______________________________________________________________________________

                        SuSE Security Announcement

        Package:                netscape
        Announcement-ID:        SuSE-SA:2000:48
        Date:                   Thursday, November 30th, 2000 19:00 MET
        Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0
        Vulnerability Type:     clientside remote vulnerability
        Severity (1-10):        4
        SuSE default package:   yes
        Other affected systems: systems w/ netscape versions before 4.76

    Content of this advisory:
        1) security vulnerability resolved: netscape
           problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, solutions, workarounds
        3) standard appendix (further information)

______________________________________________________________________________

1)  problem description, brief discussion, solution, upgrade information

    Michal Zalewski <lcamtuf@DIONE.IDS.PL> has found a buffer overflow in
    the html parser code of the Netscape Navigator in all versions before
    and including 4.75. html code of the form

    

    
    more form tags
    


    can crash the browser. It may be possible for an attacker to supply
    a webpage that executes arbitrary code as the user running netscape.
    As of today, no exploit code is known to exist in the wild.

    SuSE provides an update package for the vulnerable software. It is
    recommended to upgrade to the latest version found on our ftp server
    as described below. The update package introduces Netscape version
    4.76.

    NOTE:
    Please note that Netscape-4.76 is not available for the glibc-2.0-based
    SuSE Distributions SuSE-6.0 and 6.1 because Netscape doesn't provide
    any binaries for the glibc version in these distributions (glibc-2.0).
    For SuSE-6.0 and 6.1, we provide a libc5-based version of netscape-4.76
    which runs smoothly on all i386-based SuSE distributions 6.x and 7.x,
    provided the package shlibs5 is installed. The package can be found in
    the update/5.3 directory on our ftp server (see below).
    There are no packages available for platforms other than i386.

    NOTE:
    The packages on our ftp servers date back to October 31st. Since
    there is no release notes or README file with equivalent content
    in the netscape tarball, SuSE security was not aware of the fact
    that this release of netscape fixes the known problems. This
    information can be obtained from (along with information about
    other bugfixes)
       .

    Please choose the update package(s) for your distribution from the URLs
    listed below and download the necessary rpm files. Then, install the
    package using the command `rpm -Uhv file.rpm´. rpm packages have an
    internal md5 checksum that protects against file corruption. You can
    verify this checksum using the command (independently from the md5
    signatures below)
        `rpm --checksig --nogpg file.rpm',
    The md5 sums under each package are to prove the package authenticity,
    independently from the md5 checksums in the rpm package format.


    Intel i386 Platform

    SuSE-7.0
    SuSE-6.4
    SuSE-6.3
    SuSE-6.2
    
 
      7ccebaca7df0937a3c08fc30a27af858

    SuSE-6.1
    SuSE-6.0
    
 
      3c4f06c5fea4755083524eb135627380


______________________________________________________________________________

2)  Pending vulnerabilities in SuSE Distributions and Workarounds:

    - ssh/openssh

      Several inconsistencies and configuration bugs have been introduced
      in the SuSE rpm packages for the update of openssh (SuSE-SA:2000:47)
      that cause the openssh software to not work as reliably as usual.
      The packages are about to be reworked, the openssh announcement will
      be reissued.

    - pidentd

      The in.identd daemon on SuSE distributions can be crashed remotely.
      We're working on a fix.

    - bash1

      bash, version 1, handles temporary files in an unsafe manner that
      allows a local attacker to overwrite arbitrary files as the user
      running a bash1 with input redirection of the "<< EOF" style.
      The bash1 package is not used per default in SuSE-distributions.
      We're working on a fix (update packages).

    - tcsh

      The paragraph above about bash version 1 applies to the tcsh as
      well, in all versions. The tcsh is not used by SuSE scripts.
______________________________________________________________________________

3)  standard appendix:

    SuSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-security@suse.com
        -   general/linux/SuSE security discussion.
            All SuSE security announcements are sent to this list.
            To subscribe, send an email to
                <suse-security-subscribe@suse.com>.

    suse-security-announce@suse.com
        -   SuSE's announce-only mailing list.
            Only SuSE's security annoucements are sent to this list.
            To subscribe, send an email to
                <suse-security-announce-subscribe@suse.com>.

    For general information or the frequently asked questions (faq)
    send mail to:
        <suse-security-info@suse.com> or
        <suse-security-faq@suse.com> respectively.

    ==============================================    SuSE's security contact is <security@suse.com>.
    ==============================================
Regards,
Roman Drahtmüller.
- - --

SuSE: 'netscape' buffer overflow

November 30, 2000
Michal Zalewski has found a buffer overflow in the html parser code of the Netscape Navigator in all versions before and including 4.75.

Summary


______________________________________________________________________________

                        SuSE Security Announcement

        Package:                netscape
        Announcement-ID:        SuSE-SA:2000:48
        Date:                   Thursday, November 30th, 2000 19:00 MET
        Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0
        Vulnerability Type:     clientside remote vulnerability
        Severity (1-10):        4
        SuSE default package:   yes
        Other affected systems: systems w/ netscape versions before 4.76

    Content of this advisory:
        1) security vulnerability resolved: netscape
           problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, solutions, workarounds
        3) standard appendix (further information)

______________________________________________________________________________

1)  problem description, brief discussion, solution, upgrade information

    Michal Zalewski <lcamtuf@DIONE.IDS.PL> has found a buffer overflow in
    the html parser code of the Netscape Navigator in all versions before
    and including 4.75. html code of the form

    

    
    more form tags
    


    can crash the browser. It may be possible for an attacker to supply
    a webpage that executes arbitrary code as the user running netscape.
    As of today, no exploit code is known to exist in the wild.

    SuSE provides an update package for the vulnerable software. It is
    recommended to upgrade to the latest version found on our ftp server
    as described below. The update package introduces Netscape version
    4.76.

    NOTE:
    Please note that Netscape-4.76 is not available for the glibc-2.0-based
    SuSE Distributions SuSE-6.0 and 6.1 because Netscape doesn't provide
    any binaries for the glibc version in these distributions (glibc-2.0).
    For SuSE-6.0 and 6.1, we provide a libc5-based version of netscape-4.76
    which runs smoothly on all i386-based SuSE distributions 6.x and 7.x,
    provided the package shlibs5 is installed. The package can be found in
    the update/5.3 directory on our ftp server (see below).
    There are no packages available for platforms other than i386.

    NOTE:
    The packages on our ftp servers date back to October 31st. Since
    there is no release notes or README file with equivalent content
    in the netscape tarball, SuSE security was not aware of the fact
    that this release of netscape fixes the known problems. This
    information can be obtained from (along with information about
    other bugfixes)
       .

    Please choose the update package(s) for your distribution from the URLs
    listed below and download the necessary rpm files. Then, install the
    package using the command `rpm -Uhv file.rpm´. rpm packages have an
    internal md5 checksum that protects against file corruption. You can
    verify this checksum using the command (independently from the md5
    signatures below)
        `rpm --checksig --nogpg file.rpm',
    The md5 sums under each package are to prove the package authenticity,
    independently from the md5 checksums in the rpm package format.


    Intel i386 Platform

    SuSE-7.0
    SuSE-6.4
    SuSE-6.3
    SuSE-6.2
    
 
      7ccebaca7df0937a3c08fc30a27af858

    SuSE-6.1
    SuSE-6.0
    
 
      3c4f06c5fea4755083524eb135627380


______________________________________________________________________________

2)  Pending vulnerabilities in SuSE Distributions and Workarounds:

    - ssh/openssh

      Several inconsistencies and configuration bugs have been introduced
      in the SuSE rpm packages for the update of openssh (SuSE-SA:2000:47)
      that cause the openssh software to not work as reliably as usual.
      The packages are about to be reworked, the openssh announcement will
      be reissued.

    - pidentd

      The in.identd daemon on SuSE distributions can be crashed remotely.
      We're working on a fix.

    - bash1

      bash, version 1, handles temporary files in an unsafe manner that
      allows a local attacker to overwrite arbitrary files as the user
      running a bash1 with input redirection of the "<< EOF" style.
      The bash1 package is not used per default in SuSE-distributions.
      We're working on a fix (update packages).

    - tcsh

      The paragraph above about bash version 1 applies to the tcsh as
      well, in all versions. The tcsh is not used by SuSE scripts.
______________________________________________________________________________

3)  standard appendix:

    SuSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-security@suse.com
        -   general/linux/SuSE security discussion.
            All SuSE security announcements are sent to this list.
            To subscribe, send an email to
                <suse-security-subscribe@suse.com>.

    suse-security-announce@suse.com
        -   SuSE's announce-only mailing list.
            Only SuSE's security annoucements are sent to this list.
            To subscribe, send an email to
                <suse-security-announce-subscribe@suse.com>.

    For general information or the frequently asked questions (faq)
    send mail to:
        <suse-security-info@suse.com> or
        <suse-security-faq@suse.com> respectively.

    ==============================================    SuSE's security contact is <security@suse.com>.
    ==============================================
Regards,
Roman Drahtmüller.
- - --

References

Severity

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved