• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

SSRT4778 - rev.2 Mozilla Application Suite for HP Tru64 UNIX - Potential Overflows - Denial of Servi
HPSBTU01063
Published: 2004-08-26 01:24:37
Updated: 2004-08-26 01:24:37

HP SECURITY BULLETIN

HPSBTU01063     REVISION: 2

SSRT4778 - rev.2 Mozilla Application Suite for HP Tru64 UNIX - Potential Overflows - Denial of Service - Unauthorized access

NOTICE:  
	

There are no restrictions for distribution of this Bulletin provided that it remains complete and intact.
	

The information in this Security bulletin should be acted upon as soon as possible.
INITIAL RELEASE:   	

24 August 2004 

POTENTIAL SECURITY IMPACT:   	

    Remotely exploitable integer and buffer overflows,
  -->denial of service (DoS), or unauthorized access.
SOURCE:   	

HEWLETT-PACKARD COMPANY
HP Software Security Response Team
REFERENCES:   	

CERT VU#388984, VU#817368, VU#236656, VU#477512, VU#160448, VU#286464; Mozilla bug reports 249004, 250906, 251381, 253121
VULNERABILITY SUMMARY:
    Several potential security vulnerabilities have been identified in
    libpng (portable network graphics library) used by the Mozilla
    Application Suite for HP Tru64 UNIX. These potential vulnerabilities
    could be remotely exploitable, resulting in buffer overruns or
    integer overflows.

  -->In addition, other potential vulnerabilities
   --> have recently been identified in the Mozilla
  -->Application Suite that may result in unauthorized
  -->access, or a "spoofable" certificate.
SUPPORTED SOFTWARE VERSIONS*:  ONLY impacted versions are listed.
   -->Mozilla Application Suite for HP Tru64 UNIX, versions earlier than 1.7.2.

    The Mozilla Application Suite for HP Tru64 UNIX is provided for
    use on the supported base levels of HP Tru64 UNIX 5.1A and 5.1B.
BACKGROUND:
    For a PGP signed version of this bulletin please write to security-alert@hp.com.

    To review previously published Security Bulletins visit:
    http://itrc.hp.com/cki/bin/doc.pl/screen=ckiSecurityBulletin 

    For a listing of all Tru64 UNIX security patch kits please see the following web site:
   http://h30097.www3.hp.com/unix/security-download.html 


 
RESOLUTION:

    -->Mozilla Application Suite for HP Tru64 UNIX V1.7.2

    The Mozilla Application Suite for HP Tru64 UNIX is provided for use on the
    supported base levels of HP Tru64 UNIX 5.1A and 5.1B. Supported versions
    are:

              o HP Tru64 UNIX 5.1B PK4 (BL25)

              o HP Tru64 UNIX 5.1B PK3 (BL24)

              o HP Tru64 UNIX 5.1A PK6 (BL24)

          V1.7.2 web kits can be downloaded from the following sites:

          The Mozilla site:
          http://www.mozilla.org/releases/ 

          The download site for HP Tru64 UNIX internet and networking software:
           http://h30097.www3.hp.com/internet/download.htm
BULLETIN REVISION HISTORY:
Revision 0 - 04 August 2004
    Initial Release

Revision 1 - 23 August 2004
    Added new release info.

Revision 2 - 24 August 2004
    Updated vulnerability summary.