.------------------------------------------------. |**** Project Independence Security Advisory ****| `-----------* ID: PISA-18-NOV-99-002 *-----------' Issued by: David Webster Issue Date: 18-NOV-99 Overview: New netscape packages available Affected: Independence Release 6.0-0.8 (Redhat 6.0) References: http://home.netscape.com/eng/mozilla/4.7/relnotes/unix-4.7.html RedHat Security Advisory; RHSA-1999:039-02 -=-=-==-=-=- Detailed Problem Description: A new version of Netscape has been released. This release fixes some security problems in Javascript and form signing, as well as adding some new features. Solution: Update the affected RPM packages by downloading and installing the RPMs listed below. For each RPM, run: root# rpm -Uvh where is the name of the RPM. [Note: You need only install EITHER the compiled RPM, (*.i386.rpm) OR the source RPM, (*.src.rpm), NOT both.] RPMs: [Note: URLs wrap.] http://independence.seul.org/security/1999/rpms/netscape-common-4.7-1.1.i386.rpm ftp://ftp.redhat.com/pub/redhat/updates/6.1/i386/netscape-common-4.7-1.1.i386.rpm http://independence.seul.org/security/1999/rpms/netscape-communicator-4.7-1.1.i386.rpm ftp://ftp.redhat.com/pub/redhat/updates/6.1/i386/netscape-communicator-4.7-1.1.i386.rpm http://independence.seul.org/security/1999/rpms/netscape-navigator-4.7-1.1.i386.rpm ftp://ftp.redhat.com/pub/redhat/updates/6.1/i386/netscape-navigator-4.7-1.1.i386.rpm Source RPMs: http://independence.seul.org/security/1999/rpms/netscape-4.7-1.1.i386.rpm ftp://ftp.redhat.com/pub/redhat/updates/6.1/SRPMS/netscape-4.7-1.1.src.rpm Verification: MD5 sum Package Name -------------------------------------------------------------------------- da8414206db834a9cf40c387f1ac2920 netscape-common-4.7-1.1.i386.rpm b1efd248d95a1a1cd7b9a5a1caef1922 netscape-communicator-4.7-1.1.i386.rpm d5529c3e2403ff2a3ce4483b6c2eb131 netscape-navigator-4.7-1.1.i386.rpm c8dd34bd0cad87bfd1d51a0c56713ac3 netscape-4.7-1.1.src.rpm -------------------------------------------------------------------------- These packages are GPG signed by Red Hat, Inc. for security. Their key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg This security advisory, and all future ones should be signed by me, David Webster (aka cognition), with key ID: 45 FA C2 83 Which is avaliable from: [http://www.cognite.net/pgp.html], and most good pgp key servers. An archive of these messages can be currently be found on: http://www.cognite.net/indy/ A process of automatic retrival is being worked on. [Note: these problems were discovered, and fixed by RedHat.] .---------------------------------------------------. | And problems regarding this, or future advisories | | should be emailed to me: | `---------------------------------------------------'