---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated Mozilla packages fix security vulnerabilities
Advisory ID: RHSA-2002:192-13
Issue date: 2002-08-28
Updated on: 2002-10-09
Product: Red Hat Linux
Keywords:
Cross references:
Obsoletes: RHSA-2002:079
CVE Names: CAN-2002-1126 CAN-2002-1091
---------------------------------------------------------------------
1. Topic:
Updated Mozilla packages are now available for Red Hat Linux. These new
packages fix vulnerabilities in previous versions of Mozilla.
2. Relevant releases/architectures:
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386
3. Problem description:
Mozilla is an open source web browser. Versions of Mozilla previous to
version 1.0.1 contain various security vulnerabilities. These
vulnerabilities could be used by an attacker to read data off of the local
hard drive, to gain information that should normally be kept private, and
in some cases to execute arbitrary code. For more information on the
specific vulnerabilities fixed please see the references below.
All users of Mozilla should update to these errata packages containing
Mozilla version 1.0.1 which is not vulnerable to these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. RPMs required:
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/mozilla-1.0.1-2.7.2.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/galeon-1.2.6-0.7.2.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/nautilus-1.0.4-48.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/gdk-pixbuf-0.14.0-0.7.2.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-1.0.1-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-chat-1.0.1-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-devel-1.0.1-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-dom-inspector-1.0.1-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-js-debugger-1.0.1-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-mail-1.0.1-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nspr-1.0.1-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nspr-devel-1.0.1-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nss-1.0.1-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nss-devel-1.0.1-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mozilla-psm-1.0.1-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/galeon-1.2.6-0.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/nautilus-1.0.4-48.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/nautilus-mozilla-1.0.4-48.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/nautilus-devel-1.0.4-48.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/gdk-pixbuf-0.14.0-0.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/gdk-pixbuf-gnome-0.14.0-0.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/gdk-pixbuf-devel-0.14.0-0.7.2.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/nautilus-1.0.4-48.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/nautilus-devel-1.0.4-48.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/gdk-pixbuf-0.14.0-0.7.2.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/gdk-pixbuf-gnome-0.14.0-0.7.2.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/gdk-pixbuf-devel-0.14.0-0.7.2.ia64.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/mozilla-1.0.1-2.7.3.src.rpm
ftp://updates.redhat.com/7.3/en/os/SRPMS/galeon-1.2.6-0.7.3.src.rpm
ftp://updates.redhat.com/7.3/en/os/SRPMS/nautilus-1.0.6-16.src.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-1.0.1-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-chat-1.0.1-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-devel-1.0.1-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-dom-inspector-1.0.1-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-js-debugger-1.0.1-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-mail-1.0.1-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nspr-1.0.1-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nspr-devel-1.0.1-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nss-1.0.1-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nss-devel-1.0.1-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mozilla-psm-1.0.1-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/galeon-1.2.6-0.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/nautilus-1.0.6-16.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/nautilus-mozilla-1.0.6-16.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/nautilus-devel-1.0.6-16.i386.rpm
Red Hat Linux 8.0:
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/galeon-1.2.6-0.8.0.src.rpm
ftp://updates.redhat.com/8.0/en/os/SRPMS/mozilla-1.0.1-26.src.rpm
i386:
ftp://updates.redhat.com/8.0/en/os/i386/galeon-1.2.6-0.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-1.0.1-26.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-chat-1.0.1-26.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-devel-1.0.1-26.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-dom-inspector-1.0.1-26.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-js-debugger-1.0.1-26.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-mail-1.0.1-26.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nspr-1.0.1-26.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nspr-devel-1.0.1-26.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nss-1.0.1-26.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nss-devel-1.0.1-26.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mozilla-psm-1.0.1-26.i386.rpm
6. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
2c9290ece68000873e629ce86552a196 7.2/en/os/SRPMS/galeon-1.2.6-0.7.2.src.rpm
45ac827625017ff0fbf6d5cef7435aeb 7.2/en/os/SRPMS/gdk-pixbuf-0.14.0-0.7.2.src.rpm
f92260127e30ed4da890502653b0e029 7.2/en/os/SRPMS/mozilla-1.0.1-2.7.2.src.rpm
edf75a33af3af645257bd16d35637664 7.2/en/os/SRPMS/nautilus-1.0.4-48.src.rpm
bce50acc0675f468a9b08d125d0f4be2 7.2/en/os/i386/galeon-1.2.6-0.7.2.i386.rpm
bbaa3bf0948a2889644db081355ccfdf 7.2/en/os/i386/gdk-pixbuf-0.14.0-0.7.2.i386.rpm
35043786032f1399077cb42021e3b372 7.2/en/os/i386/gdk-pixbuf-devel-0.14.0-0.7.2.i386.rpm
37f9cf9f4fe3619c1d7e88a5a0f6ccca 7.2/en/os/i386/gdk-pixbuf-gnome-0.14.0-0.7.2.i386.rpm
55cae02cdb3588ecdb5c98162658dcf0 7.2/en/os/i386/mozilla-1.0.1-2.7.2.i386.rpm
f02f614a369d697f72d4668306b429a3 7.2/en/os/i386/mozilla-chat-1.0.1-2.7.2.i386.rpm
c837cb4b7e86c203e3826e154bdd53bc 7.2/en/os/i386/mozilla-devel-1.0.1-2.7.2.i386.rpm
eb96ae6280da1b4e9af11320e466d95a 7.2/en/os/i386/mozilla-dom-inspector-1.0.1-2.7.2.i386.rpm
9c3612262d14acf6453c6e12d2931cd8 7.2/en/os/i386/mozilla-js-debugger-1.0.1-2.7.2.i386.rpm
4049e74e502d396c6de586f23d1e6543 7.2/en/os/i386/mozilla-mail-1.0.1-2.7.2.i386.rpm
b7845d71694282593fab8d7e59761592 7.2/en/os/i386/mozilla-nspr-1.0.1-2.7.2.i386.rpm
caf0ad56986e6be4c7e2143c26729e09 7.2/en/os/i386/mozilla-nspr-devel-1.0.1-2.7.2.i386.rpm
8fa96d2226a69d3e90042bd96ff755ef 7.2/en/os/i386/mozilla-nss-1.0.1-2.7.2.i386.rpm
4fbd4d48b9fed65d1d78790dd8f1df6c 7.2/en/os/i386/mozilla-nss-devel-1.0.1-2.7.2.i386.rpm
1153effb7a20ba940d84ccf4d2d1ba6d 7.2/en/os/i386/mozilla-psm-1.0.1-2.7.2.i386.rpm
e0719ff530dceeaf85c0b35a076ff248 7.2/en/os/i386/nautilus-1.0.4-48.i386.rpm
