---

UPDATED: Red Hat Security Advisory: New netscape packages available

Date: Fri, 8 Oct 1999 19:41:01 -0400
From: Bill Nottingham
To: redhat-watch-list@redhat.com


Red Hat, Inc. Security Advisory

Synopsis: New netscape packages available
Advisory ID: RHSA-1999:039-02
Issue date: 1999-10-04
Updated on: 1999-10-08
Keywords: netscape 4.7 communicator navigator
Cross references:


Revision History:
1999-10-08: New packages for Red Hat Linux 6.x, to fix %post script
bug. Users of the previous errata packages (4.7-1) may want to
run:

chkfontpath –add /usr/X11R6/lib/X11/fonts/75dpi

as opposed to downloading the new packages. Removed bogus Sparc
package listing.

1. Topic:

A new version of Netscape has been released. This release fixes
some security problems in Javascript and form signing.

2. Bug IDs fixed (http://developer.redhat.com/bugzilla
for more info):

None.

3. Relevant releases/architectures:

Red Hat Linux 5.x, Intel
Red Hat Linux 6.x, Intel

Sparc packages will be available if/when Netscape updates their
Sparc releases.

4. Obsoleted by:

5. Conflicts with:

6. RPMs required:

Red Hat Linux 5.x:

Intel:

ftp://ftp.redhat.com/pub/redhat/updates/5.2/i386/netscape-common-4.7-0.i386.rpm


ftp://ftp.redhat.com/pub/redhat/updates/5.2/i386/netscape-communicator-4.7-0.i386.rpm


ftp://ftp.redhat.com/pub/redhat/updates/5.2/i386/netscape-navigator-4.7-0.i386.rpm

Source packages:

ftp://ftp.redhat.com/pub/redhat/updates/5.2/SRPMS/netscape-4.7-0.src.rpm

Red Hat Linux 6.x:

Intel:

ftp://ftp.redhat.com/pub/redhat/updates/6.1/i386/netscape-common-4.7-1.1.i386.rpm


ftp://ftp.redhat.com/pub/redhat/updates/6.1/i386/netscape-communicator-4.7-1.1.i386.rpm


ftp://ftp.redhat.com/pub/redhat/updates/6.1/i386/netscape-navigator-4.7-1.1.i386.rpm

Source packages:

ftp://ftp.redhat.com/pub/redhat/updates/6.1/SRPMS/netscape-4.7-1.1.src.rpm

7. Problem description:

A new version of Netscape has been released. This release fixes
some security problems in Javascript and form signing, as well as
adding some new features. For more information, please see:

http://home.netscape.com/eng/mozilla/4.7/relnotes/unix-4.7.html

(1999-10-08)
The original packages released for Red Hat Linux 6.0 and 6.1 had an
error in the post-install script; the 75dpi font directory was
accidentally removed from the font path instead of added. This is
fixed in the updated packages. Users of the previous packages may
wish to run (as root):

chkfontpath –add /usr/X11R6/lib/X11/fonts/75dpi
/etc/rc.d/init.d/xfs restart

as opposed to downloading the new packages, as the package
contents have not changed.

8. Solution:

For each RPM for your particular architecture, run:

rpm -Uvh

where filename is the name of the RPM.

9. Verification:

MD5 sum                           Package Name

f604d7e8032fe13f630373e5f9ad0940  i386/netscape-common-4.7-0.i386.rpm
3fcc5fca33ba3fc647fb5a7bf6aabf41  i386/netscape-communicator-4.7-0.i386.rpm
33818607fdc893a047dbf03c4b46ce34  i386/netscape-navigator-4.7-0.i386.rpm
c32b3f430a9eaf84c2c3f1e35f402229  SRPMS/netscape-4.7-0.src.rpm

da8414206db834a9cf40c387f1ac2920  netscape-common-4.7-1.1.i386.rpm
b1efd248d95a1a1cd7b9a5a1caef1922  netscape-communicator-4.7-1.1.i386.rpm
d5529c3e2403ff2a3ce4483b6c2eb131  netscape-navigator-4.7-1.1.i386.rpm
c8dd34bd0cad87bfd1d51a0c56713ac3  netscape-4.7-1.1.src.rpm

These packages are signed with GnuPG by Red Hat Inc. for
security. Our key is available at:

http://www.redhat.com/corp/contact.html

and is also attached to this annoucement.

You can verify each package with the following command:

rpm –checksig

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the md5sum with the
following command:

rpm –checksig –nogpg

Note that you need RPM >= 3.0 to check GnuPG keys.

10. References:

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis