Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Red Hat Linux Advisories: kernel, mozilla

Jul 21, 2003, 17:30 (0 Talkback[s])

Red Hat Security Advisory

Synopsis: Updated 2.4 kernel fixes vulnerabilities
Advisory ID: RHSA-2003:238-01
Issue date: 2003-07-21
Updated on: 2003-07-21
Product: Red Hat Linux
Keywords:  
Cross references:  
Obsoletes: RHSA-2003:098 RHBA-2003:135 RHSA-2003:172 RHSA-2003:187
CVE Names: CAN-2003-0461 CAN-2003-0462 CAN-2003-0476 CAN-2003-0501 CAN-2003-0550 CAN-2003-0551 CAN-2003-0552

1. Topic:

Updated kernel packages are now available fixing several security vulnerabilities.

2. Relevant releases/architectures:

Red Hat Linux 7.1 - athlon, i386, i586, i686
Red Hat Linux 7.2 - athlon, i386, i586, i686
Red Hat Linux 7.3 - athlon, i386, i586, i686
Red Hat Linux 8.0 - athlon, i386, i586, i686
Red Hat Linux 9 - athlon, i386, i586, i686

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

Several security issues have been discovered affecting the Linux kernel:

CAN-2003-0461: /proc/tty/driver/serial reveals the exact character counts for serial links. This could be used by a local attacker to infer password lengths and inter-keystroke timings during password entry.

CAN-2003-0462: Paul Starzetz discovered a file read race condition existing in the execve() system call, which could cause a local crash.

CAN-2003-0464: A recent change in the RPC code set the reuse flag on newly-created sockets. Olaf Kirch noticed that his could allow normal users to bind to UDP ports used for services such as nfsd.

CAN-2003-0476: The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, allowing local users to gain read access to restricted file descriptors.

CAN-2003-0501: The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program. This causes the program to fail to change the ownership and permissions of already opened entries.

CAN-2003-0550: The STP protocol is known to have no security, which could allow attackers to alter the bridge topology. STP is now turned off by default.

CAN-2003-0551: STP input processing was lax in its length checking, which could lead to a denial of service.

CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host.

All users are advised to upgrade to these errata packages, which contain backported security patches correcting these vulnerabilities.

Important:

If you use Red Hat Linux 7.1, you must have installed quota-3.06-9.71 from RHSA-2003-187, and if you use Red Hat Linux 7.2 or 7.3, you must have installed quota-3.06-9.7 from RHSA-2003-187.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To use Red Hat Network to upgrade the kernel, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Note that you need to select the kernel explicitly if you are using the default configuration of up2date.

To install kernel packages manually, use "rpm -ivh <package>" and modify system settings to boot the kernel you have installed. To do this, edit /boot/grub/grub.conf and change the default entry to "default=0" (or, if you have chosen to use LILO as your boot loader, edit /etc/lilo.conf and run lilo)

Do not use "rpm -Uvh" as that will remove your running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system.

5. RPMs required:

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.20-19.7.src.rpm

athlon:
ftp://updates.redhat.com/7.1/en/os/athlon/kernel-2.4.20-19.7.athlon.rpm
ftp://updates.redhat.com/7.1/en/os/athlon/kernel-smp-2.4.20-19.7.athlon.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.20-19.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.20-19.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.20-19.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.20-19.7.i386.rpm

i586:
ftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.20-19.7.i586.rpm
ftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.20-19.7.i586.rpm

i686:
ftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.20-19.7.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.20-19.7.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-bigmem-2.4.20-19.7.i686.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/kernel-2.4.20-19.7.src.rpm

athlon:
ftp://updates.redhat.com/7.2/en/os/athlon/kernel-2.4.20-19.7.athlon.rpm
ftp://updates.redhat.com/7.2/en/os/athlon/kernel-smp-2.4.20-19.7.athlon.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/kernel-2.4.20-19.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-source-2.4.20-19.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-doc-2.4.20-19.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-BOOT-2.4.20-19.7.i386.rpm

i586:
ftp://updates.redhat.com/7.2/en/os/i586/kernel-2.4.20-19.7.i586.rpm
ftp://updates.redhat.com/7.2/en/os/i586/kernel-smp-2.4.20-19.7.i586.rpm

i686:
ftp://updates.redhat.com/7.2/en/os/i686/kernel-2.4.20-19.7.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-smp-2.4.20-19.7.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-bigmem-2.4.20-19.7.i686.rpm

Red Hat Linux 7.3:

SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/kernel-2.4.20-19.7.src.rpm

athlon:
ftp://updates.redhat.com/7.3/en/os/athlon/kernel-2.4.20-19.7.athlon.rpm
ftp://updates.redhat.com/7.3/en/os/athlon/kernel-smp-2.4.20-19.7.athlon.rpm

i386:
ftp://updates.redhat.com/7.3/en/os/i386/kernel-2.4.20-19.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-source-2.4.20-19.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-doc-2.4.20-19.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-BOOT-2.4.20-19.7.i386.rpm

i586:
ftp://updates.redhat.com/7.3/en/os/i586/kernel-2.4.20-19.7.i586.rpm
ftp://updates.redhat.com/7.3/en/os/i586/kernel-smp-2.4.20-19.7.i586.rpm

i686:
ftp://updates.redhat.com/7.3/en/os/i686/kernel-2.4.20-19.7.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-smp-2.4.20-19.7.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-bigmem-2.4.20-19.7.i686.rpm

Red Hat Linux 8.0:

SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/kernel-2.4.20-19.8.src.rpm

athlon:
ftp://updates.redhat.com/8.0/en/os/athlon/kernel-2.4.20-19.8.athlon.rpm
ftp://updates.redhat.com/8.0/en/os/athlon/kernel-smp-2.4.20-19.8.athlon.rpm

i386:
ftp://updates.redhat.com/8.0/en/os/i386/kernel-2.4.20-19.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-source-2.4.20-19.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-doc-2.4.20-19.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-BOOT-2.4.20-19.8.i386.rpm

i586:
ftp://updates.redhat.com/8.0/en/os/i586/kernel-2.4.20-19.8.i586.rpm
ftp://updates.redhat.com/8.0/en/os/i586/kernel-smp-2.4.20-19.8.i586.rpm

i686:
ftp://updates.redhat.com/8.0/en/os/i686/kernel-2.4.20-19.8.i686.rpm
ftp://updates.redhat.com/8.0/en/os/i686/kernel-smp-2.4.20-19.8.i686.rpm
ftp://updates.redhat.com/8.0/en/os/i686/kernel-bigmem-2.4.20-19.8.i686.rpm

Red Hat Linux 9:

SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/kernel-2.4.20-19.9.src.rpm

athlon:
ftp://updates.redhat.com/9/en/os/athlon/kernel-2.4.20-19.9.athlon.rpm
ftp://updates.redhat.com/9/en/os/athlon/kernel-smp-2.4.20-19.9.athlon.rpm

i386:
ftp://updates.redhat.com/9/en/os/i386/kernel-2.4.20-19.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-source-2.4.20-19.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-doc-2.4.20-19.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-BOOT-2.4.20-19.9.i386.rpm

i586:
ftp://updates.redhat.com/9/en/os/i586/kernel-2.4.20-19.9.i586.rpm
ftp://updates.redhat.com/9/en/os/i586/kernel-smp-2.4.20-19.9.i586.rpm

i686:
ftp://updates.redhat.com/9/en/os/i686/kernel-2.4.20-19.9.i686.rpm
ftp://updates.redhat.com/9/en/os/i686/kernel-smp-2.4.20-19.9.i686.rpm
ftp://updates.redhat.com/9/en/os/i686/kernel-bigmem-2.4.20-19.9.i686.rpm

6. Verification:

MD5 sum Package Name


698d00bb8d014e20e717b554aa582bf5 7.1/en/os/SRPMS/kernel-2.4.20-19.7.src.rpm
41a8c2599df485a6299bcde0a25ae284 7.1/en/os/athlon/kernel-2.4.20-19.7.athlon.rpm
dc872a77835fc0fd81d54905ba979183 7.1/en/os/athlon/kernel-smp-2.4.20-19.7.athlon.rpm
41e4f2992c6beaf0a4d3fdbb631c5e9d 7.1/en/os/i386/kernel-2.4.20-19.7.i386.rpm
64894543c12748599d6abb945d0c03c9 7.1/en/os/i386/kernel-BOOT-2.4.20-19.7.i386.rpm
02634a9fdecc9a9b8c028187b9c0dccc 7.1/en/os/i386/kernel-doc-2.4.20-19.7.i386.rpm
537f69c51f85b04130082d06a6497946 7.1/en/os/i386/kernel-source-2.4.20-19.7.i386.rpm
7e6672a3758853a9fe482dd1840b570c 7.1/en/os/i586/kernel-2.4.20-19.7.i586.rpm
a17f6e2e1ec4cd10fa34377092bfb075 7.1/en/os/i586/kernel-smp-2.4.20-19.7.i586.rpm
a7a968d159074b0d7d9bf570e0d4453b 7.1/en/os/i686/kernel-2.4.20-19.7.i686.rpm
50e7098370f3184b9f8170883a63af4c 7.1/en/os/i686/kernel-bigmem-2.4.20-19.7.i686.rpm
5e28ba6b0d2e8562f572de0b0724eeb7 7.1/en/os/i686/kernel-smp-2.4.20-19.7.i686.rpm
698d00bb8d014e20e717b554aa582bf5 7.2/en/os/SRPMS/kernel-2.4.20-19.7.src.rpm
41a8c2599df485a6299bcde0a25ae284 7.2/en/os/athlon/kernel-2.4.20-19.7.athlon.rpm
dc872a77835fc0fd81d54905ba979183 7.2/en/os/athlon/kernel-smp-2.4.20-19.7.athlon.rpm
41e4f2992c6beaf0a4d3fdbb631c5e9d 7.2/en/os/i386/kernel-2.4.20-19.7.i386.rpm
64894543c12748599d6abb945d0c03c9 7.2/en/os/i386/kernel-BOOT-2.4.20-19.7.i386.rpm
02634a9fdecc9a9b8c028187b9c0dccc 7.2/en/os/i386/kernel-doc-2.4.20-19.7.i386.rpm
537f69c51f85b04130082d06a6497946 7.2/en/os/i386/kernel-source-2.4.20-19.7.i386.rpm
7e6672a3758853a9fe482dd1840b570c 7.2/en/os/i586/kernel-2.4.20-19.7.i586.rpm
a17f6e2e1ec4cd10fa34377092bfb075 7.2/en/os/i586/kernel-smp-2.4.20-19.7.i586.rpm
a7a968d159074b0d7d9bf570e0d4453b 7.2/en/os/i686/kernel-2.4.20-19.7.i686.rpm
50e7098370f3184b9f8170883a63af4c 7.2/en/os/i686/kernel-bigmem-2.4.20-19.7.i686.rpm
5e28ba6b0d2e8562f572de0b0724eeb7 7.2/en/os/i686/kernel-smp-2.4.20-19.7.i686.rpm
698d00bb8d014e20e717b554aa582bf5 7.3/en/os/SRPMS/kernel-2.4.20-19.7.src.rpm
41a8c2599df485a6299bcde0a25ae284 7.3/en/os/athlon/kernel-2.4.20-19.7.athlon.rpm
dc872a77835fc0fd81d54905ba979183 7.3/en/os/athlon/kernel-smp-2.4.20-19.7.athlon.rpm
41e4f2992c6beaf0a4d3fdbb631c5e9d 7.3/en/os/i386/kernel-2.4.20-19.7.i386.rpm
64894543c12748599d6abb945d0c03c9 7.3/en/os/i386/kernel-BOOT-2.4.20-19.7.i386.rpm
02634a9fdecc9a9b8c028187b9c0dccc 7.3/en/os/i386/kernel-doc-2.4.20-19.7.i386.rpm