5733116ad2f47d7af6f28e96c2d96545 7.2/en/os/i386/nautilus-devel-1.0.4-48.i386.rpm
a35343068ce221c7cae6c321b8999c6f 7.2/en/os/i386/nautilus-mozilla-1.0.4-48.i386.rpm
a214992d302e65c74547cb4f76754037 7.2/en/os/ia64/gdk-pixbuf-0.14.0-0.7.2.ia64.rpm
ee37c010271bdef5d716cb9893ce86a2 7.2/en/os/ia64/gdk-pixbuf-devel-0.14.0-0.7.2.ia64.rpm
ba5982cf9c1ab63b92206bd9b599504c 7.2/en/os/ia64/gdk-pixbuf-gnome-0.14.0-0.7.2.ia64.rpm
dc7707c2e2e580801ef4e56628a73abb 7.2/en/os/ia64/nautilus-1.0.4-48.ia64.rpm
4e7d0a6909c132733dc9e9d935155626 7.2/en/os/ia64/nautilus-devel-1.0.4-48.ia64.rpm
fb77474103240a26f072c20a7fd882aa 7.3/en/os/SRPMS/galeon-1.2.6-0.7.3.src.rpm
413fdcc522366c152052a45c04cbd514 7.3/en/os/SRPMS/mozilla-1.0.1-2.7.3.src.rpm
96f43ccc321db5a6c94aa8918bd67276 7.3/en/os/SRPMS/nautilus-1.0.6-16.src.rpm
9e6581d0c1130fe9c5b586fef8b801fd 7.3/en/os/i386/galeon-1.2.6-0.7.3.i386.rpm
3b7cbffce1e495fa0e7ab35524b6d8a7 7.3/en/os/i386/mozilla-1.0.1-2.7.3.i386.rpm
c904e415dd240afd88858fc190e434f1 7.3/en/os/i386/mozilla-chat-1.0.1-2.7.3.i386.rpm
bc8b506c8ba8ef533cb7aee51463d1fc 7.3/en/os/i386/mozilla-devel-1.0.1-2.7.3.i386.rpm
23e6364b844beda678b47d4eec6fd7c7 7.3/en/os/i386/mozilla-dom-inspector-1.0.1-2.7.3.i386.rpm
d9d5da9c42bb40629be4e2f569a535f8 7.3/en/os/i386/mozilla-js-debugger-1.0.1-2.7.3.i386.rpm
1002a1657091994e2b6c641efccd3084 7.3/en/os/i386/mozilla-mail-1.0.1-2.7.3.i386.rpm
e5088a329b5b370f99d1bcdc91fd1da5 7.3/en/os/i386/mozilla-nspr-1.0.1-2.7.3.i386.rpm
4d91282c418fd138d463a4f597fbe0c8 7.3/en/os/i386/mozilla-nspr-devel-1.0.1-2.7.3.i386.rpm
5cc1495b12fcb7aa2c5bd12cc8f3cb00 7.3/en/os/i386/mozilla-nss-1.0.1-2.7.3.i386.rpm
6bece76a0b4c597a2e421c9dff5abf37 7.3/en/os/i386/mozilla-nss-devel-1.0.1-2.7.3.i386.rpm
e14c15e957472c4e1258df02821c9a42 7.3/en/os/i386/mozilla-psm-1.0.1-2.7.3.i386.rpm
d35b4a163ae71d132a1f54abb04c6dfc 7.3/en/os/i386/nautilus-1.0.6-16.i386.rpm
379c05ad14b9a8154a9afe1259fe9435 7.3/en/os/i386/nautilus-devel-1.0.6-16.i386.rpm
bfea3b16bf8ef7a706c796a26ea4afdb 7.3/en/os/i386/nautilus-mozilla-1.0.6-16.i386.rpm
ad145735d93c8ab0e1a6ae067ce8087d 8.0/en/os/SRPMS/galeon-1.2.6-0.8.0.src.rpm
a72e5a350f3d8060510cbae91ac0f7a2 8.0/en/os/SRPMS/mozilla-1.0.1-26.src.rpm
d8d8b5eb226c715b6f2caadd891f3589 8.0/en/os/i386/galeon-1.2.6-0.8.0.i386.rpm
8970dd4ed15dc723b69981a759dc276d 8.0/en/os/i386/mozilla-1.0.1-26.i386.rpm
c937a851972b2dc0b5fc3fcb1102b271 8.0/en/os/i386/mozilla-chat-1.0.1-26.i386.rpm
dea17caeaecf5409b109c159c103b79f 8.0/en/os/i386/mozilla-devel-1.0.1-26.i386.rpm
e076a16d042773e89e12b28b7881b0d3 8.0/en/os/i386/mozilla-dom-inspector-1.0.1-26.i386.rpm
4e598807c3deb705bb1acaf49d27bdc1 8.0/en/os/i386/mozilla-js-debugger-1.0.1-26.i386.rpm
738ab97dc4b45cdfc2f2183b34094b0e 8.0/en/os/i386/mozilla-mail-1.0.1-26.i386.rpm
dafdc4e139a1b472facce214480de017 8.0/en/os/i386/mozilla-nspr-1.0.1-26.i386.rpm
1f5436dcc047c4957235abde0c7d635f 8.0/en/os/i386/mozilla-nspr-devel-1.0.1-26.i386.rpm
8e9bdb03a9ddd07a48fa1dac1268a89d 8.0/en/os/i386/mozilla-nss-1.0.1-26.i386.rpm
8c943caa6cfb3f885ecaed505682fdba 8.0/en/os/i386/mozilla-nss-devel-1.0.1-26.i386.rpm
e626196daf83519788f137637c9599d1 8.0/en/os/i386/mozilla-psm-1.0.1-26.i386.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/about/contact/pgpkey.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
7. References:
http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
http://bugzilla.mozilla.org/show_bug.cgi?id=145579
http://bugzilla.mozilla.org/show_bug.cgi?id=169982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1091
Copyright(c) 2000, 2001, 2002 Red Hat, Inc.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 02:51:20 PDT