[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 574/05 - Red Hat - Three Security Advisories



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 574/05 dated 25.07.05  Time: 11:00  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Red Hat - Three Security Advisories:
     1.  Moderate: httpd security update       [RHSA-2005:582-01]
     2.  Important: mozilla security update    [RHSA-2005:587-01]
     3.  Important: fetchmail security update  [RHSA-2005:640-01]


Detail
====== 

Security advisory summaries:

     1.  Updated Apache httpd packages to correct two security issues are now
         available for Red Hat Enterprise Linux 3 and 4.

     2.  Updated mozilla packages that fix various security issues are now available.

     3.  A buffer overflow was discovered in fetchmail's POP3 client.  A malicious
         server could cause send a carefully crafted message UID and cause fetchmail
         to crash or potentially execute arbitrary code as the user running
         fetchmail.


Security advisory content follows:


1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: httpd security update
Advisory ID:       RHSA-2005:582-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-582.html
Issue date:        2005-07-25
Updated on:        2005-07-25
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-1268 CAN-2005-2088
- - ---------------------------------------------------------------------

1. Summary:

Updated Apache httpd packages to correct two security issues are now
available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The Apache HTTP Server is a powerful, full-featured, efficient, and
freely-available Web server.

Watchfire reported a flaw that occured when using the Apache server as an
HTTP proxy.  A remote attacker could send an HTTP request with both a
"Transfer-Encoding: chunked" header and a "Content-Length" header.  This
caused Apache to incorrectly handle and forward the body of the request in
a way that the receiving server processes it as a separate HTTP request.
This could allow the bypass of Web application firewall protection or lead
to cross-site scripting (XSS) attacks.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) assigned the name CAN-2005-2088 to this
issue.

Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification
callback.  In order to exploit this issue the Apache server would need to
be configured to use a malicious certificate revocation list (CRL).   The
Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the
name CAN-2005-1268 to this issue.

Users of Apache httpd should update to these errata packages that contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

161893 - Bug 145666 is missing a ',' after REDIRECT_REMOTE_USER
162244 - CAN-2005-2088 httpd proxy request smuggling
163013 - CAN-2005-1268 mod_ssl off-by-one


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/httpd-2.0.46-46.2.ent.src.rpm
2485d59f9189bb5a5e9463867cb00937  httpd-2.0.46-46.2.ent.src.rpm

i386:
5915db1d48c7e002164887a49156f038  httpd-2.0.46-46.2.ent.i386.rpm
dcd3540ca04584c48b126d19b4d02f00  httpd-devel-2.0.46-46.2.ent.i386.rpm
16497b8e37ecefc801109a3aafe9e2cd  mod_ssl-2.0.46-46.2.ent.i386.rpm

ia64:
fe914bbf691939bfb2f87a002ec2e7a8  httpd-2.0.46-46.2.ent.ia64.rpm
e3f48f063d1eec644797347299ebd317  httpd-devel-2.0.46-46.2.ent.ia64.rpm
b8fc362a02f2d1a74ebd1e8573288831  mod_ssl-2.0.46-46.2.ent.ia64.rpm

ppc:
d74b60a2081276c375074735c200bf71  httpd-2.0.46-46.2.ent.ppc.rpm
debba18353c314f1156b379fff3e0ba3  httpd-devel-2.0.46-46.2.ent.ppc.rpm
d4055c6b92c696c90259753c195dd2f5  mod_ssl-2.0.46-46.2.ent.ppc.rpm

s390:
9c0c7fd62f33cb30e479d920b296ae52  httpd-2.0.46-46.2.ent.s390.rpm
772353077869e3daa4cd9a223626b87e  httpd-devel-2.0.46-46.2.ent.s390.rpm
4ad4d92181a4d3dec2a7a7f2a6c802fd  mod_ssl-2.0.46-46.2.ent.s390.rpm

s390x:
7acb2591480191fc2388050a1fcbbd6f  httpd-2.0.46-46.2.ent.s390x.rpm
759af088061f6de619f45d2a4186f391  httpd-devel-2.0.46-46.2.ent.s390x.rpm
0df3c03a9ddec5969f5e44a344f25797  mod_ssl-2.0.46-46.2.ent.s390x.rpm

x86_64:
ceff2faef7e7761e0c3af1afddd90089  httpd-2.0.46-46.2.ent.x86_64.rpm
36d38f054073c6ba6fe191661e5a3262  httpd-devel-2.0.46-46.2.ent.x86_64.rpm
3364d1be17046cf4b34e2d07eb480c0c  mod_ssl-2.0.46-46.2.ent.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/httpd-2.0.46-46.2.ent.src.rpm
2485d59f9189bb5a5e9463867cb00937  httpd-2.0.46-46.2.ent.src.rpm

i386:
5915db1d48c7e002164887a49156f038  httpd-2.0.46-46.2.ent.i386.rpm
dcd3540ca04584c48b126d19b4d02f00  httpd-devel-2.0.46-46.2.ent.i386.rpm
16497b8e37ecefc801109a3aafe9e2cd  mod_ssl-2.0.46-46.2.ent.i386.rpm

x86_64:
ceff2faef7e7761e0c3af1afddd90089  httpd-2.0.46-46.2.ent.x86_64.rpm
36d38f054073c6ba6fe191661e5a3262  httpd-devel-2.0.46-46.2.ent.x86_64.rpm
3364d1be17046cf4b34e2d07eb480c0c  mod_ssl-2.0.46-46.2.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/httpd-2.0.46-46.2.ent.src.rpm
2485d59f9189bb5a5e9463867cb00937  httpd-2.0.46-46.2.ent.src.rpm

i386:
5915db1d48c7e002164887a49156f038  httpd-2.0.46-46.2.ent.i386.rpm
dcd3540ca04584c48b126d19b4d02f00  httpd-devel-2.0.46-46.2.ent.i386.rpm
16497b8e37ecefc801109a3aafe9e2cd  mod_ssl-2.0.46-46.2.ent.i386.rpm

ia64:
fe914bbf691939bfb2f87a002ec2e7a8  httpd-2.0.46-46.2.ent.ia64.rpm
e3f48f063d1eec644797347299ebd317  httpd-devel-2.0.46-46.2.ent.ia64.rpm
b8fc362a02f2d1a74ebd1e8573288831  mod_ssl-2.0.46-46.2.ent.ia64.rpm

x86_64:
ceff2faef7e7761e0c3af1afddd90089  httpd-2.0.46-46.2.ent.x86_64.rpm
36d38f054073c6ba6fe191661e5a3262  httpd-devel-2.0.46-46.2.ent.x86_64.rpm
3364d1be17046cf4b34e2d07eb480c0c  mod_ssl-2.0.46-46.2.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/httpd-2.0.46-46.2.ent.src.rpm
2485d59f9189bb5a5e9463867cb00937  httpd-2.0.46-46.2.ent.src.rpm

i386:
5915db1d48c7e002164887a49156f038  httpd-2.0.46-46.2.ent.i386.rpm
dcd3540ca04584c48b126d19b4d02f00  httpd-devel-2.0.46-46.2.ent.i386.rpm
16497b8e37ecefc801109a3aafe9e2cd  mod_ssl-2.0.46-46.2.ent.i386.rpm

ia64:
fe914bbf691939bfb2f87a002ec2e7a8  httpd-2.0.46-46.2.ent.ia64.rpm
e3f48f063d1eec644797347299ebd317  httpd-devel-2.0.46-46.2.ent.ia64.rpm
b8fc362a02f2d1a74ebd1e8573288831  mod_ssl-2.0.46-46.2.ent.ia64.rpm

x86_64:
ceff2faef7e7761e0c3af1afddd90089  httpd-2.0.46-46.2.ent.x86_64.rpm
36d38f054073c6ba6fe191661e5a3262  httpd-devel-2.0.46-46.2.ent.x86_64.rpm
3364d1be17046cf4b34e2d07eb480c0c  mod_ssl-2.0.46-46.2.ent.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-12.1.ent.src.rpm
4bf86a415d443e3f9e82a8655f70491d  httpd-2.0.52-12.1.ent.src.rpm

i386:
f0ff91d7729f04fcb6b772f87b01c179  httpd-2.0.52-12.1.ent.i386.rpm
5bfd6d2f6c3b1da7dd0e49ff845ec22c  httpd-devel-2.0.52-12.1.ent.i386.rpm
5cd0e2f836bca3d18cd85d580b1df21d  httpd-manual-2.0.52-12.1.ent.i386.rpm
5eeef4820af8a522e0cd8c38dd50705c  httpd-suexec-2.0.52-12.1.ent.i386.rpm
8c88eec014875998f0d61ed71005d764  mod_ssl-2.0.52-12.1.ent.i386.rpm

ia64:
d461e0a6b0b00511f55f2407e466ce46  httpd-2.0.52-12.1.ent.ia64.rpm
97d80a559ec7287d2d5f5f2d2c6ad358  httpd-devel-2.0.52-12.1.ent.ia64.rpm
718fd0a64412ade9e587ecb2efec2f8d  httpd-manual-2.0.52-12.1.ent.ia64.rpm
ca9b95e1307733fb7405ee2637d258b3  httpd-suexec-2.0.52-12.1.ent.ia64.rpm
10d218820e3916ea405c487f00b2adef  mod_ssl-2.0.52-12.1.ent.ia64.rpm

ppc:
1a5a5c16643d4dde9cbb7b91da6ee148  httpd-2.0.52-12.1.ent.ppc.rpm
d7394c176ccf80e7e5b5349d7ea56849  httpd-devel-2.0.52-12.1.ent.ppc.rpm
021f850d3602a95333c4bd09a5157f3a  httpd-manual-2.0.52-12.1.ent.ppc.rpm
86bc7a492b98346c43e9896c2ba69e42  httpd-suexec-2.0.52-12.1.ent.ppc.rpm
9d8b653242aa26be29c935821d69a3d7  mod_ssl-2.0.52-12.1.ent.ppc.rpm

s390:
49b18d9f25642358fc51b9ee899ce821  httpd-2.0.52-12.1.ent.s390.rpm
134b801a276e12c3c18cf8c3224de76b  httpd-devel-2.0.52-12.1.ent.s390.rpm
b83871e54a55b528bfd721d09a3750c7  httpd-manual-2.0.52-12.1.ent.s390.rpm
787d97aa79b2e56baa3f0e32a4381ede  httpd-suexec-2.0.52-12.1.ent.s390.rpm
387c3be4fbe49a71c1b25692d195bb25  mod_ssl-2.0.52-12.1.ent.s390.rpm

s390x:
b332322b6ab797bba039212403240cb9  httpd-2.0.52-12.1.ent.s390x.rpm
67b79e022ea14b19e5c6a50862db2b36  httpd-devel-2.0.52-12.1.ent.s390x.rpm
b09d1feaa0370a17d629ab0e2499ff33  httpd-manual-2.0.52-12.1.ent.s390x.rpm
dad3f84731db6346251bcae31528b8fa  httpd-suexec-2.0.52-12.1.ent.s390x.rpm
a0c61974562e85e3b89957d478be6c42  mod_ssl-2.0.52-12.1.ent.s390x.rpm

x86_64:
8a92e250417a3dee66927f566c04becd  httpd-2.0.52-12.1.ent.x86_64.rpm
84ad072a58b1410ece325c35b3b4b07f  httpd-devel-2.0.52-12.1.ent.x86_64.rpm
d3ca7c4932a1004b5f009b4ddc9d8895  httpd-manual-2.0.52-12.1.ent.x86_64.rpm
bd5ac6d9149784138adbaf6172602998  httpd-suexec-2.0.52-12.1.ent.x86_64.rpm
7912fac9169ce5071198c3503566cbaf  mod_ssl-2.0.52-12.1.ent.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-12.1.ent.src.rpm
4bf86a415d443e3f9e82a8655f70491d  httpd-2.0.52-12.1.ent.src.rpm

i386:
f0ff91d7729f04fcb6b772f87b01c179  httpd-2.0.52-12.1.ent.i386.rpm
5bfd6d2f6c3b1da7dd0e49ff845ec22c  httpd-devel-2.0.52-12.1.ent.i386.rpm
5cd0e2f836bca3d18cd85d580b1df21d  httpd-manual-2.0.52-12.1.ent.i386.rpm
5eeef4820af8a522e0cd8c38dd50705c  httpd-suexec-2.0.52-12.1.ent.i386.rpm
8c88eec014875998f0d61ed71005d764  mod_ssl-2.0.52-12.1.ent.i386.rpm

x86_64:
8a92e250417a3dee66927f566c04becd  httpd-2.0.52-12.1.ent.x86_64.rpm
84ad072a58b1410ece325c35b3b4b07f  httpd-devel-2.0.52-12.1.ent.x86_64.rpm
d3ca7c4932a1004b5f009b4ddc9d8895  httpd-manual-2.0.52-12.1.ent.x86_64.rpm
bd5ac6d9149784138adbaf6172602998  httpd-suexec-2.0.52-12.1.ent.x86_64.rpm
7912fac9169ce5071198c3503566cbaf  mod_ssl-2.0.52-12.1.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-12.1.ent.src.rpm
4bf86a415d443e3f9e82a8655f70491d  httpd-2.0.52-12.1.ent.src.rpm

i386:
f0ff91d7729f04fcb6b772f87b01c179  httpd-2.0.52-12.1.ent.i386.rpm
5bfd6d2f6c3b1da7dd0e49ff845ec22c  httpd-devel-2.0.52-12.1.ent.i386.rpm
5cd0e2f836bca3d18cd85d580b1df21d  httpd-manual-2.0.52-12.1.ent.i386.rpm
5eeef4820af8a522e0cd8c38dd50705c  httpd-suexec-2.0.52-12.1.ent.i386.rpm
8c88eec014875998f0d61ed71005d764  mod_ssl-2.0.52-12.1.ent.i386.rpm

ia64:
d461e0a6b0b00511f55f2407e466ce46  httpd-2.0.52-12.1.ent.ia64.rpm
97d80a559ec7287d2d5f5f2d2c6ad358  httpd-devel-2.0.52-12.1.ent.ia64.rpm
718fd0a64412ade9e587ecb2efec2f8d  httpd-manual-2.0.52-12.1.ent.ia64.rpm
ca9b95e1307733fb7405ee2637d258b3  httpd-suexec-2.0.52-12.1.ent.ia64.rpm
10d218820e3916ea405c487f00b2adef  mod_ssl-2.0.52-12.1.ent.ia64.rpm

x86_64:
8a92e250417a3dee66927f566c04becd  httpd-2.0.52-12.1.ent.x86_64.rpm
84ad072a58b1410ece325c35b3b4b07f  httpd-devel-2.0.52-12.1.ent.x86_64.rpm
d3ca7c4932a1004b5f009b4ddc9d8895  httpd-manual-2.0.52-12.1.ent.x86_64.rpm
bd5ac6d9149784138adbaf6172602998  httpd-suexec-2.0.52-12.1.ent.x86_64.rpm
7912fac9169ce5071198c3503566cbaf  mod_ssl-2.0.52-12.1.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-12.1.ent.src.rpm
4bf86a415d443e3f9e82a8655f70491d  httpd-2.0.52-12.1.ent.src.rpm

i386:
f0ff91d7729f04fcb6b772f87b01c179  httpd-2.0.52-12.1.ent.i386.rpm
5bfd6d2f6c3b1da7dd0e49ff845ec22c  httpd-devel-2.0.52-12.1.ent.i386.rpm
5cd0e2f836bca3d18cd85d580b1df21d  httpd-manual-2.0.52-12.1.ent.i386.rpm
5eeef4820af8a522e0cd8c38dd50705c  httpd-suexec-2.0.52-12.1.ent.i386.rpm
8c88eec014875998f0d61ed71005d764  mod_ssl-2.0.52-12.1.ent.i386.rpm

ia64:
d461e0a6b0b00511f55f2407e466ce46  httpd-2.0.52-12.1.ent.ia64.rpm
97d80a559ec7287d2d5f5f2d2c6ad358  httpd-devel-2.0.52-12.1.ent.ia64.rpm
718fd0a64412ade9e587ecb2efec2f8d  httpd-manual-2.0.52-12.1.ent.ia64.rpm
ca9b95e1307733fb7405ee2637d258b3  httpd-suexec-2.0.52-12.1.ent.ia64.rpm
10d218820e3916ea405c487f00b2adef  mod_ssl-2.0.52-12.1.ent.ia64.rpm

x86_64:
8a92e250417a3dee66927f566c04becd  httpd-2.0.52-12.1.ent.x86_64.rpm
84ad072a58b1410ece325c35b3b4b07f  httpd-devel-2.0.52-12.1.ent.x86_64.rpm
d3ca7c4932a1004b5f009b4ddc9d8895  httpd-manual-2.0.52-12.1.ent.x86_64.rpm
bd5ac6d9149784138adbaf6172602998  httpd-suexec-2.0.52-12.1.ent.x86_64.rpm
7912fac9169ce5071198c3503566cbaf  mod_ssl-2.0.52-12.1.ent.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
http://issues.apache.org/bugzilla/show_bug.cgi?id=35081
http://issues.apache.org/bugzilla/show_bug.cgi?id=34588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFC5JrDXlSAg2UNWIIRAnFCAKC51oPUM9bRwwvU7+E+pGrt75yiOQCfeL/i
TYL5ModguxnNAWldSyIGvm0=
=EmRB
- -----END PGP SIGNATURE-----




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: mozilla security update
Advisory ID:       RHSA-2005:587-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-587.html
Issue date:        2005-07-22
Updated on:        2005-07-22
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-1937 CAN-2005-2260 CAN-2005-2261 CAN-2005-2263 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270
- - ---------------------------------------------------------------------

1. Summary:

Updated mozilla packages that fix various security issues are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.

A bug was found in the way Mozilla handled synthetic events. It is possible
that Web content could generate events such as keystrokes or mouse clicks
that could be used to steal data or execute malicious Javascript code. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-2260 to this issue. 

A bug was found in the way Mozilla executed Javascript in XBL controls. It
is possible for a malicious webpage to leverage this vulnerability to
execute other JavaScript based attacks even when JavaScript is disabled.
(CAN-2005-2261) 

A bug was found in the way Mozilla installed its extensions. If a user can
be tricked into visiting a malicious webpage, it may be possible to obtain
sensitive information such as cookies or passwords. (CAN-2005-2263)

A bug was found in the way Mozilla handled certain Javascript functions. It
is possible for a malicious webpage to crash the browser by executing
malformed Javascript code. (CAN-2005-2265)

A bug was found in the way Mozilla handled multiple frame domains. It is
possible for a frame as part of a malicious website to inject content into
a frame that belongs to another domain. This issue was previously fixed as
CAN-2004-0718 but was accidentally disabled. (CAN-2005-1937) 

A bug was found in the way Mozilla handled child frames. It is possible for
a malicious framed page to steal sensitive information from its parent
page. (CAN-2005-2266)

A bug was found in the way Mozilla opened URLs from media players. If a
media player opens a URL which is Javascript, the Javascript executes
with access to the currently open webpage. (CAN-2005-2267)

A design flaw was found in the way Mozilla displayed alerts and prompts.
Alerts and prompts were given the generic title [JavaScript Application]
which prevented a user from knowing which site created them. (CAN-2005-2268)

A bug was found in the way Mozilla handled DOM node names. It is possible
for a malicious site to overwrite a DOM node name, allowing certain
privileged chrome actions to execute the malicious Javascript. (CAN-2005-2269)

A bug was found in the way Mozilla cloned base objects. It is possible for
Web content to traverse the prototype chain to gain access to privileged
chrome objects. (CAN-2005-2270)

Users of Mozilla are advised to upgrade to these updated packages, which
contain Mozilla version 1.7.10 and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

163065 - CAN-2005-1937 multiple mozilla issues (CAN-2005-2260 CAN-2005-2261 CAN-2005-2263 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270)


