Netscape Navigator and Netscape Communicator have been removed from the RedHat Enterprise Linux 2.1 CD-ROM distribution as part of Update 5. Thesepackages were based on Netscape 4.8, which is known to be vulnerable torecent critical security issues, such as CAN-2004-0597, CAN-2004-0598, andCAN-2004-0599.

Red Hat Security Advisory

Synopsis:          Netscape 4.8 contains security flaws
Advisory ID:       RHSA-2004:429-01
Issue date:        2004-08-18
Updated on:        2004-08-18
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0597 CAN-2004-0598 CAN-2004-0599
- ---------------------------------------------------------------------

1. Summary:

Netscape Navigator and Netscape Communicator 4.8 as distributed with Red
Hat Enterprise Linux 2.1 contain security flaws and should not be used.

2. Problem description:

Netscape Navigator and Netscape Communicator have been removed from the Red
Hat Enterprise Linux 2.1 CD-ROM distribution as part of Update 5. These
packages were based on Netscape 4.8, which is known to be vulnerable to
recent critical security issues, such as CAN-2004-0597, CAN-2004-0598, and
CAN-2004-0599. 

Netscape 7.2 contains fixes for these issues and is available from 
AOL - News, Politics, Sports, Mail & Latest Headlines - AOL.com  Netscape 4.8 packages will also remain available
via Red Hat Network for those who choose to use them despite their known
security vulnerabilities.
                               
Users of Netscape 4.8 are advised to switch to Mozilla, which is included
and supported in Red Hat Enterprise Linux 2.1, and offers comparable
functionality.

3. Solution:

Red Hat Enterprise 2.1 users who do not need the functionality of Netscape 
4.8 should uninstall the netscape packages.

4. References:
 
CVE -CVE-2004-0597 
CVE -CVE-2004-0598 
CVE -CVE-2004-0599

5. Contact:

The Red Hat security contact is <This email address is being protected from spambots. You need JavaScript enabled to view it.>.  More contact
details at  

Copyright 2004 Red Hat, Inc.