__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Updated Mozilla Packages Fix a Buffer Overflow [Red Hat RHSA-2005:038-05] January 13, 2005 18:00 GMT Number P-098 [REVISED 27 Jan 2005] [REVISED 04 Feb 2005] [REVISED 20 Apr 2005] ______________________________________________________________________________ PROBLEM: There is a buffer overflow bug in the way Mozilla handles Network News Transport Protocol (NNTP)URLs. PLATFORM: Mozilla 1.7.3 and earlier Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS, ES, WS (v. 2.1) & (v. 3) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor HP Tru64 UNIX 5.1B-2/PK4, 5.1B-1/PK3, 5.1A PK6 HP-UX B.11.00, B.11.11, B.11.22, B.11.23 DAMAGE: It may be possible for an attacker to execute arbitrary code on the victim's machine. SOLUTION: Upgrade to the appropriate package. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. A user would have to visit a malicious web ASSESSMENT: page or be coerced to click on a malicious link. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/p-098.shtml ORIGINAL BULLETIN: Red Hat RHSA-2005:038-05 https://rhn.redhat.com/errata/RHSA-2005-038.html ADDITIONAL LINKS: SGI Security Advisory #20050101-01-U Security Update #23 http://www.sgi.com/support/security/advisories.html Visit Hewlett Packard Subscription Service for: HPSBTU01114 / SSRT 5895 AND HPSBUX01133 / SSRT 5940 CVE/CAN: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CAN-2004-1316 ______________________________________________________________________________ REVISION HISTORY: 01/27/2005 - added a link to SGI Security Advisory #20050101-01-U for SGI Advanced Linux Enterprise 3 Security Update #23. 02/04/2005 - added a reference to HP Security Bulletin HPSBTU01114 SSRT5895 that provides patches for HP Tru64 UNIX 5.1B-2/PK4, 5.1B-1/PK3 and 5.1A PK6. 04/20/2005 - added a reference to HP Security Bulletin HPSBUX01133 SSRT5940 that provides patches for HP-UX B.11.00, B.11.11, B.11.22, B.11.23. [***** Start Red Hat RHSA-2005:038-05 *****] Updated mozilla packages fix a buffer overflow Advisory: RHSA-2005:038-05 Last updated on: 2005-01-13 Affected Products: Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor CVEs (cve.mitre.org): CAN-2004-1316 back Security Advisory Details: Updated mozilla packages that fix a buffer overflow issue are now available. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. iSEC Security Research has discovered a buffer overflow bug in the way Mozilla handles NNTP URLs. If a user visits a malicious web page or is convinced to click on a malicious link, it may be possible for an attacker to execute arbitrary code on the victim's machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1316 to this issue. Users of Mozilla should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. Updated packages: Red Hat Desktop (v. 3) -------------------------------------------------------------------------------- SRPMS: mozilla-1.4.3-3.0.7.src.rpm ad9534b7525fb57427d5cdc11de82cf2 IA-32: mozilla-1.4.3-3.0.7.i386.rpm a11b0fd761dc02738c3c67e25f320da1 mozilla-chat-1.4.3-3.0.7.i386.rpm cf0a8398a63f7bd40a5049edebd7db87 mozilla-devel-1.4.3-3.0.7.i386.rpm 929f572c9364314d535c9a38f4d8a498 mozilla-dom-inspector-1.4.3-3.0.7.i386.rpm eb72c9e1394030d4bb90a9991f52e81e mozilla-js-debugger-1.4.3-3.0.7.i386.rpm 1fb99678c2d06bbe4895d8c62b6d1abb mozilla-mail-1.4.3-3.0.7.i386.rpm 076ff55c5dbaf753cec88c0109888d96 mozilla-nspr-1.4.3-3.0.7.i386.rpm e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-devel-1.4.3-3.0.7.i386.rpm 90ddf2ef4341cb3bbee95fa669b9dc5d mozilla-nss-1.4.3-3.0.7.i386.rpm 8559fa287563eee48563137eb00e5b2b mozilla-nss-devel-1.4.3-3.0.7.i386.rpm 01c7216160e7f373fd73b1c331a12148 x86_64: mozilla-1.4.3-3.0.7.i386.rpm a11b0fd761dc02738c3c67e25f320da1 mozilla-1.4.3-3.0.7.x86_64.rpm a27d4c67306f290a5d0c910223ccc4d8 mozilla-chat-1.4.3-3.0.7.x86_64.rpm adfd293311e18c4f612b130dfefa2dfd mozilla-devel-1.4.3-3.0.7.x86_64.rpm 94d458713bd6c5b6be2e3b579a2e58d7 mozilla-dom-inspector-1.4.3-3.0.7.x86_64.rpm b78d4c71019afdcf52b41026196e9426 mozilla-js-debugger-1.4.3-3.0.7.x86_64.rpm af6e60db5bbc5dcd995122327eb832c3 mozilla-mail-1.4.3-3.0.7.x86_64.rpm c76ed9e84fd7e6c5d1828690811383d5 mozilla-nspr-1.4.3-3.0.7.i386.rpm e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-1.4.3-3.0.7.x86_64.rpm 59ca22eca688a39a9a5c9741ae428e54 mozilla-nspr-devel-1.4.3-3.0.7.x86_64.rpm 5c90029ee49332f263839402e42b236b mozilla-nss-1.4.3-3.0.7.i386.rpm 8559fa287563eee48563137eb00e5b2b mozilla-nss-1.4.3-3.0.7.x86_64.rpm 8a47f807d74cf4681b899563e49dc439 mozilla-nss-devel-1.4.3-3.0.7.x86_64.rpm ebf29e52da952d9fc8f49fbb89138d41 Red Hat Enterprise Linux AS (v. 2.1) -------------------------------------------------------------------------------- SRPMS: mozilla-1.4.3-2.1.5.src.rpm fefa59012cd31f131236a9375a0503f0 IA-32: mozilla-1.4.3-2.1.5.i386.rpm 46eb27212aa9c60a94c28cc4a5d25e42 mozilla-chat-1.4.3-2.1.5.i386.rpm e8977f1973bff2de581837f21e03dd49 mozilla-devel-1.4.3-2.1.5.i386.rpm 028ec7c7d3a8602dd170d121ef1247d9 mozilla-dom-inspector-1.4.3-2.1.5.i386.rpm ebb437146df9f11df6374d9a8aac93de mozilla-js-debugger-1.4.3-2.1.5.i386.rpm aa57587e31eb6010ed2ebefdf9db31db mozilla-mail-1.4.3-2.1.5.i386.rpm 81569282cb766a9b7feb069ec6e6c2a9 mozilla-nspr-1.4.3-2.1.5.i386.rpm 8da39274901c76ef6ea2abfbb762a14b mozilla-nspr-devel-1.4.3-2.1.5.i386.rpm 258ba701c07cfcef587ad6ea76555279 mozilla-nss-1.4.3-2.1.5.i386.rpm efaf0a6599ac580b26966feaf26d9dd2 mozilla-nss-devel-1.4.3-2.1.5.i386.rpm 3383a0fc903e906f39d5fa122d78053b IA-64: mozilla-1.4.3-2.1.5.ia64.rpm 7bd9778e4ca85b48da0d11847e41d33b mozilla-chat-1.4.3-2.1.5.ia64.rpm 23f2abb5e47d69fa2a7e306c481304f1 mozilla-devel-1.4.3-2.1.5.ia64.rpm 567a749da35f376b7293537d12f1a6a4 mozilla-dom-inspector-1.4.3-2.1.5.ia64.rpm f9b899f673c60915d395a592740fb471 mozilla-js-debugger-1.4.3-2.1.5.ia64.rpm f7fb841eaab55ea5cf252f91fcb44593 mozilla-mail-1.4.3-2.1.5.ia64.rpm 382b1225cdb048a812cea97c63deba1b mozilla-nspr-1.4.3-2.1.5.ia64.rpm c5122858d5d9fc328f0e624ea7c18de4 mozilla-nspr-devel-1.4.3-2.1.5.ia64.rpm 73cc6599ee5e855b2420cb4616a13420 mozilla-nss-1.4.3-2.1.5.ia64.rpm 08588296179874ab3e2d64554b4e9898 mozilla-nss-devel-1.4.3-2.1.5.ia64.rpm 8a216307ccd5a1170c0f2aff6677257c Red Hat Enterprise Linux AS (v. 3) -------------------------------------------------------------------------------- SRPMS: mozilla-1.4.3-3.0.7.src.rpm ad9534b7525fb57427d5cdc11de82cf2 IA-32: mozilla-1.4.3-3.0.7.i386.rpm a11b0fd761dc02738c3c67e25f320da1 mozilla-chat-1.4.3-3.0.7.i386.rpm cf0a8398a63f7bd40a5049edebd7db87 mozilla-devel-1.4.3-3.0.7.i386.rpm 929f572c9364314d535c9a38f4d8a498 mozilla-dom-inspector-1.4.3-3.0.7.i386.rpm eb72c9e1394030d4bb90a9991f52e81e mozilla-js-debugger-1.4.3-3.0.7.i386.rpm 1fb99678c2d06bbe4895d8c62b6d1abb mozilla-mail-1.4.3-3.0.7.i386.rpm 076ff55c5dbaf753cec88c0109888d96 mozilla-nspr-1.4.3-3.0.7.i386.rpm e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-devel-1.4.3-3.0.7.i386.rpm 90ddf2ef4341cb3bbee95fa669b9dc5d mozilla-nss-1.4.3-3.0.7.i386.rpm 8559fa287563eee48563137eb00e5b2b mozilla-nss-devel-1.4.3-3.0.7.i386.rpm 01c7216160e7f373fd73b1c331a12148 IA-64: mozilla-1.4.3-3.0.7.ia64.rpm bc7bae6c79eea865e59a6217fd101a50 mozilla-chat-1.4.3-3.0.7.ia64.rpm 5c66051e4d10a3e8879c5429b73a36af mozilla-devel-1.4.3-3.0.7.ia64.rpm 5d9f22a3498edec84c1e2e534ba0620a mozilla-dom-inspector-1.4.3-3.0.7.ia64.rpm b495c264cb52d0f15c2e51ce29f743f5 mozilla-js-debugger-1.4.3-3.0.7.ia64.rpm 9ca814199cadd2cd5797555b898a3006 mozilla-mail-1.4.3-3.0.7.ia64.rpm 7014f4ab5dd4f53e8cd29e8c4e3fa4e2 mozilla-nspr-1.4.3-3.0.7.i386.rpm e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-1.4.3-3.0.7.ia64.rpm 22b1619f1c799aaca7661493924969f6 mozilla-nspr-devel-1.4.3-3.0.7.ia64.rpm f0a1eea9aeb6606e6e5d7eec65f612ed mozilla-nss-1.4.3-3.0.7.i386.rpm 8559fa287563eee48563137eb00e5b2b mozilla-nss-1.4.3-3.0.7.ia64.rpm ee951417a6b9f33d19e0be4ca4e4429e mozilla-nss-devel-1.4.3-3.0.7.ia64.rpm 82874daf499f0183a7f26ca73e005578 PPC: mozilla-1.4.3-3.0.7.ppc.rpm 71dbd8350ebf7ad2a059b297172efbe7 mozilla-chat-1.4.3-3.0.7.ppc.rpm db858090a8707492f94fbe5dcd7413d6 mozilla-devel-1.4.3-3.0.7.ppc.rpm 313dbd71e7845b6c7b0175d95341c831 mozilla-dom-inspector-1.4.3-3.0.7.ppc.rpm af177959280c44a84021583be2bcfd59 mozilla-js-debugger-1.4.3-3.0.7.ppc.rpm e649ccede061fbc6b2a3b67e8de0697e mozilla-mail-1.4.3-3.0.7.ppc.rpm 0b819832f88d940f2c30330cfce471b9 mozilla-nspr-1.4.3-3.0.7.ppc.rpm 8b45f1ea66ad2fcebf0d3823050ec7cc mozilla-nspr-devel-1.4.3-3.0.7.ppc.rpm 6b9a5a195d4e80cf1308404e9c738990 mozilla-nss-1.4.3-3.0.7.ppc.rpm 61c1ea43cd206b34ba82d388f54e8747 mozilla-nss-devel-1.4.3-3.0.7.ppc.rpm 356d0935643ca7057c90334e5ec950b9 s390: mozilla-1.4.3-3.0.7.s390.rpm 3dd8ec69ea05d3a829be28e7eefc617a mozilla-chat-1.4.3-3.0.7.s390.rpm 757495d25d0109881396658d085790c7 mozilla-devel-1.4.3-3.0.7.s390.rpm 6863e768ecb6fbc9d5a19a98f0ec737d mozilla-dom-inspector-1.4.3-3.0.7.s390.rpm 45ecbc18e361e431360058e64e47e05e mozilla-js-debugger-1.4.3-3.0.7.s390.rpm a518a5ade274534c8144e3b5afbb8679 mozilla-mail-1.4.3-3.0.7.s390.rpm 09da55cb5b3aa4b3a58f4025d2a8c10a mozilla-nspr-1.4.3-3.0.7.s390.rpm 4677210674aea7f27c275b2917cc156a mozilla-nspr-devel-1.4.3-3.0.7.s390.rpm 7bea294de9a88fc48919c8b0ba52e0be mozilla-nss-1.4.3-3.0.7.s390.rpm 7679f89fce879782df025fbebb729938 mozilla-nss-devel-1.4.3-3.0.7.s390.rpm 43544f6fe51fe36a48ae70c92feb8404 s390x: mozilla-1.4.3-3.0.7.s390x.rpm e65aa04ad572b7e55598f6018d25476f mozilla-chat-1.4.3-3.0.7.s390x.rpm 657f03114553d097c34a33e51d7e9e00 mozilla-devel-1.4.3-3.0.7.s390x.rpm 8405cd59e689ffd6d762900c6edb736e mozilla-dom-inspector-1.4.3-3.0.7.s390x.rpm 95fa5e7b5615afa7d3e79c76a1c81a1f mozilla-js-debugger-1.4.3-3.0.7.s390x.rpm 93551a339139bd0f49b128d014831b6e mozilla-mail-1.4.3-3.0.7.s390x.rpm b0c008c26ea226d72aef9c1c93cbc3e3 mozilla-nspr-1.4.3-3.0.7.s390.rpm 4677210674aea7f27c275b2917cc156a mozilla-nspr-1.4.3-3.0.7.s390x.rpm f62d53eeab524454606e2f19be58c2ca mozilla-nspr-devel-1.4.3-3.0.7.s390x.rpm 034ca24c1cd18ddfa46304a5e67a84e9 mozilla-nss-1.4.3-3.0.7.s390.rpm 7679f89fce879782df025fbebb729938 mozilla-nss-1.4.3-3.0.7.s390x.rpm fcf5756feebe0f19e29d13b6a439e6dc mozilla-nss-devel-1.4.3-3.0.7.s390x.rpm 77218e542a45e24ded278db463d0438f x86_64: mozilla-1.4.3-3.0.7.i386.rpm a11b0fd761dc02738c3c67e25f320da1 mozilla-1.4.3-3.0.7.x86_64.rpm a27d4c67306f290a5d0c910223ccc4d8 mozilla-chat-1.4.3-3.0.7.x86_64.rpm adfd293311e18c4f612b130dfefa2dfd mozilla-devel-1.4.3-3.0.7.x86_64.rpm 94d458713bd6c5b6be2e3b579a2e58d7 mozilla-dom-inspector-1.4.3-3.0.7.x86_64.rpm b78d4c71019afdcf52b41026196e9426 mozilla-js-debugger-1.4.3-3.0.7.x86_64.rpm af6e60db5bbc5dcd995122327eb832c3 mozilla-mail-1.4.3-3.0.7.x86_64.rpm c76ed9e84fd7e6c5d1828690811383d5 mozilla-nspr-1.4.3-3.0.7.i386.rpm e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-1.4.3-3.0.7.x86_64.rpm 59ca22eca688a39a9a5c9741ae428e54 mozilla-nspr-devel-1.4.3-3.0.7.x86_64.rpm 5c90029ee49332f263839402e42b236b mozilla-nss-1.4.3-3.0.7.i386.rpm 8559fa287563eee48563137eb00e5b2b mozilla-nss-1.4.3-3.0.7.x86_64.rpm 8a47f807d74cf4681b899563e49dc439 mozilla-nss-devel-1.4.3-3.0.7.x86_64.rpm ebf29e52da952d9fc8f49fbb89138d41 Red Hat Enterprise Linux ES (v. 2.1) -------------------------------------------------------------------------------- SRPMS: mozilla-1.4.3-2.1.5.src.rpm fefa59012cd31f131236a9375a0503f0 IA-32: mozilla-1.4.3-2.1.5.i386.rpm 46eb27212aa9c60a94c28cc4a5d25e42 mozilla-chat-1.4.3-2.1.5.i386.rpm e8977f1973bff2de581837f21e03dd49 mozilla-devel-1.4.3-2.1.5.i386.rpm 028ec7c7d3a8602dd170d121ef1247d9 mozilla-dom-inspector-1.4.3-2.1.5.i386.rpm ebb437146df9f11df6374d9a8aac93de mozilla-js-debugger-1.4.3-2.1.5.i386.rpm aa57587e31eb6010ed2ebefdf9db31db mozilla-mail-1.4.3-2.1.5.i386.rpm 81569282cb766a9b7feb069ec6e6c2a9 mozilla-nspr-1.4.3-2.1.5.i386.rpm 8da39274901c76ef6ea2abfbb762a14b mozilla-nspr-devel-1.4.3-2.1.5.i386.rpm 258ba701c07cfcef587ad6ea76555279 mozilla-nss-1.4.3-2.1.5.i386.rpm efaf0a6599ac580b26966feaf26d9dd2 mozilla-nss-devel-1.4.3-2.1.5.i386.rpm 3383a0fc903e906f39d5fa122d78053b Red Hat Enterprise Linux ES (v. 3) -------------------------------------------------------------------------------- SRPMS: mozilla-1.4.3-3.0.7.src.rpm ad9534b7525fb57427d5cdc11de82cf2 IA-32: mozilla-1.4.3-3.0.7.i386.rpm a11b0fd761dc02738c3c67e25f320da1 mozilla-chat-1.4.3-3.0.7.i386.rpm cf0a8398a63f7bd40a5049edebd7db87 mozilla-devel-1.4.3-3.0.7.i386.rpm 929f572c9364314d535c9a38f4d8a498 mozilla-dom-inspector-1.4.3-3.0.7.i386.rpm eb72c9e1394030d4bb90a9991f52e81e mozilla-js-debugger-1.4.3-3.0.7.i386.rpm 1fb99678c2d06bbe4895d8c62b6d1abb mozilla-mail-1.4.3-3.0.7.i386.rpm 076ff55c5dbaf753cec88c0109888d96 mozilla-nspr-1.4.3-3.0.7.i386.rpm e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-devel-1.4.3-3.0.7.i386.rpm 90ddf2ef4341cb3bbee95fa669b9dc5d mozilla-nss-1.4.3-3.0.7.i386.rpm 8559fa287563eee48563137eb00e5b2b mozilla-nss-devel-1.4.3-3.0.7.i386.rpm 01c7216160e7f373fd73b1c331a12148 IA-64: mozilla-1.4.3-3.0.7.ia64.rpm bc7bae6c79eea865e59a6217fd101a50 mozilla-chat-1.4.3-3.0.7.ia64.rpm 5c66051e4d10a3e8879c5429b73a36af mozilla-devel-1.4.3-3.0.7.ia64.rpm 5d9f22a3498edec84c1e2e534ba0620a mozilla-dom-inspector-1.4.3-3.0.7.ia64.rpm b495c264cb52d0f15c2e51ce29f743f5 mozilla-js-debugger-1.4.3-3.0.7.ia64.rpm 9ca814199cadd2cd5797555b898a3006 mozilla-mail-1.4.3-3.0.7.ia64.rpm 7014f4ab5dd4f53e8cd29e8c4e3fa4e2 mozilla-nspr-1.4.3-3.0.7.i386.rpm e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-1.4.3-3.0.7.ia64.rpm 22b1619f1c799aaca7661493924969f6 mozilla-nspr-devel-1.4.3-3.0.7.ia64.rpm f0a1eea9aeb6606e6e5d7eec65f612ed mozilla-nss-1.4.3-3.0.7.i386.rpm 8559fa287563eee48563137eb00e5b2b mozilla-nss-1.4.3-3.0.7.ia64.rpm ee951417a6b9f33d19e0be4ca4e4429e mozilla-nss-devel-1.4.3-3.0.7.ia64.rpm 82874daf499f0183a7f26ca73e005578 x86_64: mozilla-1.4.3-3.0.7.i386.rpm a11b0fd761dc02738c3c67e25f320da1 mozilla-1.4.3-3.0.7.x86_64.rpm a27d4c67306f290a5d0c910223ccc4d8 mozilla-chat-1.4.3-3.0.7.x86_64.rpm adfd293311e18c4f612b130dfefa2dfd mozilla-devel-1.4.3-3.0.7.x86_64.rpm 94d458713bd6c5b6be2e3b579a2e58d7 mozilla-dom-inspector-1.4.3-3.0.7.x86_64.rpm b78d4c71019afdcf52b41026196e9426 mozilla-js-debugger-1.4.3-3.0.7.x86_64.rpm af6e60db5bbc5dcd995122327eb832c3 mozilla-mail-1.4.3-3.0.7.x86_64.rpm c76ed9e84fd7e6c5d1828690811383d5 mozilla-nspr-1.4.3-3.0.7.i386.rpm e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-1.4.3-3.0.7.x86_64.rpm 59ca22eca688a39a9a5c9741ae428e54 mozilla-nspr-devel-1.4.3-3.0.7.x86_64.rpm 5c90029ee49332f263839402e42b236b mozilla-nss-1.4.3-3.0.7.i386.rpm 8559fa287563eee48563137eb00e5b2b mozilla-nss-1.4.3-3.0.7.x86_64.rpm 8a47f807d74cf4681b899563e49dc439 mozilla-nss-devel-1.4.3-3.0.7.x86_64.rpm ebf29e52da952d9fc8f49fbb89138d41 Red Hat Enterprise Linux WS (v. 2.1) -------------------------------------------------------------------------------- SRPMS: mozilla-1.4.3-2.1.5.src.rpm fefa59012cd31f131236a9375a0503f0 IA-32: mozilla-1.4.3-2.1.5.i386.rpm 46eb27212aa9c60a94c28cc4a5d25e42 mozilla-chat-1.4.3-2.1.5.i386.rpm e8977f1973bff2de581837f21e03dd49 mozilla-devel-1.4.3-2.1.5.i386.rpm 028ec7c7d3a8602dd170d121ef1247d9 mozilla-dom-inspector-1.4.3-2.1.5.i386.rpm ebb437146df9f11df6374d9a8aac93de mozilla-js-debugger-1.4.3-2.1.5.i386.rpm aa57587e31eb6010ed2ebefdf9db31db mozilla-mail-1.4.3-2.1.5.i386.rpm 81569282cb766a9b7feb069ec6e6c2a9 mozilla-nspr-1.4.3-2.1.5.i386.rpm 8da39274901c76ef6ea2abfbb762a14b mozilla-nspr-devel-1.4.3-2.1.5.i386.rpm 258ba701c07cfcef587ad6ea76555279 mozilla-nss-1.4.3-2.1.5.i386.rpm efaf0a6599ac580b26966feaf26d9dd2 mozilla-nss-devel-1.4.3-2.1.5.i386.rpm 3383a0fc903e906f39d5fa122d78053b Red Hat Enterprise Linux WS (v. 3) -------------------------------------------------------------------------------- SRPMS: mozilla-1.4.3-3.0.7.src.rpm ad9534b7525fb57427d5cdc11de82cf2 IA-32: mozilla-1.4.3-3.0.7.i386.rpm a11b0fd761dc02738c3c67e25f320da1 mozilla-chat-1.4.3-3.0.7.i386.rpm cf0a8398a63f7bd40a5049edebd7db87 mozilla-devel-1.4.3-3.0.7.i386.rpm 929f572c9364314d535c9a38f4d8a498 mozilla-dom-inspector-1.4.3-3.0.7.i386.rpm eb72c9e1394030d4bb90a9991f52e81e mozilla-js-debugger-1.4.3-3.0.7.i386.rpm 1fb99678c2d06bbe4895d8c62b6d1abb mozilla-mail-1.4.3-3.0.7.i386.rpm 076ff55c5dbaf753cec88c0109888d96 mozilla-nspr-1.4.3-3.0.7.i386.rpm e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-devel-1.4.3-3.0.7.i386.rpm 90ddf2ef4341cb3bbee95fa669b9dc5d mozilla-nss-1.4.3-3.0.7.i386.rpm 8559fa287563eee48563137eb00e5b2b mozilla-nss-devel-1.4.3-3.0.7.i386.rpm 01c7216160e7f373fd73b1c331a12148 IA-64: mozilla-1.4.3-3.0.7.ia64.rpm bc7bae6c79eea865e59a6217fd101a50 mozilla-chat-1.4.3-3.0.7.ia64.rpm 5c66051e4d10a3e8879c5429b73a36af mozilla-devel-1.4.3-3.0.7.ia64.rpm 5d9f22a3498edec84c1e2e534ba0620a mozilla-dom-inspector-1.4.3-3.0.7.ia64.rpm b495c264cb52d0f15c2e51ce29f743f5 mozilla-js-debugger-1.4.3-3.0.7.ia64.rpm 9ca814199cadd2cd5797555b898a3006 mozilla-mail-1.4.3-3.0.7.ia64.rpm 7014f4ab5dd4f53e8cd29e8c4e3fa4e2 mozilla-nspr-1.4.3-3.0.7.i386.rpm e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-1.4.3-3.0.7.ia64.rpm 22b1619f1c799aaca7661493924969f6 mozilla-nspr-devel-1.4.3-3.0.7.ia64.rpm f0a1eea9aeb6606e6e5d7eec65f612ed mozilla-nss-1.4.3-3.0.7.i386.rpm 8559fa287563eee48563137eb00e5b2b mozilla-nss-1.4.3-3.0.7.ia64.rpm ee951417a6b9f33d19e0be4ca4e4429e mozilla-nss-devel-1.4.3-3.0.7.ia64.rpm 82874daf499f0183a7f26ca73e005578 x86_64: mozilla-1.4.3-3.0.7.i386.rpm a11b0fd761dc02738c3c67e25f320da1 mozilla-1.4.3-3.0.7.x86_64.rpm a27d4c67306f290a5d0c910223ccc4d8 mozilla-chat-1.4.3-3.0.7.x86_64.rpm adfd293311e18c4f612b130dfefa2dfd mozilla-devel-1.4.3-3.0.7.x86_64.rpm 94d458713bd6c5b6be2e3b579a2e58d7 mozilla-dom-inspector-1.4.3-3.0.7.x86_64.rpm b78d4c71019afdcf52b41026196e9426 mozilla-js-debugger-1.4.3-3.0.7.x86_64.rpm af6e60db5bbc5dcd995122327eb832c3 mozilla-mail-1.4.3-3.0.7.x86_64.rpm c76ed9e84fd7e6c5d1828690811383d5 mozilla-nspr-1.4.3-3.0.7.i386.rpm e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-1.4.3-3.0.7.x86_64.rpm 59ca22eca688a39a9a5c9741ae428e54 mozilla-nspr-devel-1.4.3-3.0.7.x86_64.rpm 5c90029ee49332f263839402e42b236b mozilla-nss-1.4.3-3.0.7.i386.rpm 8559fa287563eee48563137eb00e5b2b mozilla-nss-1.4.3-3.0.7.x86_64.rpm 8a47f807d74cf4681b899563e49dc439 mozilla-nss-devel-1.4.3-3.0.7.x86_64.rpm ebf29e52da952d9fc8f49fbb89138d41 Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor -------------------------------------------------------------------------------- SRPMS: mozilla-1.4.3-2.1.5.src.rpm fefa59012cd31f131236a9375a0503f0 IA-64: mozilla-1.4.3-2.1.5.ia64.rpm 7bd9778e4ca85b48da0d11847e41d33b mozilla-chat-1.4.3-2.1.5.ia64.rpm 23f2abb5e47d69fa2a7e306c481304f1 mozilla-devel-1.4.3-2.1.5.ia64.rpm 567a749da35f376b7293537d12f1a6a4 mozilla-dom-inspector-1.4.3-2.1.5.ia64.rpm f9b899f673c60915d395a592740fb471 mozilla-js-debugger-1.4.3-2.1.5.ia64.rpm f7fb841eaab55ea5cf252f91fcb44593 mozilla-mail-1.4.3-2.1.5.ia64.rpm 382b1225cdb048a812cea97c63deba1b mozilla-nspr-1.4.3-2.1.5.ia64.rpm c5122858d5d9fc328f0e624ea7c18de4 mozilla-nspr-devel-1.4.3-2.1.5.ia64.rpm 73cc6599ee5e855b2420cb4616a13420 mozilla-nss-1.4.3-2.1.5.ia64.rpm 08588296179874ab3e2d64554b4e9898 mozilla-nss-devel-1.4.3-2.1.5.ia64.rpm 8a216307ccd5a1170c0f2aff6677257c (The unlinked packages above are only available from the Red Hat Network) Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ Bugs fixed: (see bugzilla for more information) 143994 - CAN-2004-1316 buffer overflow in mozilla References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1316 http://www.isec.pl/vulnerabilities/isec-0020-mozilla.txt -------------------------------------------------------------------------------- The listed packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/solutions/security/news/publickey/#key You can verify each package and see who signed it with the following command: rpm --checksig -v filename If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum filename The Red Hat security contact is security@redhat.com. More contact details at http://www.redhat.com/solutions/security/news/contact.html [***** End Red Hat RHSA-2005:038-05 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) P-088: Buffer Overflow in PDF Processing part of CUPS P-089: Buffer Overflow in 'nasm' P-090: VIM Modeline Vulnerability P-091: 'tiff' Unsanitized Input Vulnerability P-092: kdelibs -- Unsanitised Input P-093: HTML Help ActiveX Control Cross Domain Vulnerability P-094: Microsoft Vulnerability in Cursor and Icon Format Handling P-095: Microsoft Vulnerability in the Indexing Service P-096: Sun SMC Default Configuration GUI Creates User Accounts with Blank Password Instead of Locked Accounts P-097: Debian Exim Buffer Overflow