[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 146/04 - Red Hat Security Advisory RHSA-2004:110-01



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 146/04 dated 30.03.04  Time: 12:20  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Updated Mozilla packages fix security issues

Detail
====== 

Updated Mozilla packages that fix vulnerabilities in S/MIME parsing as well as 
other issues and bugs are now available.



                     ESB-2004.0239 -- RHSA-2004:110-01
               Updated Mozilla packages fix security issues
                               30 March 2004


Product:                Mozilla
Publisher:              Red Hat
Operating System:       Red Hat Enterprise Linux AS (Advanced Server)
                        version 2.1
                        Red Hat Linux Advanced Workstation 2.1
                        Red Hat Enterprise Linux ES version 2.1
                        Red Hat Enterprise Linux WS version 2.1
                        Red Hat Enterprise Linux AS version 3
                        Red Hat Enterprise Linux ES version 3
                        Red Hat Enterprise Linux WS version 3
                        Linux
Impact:                 Denial of Service
                        Execute Arbitrary Code/Commands
                        Access Privileged Data
Access Required:        Remote
CVE Names:              CAN-2003-0564
                        CAN-2003-0594
                        CAN-2004-0191


Ref:                    ESB-2004.0223
                        ESB-2003.0760

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated Mozilla packages fix security issues
Advisory ID:       RHSA-2004:110-01
Issue date:        2004-03-29
Updated on:        2004-03-29
Product:           Red Hat Enterprise Linux
Keywords:          nss mozilla
Cross references:  
Obsoletes:         
CVE Names:         CAN-2003-0564 CAN-2003-0594 CAN-2004-0191
- - - ---------------------------------------------------------------------

1. Topic:

Updated Mozilla packages that fix vulnerabilities in S/MIME parsing as well as other issues and bugs are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Mozilla is a Web browser and mail reader, designed for standards compliance, performance and portability.  Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled server applications. 

NISCC testing of implementations of the S/MIME protocol uncovered a number
of bugs in NSS versions prior to 3.9.   The parsing of unexpected ASN.1
constructs within S/MIME data could cause Mozilla to crash or consume large amounts of memory.  A remote attacker could potentially trigger these bugs by sending a carefully-crafted S/MIME message to a victim.  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0564 to this issue. 

Andreas Sandblad discovered a cross-site scripting issue that affects various versions of Mozilla.  When linking to a new page it is still possible to interact with the old page before the new page has been successfully loaded. Any Javascript events will be invoked in the context of the new page, making cross-site scripting possible if the different pages belong to different domains.  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0191 to this issue. 

Flaws have been found in the cookie path handling between a number of Web browsers and servers. The HTTP cookie standard allows a Web server supplying a cookie to a client to specify a subset of URLs on the origin server to which the cookie applies. Web servers such as Apache do not filter returned cookies and assume that the client will only send back cookies for requests that fall within the server-supplied subset of URLs. However, by supplying URLs that use path traversal (/../) and character encoding, it is possible to fool many browsers into sending a cookie to a path outside of the originally-specified subset.  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0594 to this issue. 

Users of Mozilla are advised to upgrade to these updated packages, which contain Mozilla version 1.4.2 and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those RPMs which are currently installed will be updated.  Those RPMs which are not installed but included in the list will not be updated.  Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.

Please note that this update is also available via Red Hat Network.  Many people find this an easier way to apply updates.  To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/galeon-1.2.13-0.2.1.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mozilla-1.4.2-2.1.0.src.rpm

i386:
Available from Red Hat Network: galeon-1.2.13-0.2.1.i386.rpm Available from Red Hat Network: mozilla-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-chat-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-devel-1.4.2-2.1.0.i386.rpm
Available from Red Hat Network: mozilla-dom-inspector-1.4.2-2.1.0.i386.rpm
Available from Red Hat Network: mozilla-js-debugger-1.4.2-2.1.0.i386.rpm
Available from Red Hat Network: mozilla-mail-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-2.1.0.i386.rpm
Available from Red Hat Network: mozilla-nss-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nss-devel-1.4.2-2.1.0.i386.rpm

ia64:
Available from Red Hat Network: mozilla-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-chat-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-devel-1.4.2-2.1.0.ia64.rpm
Available from Red Hat Network: mozilla-dom-inspector-1.4.2-2.1.0.ia64.rpm
Available from Red Hat Network: mozilla-js-debugger-1.4.2-2.1.0.ia64.rpm
Available from Red Hat Network: mozilla-mail-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-2.1.0.ia64.rpm
Available from Red Hat Network: mozilla-nss-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-nss-devel-1.4.2-2.1.0.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mozilla-1.4.2-2.1.0.src.rpm

ia64:
Available from Red Hat Network: mozilla-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-chat-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-devel-1.4.2-2.1.0.ia64.rpm
Available from Red Hat Network: mozilla-dom-inspector-1.4.2-2.1.0.ia64.rpm
Available from Red Hat Network: mozilla-js-debugger-1.4.2-2.1.0.ia64.rpm
Available from Red Hat Network: mozilla-mail-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-2.1.0.ia64.rpm
Available from Red Hat Network: mozilla-nss-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-nss-devel-1.4.2-2.1.0.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/galeon-1.2.13-0.2.1.src.rpm
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mozilla-1.4.2-2.1.0.src.rpm

i386:
Available from Red Hat Network: galeon-1.2.13-0.2.1.i386.rpm Available from Red Hat Network: mozilla-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-chat-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-devel-1.4.2-2.1.0.i386.rpm
Available from Red Hat Network: mozilla-dom-inspector-1.4.2-2.1.0.i386.rpm
Available from Red Hat Network: mozilla-js-debugger-1.4.2-2.1.0.i386.rpm
Available from Red Hat Network: mozilla-mail-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-2.1.0.i386.rpm
Available from Red Hat Network: mozilla-nss-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nss-devel-1.4.2-2.1.0.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/galeon-1.2.13-0.2.1.src.rpm
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mozilla-1.4.2-2.1.0.src.rpm

i386:
Available from Red Hat Network: galeon-1.2.13-0.2.1.i386.rpm Available from Red Hat Network: mozilla-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-chat-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-devel-1.4.2-2.1.0.i386.rpm
Available from Red Hat Network: mozilla-dom-inspector-1.4.2-2.1.0.i386.rpm
Available from Red Hat Network: mozilla-js-debugger-1.4.2-2.1.0.i386.rpm
Available from Red Hat Network: mozilla-mail-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-2.1.0.i386.rpm
Available from Red Hat Network: mozilla-nss-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nss-devel-1.4.2-2.1.0.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mozilla-1.4.2-3.0.2.src.rpm

i386:
Available from Red Hat Network: mozilla-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-chat-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-3.0.2.i386.rpm
Available from Red Hat Network: mozilla-js-debugger-1.4.2-3.0.2.i386.rpm
Available from Red Hat Network: mozilla-mail-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-3.0.2.i386.rpm
Available from Red Hat Network: mozilla-nss-1.4.2-3.0.2.i386.rpm

ia64:
Available from Red Hat Network: mozilla-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-chat-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-3.0.2.ia64.rpm
Available from Red Hat Network: mozilla-js-debugger-1.4.2-3.0.2.ia64.rpm
Available from Red Hat Network: mozilla-mail-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-3.0.2.ia64.rpm
Available from Red Hat Network: mozilla-nss-1.4.2-3.0.2.ia64.rpm

ppc:
Available from Red Hat Network: mozilla-1.4.2-3.0.2.ppc.rpm Available from Red Hat Network: mozilla-chat-1.4.2-3.0.2.ppc.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-3.0.2.ppc.rpm
Available from Red Hat Network: mozilla-js-debugger-1.4.2-3.0.2.ppc.rpm
Available from Red Hat Network: mozilla-mail-1.4.2-3.0.2.ppc.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.ppc.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-3.0.2.ppc.rpm
Available from Red Hat Network: mozilla-nss-1.4.2-3.0.2.ppc.rpm

s390:
Available from Red Hat Network: mozilla-1.4.2-3.0.2.s390.rpm Available from Red Hat Network: mozilla-chat-1.4.2-3.0.2.s390.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-3.0.2.s390.rpm
Available from Red Hat Network: mozilla-js-debugger-1.4.2-3.0.2.s390.rpm
Available from Red Hat Network: mozilla-mail-1.4.2-3.0.2.s390.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.s390.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-3.0.2.s390.rpm
Available from Red Hat Network: mozilla-nss-1.4.2-3.0.2.s390.rpm

s390x:
Available from Red Hat Network: mozilla-1.4.2-3.0.2.s390x.rpm Available from Red Hat Network: mozilla-chat-1.4.2-3.0.2.s390x.rpm
Available from Red Hat Network: mozilla-dom-inspector-1.4.2-3.0.2.s390x.rpm
Available from Red Hat Network: mozilla-js-debugger-1.4.2-3.0.2.s390x.rpm
Available from Red Hat Network: mozilla-mail-1.4.2-3.0.2.s390x.rpm
Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.s390x.rpm
Available from Red Hat Network: mozilla-nspr-devel-1.4.2-3.0.2.s390x.rpm
Available from Red Hat Network: mozilla-nss-1.4.2-3.0.2.s390x.rpm

