4.74-1.src.rpm ftp://updates.redhat.com/6.2/SRPMS/netscape-4.74-0.6.2.src.rpm 7. Verification: MD5 sum Package Name 2520f9f234010f483d14ec524898ad29 5.2/SRPMS/netscape-4.74-0.5.2.src.rpm 2dd30f35857c05304e54253e7564634b 5.2/i386/netscape-common-4.74-0.5.2.i386.rpm 765fc5c8be9638560544379a3c7e1004 5.2/i386/netscape-communicator-4.74-0.5.2.i386.rpm d6ecb766f5d979e2787f239fefcce8fd 5.2/i386/netscape-navigator-4.74-0.5.2.i386.rpm 64999688cbd3b6be723c72d94dcb0f72 6.2/SRPMS/netscape-4.74-0.6.2.src.rpm e75ad6a500fa4ac0ef919f65aa8871bd 6.2/SRPMS/netscape-alpha-4.74-1.src.rpm 2796178bd0f400800d1fb5fccd39880b 6.2/alpha/netscape-common-4.74-1.alpha.rpm 2f2260eb8030751838f9d14a4eca71ae 6.2/alpha/netscape-communicator-4.74-1.alpha.rpm db641b2f9b63c3f986dece1ecc482d32 6.2/alpha/netscape-navigator-4.74-1.alpha.rpm 2f2f1be58b481030eb2da12dcd9a6a54 6.2/i386/netscape-common-4.74-0.6.2.i386.rpm 6b2045ecf408024a64962705c6395a1f 6.2/i386/netscape-communicator-4.74-0.6.2.i386.rpm 03b93972ba0f114d4be9ef50a2a21fa5 6.2/i386/netscape-navigator-4.74-0.6.2.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: http://www.securityfocus.com/vdb/bottom.html?vid=15 No talkbacks posted.   Home | Search Talkbacks | Customize View    Top of Page   Enter your comments below: * Your Name: * Your Email Address: * Subject: CC: [will also send this talkback to an E-Mail address] * Comments: Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content. Fields marked with * are required!

All times are recorded in UTC. Linux is a trademark of Linus Torvalds. Powered by Linux, Apache and PHP Search: WebMediaBrands Corporate Info Legal Notices, Licensing, Reprints, Permissions, Privacy Policy. Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs Solutions Whitepapers and eBooks Adobe Article: Adobe Helps PHP Developers Create Rich Internet Applications Adobe Article: Java Developers Finding a Home at Adobe Flex IBM Articles: A Smarter Business Needs Smarter Technology Intel Xeon Processor Increases Server Efficiency and Capabilities Intel Tech Brief: Automated Energy Efficiency for the Intelligent Enterprise Oracle Whitepaper: Using Oracle In-Memory Database Cache to Accelerate the Oracle Database Oracle Whitepapers - Innovation for IT Leaders Avaya Article: Communication-Enabled Mashups--Empowering Both Business Owners and IT Internet.com eBook: IT Manager's Guide to Social Networking Internet.com eBook: Get Ready for Windows 7 Microsoft Article: Expression Web 3--New Features for PHP Developers Whitepapers: Manage Your Business Infrastracture with IBM Whitepaper: Maximize Your Storage Investment with HP Internet.com eBook: Becoming a Better Project Manager Microsoft Article: Stress Free and Efficient Designer/Developer Collaboration MORE WHITEPAPERS, EBOOKS, AND ARTICLES Webcasts Webcast: Connecting PHP to Microsoft Technologies Video: Microsoft Partner Program Benefits Video: Windows Azure Debugging Tips SAP BusinessObjects Webcast: Unlock the Power of Reporting with Crystal Reports IBM Webcast: Speed Business Innovation with Reduced Cost and Risk Video: Deploy Applications on Windows Azure MORE WEBCASTS, PODCASTS, AND VIDEOS Downloads and eKits Downloads & Free Trials: Microsoft's New Efficiency Resource Center Get the Windows 7 SDK Free Trial: Red Gate SQL Backup Pro 6 Iron Speed Designer Application Generator MORE DOWNLOADS, EKITS, AND FREE TRIALS Tutorials and Demos Virtual Lab: Migrating PHP Applications Enabling Web Slices and Accelerators with a PHP Site Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products All About Botnets MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES