---

Home Security

SGI Advanced Linux Advisory: ethereal, mozilla

By

SGI Security Advisory

Title : SGI Advanced Linux Environment security update #17
Number : 20040402-01-U
Date : April 7, 2004
Reference : Redhat Advisory RHSA-2004:136-09, CAN-2004-0176,
CAN-2004-0365,

CAN-2004-0367
Reference : Redhat Advisory RHSA-2004:110-20, CAN-2003-0564,
CAN-2003-0594,

CAN-2004-0191
Fixed in : Patch 10064 for SGI ProPack v2.3 and SGI ProPack
v2.4

SGI provides this information freely to the SGI user community
for its consideration, interpretation, implementation and use. SGI
recommends that this information be acted upon as soon as
possible.

SGI provides the information in this Security Advisory on an
“AS-IS” basis only, and disclaims all warranties with respect
thereto, express, implied or otherwise, including, without
limitation, any warranty of merchantability or fitness for a
particular purpose. In no event shall SGI be liable for any loss of
profits, loss of business, loss of data or for any indirect,
special, exemplary, incidental or consequential damages of any kind
arising from your use of, failure to use or improper use of any of
the instructions or information in this Security Advisory.

– — Update —

SGI has released SGI Advanced Linux Environment security update
#17, which includes updated RPMs for SGI ProPack v2.3 and SGI
ProPack v2.4 for the SGI Altix family of systems, in response to
the following security issues:

Updated Ethereal packages fix security issues
http://rhn.redhat.com/errata/RHSA-2004-136.html

Updated Mozilla packages fix security issues
http://rhn.redhat.com/errata/RHSA-2004-110.html

Patch 10064 is available from http://support.sgi.com/ and ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/

The individual RPMs from Patch 10064 are available from:
ftp://oss.sgi.com/projects/sgi_propack/download/2.3/updates/RPMS


ftp://oss.sgi.com/projects/sgi_propack/download/2.3/updates/SRPMS

ftp://oss.sgi.com/projects/sgi_propack/download/2.4/updates/RPMS


ftp://oss.sgi.com/projects/sgi_propack/download/2.4/updates/SRPMS

Note: Four weeks after the release of SGI ProPack v2.4, weekly
security updates for SGI ProPack v2.3 will discontinue. Please
upgrade to SGI ProPack v2.4 as soon as possible. See the SGI
ProPack Support Policy on http://support.sgi.com/ for
additional information.

– — Links —

SGI Security Advisories can be found at:
http://www.sgi.com/support/security/
and ftp://patches.sgi.com/support/free/security/advisories/

Red Hat Errata: Security Alerts, Bugfixes, and Enhancements
http://www.redhat.com/apps/support/errata/

SGI Advanced Linux Environment security updates can found
on:
ftp://oss.sgi.com/projects/sgi_propack/download/

SGI patches can be found at the following patch servers:
http://support.sgi.com/

The primary SGI anonymous FTP site for security advisories and
security patches is ftp://patches.sgi.com/support/free/security/

– — SGI Security Information/Contacts —

If there are questions about this document, email can be sent to
security-info@sgi.com.

——oOo——

SGI provides security information and patches for use by the
entire SGI community. This information is freely available to any
person needing the information and is available via anonymous FTP
and the Web.

The primary SGI anonymous FTP site for security advisories and
patches is patches.sgi.com. Security advisories and patches are
located under the URL ftp://patches.sgi.com/support/free/security/

The SGI Security Headquarters Web page is accessible at the URL:
http://www.sgi.com/support/security/

For issues with the patches on the FTP sites, email can be sent
to security-info@sgi.com.

For assistance obtaining or working with security patches,
please contact your SGI support provider.

——oOo——

SGI provides a free security mailing list service called wiretap
and encourages interested parties to self-subscribe to receive (via
email) all SGI Security Advisories when they are released.
Subscribing to the mailing list can be done via the Web
(http://www.sgi.com/support/security/wiretap.html)
or by sending email to SGI as outlined below.

% mail wiretap-request@sgi.com
subscribe wiretap < YourEmailAddress such as midwatch@sgi.com >
end
^d

In the example above, <YourEmailAddress> is the email
address that you wish the mailing list information sent to. The
word end must be on a separate line to indicate the end of the body
of the message. The control-d (^d) is used to indicate to the mail
program that you are finished composing the mail message.

——oOo——

SGI provides a comprehensive customer World Wide Web site. This
site is located at http://www.sgi.com/support/security/
.

——oOo——

If there are general security questions on SGI systems, email
can be sent to security-info@sgi.com.

For reporting NEW SGI security issues, email can be
sent to security-alert@sgi.com or
contact your SGI support provider. A support contract is not
required for submitting a security report.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.