Date: Fri, 8 Oct 1999 19:41:01 -0400
From: Bill Nottingham
To: redhat-watch-list@redhat.com
Red Hat, Inc. Security Advisory
Synopsis: New netscape packages available
Advisory ID: RHSA-1999:039-02
Issue date: 1999-10-04
Updated on: 1999-10-08
Keywords: netscape 4.7 communicator navigator
Cross references:
Revision History:
1999-10-08: New packages for Red Hat Linux 6.x, to fix %post script
bug. Users of the previous errata packages (4.7-1) may want to
run:
chkfontpath –add /usr/X11R6/lib/X11/fonts/75dpi
as opposed to downloading the new packages. Removed bogus Sparc
package listing.
1. Topic:
A new version of Netscape has been released. This release fixes
some security problems in Javascript and form signing.
2. Bug IDs fixed (http://developer.redhat.com/bugzilla
for more info):
None.
3. Relevant releases/architectures:
Red Hat Linux 5.x, Intel
Red Hat Linux 6.x, Intel
Sparc packages will be available if/when Netscape updates their
Sparc releases.
4. Obsoleted by:
5. Conflicts with:
6. RPMs required:
Red Hat Linux 5.x:
Intel:
ftp://ftp.redhat.com/pub/redhat/updates/5.2/i386/netscape-common-4.7-0.i386.rpm
ftp://ftp.redhat.com/pub/redhat/updates/5.2/i386/netscape-communicator-4.7-0.i386.rpm
ftp://ftp.redhat.com/pub/redhat/updates/5.2/i386/netscape-navigator-4.7-0.i386.rpm
Source packages:
ftp://ftp.redhat.com/pub/redhat/updates/5.2/SRPMS/netscape-4.7-0.src.rpm
Red Hat Linux 6.x:
Intel:
ftp://ftp.redhat.com/pub/redhat/updates/6.1/i386/netscape-common-4.7-1.1.i386.rpm
ftp://ftp.redhat.com/pub/redhat/updates/6.1/i386/netscape-communicator-4.7-1.1.i386.rpm
ftp://ftp.redhat.com/pub/redhat/updates/6.1/i386/netscape-navigator-4.7-1.1.i386.rpm
Source packages:
ftp://ftp.redhat.com/pub/redhat/updates/6.1/SRPMS/netscape-4.7-1.1.src.rpm
7. Problem description:
A new version of Netscape has been released. This release fixes
some security problems in Javascript and form signing, as well as
adding some new features. For more information, please see:
http://home.netscape.com/eng/mozilla/4.7/relnotes/unix-4.7.html
(1999-10-08)
The original packages released for Red Hat Linux 6.0 and 6.1 had an
error in the post-install script; the 75dpi font directory was
accidentally removed from the font path instead of added. This is
fixed in the updated packages. Users of the previous packages may
wish to run (as root):
chkfontpath –add /usr/X11R6/lib/X11/fonts/75dpi
/etc/rc.d/init.d/xfs restart
as opposed to downloading the new packages, as the package
contents have not changed.
8. Solution:
For each RPM for your particular architecture, run:
rpm -Uvh
where filename is the name of the RPM.
9. Verification:
MD5 sum Package Name
f604d7e8032fe13f630373e5f9ad0940 i386/netscape-common-4.7-0.i386.rpm 3fcc5fca33ba3fc647fb5a7bf6aabf41 i386/netscape-communicator-4.7-0.i386.rpm 33818607fdc893a047dbf03c4b46ce34 i386/netscape-navigator-4.7-0.i386.rpm c32b3f430a9eaf84c2c3f1e35f402229 SRPMS/netscape-4.7-0.src.rpm da8414206db834a9cf40c387f1ac2920 netscape-common-4.7-1.1.i386.rpm b1efd248d95a1a1cd7b9a5a1caef1922 netscape-communicator-4.7-1.1.i386.rpm d5529c3e2403ff2a3ce4483b6c2eb131 netscape-navigator-4.7-1.1.i386.rpm c8dd34bd0cad87bfd1d51a0c56713ac3 netscape-4.7-1.1.src.rpm
These packages are signed with GnuPG by Red Hat Inc. for
security. Our key is available at:
http://www.redhat.com/corp/contact.html
and is also attached to this annoucement.
You can verify each package with the following command:
rpm –checksig
If you only wish to verify that each package has not been
corrupted or tampered with, examine only the md5sum with the
following command:
rpm –checksig –nogpg
Note that you need RPM >= 3.0 to check GnuPG keys.
10. References: