Linux Security
    Linux Security
    Linux Security

    Debian: netscape vulnerability

    Date 01 Sep 2000
    Posted By LinuxSecurity Advisories
    An updated netscape package now exists to fix several remote exploit vulnerabilities.
    - ----------------------------------------------------------------------------
    Debian Security Advisory                                 This email address is being protected from spambots. You need JavaScript enabled to view it.                                Michael Stone
    September 1, 2000
    - ----------------------------------------------------------------------------
    Package: netscape (communicator, navigator)
    Vulnerability: remote exploit
    Debian-specific: no
    Existing Netscape Communicator/Navigator packages contain the following
     1. Netscape Communicator JPEG-Comment Heap Overwrite Vulnerability
        - executes arbitrary code in the comment field of a JPEG image
        - Netscape Communicator/Navigator versions 4.0 through 4.73 are vulnerable
     2. Multiple Vendor Java Virtual Machine Listening Socket Vulnerability
     3. Netscape Communicator URL Read Vulnerability
        - items 2 and 3 together are known as the "Brown Orifice" vulnerability
        - can be exploited to expose the contents of your computer to anyone on the
          Internet, allowing to read files visible to the user running the browser
        - Netscape Communicator/Navigator versions 4.0 through 4.74 are vulnerable
    Netscape Communicator/Navigator is not a part of the Debian distribution, but
    packages are available for the convenience of our users. We recommend that
    users who choose to run Netscape Communicator/Navigator upgrade to version
    4.75. New packages are available in source form and for Intel ia32 machines
    running Debian 2.2 (potato). Note that the new packages will not remove your
    existing Communicator/Navigator packages; you should manually remove any older
    installed versions of Communicator/Navigator. (More detailed instructions for
    installing and removing these packages is available in the web version of this
    report, at
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
      Source archives:
          MD5 checksum: 99ab453006b123ade6b62d508052e8aa
          MD5 checksum: b6c8220d540580c62302e51bd310273c
          MD5 checksum: 291d418188dd0d859c842b8e511f40dd
          MD5 checksum: 834ccd2acc61052bf9b01f58c5adb767
          MD5 checksum: c9f71e888d9ce42d7317a7a8255a25f4
      Intel ia32 architecture:
          MD5 checksum: 401b63408d1477978fe16a855b9b2a14
          MD5 checksum: 763d8c075f0200d77ce1ad91af3d4c27
          MD5 checksum: d255e35d8365486b28a6e5c02bdf7e80
          MD5 checksum: a8b595e4ba544861109e91cf2f494d67
          MD5 checksum: 2c42207d48399b1d9ea757a1ee677414
          MD5 checksum: 3b67100464ed0aa6a22bef337c14798f
          MD5 checksum: f4ed466d94b761b3a5f252c859c1c38d
          MD5 checksum: 3e671e3bd853557df55915a395f57d39
          MD5 checksum: d46984adbf2703f26a5bbd1cff912967
          MD5 checksum: 3e7de9bb9c0c8c73519c3b7149de6af4
          MD5 checksum: a4f735e76fb26bc46a99edb557e41d43
          MD5 checksum: be2014f7b47913fc2d40dd3a2f7dc60f
          MD5 checksum: 4cae30606eb234d79c0469ad3e430ece
          MD5 checksum: e594f5e58bfab22b5c4333d6e648b8bc
          MD5 checksum: 2f5aadfe24499b6ed79d7c1810aedb70
          MD5 checksum: 2b1d1abed84ac00eef02de530ad95028
          MD5 checksum: b2335dabae4430a69773ba22b3d5100c
          MD5 checksum: 2397e4c0d8e556ea457b0095ad102d96
          MD5 checksum: 45f1df641dc6869f880ee32abc1c8eb2
          MD5 checksum: 5cb68c9bf8a895488c4a75145c48c915
    - ----------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Version: 2.6.3ia
    Charset: noconv
    -----END PGP SIGNATURE-----

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"22","type":"x","order":"1","pct":34.92,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"13","type":"x","order":"2","pct":20.63,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"28","type":"x","order":"3","pct":44.44,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.