537f69c51f85b04130082d06a6497946 7.3/en/os/i386/kernel-source-2.4.20-19.7.i386.rpm
7e6672a3758853a9fe482dd1840b570c 7.3/en/os/i586/kernel-2.4.20-19.7.i586.rpm
a17f6e2e1ec4cd10fa34377092bfb075 7.3/en/os/i586/kernel-smp-2.4.20-19.7.i586.rpm
a7a968d159074b0d7d9bf570e0d4453b 7.3/en/os/i686/kernel-2.4.20-19.7.i686.rpm
50e7098370f3184b9f8170883a63af4c 7.3/en/os/i686/kernel-bigmem-2.4.20-19.7.i686.rpm
5e28ba6b0d2e8562f572de0b0724eeb7 7.3/en/os/i686/kernel-smp-2.4.20-19.7.i686.rpm
cf43c708a8c9b92a273aad9782ebe3fc 8.0/en/os/SRPMS/kernel-2.4.20-19.8.src.rpm
8fc7f90b8e8d557c41d6cf2547952c1d 8.0/en/os/athlon/kernel-2.4.20-19.8.athlon.rpm
52b18ab6ae28422e518642517644da35 8.0/en/os/athlon/kernel-smp-2.4.20-19.8.athlon.rpm
fbfff1b36f17e26e6a1ce479ef49e365 8.0/en/os/i386/kernel-2.4.20-19.8.i386.rpm
4d8350dd66be36060bf0551f36a9eb6f 8.0/en/os/i386/kernel-BOOT-2.4.20-19.8.i386.rpm
af87de700f6b2568e6b7d5ed4ef75df1 8.0/en/os/i386/kernel-doc-2.4.20-19.8.i386.rpm
b5e079c96b00226951564afcc2d4d5af 8.0/en/os/i386/kernel-source-2.4.20-19.8.i386.rpm
8cc317a6f56dbdc0c1464a7e96ee37b8 8.0/en/os/i586/kernel-2.4.20-19.8.i586.rpm
a552754aad9099019c18cdc8d5cb1f41 8.0/en/os/i586/kernel-smp-2.4.20-19.8.i586.rpm
9f0d0622b37dc199e8cb79acfc426d74 8.0/en/os/i686/kernel-2.4.20-19.8.i686.rpm
f91b6e385290e82075c2b321247f8ada 8.0/en/os/i686/kernel-bigmem-2.4.20-19.8.i686.rpm
9856cb68f2f32410ae5ffc7a9789bccb 8.0/en/os/i686/kernel-smp-2.4.20-19.8.i686.rpm
6ca9ea03ece1c3a40d0c1acb5bb5d2f2 9/en/os/SRPMS/kernel-2.4.20-19.9.src.rpm
2e1ecff32d8c91126f96032576afbe7b 9/en/os/athlon/kernel-2.4.20-19.9.athlon.rpm
a22c6fc30dc64d1394361f93890fc23e 9/en/os/athlon/kernel-smp-2.4.20-19.9.athlon.rpm
030ed2ec0324b58a1e80e8c7ee54effe 9/en/os/i386/kernel-2.4.20-19.9.i386.rpm
f97f319353b32eeb2f96a0311135c856 9/en/os/i386/kernel-BOOT-2.4.20-19.9.i386.rpm
d31fe42a6b1269362dd70ee361bdc94d 9/en/os/i386/kernel-doc-2.4.20-19.9.i386.rpm
0daf50da25ade8cce42e7445dfe0d24c 9/en/os/i386/kernel-source-2.4.20-19.9.i386.rpm
bd471aa92a83aa40c6fc4ee06e5f2f0e 9/en/os/i586/kernel-2.4.20-19.9.i586.rpm
cafec48037739216070833def01a3832 9/en/os/i586/kernel-smp-2.4.20-19.9.i586.rpm
e940c18ed58ca525ba0545be23ce43b4 9/en/os/i686/kernel-2.4.20-19.9.i686.rpm
b2216f3ac6697ca319ed8547a1edb320 9/en/os/i686/kernel-bigmem-2.4.20-19.9.i686.rpm
bb8b49b539bf16b8bce329d80dfafaca 9/en/os/i686/kernel-smp-2.4.20-19.9.i686.rpm

