-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------
Debian Security Advisory                                 security@debian.org 
Debian -- Security Information                                 Michael Stone
September 1, 2000
- ----------------------------------------------------------------------------

Package: netscape (communicator, navigator)
Vulnerability: remote exploit
Debian-specific: no

Existing Netscape Communicator/Navigator packages contain the following
vulnerabilities:

 1. Netscape Communicator JPEG-Comment Heap Overwrite Vulnerability
    - executes arbitrary code in the comment field of a JPEG image
    - Netscape Communicator/Navigator versions 4.0 through 4.73 are vulnerable
 2. Multiple Vendor Java Virtual Machine Listening Socket Vulnerability
 3. Netscape Communicator URL Read Vulnerability
    - items 2 and 3 together are known as the "Brown Orifice" vulnerability
    - can be exploited to expose the contents of your computer to anyone on the
      Internet, allowing to read files visible to the user running the browser
    - Netscape Communicator/Navigator versions 4.0 through 4.74 are vulnerable

Netscape Communicator/Navigator is not a part of the Debian distribution, but
packages are available for the convenience of our users. We recommend that
users who choose to run Netscape Communicator/Navigator upgrade to version
4.75. New packages are available in source form and for Intel ia32 machines
running Debian 2.2 (potato). Note that the new packages will not remove your
existing Communicator/Navigator packages; you should manually remove any older
installed versions of Communicator/Navigator. (More detailed instructions for
installing and removing these packages is available in the web version of this
report, at  http://www.debian.org/security/2000/20000901)

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

  Source archives:
      
      MD5 checksum: 99ab453006b123ade6b62d508052e8aa
      
      MD5 checksum: b6c8220d540580c62302e51bd310273c
      
      MD5 checksum: 291d418188dd0d859c842b8e511f40dd
      
      MD5 checksum: 834ccd2acc61052bf9b01f58c5adb767
      
      MD5 checksum: c9f71e888d9ce42d7317a7a8255a25f4
  Intel ia32 architecture:
      
      MD5 checksum: 401b63408d1477978fe16a855b9b2a14
      
      MD5 checksum: 763d8c075f0200d77ce1ad91af3d4c27
      
      MD5 checksum: d255e35d8365486b28a6e5c02bdf7e80
      
      MD5 checksum: a8b595e4ba544861109e91cf2f494d67
      
      MD5 checksum: 2c42207d48399b1d9ea757a1ee677414
      
      MD5 checksum: 3b67100464ed0aa6a22bef337c14798f
      
      MD5 checksum: f4ed466d94b761b3a5f252c859c1c38d
      
      MD5 checksum: 3e671e3bd853557df55915a395f57d39
      
      MD5 checksum: d46984adbf2703f26a5bbd1cff912967
      
      MD5 checksum: 3e7de9bb9c0c8c73519c3b7149de6af4
      
      MD5 checksum: a4f735e76fb26bc46a99edb557e41d43
      
      MD5 checksum: be2014f7b47913fc2d40dd3a2f7dc60f
      
      MD5 checksum: 4cae30606eb234d79c0469ad3e430ece
      
      MD5 checksum: e594f5e58bfab22b5c4333d6e648b8bc
      
      MD5 checksum: 2f5aadfe24499b6ed79d7c1810aedb70
      
      MD5 checksum: 2b1d1abed84ac00eef02de530ad95028
      
      MD5 checksum: b2335dabae4430a69773ba22b3d5100c
      
      MD5 checksum: 2397e4c0d8e556ea457b0095ad102d96
      
      MD5 checksum: 45f1df641dc6869f880ee32abc1c8eb2
      
      MD5 checksum: 5cb68c9bf8a895488c4a75145c48c915


- ----------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBObBSrQ0hVr09l8FJAQFv8AP/XBzoDlk+W+rA/Zg7SqAFSGXjDip0hFxb
cnIzJ4q0Bvi5zmFOIm+yT4lUBjBqdDaE8bwiTMWn0figbpxwsKoxUf4+EVjVRpXr
qLqL2VMgFLSLCgMud8UlmAvZGomYG8FT9cPmGHjGaVaH5/VAtiswCWXZxGvuKKeT
+9A4VcLIjic=2Ou9
-----END PGP SIGNATURE-----

Debian: netscape vulnerability

September 1, 2000
An updated netscape package now exists to fix several remote exploit vulnerabilities.

Summary

Package: netscape (communicator, navigator)
Vulnerability: remote exploit
Debian-specific: no

Existing Netscape Communicator/Navigator packages contain the following
vulnerabilities:

1. Netscape Communicator JPEG-Comment Heap Overwrite Vulnerability
- executes arbitrary code in the comment field of a JPEG image
- Netscape Communicator/Navigator versions 4.0 through 4.73 are vulnerable
2. Multiple Vendor Java Virtual Machine Listening Socket Vulnerability
3. Netscape Communicator URL Read Vulnerability
- items 2 and 3 together are known as the "Brown Orifice" vulnerability
- can be exploited to expose the contents of your computer to anyone on the
Internet, allowing to read files visible to the user running the browser
- Netscape Communicator/Navigator versions 4.0 through 4.74 are vulnerable

Netscape Communicator/Navigator is not a part of the Debian distribution, but
packages are available for the convenience of our users. We recommend that
users who choose to run Netscape Communicator/Navigator upgrade to version
4.75. New packages are available in source form and for Intel ia32 machines
running Debian 2.2 (potato). Note that the new packages will not remove your
existing Communicator/Navigator packages; you should manually remove any older
installed versions of Communicator/Navigator. (More detailed instructions for
installing and removing these packages is available in the web version of this
report, at http://www.debian.org/security/2000/20000901)

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Source archives:

MD5 checksum: 99ab453006b123ade6b62d508052e8aa

MD5 checksum: b6c8220d540580c62302e51bd310273c

MD5 checksum: 291d418188dd0d859c842b8e511f40dd

MD5 checksum: 834ccd2acc61052bf9b01f58c5adb767

MD5 checksum: c9f71e888d9ce42d7317a7a8255a25f4
Intel ia32 architecture:

MD5 checksum: 401b63408d1477978fe16a855b9b2a14

MD5 checksum: 763d8c075f0200d77ce1ad91af3d4c27

MD5 checksum: d255e35d8365486b28a6e5c02bdf7e80

MD5 checksum: a8b595e4ba544861109e91cf2f494d67

MD5 checksum: 2c42207d48399b1d9ea757a1ee677414

MD5 checksum: 3b67100464ed0aa6a22bef337c14798f

MD5 checksum: f4ed466d94b761b3a5f252c859c1c38d

MD5 checksum: 3e671e3bd853557df55915a395f57d39

MD5 checksum: d46984adbf2703f26a5bbd1cff912967

MD5 checksum: 3e7de9bb9c0c8c73519c3b7149de6af4

MD5 checksum: a4f735e76fb26bc46a99edb557e41d43

MD5 checksum: be2014f7b47913fc2d40dd3a2f7dc60f

MD5 checksum: 4cae30606eb234d79c0469ad3e430ece

MD5 checksum: e594f5e58bfab22b5c4333d6e648b8bc

MD5 checksum: 2f5aadfe24499b6ed79d7c1810aedb70

MD5 checksum: 2b1d1abed84ac00eef02de530ad95028

MD5 checksum: b2335dabae4430a69773ba22b3d5100c

MD5 checksum: 2397e4c0d8e556ea457b0095ad102d96

MD5 checksum: 45f1df641dc6869f880ee32abc1c8eb2

MD5 checksum: 5cb68c9bf8a895488c4a75145c48c915


For apt-get: deb Debian -- Security Information stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBObBSrQ0hVr09l8FJAQFv8AP/XBzoDlk+W+rA/Zg7SqAFSGXjDip0hFxb
cnIzJ4q0Bvi5zmFOIm+yT4lUBjBqdDaE8bwiTMWn0figbpxwsKoxUf4+EVjVRpXr
qLqL2VMgFLSLCgMud8UlmAvZGomYG8FT9cPmGHjGaVaH5/VAtiswCWXZxGvuKKeT
+9A4VcLIjic=2Ou9
-----END PGP SIGNATURE-----


Severity

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up