--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated Mozilla packages fix security vulnerabilities Advisory ID: RHSA-2002:192-13 Issue date: 2002-08-28 Updated on: 2002-10-09 Product: Red Hat Linux Keywords: Cross references: Obsoletes: RHSA-2002:079 CVE Names: CAN-2002-1126 CAN-2002-1091 --------------------------------------------------------------------- 1. Topic: Updated Mozilla packages are now available for Red Hat Linux. These new packages fix vulnerabilities in previous versions of Mozilla. 2. Relevant releases/architectures: Red Hat Linux 7.2 - i386, ia64 Red Hat Linux 7.3 - i386 Red Hat Linux 8.0 - i386 3. Problem description: Mozilla is an open source web browser. Versions of Mozilla previous to version 1.0.1 contain various security vulnerabilities. These vulnerabilities could be used by an attacker to read data off of the local hard drive, to gain information that should normally be kept private, and in some cases to execute arbitrary code. For more information on the specific vulnerabilities fixed please see the references below. All users of Mozilla should update to these errata packages containing Mozilla version 1.0.1 which is not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. RPMs required: Red Hat Linux 7.2: SRPMS: ftp://updates.redhat.com/7.2/en/os/SRPMS/mozilla-1.0.1-2.7.2.src.rpm ftp://updates.redhat.com/7.2/en/os/SRPMS/galeon-1.2.6-0.7.2.src.rpm ftp://updates.redhat.com/7.2/en/os/SRPMS/nautilus-1.0.4-48.src.rpm ftp://updates.redhat.com/7.2/en/os/SRPMS/gdk-pixbuf-0.14.0-0.7.2.src.rpm i386: ftp://updates.redhat.com/7.2/en/os/i386/mozilla-1.0.1-2.7.2.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/mozilla-chat-1.0.1-2.7.2.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/mozilla-devel-1.0.1-2.7.2.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/mozilla-dom-inspector-1.0.1-2.7.2.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/mozilla-js-debugger-1.0.1-2.7.2.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/mozilla-mail-1.0.1-2.7.2.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nspr-1.0.1-2.7.2.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nspr-devel-1.0.1-2.7.2.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nss-1.0.1-2.7.2.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nss-devel-1.0.1-2.7.2.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/mozilla-psm-1.0.1-2.7.2.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/galeon-1.2.6-0.7.2.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/nautilus-1.0.4-48.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/nautilus-mozilla-1.0.4-48.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/nautilus-devel-1.0.4-48.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/gdk-pixbuf-0.14.0-0.7.2.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/gdk-pixbuf-gnome-0.14.0-0.7.2.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/gdk-pixbuf-devel-0.14.0-0.7.2.i386.rpm ia64: ftp://updates.redhat.com/7.2/en/os/ia64/nautilus-1.0.4-48.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/nautilus-devel-1.0.4-48.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/gdk-pixbuf-0.14.0-0.7.2.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/gdk-pixbuf-gnome-0.14.0-0.7.2.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/gdk-pixbuf-devel-0.14.0-0.7.2.ia64.rpm Red Hat Linux 7.3: SRPMS: ftp://updates.redhat.com/7.3/en/os/SRPMS/mozilla-1.0.1-2.7.3.src.rpm ftp://updates.redhat.com/7.3/en/os/SRPMS/galeon-1.2.6-0.7.3.src.rpm ftp://updates.redhat.com/7.3/en/os/SRPMS/nautilus-1.0.6-16.src.rpm i386: ftp://updates.redhat.com/7.3/en/os/i386/mozilla-1.0.1-2.7.3.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/mozilla-chat-1.0.1-2.7.3.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/mozilla-devel-1.0.1-2.7.3.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/mozilla-dom-inspector-1.0.1-2.7.3.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/mozilla-js-debugger-1.0.1-2.7.3.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/mozilla-mail-1.0.1-2.7.3.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nspr-1.0.1-2.7.3.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nspr-devel-1.0.1-2.7.3.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nss-1.0.1-2.7.3.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nss-devel-1.0.1-2.7.3.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/mozilla-psm-1.0.1-2.7.3.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/galeon-1.2.6-0.7.3.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/nautilus-1.0.6-16.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/nautilus-mozilla-1.0.6-16.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/nautilus-devel-1.0.6-16.i386.rpm Red Hat Linux 8.0: SRPMS: ftp://updates.redhat.com/8.0/en/os/SRPMS/galeon-1.2.6-0.8.0.src.rpm ftp://updates.redhat.com/8.0/en/os/SRPMS/mozilla-1.0.1-26.src.rpm i386: ftp://updates.redhat.com/8.0/en/os/i386/galeon-1.2.6-0.8.0.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/mozilla-1.0.1-26.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/mozilla-chat-1.0.1-26.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/mozilla-devel-1.0.1-26.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/mozilla-dom-inspector-1.0.1-26.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/mozilla-js-debugger-1.0.1-26.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/mozilla-mail-1.0.1-26.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nspr-1.0.1-26.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nspr-devel-1.0.1-26.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nss-1.0.1-26.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nss-devel-1.0.1-26.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/mozilla-psm-1.0.1-26.i386.rpm 6. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 2c9290ece68000873e629ce86552a196 7.2/en/os/SRPMS/galeon-1.2.6-0.7.2.src.rpm 45ac827625017ff0fbf6d5cef7435aeb 7.2/en/os/SRPMS/gdk-pixbuf-0.14.0-0.7.2.src.rpm f92260127e30ed4da890502653b0e029 7.2/en/os/SRPMS/mozilla-1.0.1-2.7.2.src.rpm edf75a33af3af645257bd16d35637664 7.2/en/os/SRPMS/nautilus-1.0.4-48.src.rpm bce50acc0675f468a9b08d125d0f4be2 7.2/en/os/i386/galeon-1.2.6-0.7.2.i386.rpm bbaa3bf0948a2889644db081355ccfdf 7.2/en/os/i386/gdk-pixbuf-0.14.0-0.7.2.i386.rpm 35043786032f1399077cb42021e3b372 7.2/en/os/i386/gdk-pixbuf-devel-0.14.0-0.7.2.i386.rpm 37f9cf9f4fe3619c1d7e88a5a0f6ccca 7.2/en/os/i386/gdk-pixbuf-gnome-0.14.0-0.7.2.i386.rpm 55cae02cdb3588ecdb5c98162658dcf0 7.2/en/os/i386/mozilla-1.0.1-2.7.2.i386.rpm f02f614a369d697f72d4668306b429a3 7.2/en/os/i386/mozilla-chat-1.0.1-2.7.2.i386.rpm c837cb4b7e86c203e3826e154bdd53bc 7.2/en/os/i386/mozilla-devel-1.0.1-2.7.2.i386.rpm eb96ae6280da1b4e9af11320e466d95a 7.2/en/os/i386/mozilla-dom-inspector-1.0.1-2.7.2.i386.rpm 9c3612262d14acf6453c6e12d2931cd8 7.2/en/os/i386/mozilla-js-debugger-1.0.1-2.7.2.i386.rpm 4049e74e502d396c6de586f23d1e6543 7.2/en/os/i386/mozilla-mail-1.0.1-2.7.2.i386.rpm b7845d71694282593fab8d7e59761592 7.2/en/os/i386/mozilla-nspr-1.0.1-2.7.2.i386.rpm caf0ad56986e6be4c7e2143c26729e09 7.2/en/os/i386/mozilla-nspr-devel-1.0.1-2.7.2.i386.rpm 8fa96d2226a69d3e90042bd96ff755ef 7.2/en/os/i386/mozilla-nss-1.0.1-2.7.2.i386.rpm 4fbd4d48b9fed65d1d78790dd8f1df6c 7.2/en/os/i386/mozilla-nss-devel-1.0.1-2.7.2.i386.rpm 1153effb7a20ba940d84ccf4d2d1ba6d 7.2/en/os/i386/mozilla-psm-1.0.1-2.7.2.i386.rpm e0719ff530dceeaf85c0b35a076ff248 7.2/en/os/i386/nautilus-1.0.4-48.i386.rpm 5733116ad2f47d7af6f28e96c2d96545 7.2/en/os/i386/nautilus-devel-1.0.4-48.i386.rpm a35343068ce221c7cae6c321b8999c6f 7.2/en/os/i386/nautilus-mozilla-1.0.4-48.i386.rpm a214992d302e65c74547cb4f76754037 7.2/en/os/ia64/gdk-pixbuf-0.14.0-0.7.2.ia64.rpm ee37c010271bdef5d716cb9893ce86a2 7.2/en/os/ia64/gdk-pixbuf-devel-0.14.0-0.7.2.ia64.rpm ba5982cf9c1ab63b92206bd9b599504c 7.2/en/os/ia64/gdk-pixbuf-gnome-0.14.0-0.7.2.ia64.rpm dc7707c2e2e580801ef4e56628a73abb 7.2/en/os/ia64/nautilus-1.0.4-48.ia64.rpm 4e7d0a6909c132733dc9e9d935155626 7.2/en/os/ia64/nautilus-devel-1.0.4-48.ia64.rpm fb77474103240a26f072c20a7fd882aa 7.3/en/os/SRPMS/galeon-1.2.6-0.7.3.src.rpm 413fdcc522366c152052a45c04cbd514 7.3/en/os/SRPMS/mozilla-1.0.1-2.7.3.src.rpm 96f43ccc321db5a6c94aa8918bd67276 7.3/en/os/SRPMS/nautilus-1.0.6-16.src.rpm 9e6581d0c1130fe9c5b586fef8b801fd 7.3/en/os/i386/galeon-1.2.6-0.7.3.i386.rpm 3b7cbffce1e495fa0e7ab35524b6d8a7 7.3/en/os/i386/mozilla-1.0.1-2.7.3.i386.rpm c904e415dd240afd88858fc190e434f1 7.3/en/os/i386/mozilla-chat-1.0.1-2.7.3.i386.rpm bc8b506c8ba8ef533cb7aee51463d1fc 7.3/en/os/i386/mozilla-devel-1.0.1-2.7.3.i386.rpm 23e6364b844beda678b47d4eec6fd7c7 7.3/en/os/i386/mozilla-dom-inspector-1.0.1-2.7.3.i386.rpm d9d5da9c42bb40629be4e2f569a535f8 7.3/en/os/i386/mozilla-js-debugger-1.0.1-2.7.3.i386.rpm 1002a1657091994e2b6c641efccd3084 7.3/en/os/i386/mozilla-mail-1.0.1-2.7.3.i386.rpm e5088a329b5b370f99d1bcdc91fd1da5 7.3/en/os/i386/mozilla-nspr-1.0.1-2.7.3.i386.rpm 4d91282c418fd138d463a4f597fbe0c8 7.3/en/os/i386/mozilla-nspr-devel-1.0.1-2.7.3.i386.rpm 5cc1495b12fcb7aa2c5bd12cc8f3cb00 7.3/en/os/i386/mozilla-nss-1.0.1-2.7.3.i386.rpm 6bece76a0b4c597a2e421c9dff5abf37 7.3/en/os/i386/mozilla-nss-devel-1.0.1-2.7.3.i386.rpm e14c15e957472c4e1258df02821c9a42 7.3/en/os/i386/mozilla-psm-1.0.1-2.7.3.i386.rpm d35b4a163ae71d132a1f54abb04c6dfc 7.3/en/os/i386/nautilus-1.0.6-16.i386.rpm 379c05ad14b9a8154a9afe1259fe9435 7.3/en/os/i386/nautilus-devel-1.0.6-16.i386.rpm bfea3b16bf8ef7a706c796a26ea4afdb 7.3/en/os/i386/nautilus-mozilla-1.0.6-16.i386.rpm ad145735d93c8ab0e1a6ae067ce8087d 8.0/en/os/SRPMS/galeon-1.2.6-0.8.0.src.rpm a72e5a350f3d8060510cbae91ac0f7a2 8.0/en/os/SRPMS/mozilla-1.0.1-26.src.rpm d8d8b5eb226c715b6f2caadd891f3589 8.0/en/os/i386/galeon-1.2.6-0.8.0.i386.rpm 8970dd4ed15dc723b69981a759dc276d 8.0/en/os/i386/mozilla-1.0.1-26.i386.rpm c937a851972b2dc0b5fc3fcb1102b271 8.0/en/os/i386/mozilla-chat-1.0.1-26.i386.rpm dea17caeaecf5409b109c159c103b79f 8.0/en/os/i386/mozilla-devel-1.0.1-26.i386.rpm e076a16d042773e89e12b28b7881b0d3 8.0/en/os/i386/mozilla-dom-inspector-1.0.1-26.i386.rpm 4e598807c3deb705bb1acaf49d27bdc1 8.0/en/os/i386/mozilla-js-debugger-1.0.1-26.i386.rpm 738ab97dc4b45cdfc2f2183b34094b0e 8.0/en/os/i386/mozilla-mail-1.0.1-26.i386.rpm dafdc4e139a1b472facce214480de017 8.0/en/os/i386/mozilla-nspr-1.0.1-26.i386.rpm 1f5436dcc047c4957235abde0c7d635f 8.0/en/os/i386/mozilla-nspr-devel-1.0.1-26.i386.rpm 8e9bdb03a9ddd07a48fa1dac1268a89d 8.0/en/os/i386/mozilla-nss-1.0.1-26.i386.rpm 8c943caa6cfb3f885ecaed505682fdba 8.0/en/os/i386/mozilla-nss-devel-1.0.1-26.i386.rpm e626196daf83519788f137637c9599d1 8.0/en/os/i386/mozilla-psm-1.0.1-26.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/about/contact/pgpkey.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 7. References: http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html http://bugzilla.mozilla.org/show_bug.cgi?id=145579 http://bugzilla.mozilla.org/show_bug.cgi?id=169982 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1126 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1091 Copyright(c) 2000, 2001, 2002 Red Hat, Inc. _______________________________________________ Redhat-watch-list mailing list To unsubscribe, visit: https://listman.redhat.com/mailman/listinfo/redhat-watch-list