These packages are GPG signed by Red Hat for security. Our key is available from http://www.redhat.com/security/keys.html

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:

md5sum <filename>

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0552

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at http://www.redhat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.


Red Hat Security Advisory

Synopsis: Updated Mozilla packages fix security vulnerability.
Advisory ID: RHSA-2003:162-02
Issue date: 2003-07-15
Updated on: 2003-07-21
Product: Red Hat Linux
Keywords:  
Cross references:  
Obsoletes: RHSA-2002:192
CVE Names: CAN-2002-1308

  1. Topic:

Updated Mozilla packages fixing various bugs and security issues are now available.

[Updated 18 July 2003]
Our Mozilla packages were found to be incompatible with Galeon. Updated versions of Galeon are now included for Red Hat Linux 7.2, 7.3, and 8.0. In addition new builds of Mozilla for Red Hat Linux 8.0 are included as the previous packages were built with the wrong compiler.

2. Relevant releases/architectures:

Red Hat Linux 7.1 - i386
Red Hat Linux 7.2 - i386
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386

3. Problem description:

Mozilla is an open source Web browser.

A heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL referencing a malformed .jar file, which overflows a buffer during decompression. This issue affects versions Mozilla packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0.

These errata packages upgrade Mozilla to version 1.0.2, which is not vulnerable to this issue. Mozilla 1.0.2 also contains a number of other stability and security enhancements.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. RPMs required:

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/mozilla-1.0.2-2.7.1.src.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-1.0.2-2.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-chat-1.0.2-2.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-devel-1.0.2-2.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-dom-inspector-1.0.2-2.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-js-debugger-1.0.2-2.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-mail-1.0.2-2.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-nspr-1.0.2-2.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-nspr-devel-1.0.2-2.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-nss-1.0.2-2.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-nss-devel-1.0.2-2.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mozilla-psm-1.0.2-2.7.1.i386.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/mozilla-1.0.2-2.7.2.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/galeon-1.2.11-1.7.2.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-1.0.2-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-chat-1.0.2-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-devel-1.0.2-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-dom-inspector-1.0.2-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-js-debugger-1.0.2-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-mail-1.0.2-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nspr-1.0.2-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nspr-devel-1.0.2-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nss-1.0.2-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nss-devel-1.0.2-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-psm-1.0.2-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/galeon-1.2.11-1.7.2.i386.rpm

Red Hat Linux 7.3:

SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/mozilla-1.0.2-2.7.3.src.rpm
ftp://updates.redhat.com/7.3/en/os/SRPMS/galeon-1.2.11-1.7.3.src.rpm

i386:
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-1.0.2-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-chat-1.0.2-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-devel-1.0.2-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-dom-inspector-1.0.2-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-js-debugger-1.0.2-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-mail-1.0.2-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nspr-1.0.2-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nspr-devel-1.0.2-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nss-1.0.2-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nss-devel-1.0.2-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-psm-1.0.2-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/galeon-1.2.11-1.7.3.i386.rpm

Red Hat Linux 8.0:

SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/mozilla-1.0.2-2.8.0.src.rpm
ftp://updates.redhat.com/8.0/en/os/SRPMS/galeon-1.2.11-1.8.0.src.rpm

i386:
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-1.0.2-2.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-chat-1.0.2-2.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-devel-1.0.2-2.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-dom-inspector-1.0.2-2.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-js-debugger-1.0.2-2.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-mail-1.0.2-2.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nspr-1.0.2-2.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nspr-devel-1.0.2-2.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nss-1.0.2-2.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nss-devel-1.0.2-2.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-psm-1.0.2-2.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/galeon-1.2.11-1.8.0.i386.rpm

6. Verification:

MD5 sum Package Name


0ea62d7694ed12283afb3950082500d6 7.1/en/os/SRPMS/mozilla-1.0.2-2.7.1.src.rpm
53bff095e62748c16d015aa9b593daf3 7.1/en/os/i386/mozilla-1.0.2-2.7.1.i386.rpm
e28aa8324f807b6e6d6c68756094b16c 7.1/en/os/i386/mozilla-chat-1.0.2-2.7.1.i386.rpm
8efe869efa87cc7077541cf6feb4589d 7.1/en/os/i386/mozilla-devel-1.0.2-2.7.1.i386.rpm
9feb61104257d1c768327862df98fe85 7.1/en/os/i386/mozilla-dom-inspector-1.0.2-2.7.1.i386.rpm
f135db91f8340fadb0dd366c428c316b 7.1/en/os/i386/mozilla-js-debugger-1.0.2-2.7.1.i386.rpm
35c65b77f6e5e43889299e03a2b69c57 7.1/en/os/i386/mozilla-mail-1.0.2-2.7.1.i386.rpm
d6e0875fd0ef5e5289f0965316132d85 7.1/en/os/i386/mozilla-nspr-1.0.2-2.7.1.i386.rpm
2145ef81c9556b8257e3f8a5360fd949 7.1/en/os/i386/mozilla-nspr-devel-1.0.2-2.7.1.i386.rpm
4fb06f7ab7c8878922589bf88f1bd590 7.1/en/os/i386/mozilla-nss-1.0.2-2.7.1.i386.rpm
86dc7c08ce51c6e5a77642935e082464 7.1/en/os/i386/mozilla-nss-devel-1.0.2-2.7.1.i386.rpm
d7e1b8fe2afa76cee0495d38f619a20d 7.1/en/os/i386/mozilla-psm-1.0.2-2.7.1.i386.rpm
b656ecde82c58b171f2e2b9698067d62 7.2/en/os/SRPMS/galeon-1.2.11-1.7.2.src.rpm
091e7c8bed97714370a13edc59e541e5 7.2/en/os/SRPMS/mozilla-1.0.2-2.7.2.src.rpm
381995eb6ec4563f9adbd18d258cde58 7.2/en/os/i386/galeon-1.2.11-1.7.2.i386.rpm
8faed3fce6e562ab92e160ce50a3902f 7.2/en/os/i386/mozilla-1.0.2-2.7.2.i386.rpm
ccdf0868d4ec2be860ee9611d37edf5c 7.2/en/os/i386/mozilla-chat-1.0.2-2.7.2.i386.rpm
e20342d6f5dfb1af33ee5287f9432a4b 7.2/en/os/i386/mozilla-devel-1.0.2-2.7.2.i386.rpm
db5315ec67e24ad2e25eb927ffd26fcd 7.2/en/os/i386/mozilla-dom-inspector-1.0.2-2.7.2.i386.rpm
3be5ea19103267fc7e9a21250f19b0ba 7.2/en/os/i386/mozilla-js-debugger-1.0.2-2.7.2.i386.rpm
282f5191699ad803e36e6c245dc12204 7.2/en/os/i386/mozilla-mail-1.0.2-2.7.2.i386.rpm
be8fba8aa43a219135df619873214291 7.2/en/os/i386/mozilla-nspr-1.0.2-2.7.2.i386.rpm
d3aea764a15e0b4da18f5c2d361481a6 7.2/en/os/i386/mozilla-nspr-devel-1.0.2-2.7.2.i386.rpm
7c3c988b12406f4fdca1482a597415f0 7.2/en/os/i386/mozilla-nss-1.0.2-2.7.2.i386.rpm
9b4d4c39e477aacc273050f8ed29603d 7.2/en/os/i386/mozilla-nss-devel-1.0.2-2.7.2.i386.rpm
254af66bbd9e2ff5a5c5fc674051be73 7.2/en/os/i386/mozilla-psm-1.0.2-2.7.2.i386.rpm
7e771546d00f1ebb212081b70ea20da5 7.3/en/os/SRPMS/galeon-1.2.11-1.7.3.src.rpm
1422c777f85d9cf8c389d26b0409c884 7.3/en/os/SRPMS/mozilla-1.0.2-2.7.3.src.rpm
3f067f07f0c07594a7a4caebe18e8d64 7.3/en/os/i386/galeon-1.2.11-1.7.3.i386.rpm
79f4c4d5f606c44b99e0ba41541bf11c 7.3/en/os/i386/mozilla-1.0.2-2.7.3.i386.rpm
005d46a9a1548bcbbd912327f908bb49 7.3/en/os/i386/mozilla-chat-1.0.2-2.7.3.i386.rpm
6ceff96da5dfab5ab11dacbc8a91a25a 7.3/en/os/i386/mozilla-devel-1.0.2-2.7.3.i386.rpm
6dc44762c79a1fe09e24b4197e788068 7.3/en/os/i386/mozilla-dom-inspector-1.0.2-2.7.3.i386.rpm
2d0638f0319d3caffa17143fc137a9e9 7.3/en/os/i386/mozilla-js-debugger-1.0.2-2.7.3.i386.rpm
37cf0ed35c4468baa063f4d675ea80b1 7.3/en/os/i386/mozilla-mail-1.0.2-2.7.3.i386.rpm
4f5d57a79a3e09d189dbfcb3c3b68965 7.3/en/os/i386/mozilla-nspr-1.0.2-2.7.3.i386.rpm
983ae99e55402c47f4d75f082799603b 7.3/en/os/i386/mozilla-nspr-devel-1.0.2-2.7.3.i386.rpm
5b2a2c126e2a22e737e2613c27f25172 7.3/en/os/i386/mozilla-nss-1.0.2-2.7.3.i386.rpm
e94fc6cd89ea1d34ab7c863674b10633 7.3/en/os/i386/mozilla-nss-devel-1.0.2-2.7.3.i386.rpm
80eeba8d0ff8c10871bba5df19602d08 7.3/en/os/i386/mozilla-psm-1.0.2-2.7.3.i386.rpm
72dc632e0d5da76c74ba92c0c26997ba 8.0/en/os/SRPMS/galeon-1.2.11-1.8.0.src.rpm
ad372d6a2c6b8255bd172e55c3446c4b 8.0/en/os/SRPMS/mozilla-1.0.2-2.8.0.src.rpm
11461c125fcd9eeaf9af372393e65062 8.0/en/os/i386/galeon-1.2.11-1.8.0.i386.rpm
78bc7ca090ccead804b873fc8a16eec8 8.0/en/os/i386/mozilla-1.0.2-2.8.0.i386.rpm
46498b472e13f19760c031ed636396b3 8.0/en/os/i386/mozilla-chat-1.0.2-2.8.0.i386.rpm
4674b8ef2dcca69196ed47e54c8ba038 8.0/en/os/i386/mozilla-devel-1.0.2-2.8.0.i386.rpm
8a1cc220c9c441fd006d2dd0a6167348 8.0/en/os/i386/mozilla-dom-inspector-1.0.2-2.8.0.i386.rpm
5a760c866bdb8cedbe3ee1c04c8ec834 8.0/en/os/i386/mozilla-js-debugger-1.0.2-2.8.0.i386.rpm
31d278cd13edb9f78767d09e4bf38c6f 8.0/en/os/i386/mozilla-mail-1.0.2-2.8.0.i386.rpm
369fdbc3b8293c7279623d8adb4d130a 8.0/en/os/i386/mozilla-nspr-1.0.2-2.8.0.i386.rpm
fd3a65967c53bb08fadf9022db4d446a 8.0/en/os/i386/mozilla-nspr-devel-1.0.2-2.8.0.i386.rpm
2f00e1d57540af49f075d48418cd5f1c 8.0/en/os/i386/mozilla-nss-1.0.2-2.8.0.i386.rpm
0a375873ce70d9ee453321e35959fa85 8.0/en/os/i386/mozilla-nss-devel-1.0.2-2.8.0.i386.rpm
add62bfa139ba242e3e908f607b958f0 8.0/en/os/i386/mozilla-psm-1.0.2-2.8.0.i386.rpm

These packages are GPG signed by Red Hat for security. Our key is available from http://www.redhat.com/security/keys.html

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:

md5sum <filename>

7. References:

http://www.mozilla.org/releases/mozilla1.0.2/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1308

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at http://www.redhat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.