Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2004.0524 -- RHSA-2004:429-01 Netscape 4.8 contains security flaws 19 August 2004 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Netscape Navigator and Communicator 4.8 Publisher: Red Hat Operating System: Red Hat Enterprise Linux AS/ES/WS 2.1 Impact: Execute Arbitrary Code/Commands Access: Remote/Unauthenticated CVE Names: CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 Ref: ESB-2004.0361 - - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Netscape 4.8 contains security flaws Advisory ID: RHSA-2004:429-01 Issue date: 2004-08-18 Updated on: 2004-08-18 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 - - --------------------------------------------------------------------- 1. Summary: Netscape Navigator and Netscape Communicator 4.8 as distributed with Red Hat Enterprise Linux 2.1 contain security flaws and should not be used. 2. Problem description: Netscape Navigator and Netscape Communicator have been removed from the Red Hat Enterprise Linux 2.1 CD-ROM distribution as part of Update 5. These packages were based on Netscape 4.8, which is known to be vulnerable to recent critical security issues, such as CAN-2004-0597, CAN-2004-0598, and CAN-2004-0599. Netscape 7.2 contains fixes for these issues and is available from http://www.netscape.com/. Netscape 4.8 packages will also remain available via Red Hat Network for those who choose to use them despite their known security vulnerabilities. Users of Netscape 4.8 are advised to switch to Mozilla, which is included and supported in Red Hat Enterprise Linux 2.1, and offers comparable functionality. 3. Solution: Red Hat Enterprise 2.1 users who do not need the functionality of Netscape 4.8 should uninstall the netscape packages. 4. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 5. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBI3hCXlSAg2UNWIIRAiL5AKCUnrKuVqngBE/e0EFiALh6bgNOFQCcDYan Su5PyPkP0gtCB+wT2whAFMw= =uMrU - -----END PGP SIGNATURE----- - - --------------------------END INCLUDED TEXT-------------------- AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQSP/kih9+71yA2DNAQLLTwP/SRsdrpxX1747S7AFd6rWjPEfHZph1uZ0 R0rbzY01Nb9fhgzTa1a4a2H2fPky6LdyHJn/QjFrvuLD9OLdA+sAgJvGjlQhabxC PZspykjcLiejuGtyY5/WxzUvh/F1PidqtdPclHSvR0LPzveFFTqjDwCxFr04SKLr wk2IQt9E7jg= =TVyM -----END PGP SIGNATURE-----