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/galeon-1.2.14-1.2.6.src.rpm
0efc549b05541584bbe0580b309e626e  galeon-1.2.14-1.2.6.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mozilla-1.7.10-1.1.2.1.src.rpm
b4f31dd3bab37f37a735988f9d9cb79c  mozilla-1.7.10-1.1.2.1.src.rpm

i386:
503bd641193b7b938a790ac6811722b4  galeon-1.2.14-1.2.6.i386.rpm
54c16dcb9cb4b25fe9635703b8b3b64e  mozilla-1.7.10-1.1.2.1.i386.rpm
70b9fd52c1ac5a16960494d7ef970181  mozilla-chat-1.7.10-1.1.2.1.i386.rpm
b8eb806bc1522f1fff47a19aedfb3185  mozilla-devel-1.7.10-1.1.2.1.i386.rpm
8b04844a9d203acdc094be6a6c79f60d  mozilla-dom-inspector-1.7.10-1.1.2.1.i386.rpm
34ed2601c805dbbd7bce9c97a3243d50  mozilla-js-debugger-1.7.10-1.1.2.1.i386.rpm
8bb1cdafe228b9020d826ca19137b6e7  mozilla-mail-1.7.10-1.1.2.1.i386.rpm
31f8f5626982030594836bf64cc911be  mozilla-nspr-1.7.10-1.1.2.1.i386.rpm
685d42ce2ab996af55547edb250b3bee  mozilla-nspr-devel-1.7.10-1.1.2.1.i386.rpm
38f17f69c9e96ed7711911fd389dd6b0  mozilla-nss-1.7.10-1.1.2.1.i386.rpm
9f94a78d1309e727e6bf00c2419a5947  mozilla-nss-devel-1.7.10-1.1.2.1.i386.rpm

ia64:
fe007c5aeab15bb51fc6ef0d1ec27492  galeon-1.2.14-1.2.6.ia64.rpm
a14c8458ee5f5efebaf02cda1ebc0be4  mozilla-1.7.10-1.1.2.1.ia64.rpm
f04c19712e922b20629accebc242e975  mozilla-chat-1.7.10-1.1.2.1.ia64.rpm
2081d6ba23f7b20cf15f066097a45d21  mozilla-devel-1.7.10-1.1.2.1.ia64.rpm
7d8685c2fdec1a927839fbf50584c181  mozilla-dom-inspector-1.7.10-1.1.2.1.ia64.rpm
cd0a7d0907ef12686baa40c028cb654a  mozilla-js-debugger-1.7.10-1.1.2.1.ia64.rpm
a8422ba50dedf0429c5899c811904dfa  mozilla-mail-1.7.10-1.1.2.1.ia64.rpm
561dd683ad2d2167c5c336aed35ae1ac  mozilla-nspr-1.7.10-1.1.2.1.ia64.rpm
ae7f3c458ae829fd1a38791f764b1b1d  mozilla-nspr-devel-1.7.10-1.1.2.1.ia64.rpm
33f495c91192fe5bf5bcb03ca8a7ddae  mozilla-nss-1.7.10-1.1.2.1.ia64.rpm
c189f674770639f564610c4017843b40  mozilla-nss-devel-1.7.10-1.1.2.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/galeon-1.2.14-1.2.6.src.rpm
0efc549b05541584bbe0580b309e626e  galeon-1.2.14-1.2.6.src.rpm
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mozilla-1.7.10-1.1.2.1.src.rpm
b4f31dd3bab37f37a735988f9d9cb79c  mozilla-1.7.10-1.1.2.1.src.rpm

ia64:
fe007c5aeab15bb51fc6ef0d1ec27492  galeon-1.2.14-1.2.6.ia64.rpm
a14c8458ee5f5efebaf02cda1ebc0be4  mozilla-1.7.10-1.1.2.1.ia64.rpm
f04c19712e922b20629accebc242e975  mozilla-chat-1.7.10-1.1.2.1.ia64.rpm
2081d6ba23f7b20cf15f066097a45d21  mozilla-devel-1.7.10-1.1.2.1.ia64.rpm
7d8685c2fdec1a927839fbf50584c181  mozilla-dom-inspector-1.7.10-1.1.2.1.ia64.rpm
cd0a7d0907ef12686baa40c028cb654a  mozilla-js-debugger-1.7.10-1.1.2.1.ia64.rpm
a8422ba50dedf0429c5899c811904dfa  mozilla-mail-1.7.10-1.1.2.1.ia64.rpm
561dd683ad2d2167c5c336aed35ae1ac  mozilla-nspr-1.7.10-1.1.2.1.ia64.rpm
ae7f3c458ae829fd1a38791f764b1b1d  mozilla-nspr-devel-1.7.10-1.1.2.1.ia64.rpm
33f495c91192fe5bf5bcb03ca8a7ddae  mozilla-nss-1.7.10-1.1.2.1.ia64.rpm
c189f674770639f564610c4017843b40  mozilla-nss-devel-1.7.10-1.1.2.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/galeon-1.2.14-1.2.6.src.rpm
0efc549b05541584bbe0580b309e626e  galeon-1.2.14-1.2.6.src.rpm
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mozilla-1.7.10-1.1.2.1.src.rpm
b4f31dd3bab37f37a735988f9d9cb79c  mozilla-1.7.10-1.1.2.1.src.rpm

i386:
503bd641193b7b938a790ac6811722b4  galeon-1.2.14-1.2.6.i386.rpm
54c16dcb9cb4b25fe9635703b8b3b64e  mozilla-1.7.10-1.1.2.1.i386.rpm
70b9fd52c1ac5a16960494d7ef970181  mozilla-chat-1.7.10-1.1.2.1.i386.rpm
b8eb806bc1522f1fff47a19aedfb3185  mozilla-devel-1.7.10-1.1.2.1.i386.rpm
8b04844a9d203acdc094be6a6c79f60d  mozilla-dom-inspector-1.7.10-1.1.2.1.i386.rpm
34ed2601c805dbbd7bce9c97a3243d50  mozilla-js-debugger-1.7.10-1.1.2.1.i386.rpm
8bb1cdafe228b9020d826ca19137b6e7  mozilla-mail-1.7.10-1.1.2.1.i386.rpm
31f8f5626982030594836bf64cc911be  mozilla-nspr-1.7.10-1.1.2.1.i386.rpm
685d42ce2ab996af55547edb250b3bee  mozilla-nspr-devel-1.7.10-1.1.2.1.i386.rpm
38f17f69c9e96ed7711911fd389dd6b0  mozilla-nss-1.7.10-1.1.2.1.i386.rpm
9f94a78d1309e727e6bf00c2419a5947  mozilla-nss-devel-1.7.10-1.1.2.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/galeon-1.2.14-1.2.6.src.rpm
0efc549b05541584bbe0580b309e626e  galeon-1.2.14-1.2.6.src.rpm
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mozilla-1.7.10-1.1.2.1.src.rpm
b4f31dd3bab37f37a735988f9d9cb79c  mozilla-1.7.10-1.1.2.1.src.rpm

i386:
503bd641193b7b938a790ac6811722b4  galeon-1.2.14-1.2.6.i386.rpm
54c16dcb9cb4b25fe9635703b8b3b64e  mozilla-1.7.10-1.1.2.1.i386.rpm
70b9fd52c1ac5a16960494d7ef970181  mozilla-chat-1.7.10-1.1.2.1.i386.rpm
b8eb806bc1522f1fff47a19aedfb3185  mozilla-devel-1.7.10-1.1.2.1.i386.rpm
8b04844a9d203acdc094be6a6c79f60d  mozilla-dom-inspector-1.7.10-1.1.2.1.i386.rpm
34ed2601c805dbbd7bce9c97a3243d50  mozilla-js-debugger-1.7.10-1.1.2.1.i386.rpm
8bb1cdafe228b9020d826ca19137b6e7  mozilla-mail-1.7.10-1.1.2.1.i386.rpm
31f8f5626982030594836bf64cc911be  mozilla-nspr-1.7.10-1.1.2.1.i386.rpm
685d42ce2ab996af55547edb250b3bee  mozilla-nspr-devel-1.7.10-1.1.2.1.i386.rpm
38f17f69c9e96ed7711911fd389dd6b0  mozilla-nss-1.7.10-1.1.2.1.i386.rpm
9f94a78d1309e727e6bf00c2419a5947  mozilla-nss-devel-1.7.10-1.1.2.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mozilla-1.7.10-1.1.3.1.src.rpm
5be9293ad20481e090089248ec72f569  mozilla-1.7.10-1.1.3.1.src.rpm

i386:
a4d59681197dd05947d03254af144382  mozilla-1.7.10-1.1.3.1.i386.rpm
b90d9ca49fe4e4609197459edffad028  mozilla-chat-1.7.10-1.1.3.1.i386.rpm
73e860293288e78a14c2f4edade4dee5  mozilla-devel-1.7.10-1.1.3.1.i386.rpm
cf36c0546533cf93cbb5e6cf15c9cc98  mozilla-dom-inspector-1.7.10-1.1.3.1.i386.rpm
ca8de793d9d2cf6a33243272aca73837  mozilla-js-debugger-1.7.10-1.1.3.1.i386.rpm
96357ec23c95a06b19d698ac2fcb9c27  mozilla-mail-1.7.10-1.1.3.1.i386.rpm
ec24bf2b81535e2df88d9c5c59fa99c9  mozilla-nspr-1.7.10-1.1.3.1.i386.rpm
0d63d6fb2815aac46f24e8f7e6957ef1  mozilla-nspr-devel-1.7.10-1.1.3.1.i386.rpm
528d164350bfe977cb59282589e62eb9  mozilla-nss-1.7.10-1.1.3.1.i386.rpm
e786121ce22876d72ed2840aea3dce7c  mozilla-nss-devel-1.7.10-1.1.3.1.i386.rpm

ia64:
5e3895eb658fac13a84b4ded56b99df2  mozilla-1.7.10-1.1.3.1.ia64.rpm
0fc33964f8f4436bfd758de7c1c68f84  mozilla-chat-1.7.10-1.1.3.1.ia64.rpm
d4c7da8a62f7eb6f7b6008c8daf379c6  mozilla-devel-1.7.10-1.1.3.1.ia64.rpm
2dc9329cabbb39479977799c73c5b6ab  mozilla-dom-inspector-1.7.10-1.1.3.1.ia64.rpm
5e7454db9574fa6d143435c6fd6d8d06  mozilla-js-debugger-1.7.10-1.1.3.1.ia64.rpm
ae7cab7a1a246dba8e93a62447af31ca  mozilla-mail-1.7.10-1.1.3.1.ia64.rpm
ec24bf2b81535e2df88d9c5c59fa99c9  mozilla-nspr-1.7.10-1.1.3.1.i386.rpm
b5d1310782a64bf3f93e111a82894824  mozilla-nspr-1.7.10-1.1.3.1.ia64.rpm
a030311feee7fbbdca9c180c52d3b69b  mozilla-nspr-devel-1.7.10-1.1.3.1.ia64.rpm
528d164350bfe977cb59282589e62eb9  mozilla-nss-1.7.10-1.1.3.1.i386.rpm
be9bf6d876580e3be201ff8400507193  mozilla-nss-1.7.10-1.1.3.1.ia64.rpm
476787654ef26f572369b59dd07974db  mozilla-nss-devel-1.7.10-1.1.3.1.ia64.rpm

ppc:
a273881236ced7b3ed1421d858b942e3  mozilla-1.7.10-1.1.3.1.ppc.rpm
13dbbf154b0f92f26fe85774f87a5d04  mozilla-chat-1.7.10-1.1.3.1.ppc.rpm
e05025d348d7a41fb5d78d37e73e0ce9  mozilla-devel-1.7.10-1.1.3.1.ppc.rpm
c2f80509c8efeee780ed5f013b8750f3  mozilla-dom-inspector-1.7.10-1.1.3.1.ppc.rpm
3734bc8eef9c8b9e06ae069e2d3d98ac  mozilla-js-debugger-1.7.10-1.1.3.1.ppc.rpm
d4d61cc3ab8b2577583d43f4d7c385c9  mozilla-mail-1.7.10-1.1.3.1.ppc.rpm
321254e75a1edb8ebefff3ec590b3f9a  mozilla-nspr-1.7.10-1.1.3.1.ppc.rpm
2d4d76575d2972c54d33c4fd416d1615  mozilla-nspr-devel-1.7.10-1.1.3.1.ppc.rpm
bd668c7a1c61efbc506c1968f6c0e609  mozilla-nss-1.7.10-1.1.3.1.ppc.rpm
a6f36089b07858613cdd0f447e5d0a59  mozilla-nss-devel-1.7.10-1.1.3.1.ppc.rpm

s390:
d8f262dcb986d8f0f40a54d0fb288b05  mozilla-1.7.10-1.1.3.1.s390.rpm
7b0fb38d5411bcab949c25cedb9b6bfb  mozilla-chat-1.7.10-1.1.3.1.s390.rpm
c3f41cc1cc498ba489b7210a8486f19b  mozilla-devel-1.7.10-1.1.3.1.s390.rpm
cd1c01a2100ab991b415eba0a513883d  mozilla-dom-inspector-1.7.10-1.1.3.1.s390.rpm
072cfe26cac9c47db3774f4f05b1254c  mozilla-js-debugger-1.7.10-1.1.3.1.s390.rpm
1e998338017e650d59c3580fe66a977d  mozilla-mail-1.7.10-1.1.3.1.s390.rpm
11182130e5eef2a02caa72e590363e94  mozilla-nspr-1.7.10-1.1.3.1.s390.rpm
c7cdafddf50765268a7760a9dfff8852  mozilla-nspr-devel-1.7.10-1.1.3.1.s390.rpm
645c5a31669b069d9b8482671fa8d7e4  mozilla-nss-1.7.10-1.1.3.1.s390.rpm
5ee7658c170115f7db183498b81661d1  mozilla-nss-devel-1.7.10-1.1.3.1.s390.rpm

s390x:
ebbb9ecaf288f22333c52ea17877f9f2  mozilla-1.7.10-1.1.3.1.s390x.rpm
b0cd7e2734f24c158448cfe78f3a661d  mozilla-chat-1.7.10-1.1.3.1.s390x.rpm
f9cb2ec93ff7a313ed8696b83fe75fd1  mozilla-devel-1.7.10-1.1.3.1.s390x.rpm
cf7e733bb650b41af0d2eac59fa4b6d2  mozilla-dom-inspector-1.7.10-1.1.3.1.s390x.rpm
866d7496f6f47a0ca947018aecff7af8  mozilla-js-debugger-1.7.10-1.1.3.1.s390x.rpm
a4b6b093f937b40745c89521d79added  mozilla-mail-1.7.10-1.1.3.1.s390x.rpm
11182130e5eef2a02caa72e590363e94  mozilla-nspr-1.7.10-1.1.3.1.s390.rpm
0ee073bacc4b220974c1d4efbcde0e7f  mozilla-nspr-1.7.10-1.1.3.1.s390x.rpm
a7594b57fa06fcff1ef2b7f6ea78a8e8  mozilla-nspr-devel-1.7.10-1.1.3.1.s390x.rpm
645c5a31669b069d9b8482671fa8d7e4  mozilla-nss-1.7.10-1.1.3.1.s390.rpm
575e93f265982b2f4e113a07104a9c96  mozilla-nss-1.7.10-1.1.3.1.s390x.rpm
e453d176623d8312c1ad37488753b585  mozilla-nss-devel-1.7.10-1.1.3.1.s390x.rpm

x86_64:
a4d59681197dd05947d03254af144382  mozilla-1.7.10-1.1.3.1.i386.rpm
18eca4706e6cf5e7fe5b04d141d8b894  mozilla-1.7.10-1.1.3.1.x86_64.rpm
7d56eaef3efd6043f6a7d821c454fb69  mozilla-chat-1.7.10-1.1.3.1.x86_64.rpm
d6aef40f00dbbca27add8718b1c0a1b2  mozilla-devel-1.7.10-1.1.3.1.x86_64.rpm
5b0bf6f2522b9005cd07ea2af26aae9c  mozilla-dom-inspector-1.7.10-1.1.3.1.x86_64.rpm
d9454e562991a5aa925d382187b87dae  mozilla-js-debugger-1.7.10-1.1.3.1.x86_64.rpm
bfbd3a65b3c42867ab8c7607f30c9240  mozilla-mail-1.7.10-1.1.3.1.x86_64.rpm
ec24bf2b81535e2df88d9c5c59fa99c9  mozilla-nspr-1.7.10-1.1.3.1.i386.rpm
43d4d3c4b47d3ad0974e0ee575025f63  mozilla-nspr-1.7.10-1.1.3.1.x86_64.rpm
d0c34a693fdd32c9a9910c12524b7681  mozilla-nspr-devel-1.7.10-1.1.3.1.x86_64.rpm
528d164350bfe977cb59282589e62eb9  mozilla-nss-1.7.10-1.1.3.1.i386.rpm
9ffd15ddd436c95484b7628d6850e7db  mozilla-nss-1.7.10-1.1.3.1.x86_64.rpm
a88940fc293380a0a79fa53a0fc67f36  mozilla-nss-devel-1.7.10-1.1.3.1.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mozilla-1.7.10-1.1.3.1.src.rpm
5be9293ad20481e090089248ec72f569  mozilla-1.7.10-1.1.3.1.src.rpm

i386:
a4d59681197dd05947d03254af144382  mozilla-1.7.10-1.1.3.1.i386.rpm
b90d9ca49fe4e4609197459edffad028  mozilla-chat-1.7.10-1.1.3.1.i386.rpm
73e860293288e78a14c2f4edade4dee5  mozilla-devel-1.7.10-1.1.3.1.i386.rpm
cf36c0546533cf93cbb5e6cf15c9cc98  mozilla-dom-inspector-1.7.10-1.1.3.1.i386.rpm
ca8de793d9d2cf6a33243272aca73837  mozilla-js-debugger-1.7.10-1.1.3.1.i386.rpm
96357ec23c95a06b19d698ac2fcb9c27  mozilla-mail-1.7.10-1.1.3.1.i386.rpm
ec24bf2b81535e2df88d9c5c59fa99c9  mozilla-nspr-1.7.10-1.1.3.1.i386.rpm
0d63d6fb2815aac46f24e8f7e6957ef1  mozilla-nspr-devel-1.7.10-1.1.3.1.i386.rpm
528d164350bfe977cb59282589e62eb9  mozilla-nss-1.7.10-1.1.3.1.i386.rpm
e786121ce22876d72ed2840aea3dce7c  mozilla-nss-devel-1.7.10-1.1.3.1.i386.rpm

x86_64:
a4d59681197dd05947d03254af144382  mozilla-1.7.10-1.1.3.1.i386.rpm
18eca4706e6cf5e7fe5b04d141d8b894  mozilla-1.7.10-1.1.3.1.x86_64.rpm
7d56eaef3efd6043f6a7d821c454fb69  mozilla-chat-1.7.10-1.1.3.1.x86_64.rpm
d6aef40f00dbbca27add8718b1c0a1b2  mozilla-devel-1.7.10-1.1.3.1.x86_64.rpm
5b0bf6f2522b9005cd07ea2af26aae9c  mozilla-dom-inspector-1.7.10-1.1.3.1.x86_64.rpm
d9454e562991a5aa925d382187b87dae  mozilla-js-debugger-1.7.10-1.1.3.1.x86_64.rpm
bfbd3a65b3c42867ab8c7607f30c9240  mozilla-mail-1.7.10-1.1.3.1.x86_64.rpm
ec24bf2b81535e2df88d9c5c59fa99c9  mozilla-nspr-1.7.10-1.1.3.1.i386.rpm
43d4d3c4b47d3ad0974e0ee575025f63  mozilla-nspr-1.7.10-1.1.3.1.x86_64.rpm
d0c34a693fdd32c9a9910c12524b7681  mozilla-nspr-devel-1.7.10-1.1.3.1.x86_64.rpm
528d164350bfe977cb59282589e62eb9  mozilla-nss-1.7.10-1.1.3.1.i386.rpm
9ffd15ddd436c95484b7628d6850e7db  mozilla-nss-1.7.10-1.1.3.1.x86_64.rpm
a88940fc293380a0a79fa53a0fc67f36  mozilla-nss-devel-1.7.10-1.1.3.1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mozilla-1.7.10-1.1.3.1.src.rpm
5be9293ad20481e090089248ec72f569  mozilla-1.7.10-1.1.3.1.src.rpm

i386:
a4d59681197dd05947d03254af144382  mozilla-1.7.10-1.1.3.1.i386.rpm
b90d9ca49fe4e4609197459edffad028  mozilla-chat-1.7.10-1.1.3.1.i386.rpm
73e860293288e78a14c2f4edade4dee5  mozilla-devel-1.7.10-1.1.3.1.i386.rpm
cf36c0546533cf93cbb5e6cf15c9cc98  mozilla-dom-inspector-1.7.10-1.1.3.1.i386.rpm
ca8de793d9d2cf6a33243272aca73837  mozilla-js-debugger-1.7.10-1.1.3.1.i386.rpm
96357ec23c95a06b19d698ac2fcb9c27  mozilla-mail-1.7.10-1.1.3.1.i386.rpm
ec24bf2b81535e2df88d9c5c59fa99c9  mozilla-nspr-1.7.10-1.1.3.1.i386.rpm
0d63d6fb2815aac46f24e8f7e6957ef1  mozilla-nspr-devel-1.7.10-1.1.3.1.i386.rpm
528d164350bfe977cb59282589e62eb9  mozilla-nss-1.7.10-1.1.3.1.i386.rpm
e786121ce22876d72ed2840aea3dce7c  mozilla-nss-devel-1.7.10-1.1.3.1.i386.rpm

ia64:
5e3895eb658fac13a84b4ded56b99df2  mozilla-1.7.10-1.1.3.1.ia64.rpm
0fc33964f8f4436bfd758de7c1c68f84  mozilla-chat-1.7.10-1.1.3.1.ia64.rpm
d4c7da8a62f7eb6f7b6008c8daf379c6  mozilla-devel-1.7.10-1.1.3.1.ia64.rpm
2dc9329cabbb39479977799c73c5b6ab  mozilla-dom-inspector-1.7.10-1.1.3.1.ia64.rpm
5e7454db9574fa6d143435c6fd6d8d06  mozilla-js-debugger-1.7.10-1.1.3.1.ia64.rpm
ae7cab7a1a246dba8e93a62447af31ca  mozilla-mail-1.7.10-1.1.3.1.ia64.rpm
ec24bf2b81535e2df88d9c5c59fa99c9  mozilla-nspr-1.7.10-1.1.3.1.i386.rpm
b5d1310782a64bf3f93e111a82894824  mozilla-nspr-1.7.10-1.1.3.1.ia64.rpm
a030311feee7fbbdca9c180c52d3b69b  mozilla-nspr-devel-1.7.10-1.1.3.1.ia64.rpm
528d164350bfe977cb59282589e62eb9  mozilla-nss-1.7.10-1.1.3.1.i386.rpm
be9bf6d876580e3be201ff8400507193  mozilla-nss-1.7.10-1.1.3.1.ia64.rpm
476787654ef26f572369b59dd07974db  mozilla-nss-devel-1.7.10-1.1.3.1.ia64.rpm

x86_64:
a4d59681197dd05947d03254af144382  mozilla-1.7.10-1.1.3.1.i386.rpm
18eca4706e6cf5e7fe5b04d141d8b894  mozilla-1.7.10-1.1.3.1.x86_64.rpm
7d56eaef3efd6043f6a7d821c454fb69  mozilla-chat-1.7.10-1.1.3.1.x86_64.rpm
d6aef40f00dbbca27add8718b1c0a1b2  mozilla-devel-1.7.10-1.1.3.1.x86_64.rpm
5b0bf6f2522b9005cd07ea2af26aae9c  mozilla-dom-inspector-1.7.10-1.1.3.1.x86_64.rpm
d9454e562991a5aa925d382187b87dae  mozilla-js-debugger-1.7.10-1.1.3.1.x86_64.rpm
bfbd3a65b3c42867ab8c7607f30c9240  mozilla-mail-1.7.10-1.1.3.1.x86_64.rpm
ec24bf2b81535e2df88d9c5c59fa99c9  mozilla-nspr-1.7.10-1.1.3.1.i386.rpm
43d4d3c4b47d3ad0974e0ee575025f63  mozilla-nspr-1.7.10-1.1.3.1.x86_64.rpm
d0c34a693fdd32c9a9910c12524b7681  mozilla-nspr-devel-1.7.10-1.1.3.1.x86_64.rpm
528d164350bfe977cb59282589e62eb9  mozilla-nss-1.7.10-1.1.3.1.i386.rpm
9ffd15ddd436c95484b7628d6850e7db  mozilla-nss-1.7.10-1.1.3.1.x86_64.rpm
a88940fc293380a0a79fa53a0fc67f36  mozilla-nss-devel-1.7.10-1.1.3.1.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mozilla-1.7.10-1.1.3.1.src.rpm
5be9293ad20481e090089248ec72f569  mozilla-1.7.10-1.1.3.1.src.rpm

i386:
a4d59681197dd05947d03254af144382  mozilla-1.7.10-1.1.3.1.i386.rpm
b90d9ca49fe4e4609197459edffad028  mozilla-chat-1.7.10-1.1.3.1.i386.rpm
73e860293288e78a14c2f4edade4dee5  mozilla-devel-1.7.10-1.1.3.1.i386.rpm
cf36c0546533cf93cbb5e6cf15c9cc98  mozilla-dom-inspector-1.7.10-1.1.3.1.i386.rpm
ca8de793d9d2cf6a33243272aca73837  mozilla-js-debugger-1.7.10-1.1.3.1.i386.rpm
96357ec23c95a06b19d698ac2fcb9c27  mozilla-mail-1.7.10-1.1.3.1.i386.rpm
ec24bf2b81535e2df88d9c5c59fa99c9  mozilla-nspr-1.7.10-1.1.3.1.i386.rpm
0d63d6fb2815aac46f24e8f7e6957ef1  mozilla-nspr-devel-1.7.10-1.1.3.1.i386.rpm
528d164350bfe977cb59282589e62eb9  mozilla-nss-1.7.10-1.1.3.1.i386.rpm
e786121ce22876d72ed2840aea3dce7c  mozilla-nss-devel-1.7.10-1.1.3.1.i386.rpm

ia64:
5e3895eb658fac13a84b4ded56b99df2  mozilla-1.7.10-1.1.3.1.ia64.rpm
0fc33964f8f4436bfd758de7c1c68f84  mozilla-chat-1.7.10-1.1.3.1.ia64.rpm
d4c7da8a62f7eb6f7b6008c8daf379c6  mozilla-devel-1.7.10-1.1.3.1.ia64.rpm
2dc9329cabbb39479977799c73c5b6ab  mozilla-dom-inspector-1.7.10-1.1.3.1.ia64.rpm
5e7454db9574fa6d143435c6fd6d8d06  mozilla-js-debugger-1.7.10-1.1.3.1.ia64.rpm
ae7cab7a1a246dba8e93a62447af31ca  mozilla-mail-1.7.10-1.1.3.1.ia64.rpm
ec24bf2b81535e2df88d9c5c59fa99c9  mozilla-nspr-1.7.10-1.1.3.1.i386.rpm
b5d1310782a64bf3f93e111a82894824  mozilla-nspr-1.7.10-1.1.3.1.ia64.rpm
a030311feee7fbbdca9c180c52d3b69b  mozilla-nspr-devel-1.7.10-1.1.3.1.ia64.rpm
528d164350bfe977cb59282589e62eb9  mozilla-nss-1.7.10-1.1.3.1.i386.rpm
be9bf6d876580e3be201ff8400507193  mozilla-nss-1.7.10-1.1.3.1.ia64.rpm
476787654ef26f572369b59dd07974db  mozilla-nss-devel-1.7.10-1.1.3.1.ia64.rpm

x86_64:
a4d59681197dd05947d03254af144382  mozilla-1.7.10-1.1.3.1.i386.rpm
18eca4706e6cf5e7fe5b04d141d8b894  mozilla-1.7.10-1.1.3.1.x86_64.rpm
7d56eaef3efd6043f6a7d821c454fb69  mozilla-chat-1.7.10-1.1.3.1.x86_64.rpm
d6aef40f00dbbca27add8718b1c0a1b2  mozilla-devel-1.7.10-1.1.3.1.x86_64.rpm
5b0bf6f2522b9005cd07ea2af26aae9c  mozilla-dom-inspector-1.7.10-1.1.3.1.x86_64.rpm
d9454e562991a5aa925d382187b87dae  mozilla-js-debugger-1.7.10-1.1.3.1.x86_64.rpm
bfbd3a65b3c42867ab8c7607f30c9240  mozilla-mail-1.7.10-1.1.3.1.x86_64.rpm
ec24bf2b81535e2df88d9c5c59fa99c9  mozilla-nspr-1.7.10-1.1.3.1.i386.rpm
43d4d3c4b47d3ad0974e0ee575025f63  mozilla-nspr-1.7.10-1.1.3.1.x86_64.rpm
d0c34a693fdd32c9a9910c12524b7681  mozilla-nspr-devel-1.7.10-1.1.3.1.x86_64.rpm
528d164350bfe977cb59282589e62eb9  mozilla-nss-1.7.10-1.1.3.1.i386.rpm
9ffd15ddd436c95484b7628d6850e7db  mozilla-nss-1.7.10-1.1.3.1.x86_64.rpm
a88940fc293380a0a79fa53a0fc67f36  mozilla-nss-devel-1.7.10-1.1.3.1.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/devhelp-0.9.2-2.4.6.src.rpm
e744570e643ca7d711edc06fc5c0cb11  devhelp-0.9.2-2.4.6.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mozilla-1.7.10-1.4.1.src.rpm
6f0d2dcce1978e2bfe8383032e28e0c4  mozilla-1.7.10-1.4.1.src.rpm

i386:
6415ce5bc7747718f53d932ced954a6f  devhelp-0.9.2-2.4.6.i386.rpm
d0d75f33bc9222bd854ff380de2f0ad2  devhelp-devel-0.9.2-2.4.6.i386.rpm
0c277762fddace5c02810fb386b8210a  mozilla-1.7.10-1.4.1.i386.rpm
8175340ca355bc93ecb5b0fa2d537f28  mozilla-chat-1.7.10-1.4.1.i386.rpm
e935040b93af50d96d211716117318d6  mozilla-devel-1.7.10-1.4.1.i386.rpm
ee9649189d5c0433941fe3fda7ef2695  mozilla-dom-inspector-1.7.10-1.4.1.i386.rpm
01ef2f199e8eebae02ebefa64ccf6019  mozilla-js-debugger-1.7.10-1.4.1.i386.rpm
057789761797488246007f576febba49  mozilla-mail-1.7.10-1.4.1.i386.rpm
b2d7c5638c440221a3fa0fd8b42d189d  mozilla-nspr-1.7.10-1.4.1.i386.rpm
d2c07e11c1e451ba399aaa4d3a4f04d1  mozilla-nspr-devel-1.7.10-1.4.1.i386.rpm
660a5f41fb56206fb2ee619ae8048302  mozilla-nss-1.7.10-1.4.1.i386.rpm
37f8373b0b95fedeb6ad50adcf8368c5  mozilla-nss-devel-1.7.10-1.4.1.i386.rpm

ia64:
08df7c973605b47cd3f4ceb328432e53  mozilla-1.7.10-1.4.1.ia64.rpm
721fbcb141c34f9ad2f9749a4191b1ae  mozilla-chat-1.7.10-1.4.1.ia64.rpm
04a79997bd50159edad681d803d36b81  mozilla-devel-1.7.10-1.4.1.ia64.rpm
a532b504a846ccf5445fec809da9dd27  mozilla-dom-inspector-1.7.10-1.4.1.ia64.rpm
9aa1f4b2f221390d368c3841870462a6  mozilla-js-debugger-1.7.10-1.4.1.ia64.rpm
6ad344d2c345e0e9043a461258a4d2e1  mozilla-mail-1.7.10-1.4.1.ia64.rpm
b2d7c5638c440221a3fa0fd8b42d189d  mozilla-nspr-1.7.10-1.4.1.i386.rpm
3029412a99acc58c97974e0762c1ca56  mozilla-nspr-1.7.10-1.4.1.ia64.rpm
afcc6928178beb17757184ba7bca3c9d  mozilla-nspr-devel-1.7.10-1.4.1.ia64.rpm
660a5f41fb56206fb2ee619ae8048302  mozilla-nss-1.7.10-1.4.1.i386.rpm
fb3d8124f85521d1232424132b292765  mozilla-nss-1.7.10-1.4.1.ia64.rpm
e48ff1104d889f3cf76e1ce5d02d12ae  mozilla-nss-devel-1.7.10-1.4.1.ia64.rpm

ppc:
3490e4c201149cd5a40d07199e09259a  devhelp-0.9.2-2.4.6.ppc.rpm
77de6ca9b2341a1acc794cc3283e7892  devhelp-devel-0.9.2-2.4.6.ppc.rpm
e91228aae16cbd4432f1c6785e1910dc  mozilla-1.7.10-1.4.1.ppc.rpm
8cd6c1947cbcbf5854d7372d5227c078  mozilla-chat-1.7.10-1.4.1.ppc.rpm
8141f353358737214cd661e8292e6256  mozilla-devel-1.7.10-1.4.1.ppc.rpm
51a02b5b5e63acbefa1fd92434739e76  mozilla-dom-inspector-1.7.10-1.4.1.ppc.rpm
5ad9e91f4b140f5f86ee6aaa13efc2b1  mozilla-js-debugger-1.7.10-1.4.1.ppc.rpm
dcfd4381d225cb01e65c2d2af6b85151  mozilla-mail-1.7.10-1.4.1.ppc.rpm
9a7b556b2307cfa2a660f8a4bdf39683  mozilla-nspr-1.7.10-1.4.1.ppc.rpm
e64ba39a25cbe666f68b88721ed0f80e  mozilla-nspr-devel-1.7.10-1.4.1.ppc.rpm
9a57a6b889377fbb96e6aedbeb57cdef  mozilla-nss-1.7.10-1.4.1.ppc.rpm
175d0d7b8a94a99a7c5df4f7e40dcd99  mozilla-nss-devel-1.7.10-1.4.1.ppc.rpm

s390:
5779cc03221cd93907bc53169d46f918  mozilla-1.7.10-1.4.1.s390.rpm
856e8bd10955d8749acffdbbd21a1b55  mozilla-chat-1.7.10-1.4.1.s390.rpm
02c2e88459afa2234c1dc34084ae272a  mozilla-devel-1.7.10-1.4.1.s390.rpm
2cfa053e12aa3f3f64aee92a76402cbe  mozilla-dom-inspector-1.7.10-1.4.1.s390.rpm
c7f83860518a9403c52b84fff95c295b  mozilla-js-debugger-1.7.10-1.4.1.s390.rpm
caad7e8a27a26d2552f28959788a5553  mozilla-mail-1.7.10-1.4.1.s390.rpm
b678ab0dc75d79511b2c645b02543b9b  mozilla-nspr-1.7.10-1.4.1.s390.rpm
fbc3c9bd3b91ed508f3ebd6cb5249990  mozilla-nspr-devel-1.7.10-1.4.1.s390.rpm
2e0101b6fe0e14984bb77e2d8de38ebf  mozilla-nss-1.7.10-1.4.1.s390.rpm
8940aaee0a1cd6eaa6d30744673f3766  mozilla-nss-devel-1.7.10-1.4.1.s390.rpm

s390x:
faf9cf08a2fe9aecc5f0d87d903c41ce  mozilla-1.7.10-1.4.1.s390x.rpm
8e6cf06518a6b5bbda90d3e977631b8d  mozilla-chat-1.7.10-1.4.1.s390x.rpm
7e219d326f8a0806bd19b6eea112d41a  mozilla-devel-1.7.10-1.4.1.s390x.rpm
a3d898bc0f391e0b44c7714c4fc95792  mozilla-dom-inspector-1.7.10-1.4.1.s390x.rpm
e79e1e56be0b37f042e0aabb765f7466  mozilla-js-debugger-1.7.10-1.4.1.s390x.rpm
4c3adcdda04fce563572832b0ca32189  mozilla-mail-1.7.10-1.4.1.s390x.rpm
b678ab0dc75d79511b2c645b02543b9b  mozilla-nspr-1.7.10-1.4.1.s390.rpm
9c57538aea43d4436adb872df1679d5c  mozilla-nspr-1.7.10-1.4.1.s390x.rpm
93def21691eb82d9f1b14a8a3611cad8  mozilla-nspr-devel-1.7.10-1.4.1.s390x.rpm
2e0101b6fe0e14984bb77e2d8de38ebf  mozilla-nss-1.7.10-1.4.1.s390.rpm
f8481e9160b83ef6c6a6dd170504a8f5  mozilla-nss-1.7.10-1.4.1.s390x.rpm
57656885eba76655c12e0087111f4dba  mozilla-nss-devel-1.7.10-1.4.1.s390x.rpm

x86_64:
c3a41ff5f79bb2e4bb95587492cac3eb  devhelp-0.9.2-2.4.6.x86_64.rpm
7b7fe7d9c09046b4a1d6ed7f2f4deb7e  devhelp-devel-0.9.2-2.4.6.x86_64.rpm
ed831e150aa80275e2eccf017610223d  mozilla-1.7.10-1.4.1.x86_64.rpm
f87cc0db45edd6f05ca745031755d7c1  mozilla-chat-1.7.10-1.4.1.x86_64.rpm
1fa48e8af50a194e2f3334cfcb3179b5  mozilla-devel-1.7.10-1.4.1.x86_64.rpm
b74873dddb70ee940d42197d3c8b87d8  mozilla-dom-inspector-1.7.10-1.4.1.x86_64.rpm
99ee3b8c9a54174c19be51700697bce2  mozilla-js-debugger-1.7.10-1.4.1.x86_64.rpm
c11fa7562236caf2a5cce5eac603227a  mozilla-mail-1.7.10-1.4.1.x86_64.rpm
b2d7c5638c440221a3fa0fd8b42d189d  mozilla-nspr-1.7.10-1.4.1.i386.rpm
36886d6b5f2326ef84ab8eafc2ee3d11  mozilla-nspr-1.7.10-1.4.1.x86_64.rpm
3c876bb470c007e81ce94879584cc179  mozilla-nspr-devel-1.7.10-1.4.1.x86_64.rpm
660a5f41fb56206fb2ee619ae8048302  mozilla-nss-1.7.10-1.4.1.i386.rpm
0a23d4014a0d23121ef378c303db5fec  mozilla-nss-1.7.10-1.4.1.x86_64.rpm
d7186dbf2143a07439b8bd421a71a543  mozilla-nss-devel-1.7.10-1.4.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/devhelp-0.9.2-2.4.6.src.rpm
e744570e643ca7d711edc06fc5c0cb11  devhelp-0.9.2-2.4.6.src.rpm
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mozilla-1.7.10-1.4.1.src.rpm
6f0d2dcce1978e2bfe8383032e28e0c4  mozilla-1.7.10-1.4.1.src.rpm

i386:
6415ce5bc7747718f53d932ced954a6f  devhelp-0.9.2-2.4.6.i386.rpm
d0d75f33bc9222bd854ff380de2f0ad2  devhelp-devel-0.9.2-2.4.6.i386.rpm
0c277762fddace5c02810fb386b8210a  mozilla-1.7.10-1.4.1.i386.rpm
8175340ca355bc93ecb5b0fa2d537f28  mozilla-chat-1.7.10-1.4.1.i386.rpm
e935040b93af50d96d211716117318d6  mozilla-devel-1.7.10-1.4.1.i386.rpm
ee9649189d5c0433941fe3fda7ef2695  mozilla-dom-inspector-1.7.10-1.4.1.i386.rpm
01ef2f199e8eebae02ebefa64ccf6019  mozilla-js-debugger-1.7.10-1.4.1.i386.rpm
057789761797488246007f576febba49  mozilla-mail-1.7.10-1.4.1.i386.rpm
b2d7c5638c440221a3fa0fd8b42d189d  mozilla-nspr-1.7.10-1.4.1.i386.rpm
d2c07e11c1e451ba399aaa4d3a4f04d1  mozilla-nspr-devel-1.7.10-1.4.1.i386.rpm
660a5f41fb56206fb2ee619ae8048302  mozilla-nss-1.7.10-1.4.1.i386.rpm
37f8373b0b95fedeb6ad50adcf8368c5  mozilla-nss-devel-1.7.10-1.4.1.i386.rpm

x86_64:
c3a41ff5f79bb2e4bb95587492cac3eb  devhelp-0.9.2-2.4.6.x86_64.rpm
7b7fe7d9c09046b4a1d6ed7f2f4deb7e  devhelp-devel-0.9.2-2.4.6.x86_64.rpm
ed831e150aa80275e2eccf017610223d  mozilla-1.7.10-1.4.1.x86_64.rpm
f87cc0db45edd6f05ca745031755d7c1  mozilla-chat-1.7.10-1.4.1.x86_64.rpm
1fa48e8af50a194e2f3334cfcb3179b5  mozilla-devel-1.7.10-1.4.1.x86_64.rpm
b74873dddb70ee940d42197d3c8b87d8  mozilla-dom-inspector-1.7.10-1.4.1.x86_64.rpm
99ee3b8c9a54174c19be51700697bce2  mozilla-js-debugger-1.7.10-1.4.1.x86_64.rpm
c11fa7562236caf2a5cce5eac603227a  mozilla-mail-1.7.10-1.4.1.x86_64.rpm
b2d7c5638c440221a3fa0fd8b42d189d  mozilla-nspr-1.7.10-1.4.1.i386.rpm
36886d6b5f2326ef84ab8eafc2ee3d11  mozilla-nspr-1.7.10-1.4.1.x86_64.rpm
3c876bb470c007e81ce94879584cc179  mozilla-nspr-devel-1.7.10-1.4.1.x86_64.rpm
660a5f41fb56206fb2ee619ae8048302  mozilla-nss-1.7.10-1.4.1.i386.rpm
0a23d4014a0d23121ef378c303db5fec  mozilla-nss-1.7.10-1.4.1.x86_64.rpm
d7186dbf2143a07439b8bd421a71a543  mozilla-nss-devel-1.7.10-1.4.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/devhelp-0.9.2-2.4.6.src.rpm
e744570e643ca7d711edc06fc5c0cb11  devhelp-0.9.2-2.4.6.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mozilla-1.7.10-1.4.1.src.rpm
6f0d2dcce1978e2bfe8383032e28e0c4  mozilla-1.7.10-1.4.1.src.rpm

i386:
6415ce5bc7747718f53d932ced954a6f  devhelp-0.9.2-2.4.6.i386.rpm
d0d75f33bc9222bd854ff380de2f0ad2  devhelp-devel-0.9.2-2.4.6.i386.rpm
0c277762fddace5c02810fb386b8210a  mozilla-1.7.10-1.4.1.i386.rpm
8175340ca355bc93ecb5b0fa2d537f28  mozilla-chat-1.7.10-1.4.1.i386.rpm
e935040b93af50d96d211716117318d6  mozilla-devel-1.7.10-1.4.1.i386.rpm
ee9649189d5c0433941fe3fda7ef2695  mozilla-dom-inspector-1.7.10-1.4.1.i386.rpm
01ef2f199e8eebae02ebefa64ccf6019  mozilla-js-debugger-1.7.10-1.4.1.i386.rpm
057789761797488246007f576febba49  mozilla-mail-1.7.10-1.4.1.i386.rpm
b2d7c5638c440221a3fa0fd8b42d189d  mozilla-nspr-1.7.10-1.4.1.i386.rpm
d2c07e11c1e451ba399aaa4d3a4f04d1  mozilla-nspr-devel-1.7.10-1.4.1.i386.rpm
660a5f41fb56206fb2ee619ae8048302  mozilla-nss-1.7.10-1.4.1.i386.rpm
37f8373b0b95fedeb6ad50adcf8368c5  mozilla-nss-devel-1.7.10-1.4.1.i386.rpm

ia64:
08df7c973605b47cd3f4ceb328432e53  mozilla-1.7.10-1.4.1.ia64.rpm
721fbcb141c34f9ad2f9749a4191b1ae  mozilla-chat-1.7.10-1.4.1.ia64.rpm
04a79997bd50159edad681d803d36b81  mozilla-devel-1.7.10-1.4.1.ia64.rpm
a532b504a846ccf5445fec809da9dd27  mozilla-dom-inspector-1.7.10-1.4.1.ia64.rpm
9aa1f4b2f221390d368c3841870462a6  mozilla-js-debugger-1.7.10-1.4.1.ia64.rpm
6ad344d2c345e0e9043a461258a4d2e1  mozilla-mail-1.7.10-1.4.1.ia64.rpm
b2d7c5638c440221a3fa0fd8b42d189d  mozilla-nspr-1.7.10-1.4.1.i386.rpm
3029412a99acc58c97974e0762c1ca56  mozilla-nspr-1.7.10-1.4.1.ia64.rpm
afcc6928178beb17757184ba7bca3c9d  mozilla-nspr-devel-1.7.10-1.4.1.ia64.rpm
660a5f41fb56206fb2ee619ae8048302  mozilla-nss-1.7.10-1.4.1.i386.rpm
fb3d8124f85521d1232424132b292765  mozilla-nss-1.7.10-1.4.1.ia64.rpm
e48ff1104d889f3cf76e1ce5d02d12ae  mozilla-nss-devel-1.7.10-1.4.1.ia64.rpm

x86_64:
c3a41ff5f79bb2e4bb95587492cac3eb  devhelp-0.9.2-2.4.6.x86_64.rpm
7b7fe7d9c09046b4a1d6ed7f2f4deb7e  devhelp-devel-0.9.2-2.4.6.x86_64.rpm
ed831e150aa80275e2eccf017610223d  mozilla-1.7.10-1.4.1.x86_64.rpm
f87cc0db45edd6f05ca745031755d7c1  mozilla-chat-1.7.10-1.4.1.x86_64.rpm
1fa48e8af50a194e2f3334cfcb3179b5  mozilla-devel-1.7.10-1.4.1.x86_64.rpm
b74873dddb70ee940d42197d3c8b87d8  mozilla-dom-inspector-1.7.10-1.4.1.x86_64.rpm
99ee3b8c9a54174c19be51700697bce2  mozilla-js-debugger-1.7.10-1.4.1.x86_64.rpm
c11fa7562236caf2a5cce5eac603227a  mozilla-mail-1.7.10-1.4.1.x86_64.rpm
b2d7c5638c440221a3fa0fd8b42d189d  mozilla-nspr-1.7.10-1.4.1.i386.rpm
36886d6b5f2326ef84ab8eafc2ee3d11  mozilla-nspr-1.7.10-1.4.1.x86_64.rpm
3c876bb470c007e81ce94879584cc179  mozilla-nspr-devel-1.7.10-1.4.1.x86_64.rpm
660a5f41fb56206fb2ee619ae8048302  mozilla-nss-1.7.10-1.4.1.i386.rpm
0a23d4014a0d23121ef378c303db5fec  mozilla-nss-1.7.10-1.4.1.x86_64.rpm
d7186dbf2143a07439b8bd421a71a543  mozilla-nss-devel-1.7.10-1.4.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/devhelp-0.9.2-2.4.6.src.rpm
e744570e643ca7d711edc06fc5c0cb11  devhelp-0.9.2-2.4.6.src.rpm
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mozilla-1.7.10-1.4.1.src.rpm
6f0d2dcce1978e2bfe8383032e28e0c4  mozilla-1.7.10-1.4.1.src.rpm

i386:
6415ce5bc7747718f53d932ced954a6f  devhelp-0.9.2-2.4.6.i386.rpm
d0d75f33bc9222bd854ff380de2f0ad2  devhelp-devel-0.9.2-2.4.6.i386.rpm
0c277762fddace5c02810fb386b8210a  mozilla-1.7.10-1.4.1.i386.rpm
8175340ca355bc93ecb5b0fa2d537f28  mozilla-chat-1.7.10-1.4.1.i386.rpm
e935040b93af50d96d211716117318d6  mozilla-devel-1.7.10-1.4.1.i386.rpm
ee9649189d5c0433941fe3fda7ef2695  mozilla-dom-inspector-1.7.10-1.4.1.i386.rpm
01ef2f199e8eebae02ebefa64ccf6019  mozilla-js-debugger-1.7.10-1.4.1.i386.rpm
057789761797488246007f576febba49  mozilla-mail-1.7.10-1.4.1.i386.rpm
b2d7c5638c440221a3fa0fd8b42d189d  mozilla-nspr-1.7.10-1.4.1.i386.rpm
d2c07e11c1e451ba399aaa4d3a4f04d1  mozilla-nspr-devel-1.7.10-1.4.1.i386.rpm
660a5f41fb56206fb2ee619ae8048302  mozilla-nss-1.7.10-1.4.1.i386.rpm
37f8373b0b95fedeb6ad50adcf8368c5  mozilla-nss-devel-1.7.10-1.4.1.i386.rpm

ia64:
08df7c973605b47cd3f4ceb328432e53  mozilla-1.7.10-1.4.1.ia64.rpm
721fbcb141c34f9ad2f9749a4191b1ae  mozilla-chat-1.7.10-1.4.1.ia64.rpm
04a79997bd50159edad681d803d36b81  mozilla-devel-1.7.10-1.4.1.ia64.rpm
a532b504a846ccf5445fec809da9dd27  mozilla-dom-inspector-1.7.10-1.4.1.ia64.rpm
9aa1f4b2f221390d368c3841870462a6  mozilla-js-debugger-1.7.10-1.4.1.ia64.rpm
6ad344d2c345e0e9043a461258a4d2e1  mozilla-mail-1.7.10-1.4.1.ia64.rpm
b2d7c5638c440221a3fa0fd8b42d189d  mozilla-nspr-1.7.10-1.4.1.i386.rpm
3029412a99acc58c97974e0762c1ca56  mozilla-nspr-1.7.10-1.4.1.ia64.rpm
afcc6928178beb17757184ba7bca3c9d  mozilla-nspr-devel-1.7.10-1.4.1.ia64.rpm
660a5f41fb56206fb2ee619ae8048302  mozilla-nss-1.7.10-1.4.1.i386.rpm
fb3d8124f85521d1232424132b292765  mozilla-nss-1.7.10-1.4.1.ia64.rpm
e48ff1104d889f3cf76e1ce5d02d12ae  mozilla-nss-devel-1.7.10-1.4.1.ia64.rpm

x86_64:
c3a41ff5f79bb2e4bb95587492cac3eb  devhelp-0.9.2-2.4.6.x86_64.rpm
7b7fe7d9c09046b4a1d6ed7f2f4deb7e  devhelp-devel-0.9.2-2.4.6.x86_64.rpm
ed831e150aa80275e2eccf017610223d  mozilla-1.7.10-1.4.1.x86_64.rpm
f87cc0db45edd6f05ca745031755d7c1  mozilla-chat-1.7.10-1.4.1.x86_64.rpm
1fa48e8af50a194e2f3334cfcb3179b5  mozilla-devel-1.7.10-1.4.1.x86_64.rpm
b74873dddb70ee940d42197d3c8b87d8  mozilla-dom-inspector-1.7.10-1.4.1.x86_64.rpm
99ee3b8c9a54174c19be51700697bce2  mozilla-js-debugger-1.7.10-1.4.1.x86_64.rpm
c11fa7562236caf2a5cce5eac603227a  mozilla-mail-1.7.10-1.4.1.x86_64.rpm
b2d7c5638c440221a3fa0fd8b42d189d  mozilla-nspr-1.7.10-1.4.1.i386.rpm
36886d6b5f2326ef84ab8eafc2ee3d11  mozilla-nspr-1.7.10-1.4.1.x86_64.rpm
3c876bb470c007e81ce94879584cc179  mozilla-nspr-devel-1.7.10-1.4.1.x86_64.rpm
660a5f41fb56206fb2ee619ae8048302  mozilla-nss-1.7.10-1.4.1.i386.rpm
0a23d4014a0d23121ef378c303db5fec  mozilla-nss-1.7.10-1.4.1.x86_64.rpm
d7186dbf2143a07439b8bd421a71a543  mozilla-nss-devel-1.7.10-1.4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2270

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFC4NELXlSAg2UNWIIRAtYWAKCN3IvqM+dURCGzNSQINm3d3Ap71wCeJQLA
EPnCPhBTu1CXMywFOBJitxE=
=RUJz
- -----END PGP SIGNATURE-----




3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: fetchmail security update
Advisory ID:       RHSA-2005:640-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-640.html
Issue date:        2005-07-25
Updated on:        2005-07-25
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-2335
- - ---------------------------------------------------------------------

1. Summary:

Updated fetchmail packages that fix a security flaw are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Fetchmail is a remote mail retrieval and forwarding utility.

A buffer overflow was discovered in fetchmail's POP3 client.  A malicious
server could cause send a carefully crafted message UID and cause fetchmail
to crash or potentially execute arbitrary code as the user running
fetchmail.  The Common Vulnerabilities and Exposures project assigned the
name CAN-2005-2335 to this issue.

Users of fetchmail should update to this erratum package which contains a
backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

163816 - CAN-2005-2335 fetchmail overflow from malicious pop3 server


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/fetchmail-5.9.0-21.7.3.el2.1.1.src.rpm
31686858a916ff3a956692767b54d069  fetchmail-5.9.0-21.7.3.el2.1.1.src.rpm

i386:
858ca98c8dd78b81d166ef9e986d50aa  fetchmail-5.9.0-21.7.3.el2.1.1.i386.rpm
3b0de7ddec9b7baf8e483671cc134042  fetchmailconf-5.9.0-21.7.3.el2.1.1.i386.rpm

ia64:
5119f1b228b5bf0bf68b7a4907f43c84  fetchmail-5.9.0-21.7.3.el2.1.1.ia64.rpm
eead1136cdaae89c4af5be3e5af15ee5  fetchmailconf-5.9.0-21.7.3.el2.1.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/fetchmail-5.9.0-21.7.3.el2.1.1.src.rpm
31686858a916ff3a956692767b54d069  fetchmail-5.9.0-21.7.3.el2.1.1.src.rpm

ia64:
5119f1b228b5bf0bf68b7a4907f43c84  fetchmail-5.9.0-21.7.3.el2.1.1.ia64.rpm
eead1136cdaae89c4af5be3e5af15ee5  fetchmailconf-5.9.0-21.7.3.el2.1.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/fetchmail-5.9.0-21.7.3.el2.1.1.src.rpm
31686858a916ff3a956692767b54d069  fetchmail-5.9.0-21.7.3.el2.1.1.src.rpm

i386:
858ca98c8dd78b81d166ef9e986d50aa  fetchmail-5.9.0-21.7.3.el2.1.1.i386.rpm
3b0de7ddec9b7baf8e483671cc134042  fetchmailconf-5.9.0-21.7.3.el2.1.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/fetchmail-5.9.0-21.7.3.el2.1.1.src.rpm
31686858a916ff3a956692767b54d069  fetchmail-5.9.0-21.7.3.el2.1.1.src.rpm

i386:
858ca98c8dd78b81d166ef9e986d50aa  fetchmail-5.9.0-21.7.3.el2.1.1.i386.rpm
3b0de7ddec9b7baf8e483671cc134042  fetchmailconf-5.9.0-21.7.3.el2.1.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/fetchmail-6.2.0-3.el3.2.src.rpm
f8cf96a663157fefaeb4fc6f1a8cf63d  fetchmail-6.2.0-3.el3.2.src.rpm

i386:
fdfe7a3616a60b838b55c2fa9e818ccf  fetchmail-6.2.0-3.el3.2.i386.rpm

ia64:
cd02da478c2e507e094b3581edf8768b  fetchmail-6.2.0-3.el3.2.ia64.rpm

ppc:
5e47a6d1f8babd0005baa45378a8e40c  fetchmail-6.2.0-3.el3.2.ppc.rpm

s390:
d4b0e5c8bed708c6b3b2d8b00ba9262c  fetchmail-6.2.0-3.el3.2.s390.rpm

s390x:
4a5f2fb842e10f1886d5b33afead33a9  fetchmail-6.2.0-3.el3.2.s390x.rpm

x86_64:
7bee2b44f864c4ffebdce96fce226d44  fetchmail-6.2.0-3.el3.2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/fetchmail-6.2.0-3.el3.2.src.rpm
f8cf96a663157fefaeb4fc6f1a8cf63d  fetchmail-6.2.0-3.el3.2.src.rpm

i386:
fdfe7a3616a60b838b55c2fa9e818ccf  fetchmail-6.2.0-3.el3.2.i386.rpm

x86_64:
7bee2b44f864c4ffebdce96fce226d44  fetchmail-6.2.0-3.el3.2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/fetchmail-6.2.0-3.el3.2.src.rpm
f8cf96a663157fefaeb4fc6f1a8cf63d  fetchmail-6.2.0-3.el3.2.src.rpm

i386:
fdfe7a3616a60b838b55c2fa9e818ccf  fetchmail-6.2.0-3.el3.2.i386.rpm

ia64:
cd02da478c2e507e094b3581edf8768b  fetchmail-6.2.0-3.el3.2.ia64.rpm

x86_64:
7bee2b44f864c4ffebdce96fce226d44  fetchmail-6.2.0-3.el3.2.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/fetchmail-6.2.0-3.el3.2.src.rpm
f8cf96a663157fefaeb4fc6f1a8cf63d  fetchmail-6.2.0-3.el3.2.src.rpm

i386:
fdfe7a3616a60b838b55c2fa9e818ccf  fetchmail-6.2.0-3.el3.2.i386.rpm

ia64:
cd02da478c2e507e094b3581edf8768b  fetchmail-6.2.0-3.el3.2.ia64.rpm

x86_64:
7bee2b44f864c4ffebdce96fce226d44  fetchmail-6.2.0-3.el3.2.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/fetchmail-6.2.5-6.el4.2.src.rpm
74a78227b3e3f5b8a0c392ea1325a2d3  fetchmail-6.2.5-6.el4.2.src.rpm

i386:
07da83424466fe1f855de9c82beb230c  fetchmail-6.2.5-6.el4.2.i386.rpm

ia64:
289d48240464a4279b0774e79ebed25f  fetchmail-6.2.5-6.el4.2.ia64.rpm

ppc:
6face3dff0e660e2d5eceb82150b371a  fetchmail-6.2.5-6.el4.2.ppc.rpm

s390:
c0227905c02d361963da67f1ed45db38  fetchmail-6.2.5-6.el4.2.s390.rpm

s390x:
96d83be40ae7081aa1dd73ff54f389d8  fetchmail-6.2.5-6.el4.2.s390x.rpm

x86_64:
c92a8b8909a1ec1c27cb011d1aa0b924  fetchmail-6.2.5-6.el4.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/fetchmail-6.2.5-6.el4.2.src.rpm
74a78227b3e3f5b8a0c392ea1325a2d3  fetchmail-6.2.5-6.el4.2.src.rpm

i386:
07da83424466fe1f855de9c82beb230c  fetchmail-6.2.5-6.el4.2.i386.rpm

x86_64:
c92a8b8909a1ec1c27cb011d1aa0b924  fetchmail-6.2.5-6.el4.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/fetchmail-6.2.5-6.el4.2.src.rpm
74a78227b3e3f5b8a0c392ea1325a2d3  fetchmail-6.2.5-6.el4.2.src.rpm

i386:
07da83424466fe1f855de9c82beb230c  fetchmail-6.2.5-6.el4.2.i386.rpm

ia64:
289d48240464a4279b0774e79ebed25f  fetchmail-6.2.5-6.el4.2.ia64.rpm

x86_64:
c92a8b8909a1ec1c27cb011d1aa0b924  fetchmail-6.2.5-6.el4.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/fetchmail-6.2.5-6.el4.2.src.rpm
74a78227b3e3f5b8a0c392ea1325a2d3  fetchmail-6.2.5-6.el4.2.src.rpm

i386:
07da83424466fe1f855de9c82beb230c  fetchmail-6.2.5-6.el4.2.i386.rpm

ia64:
289d48240464a4279b0774e79ebed25f  fetchmail-6.2.5-6.el4.2.ia64.rpm

x86_64:
c92a8b8909a1ec1c27cb011d1aa0b924  fetchmail-6.2.5-6.el4.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2335

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFC5JrPXlSAg2UNWIIRApNfAJ49Y/eUstz4yT8V66zbRENv0CNypACeKEgE
PHYNiQJGyDPT4GFta7C+vvA=
=uMsb
- -----END PGP SIGNATURE-----




- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Red Hat for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQuS4S4pao72zK539AQHKOwP/S4OtNLk0G7a7yzQIjbUurlKkjzWQP0fq
zhONy0mMOwojpkFpHpoLxpITXLfufjU/ckmDxVBZu59m+jHF/QMw4KRIQXDriVpO
17Qt9yjONPn6QYuad8z6oOk7lmOlXbrTlfypeY7vZjcNNWGxEmnwFqKttX8y1vD5
6DH9iKXAsJo=
=Mnt4
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________