x86_64:
Available from Red Hat Network: mozilla-1.4.2-3.0.2.x86_64.rpm Available from Red Hat Network: mozilla-chat-1.4.2-3.0.2.x86_64.rpm
Available from Red Hat Network: mozilla-dom-inspector-1.4.2-3.0.2.x86_64.rpm
Available from Red Hat Network: mozilla-js-debugger-1.4.2-3.0.2.x86_64.rpm
Available from Red Hat Network: mozilla-mail-1.4.2-3.0.2.x86_64.rpm
Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.x86_64.rpm
Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-3.0.2.x86_64.rpm
Available from Red Hat Network: mozilla-nss-1.4.2-3.0.2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mozilla-1.4.2-3.0.2.src.rpm

i386:
Available from Red Hat Network: mozilla-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-chat-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-3.0.2.i386.rpm
Available from Red Hat Network: mozilla-js-debugger-1.4.2-3.0.2.i386.rpm
Available from Red Hat Network: mozilla-mail-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-3.0.2.i386.rpm
Available from Red Hat Network: mozilla-nss-1.4.2-3.0.2.i386.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mozilla-1.4.2-3.0.2.src.rpm

i386:
Available from Red Hat Network: mozilla-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-chat-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-3.0.2.i386.rpm
Available from Red Hat Network: mozilla-js-debugger-1.4.2-3.0.2.i386.rpm
Available from Red Hat Network: mozilla-mail-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-3.0.2.i386.rpm
Available from Red Hat Network: mozilla-nss-1.4.2-3.0.2.i386.rpm

ia64:
Available from Red Hat Network: mozilla-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-chat-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-3.0.2.ia64.rpm
Available from Red Hat Network: mozilla-js-debugger-1.4.2-3.0.2.ia64.rpm
Available from Red Hat Network: mozilla-mail-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-3.0.2.ia64.rpm
Available from Red Hat Network: mozilla-nss-1.4.2-3.0.2.ia64.rpm

x86_64:
Available from Red Hat Network: mozilla-1.4.2-3.0.2.x86_64.rpm Available from Red Hat Network: mozilla-chat-1.4.2-3.0.2.x86_64.rpm
Available from Red Hat Network: mozilla-dom-inspector-1.4.2-3.0.2.x86_64.rpm
Available from Red Hat Network: mozilla-js-debugger-1.4.2-3.0.2.x86_64.rpm
Available from Red Hat Network: mozilla-mail-1.4.2-3.0.2.x86_64.rpm
Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.x86_64.rpm
Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-3.0.2.x86_64.rpm
Available from Red Hat Network: mozilla-nss-1.4.2-3.0.2.x86_64.rpm



6. Verificationx:

MD5 sum                          Package Name
- - - --------------------------------------------------------------------------

7d28fc4babe83428c967290b8f74df5b 2.1AS/en/os/SRPMS/galeon-1.2.13-0.2.1.src.rpm
ada04b3382db22fefd63ef19749b9211 2.1AS/en/os/SRPMS/mozilla-1.4.2-2.1.0.src.rpm
9439c7d90720ccb6d996fe7d7e5e2540 2.1AS/en/os/i386/galeon-1.2.13-0.2.1.i386.rpm
31ba37651d74eed24267f2bab1fc9ce9 2.1AS/en/os/i386/mozilla-1.4.2-2.1.0.i386.rpm
e4158e950da4bf9a4e036b9a798e64aa 2.1AS/en/os/i386/mozilla-chat-1.4.2-2.1.0.i386.rpm
6cfb98a853f2ab16248ad6547adaff61 2.1AS/en/os/i386/mozilla-devel-1.4.2-2.1.0.i386.rpm
f2fa380c982c8d47faee435a558b52c0 2.1AS/en/os/i386/mozilla-dom-inspector-1.4.2-2.1.0.i386.rpm
c32e24e8bad91a26a97728338d76d63b 2.1AS/en/os/i386/mozilla-js-debugger-1.4.2-2.1.0.i386.rpm
daa119296314c6736ea5b53b24293d05 2.1AS/en/os/i386/mozilla-mail-1.4.2-2.1.0.i386.rpm
916ad1dcb078afef3ff907783140c9d8 2.1AS/en/os/i386/mozilla-nspr-1.4.2-2.1.0.i386.rpm
263a14e170c905f3d35947458fb6ac7b 2.1AS/en/os/i386/mozilla-nspr-devel-1.4.2-2.1.0.i386.rpm
bdf43d83213c9e07801ebd08c29b1ff0 2.1AS/en/os/i386/mozilla-nss-1.4.2-2.1.0.i386.rpm
4644ee58ef5211c6137bbe145de985cc 2.1AS/en/os/i386/mozilla-nss-devel-1.4.2-2.1.0.i386.rpm
4370089151d468783f6df9be11927bcc 2.1AS/en/os/ia64/mozilla-1.4.2-2.1.0.ia64.rpm
a629156c382ac9891e328448c8529f0f 2.1AS/en/os/ia64/mozilla-chat-1.4.2-2.1.0.ia64.rpm
a47741097830cb54dce7562c89d0c0e1 2.1AS/en/os/ia64/mozilla-devel-1.4.2-2.1.0.ia64.rpm
06a511c6d6a2c9f287a146400add52dc 2.1AS/en/os/ia64/mozilla-dom-inspector-1.4.2-2.1.0.ia64.rpm
51b47afdd5af75d8b38ea44bcfca51a1 2.1AS/en/os/ia64/mozilla-js-debugger-1.4.2-2.1.0.ia64.rpm
8c22e3f4442b666d0824b7930004e02e 2.1AS/en/os/ia64/mozilla-mail-1.4.2-2.1.0.ia64.rpm
04ede83d74c06aa102cb1d13a968db00 2.1AS/en/os/ia64/mozilla-nspr-1.4.2-2.1.0.ia64.rpm
6e65624e79f8afe557b82867d830a243 2.1AS/en/os/ia64/mozilla-nspr-devel-1.4.2-2.1.0.ia64.rpm
d9825a6d6ed91aa5c64ade4997bb9142 2.1AS/en/os/ia64/mozilla-nss-1.4.2-2.1.0.ia64.rpm
15d8355f0d83436cd6969f8fc3835f96 2.1AS/en/os/ia64/mozilla-nss-devel-1.4.2-2.1.0.ia64.rpm
ada04b3382db22fefd63ef19749b9211 2.1AW/en/os/SRPMS/mozilla-1.4.2-2.1.0.src.rpm
4370089151d468783f6df9be11927bcc 2.1AW/en/os/ia64/mozilla-1.4.2-2.1.0.ia64.rpm
a629156c382ac9891e328448c8529f0f 2.1AW/en/os/ia64/mozilla-chat-1.4.2-2.1.0.ia64.rpm
a47741097830cb54dce7562c89d0c0e1 2.1AW/en/os/ia64/mozilla-devel-1.4.2-2.1.0.ia64.rpm
06a511c6d6a2c9f287a146400add52dc 2.1AW/en/os/ia64/mozilla-dom-inspector-1.4.2-2.1.0.ia64.rpm
51b47afdd5af75d8b38ea44bcfca51a1 2.1AW/en/os/ia64/mozilla-js-debugger-1.4.2-2.1.0.ia64.rpm
8c22e3f4442b666d0824b7930004e02e 2.1AW/en/os/ia64/mozilla-mail-1.4.2-2.1.0.ia64.rpm
04ede83d74c06aa102cb1d13a968db00 2.1AW/en/os/ia64/mozilla-nspr-1.4.2-2.1.0.ia64.rpm
6e65624e79f8afe557b82867d830a243 2.1AW/en/os/ia64/mozilla-nspr-devel-1.4.2-2.1.0.ia64.rpm
d9825a6d6ed91aa5c64ade4997bb9142 2.1AW/en/os/ia64/mozilla-nss-1.4.2-2.1.0.ia64.rpm
15d8355f0d83436cd6969f8fc3835f96 2.1AW/en/os/ia64/mozilla-nss-devel-1.4.2-2.1.0.ia64.rpm
7d28fc4babe83428c967290b8f74df5b 2.1ES/en/os/SRPMS/galeon-1.2.13-0.2.1.src.rpm
ada04b3382db22fefd63ef19749b9211 2.1ES/en/os/SRPMS/mozilla-1.4.2-2.1.0.src.rpm
9439c7d90720ccb6d996fe7d7e5e2540 2.1ES/en/os/i386/galeon-1.2.13-0.2.1.i386.rpm
31ba37651d74eed24267f2bab1fc9ce9 2.1ES/en/os/i386/mozilla-1.4.2-2.1.0.i386.rpm
e4158e950da4bf9a4e036b9a798e64aa 2.1ES/en/os/i386/mozilla-chat-1.4.2-2.1.0.i386.rpm
6cfb98a853f2ab16248ad6547adaff61 2.1ES/en/os/i386/mozilla-devel-1.4.2-2.1.0.i386.rpm
f2fa380c982c8d47faee435a558b52c0 2.1ES/en/os/i386/mozilla-dom-inspector-1.4.2-2.1.0.i386.rpm
c32e24e8bad91a26a97728338d76d63b 2.1ES/en/os/i386/mozilla-js-debugger-1.4.2-2.1.0.i386.rpm
daa119296314c6736ea5b53b24293d05 2.1ES/en/os/i386/mozilla-mail-1.4.2-2.1.0.i386.rpm
916ad1dcb078afef3ff907783140c9d8 2.1ES/en/os/i386/mozilla-nspr-1.4.2-2.1.0.i386.rpm
263a14e170c905f3d35947458fb6ac7b 2.1ES/en/os/i386/mozilla-nspr-devel-1.4.2-2.1.0.i386.rpm
bdf43d83213c9e07801ebd08c29b1ff0 2.1ES/en/os/i386/mozilla-nss-1.4.2-2.1.0.i386.rpm
4644ee58ef5211c6137bbe145de985cc 2.1ES/en/os/i386/mozilla-nss-devel-1.4.2-2.1.0.i386.rpm
7d28fc4babe83428c967290b8f74df5b 2.1WS/en/os/SRPMS/galeon-1.2.13-0.2.1.src.rpm
ada04b3382db22fefd63ef19749b9211 2.1WS/en/os/SRPMS/mozilla-1.4.2-2.1.0.src.rpm
9439c7d90720ccb6d996fe7d7e5e2540 2.1WS/en/os/i386/galeon-1.2.13-0.2.1.i386.rpm
31ba37651d74eed24267f2bab1fc9ce9 2.1WS/en/os/i386/mozilla-1.4.2-2.1.0.i386.rpm
e4158e950da4bf9a4e036b9a798e64aa 2.1WS/en/os/i386/mozilla-chat-1.4.2-2.1.0.i386.rpm
6cfb98a853f2ab16248ad6547adaff61 2.1WS/en/os/i386/mozilla-devel-1.4.2-2.1.0.i386.rpm
f2fa380c982c8d47faee435a558b52c0 2.1WS/en/os/i386/mozilla-dom-inspector-1.4.2-2.1.0.i386.rpm
c32e24e8bad91a26a97728338d76d63b 2.1WS/en/os/i386/mozilla-js-debugger-1.4.2-2.1.0.i386.rpm
daa119296314c6736ea5b53b24293d05 2.1WS/en/os/i386/mozilla-mail-1.4.2-2.1.0.i386.rpm
916ad1dcb078afef3ff907783140c9d8 2.1WS/en/os/i386/mozilla-nspr-1.4.2-2.1.0.i386.rpm
263a14e170c905f3d35947458fb6ac7b 2.1WS/en/os/i386/mozilla-nspr-devel-1.4.2-2.1.0.i386.rpm
bdf43d83213c9e07801ebd08c29b1ff0 2.1WS/en/os/i386/mozilla-nss-1.4.2-2.1.0.i386.rpm
4644ee58ef5211c6137bbe145de985cc 2.1WS/en/os/i386/mozilla-nss-devel-1.4.2-2.1.0.i386.rpm
584c53dd1d0525352aaad91073a1a84e 3AS/en/os/SRPMS/mozilla-1.4.2-3.0.2.src.rpm
6ff9ad30690221501a73f2267f8dea6a 3AS/en/os/i386/mozilla-1.4.2-3.0.2.i386.rpm
48c9e4e8c0ddf1898226cb55e0685af4 3AS/en/os/i386/mozilla-chat-1.4.2-3.0.2.i386.rpm
685b5b34d137fe48ca8d70e0e0c2e404 3AS/en/os/i386/mozilla-dom-inspector-1.4.2-3.0.2.i386.rpm
55a3a69d6767ddef22f19165fdc72c1d 3AS/en/os/i386/mozilla-js-debugger-1.4.2-3.0.2.i386.rpm
477522a19af3a3ff313ba2afe82de9c3 3AS/en/os/i386/mozilla-mail-1.4.2-3.0.2.i386.rpm
1d17e5fec4fc09d1df737827dedba425 3AS/en/os/i386/mozilla-nspr-1.4.2-3.0.2.i386.rpm
da8bdb98434603ff2f1acc4e16064fad 3AS/en/os/i386/mozilla-nspr-devel-1.4.2-3.0.2.i386.rpm
537ead97bd1552b4d52530afb944dd31 3AS/en/os/i386/mozilla-nss-1.4.2-3.0.2.i386.rpm
cc476f9f87073677377e14f60a0c29db 3AS/en/os/ia64/mozilla-1.4.2-3.0.2.ia64.rpm
b9e60bc45953c4d90aded3f861082f5c 3AS/en/os/ia64/mozilla-chat-1.4.2-3.0.2.ia64.rpm
c685f448ae4ffa10e7e172e7356542b0 3AS/en/os/ia64/mozilla-dom-inspector-1.4.2-3.0.2.ia64.rpm
d5db631ecabb733d44a69cb2505b1213 3AS/en/os/ia64/mozilla-js-debugger-1.4.2-3.0.2.ia64.rpm
29298a049262904924528b724559ed35 3AS/en/os/ia64/mozilla-mail-1.4.2-3.0.2.ia64.rpm
c28e0499451bbccb00b182e5ddb6b150 3AS/en/os/ia64/mozilla-nspr-1.4.2-3.0.2.ia64.rpm
dce026ea8f95ff0e83c7005489c9588e 3AS/en/os/ia64/mozilla-nspr-devel-1.4.2-3.0.2.ia64.rpm
e6d7e963920c7a3596ce7a933f33890a 3AS/en/os/ia64/mozilla-nss-1.4.2-3.0.2.ia64.rpm
534f98c582b63b3e36abf6191e0a1cde 3AS/en/os/ppc/mozilla-1.4.2-3.0.2.ppc.rpm
c39c07efef2419eebf623fbaad249158 3AS/en/os/ppc/mozilla-chat-1.4.2-3.0.2.ppc.rpm
915dfb2901864c1f567e59befdb1d4d0 3AS/en/os/ppc/mozilla-dom-inspector-1.4.2-3.0.2.ppc.rpm
61a399fff77855575dd869325bdd97c9 3AS/en/os/ppc/mozilla-js-debugger-1.4.2-3.0.2.ppc.rpm
e144a6760f87f7729466c7992d026069 3AS/en/os/ppc/mozilla-mail-1.4.2-3.0.2.ppc.rpm
b0d09b1ee56304951deedc82124c0b5a 3AS/en/os/ppc/mozilla-nspr-1.4.2-3.0.2.ppc.rpm
cb5feac6ccf79c037a20f483e796a3c6 3AS/en/os/ppc/mozilla-nspr-devel-1.4.2-3.0.2.ppc.rpm
4d79158c401c09d9bb6bc9ba57e8702b 3AS/en/os/ppc/mozilla-nss-1.4.2-3.0.2.ppc.rpm
be0bd0a77e18b9a1a5709099d8aace9a 3AS/en/os/s390/mozilla-1.4.2-3.0.2.s390.rpm
e9fbc4e953e4f842ae857cd7dd8e3ab9 3AS/en/os/s390/mozilla-chat-1.4.2-3.0.2.s390.rpm
cc1984d8f9192b70a20196be8a0d08f1 3AS/en/os/s390/mozilla-dom-inspector-1.4.2-3.0.2.s390.rpm
da442e6dafec45d68400786f9d7a76b9 3AS/en/os/s390/mozilla-js-debugger-1.4.2-3.0.2.s390.rpm
81cf560b0829c1109f0b07271d3823f3 3AS/en/os/s390/mozilla-mail-1.4.2-3.0.2.s390.rpm
b244e3899a58fff434840e3baa3c6715 3AS/en/os/s390/mozilla-nspr-1.4.2-3.0.2.s390.rpm
655d1f60e8d0ddd91d4b60b3efd5ec1e 3AS/en/os/s390/mozilla-nspr-devel-1.4.2-3.0.2.s390.rpm
0b9aebe113c32dbcd8841075ba4b2757 3AS/en/os/s390/mozilla-nss-1.4.2-3.0.2.s390.rpm
88348489f2407364d7aa0fd4d89740f7 3AS/en/os/s390x/mozilla-1.4.2-3.0.2.s390x.rpm
48b997aca0384d320c3fe717fcbb2b2e 3AS/en/os/s390x/mozilla-chat-1.4.2-3.0.2.s390x.rpm
c24641a374b089369b959fb064d8b5c5 3AS/en/os/s390x/mozilla-dom-inspector-1.4.2-3.0.2.s390x.rpm
0151412f6bbe49485cb2bcf62b97c13d 3AS/en/os/s390x/mozilla-js-debugger-1.4.2-3.0.2.s390x.rpm
30bfb48840007e5bbcbd78ef4a932a93 3AS/en/os/s390x/mozilla-mail-1.4.2-3.0.2.s390x.rpm
7e3458545b467d6841a2dc0c19ee7ee6 3AS/en/os/s390x/mozilla-nspr-1.4.2-3.0.2.s390x.rpm
3d978a1554d7afa5f89de33fb65ad2c0 3AS/en/os/s390x/mozilla-nspr-devel-1.4.2-3.0.2.s390x.rpm
8e9cc0a1271f46a797ba91253f07fee6 3AS/en/os/s390x/mozilla-nss-1.4.2-3.0.2.s390x.rpm
f1c0a0af6bdfcd6db0cc321801ba88a7 3AS/en/os/x86_64/mozilla-1.4.2-3.0.2.x86_64.rpm
6ba426342729bc4307f459bb569ecb0b 3AS/en/os/x86_64/mozilla-chat-1.4.2-3.0.2.x86_64.rpm
adb6dc8227d32318cfa44fed0976369e 3AS/en/os/x86_64/mozilla-dom-inspector-1.4.2-3.0.2.x86_64.rpm
f79ca6eef4d1675e2fc4397f0873b9d8 3AS/en/os/x86_64/mozilla-js-debugger-1.4.2-3.0.2.x86_64.rpm
d4750ca13d9775c1a15c069472fec9c5 3AS/en/os/x86_64/mozilla-mail-1.4.2-3.0.2.x86_64.rpm
7a301b1c8407a416d5f7b6e7dda2504d 3AS/en/os/x86_64/mozilla-nspr-1.4.2-3.0.2.x86_64.rpm
1d17e5fec4fc09d1df737827dedba425 3AS/en/os/x86_64/mozilla-nspr-1.4.2-3.0.2.i386.rpm
de6eb396b3ad93e6eed4e1c503a6be0f 3AS/en/os/x86_64/mozilla-nspr-devel-1.4.2-3.0.2.x86_64.rpm
64f97fd07b6a5b32b748eeb43c5165b3 3AS/en/os/x86_64/mozilla-nss-1.4.2-3.0.2.x86_64.rpm
584c53dd1d0525352aaad91073a1a84e 3ES/en/os/SRPMS/mozilla-1.4.2-3.0.2.src.rpm
6ff9ad30690221501a73f2267f8dea6a 3ES/en/os/i386/mozilla-1.4.2-3.0.2.i386.rpm
48c9e4e8c0ddf1898226cb55e0685af4 3ES/en/os/i386/mozilla-chat-1.4.2-3.0.2.i386.rpm
685b5b34d137fe48ca8d70e0e0c2e404 3ES/en/os/i386/mozilla-dom-inspector-1.4.2-3.0.2.i386.rpm
55a3a69d6767ddef22f19165fdc72c1d 3ES/en/os/i386/mozilla-js-debugger-1.4.2-3.0.2.i386.rpm
477522a19af3a3ff313ba2afe82de9c3 3ES/en/os/i386/mozilla-mail-1.4.2-3.0.2.i386.rpm
1d17e5fec4fc09d1df737827dedba425 3ES/en/os/i386/mozilla-nspr-1.4.2-3.0.2.i386.rpm
da8bdb98434603ff2f1acc4e16064fad 3ES/en/os/i386/mozilla-nspr-devel-1.4.2-3.0.2.i386.rpm
537ead97bd1552b4d52530afb944dd31 3ES/en/os/i386/mozilla-nss-1.4.2-3.0.2.i386.rpm
584c53dd1d0525352aaad91073a1a84e 3WS/en/os/SRPMS/mozilla-1.4.2-3.0.2.src.rpm
6ff9ad30690221501a73f2267f8dea6a 3WS/en/os/i386/mozilla-1.4.2-3.0.2.i386.rpm
48c9e4e8c0ddf1898226cb55e0685af4 3WS/en/os/i386/mozilla-chat-1.4.2-3.0.2.i386.rpm
685b5b34d137fe48ca8d70e0e0c2e404 3WS/en/os/i386/mozilla-dom-inspector-1.4.2-3.0.2.i386.rpm
55a3a69d6767ddef22f19165fdc72c1d 3WS/en/os/i386/mozilla-js-debugger-1.4.2-3.0.2.i386.rpm
477522a19af3a3ff313ba2afe82de9c3 3WS/en/os/i386/mozilla-mail-1.4.2-3.0.2.i386.rpm
1d17e5fec4fc09d1df737827dedba425 3WS/en/os/i386/mozilla-nspr-1.4.2-3.0.2.i386.rpm
da8bdb98434603ff2f1acc4e16064fad 3WS/en/os/i386/mozilla-nspr-devel-1.4.2-3.0.2.i386.rpm
537ead97bd1552b4d52530afb944dd31 3WS/en/os/i386/mozilla-nss-1.4.2-3.0.2.i386.rpm
cc476f9f87073677377e14f60a0c29db 3WS/en/os/ia64/mozilla-1.4.2-3.0.2.ia64.rpm
b9e60bc45953c4d90aded3f861082f5c 3WS/en/os/ia64/mozilla-chat-1.4.2-3.0.2.ia64.rpm
c685f448ae4ffa10e7e172e7356542b0 3WS/en/os/ia64/mozilla-dom-inspector-1.4.2-3.0.2.ia64.rpm
d5db631ecabb733d44a69cb2505b1213 3WS/en/os/ia64/mozilla-js-debugger-1.4.2-3.0.2.ia64.rpm
29298a049262904924528b724559ed35 3WS/en/os/ia64/mozilla-mail-1.4.2-3.0.2.ia64.rpm
c28e0499451bbccb00b182e5ddb6b150 3WS/en/os/ia64/mozilla-nspr-1.4.2-3.0.2.ia64.rpm
dce026ea8f95ff0e83c7005489c9588e 3WS/en/os/ia64/mozilla-nspr-devel-1.4.2-3.0.2.ia64.rpm
e6d7e963920c7a3596ce7a933f33890a 3WS/en/os/ia64/mozilla-nss-1.4.2-3.0.2.ia64.rpm
f1c0a0af6bdfcd6db0cc321801ba88a7 3WS/en/os/x86_64/mozilla-1.4.2-3.0.2.x86_64.rpm
6ba426342729bc4307f459bb569ecb0b 3WS/en/os/x86_64/mozilla-chat-1.4.2-3.0.2.x86_64.rpm
adb6dc8227d32318cfa44fed0976369e 3WS/en/os/x86_64/mozilla-dom-inspector-1.4.2-3.0.2.x86_64.rpm
f79ca6eef4d1675e2fc4397f0873b9d8 3WS/en/os/x86_64/mozilla-js-debugger-1.4.2-3.0.2.x86_64.rpm
d4750ca13d9775c1a15c069472fec9c5 3WS/en/os/x86_64/mozilla-mail-1.4.2-3.0.2.x86_64.rpm
7a301b1c8407a416d5f7b6e7dda2504d 3WS/en/os/x86_64/mozilla-nspr-1.4.2-3.0.2.x86_64.rpm
1d17e5fec4fc09d1df737827dedba425 3WS/en/os/x86_64/mozilla-nspr-1.4.2-3.0.2.i386.rpm
de6eb396b3ad93e6eed4e1c503a6be0f 3WS/en/os/x86_64/mozilla-nspr-devel-1.4.2-3.0.2.x86_64.rpm
64f97fd07b6a5b32b748eeb43c5165b3 3WS/en/os/x86_64/mozilla-nss-1.4.2-3.0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key is available from https://www.redhat.com/security/keys.html

You can verify each package with the following command:
    
    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:
    
    md5sum <filename>


7. References:

http://www.mozilla.org/projects/security/pki/nss/#NSS_39
http://bugzilla.mozilla.org/show_bug.cgi?id=227417
http://www.niscc.gov.uk/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0191

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact details at https://www.redhat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAaGg3XlSAg2UNWIIRAnczAJ0ZCUWVawe5cTYXlWnYPHR9RT9kjwCgjrJt
0KUkPEL760Okp1l0YY0t4dA=
=/NIs
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@xxxxxxxxxxxxxx and we will forward your request to the appropriate person.

This security bulletin is provided as a service to AusCERT's members.  As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may not be updated when updates to the original are made.  If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included in the Security Bulletin above.  If you have any questions or need further information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

Internet Email: auscert@xxxxxxxxxxxxxx
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business 
                hours which are GMT+10:00 (AEST).  On call after hours 
                for member emergencies only.
- -----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQGj24ih9+71yA2DNAQIuAgP+Lw2tlYKBwdpKSHx28M4PLiahwAPbOqmJ
rHgG9xqwV9GjcbruSWDy3yRN4rHbW9sj3r4PGrB8MRn6yVxlW/jvpQ6lbMsi5Z53
rBufsMEm18yzMQzIxuwh6rHB+GAY2dvnHiN2c/GmPKfe44u45ZJv3HB/gwui6+y2
3tHDRRlu89g=
=mH2n
- -----END PGP SIGNATURE-----
- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Red Hat for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQGlXYYpao72zK539AQGlXQP/XKfaN2m0m8b4ROMe15amFh2Va0+xSrIG
1A+v6Za/rokoeGCMJBhwHaWRNWytBD6DHu8uw0Xesm0H8STm1HUzFqhN1YB7XH8f
j2nuWQkCWjWEooxfKGjyS6dlVMYk80Xi2LNBqYimkEF4v/E/PWyPxd4non/luNU2
0xjhD95ZnLs=
=IOYs
-----END PGP SIGNATURE-----