Netscape Communicator JPEG-Comment Heap Overwrite Vulnerability

Solution:
Netscape Communicator 4.74 and Mozilla M16 are not vulnerable to this issue.

NetBSD: See the advisory in the "Credit" section for upgrade instructions.

If upgrading is not preferable, several patches are available (included in the following archives):

http://www.openwall.com/advisories/OW-002-netscape-jpeg-r1.tar.gz http://www.openwall.com/advisories/OW-002-1.zip

i386: ftp://updates.redhat.com/6.2/i386/netscape-common-4.74-0.6.2.i386.rpm ftp://updates.redhat.com/6.2/i386/netscape-communicator-4.74-0.6.2.i386.rpm ftp://updates.redhat.com/6.2/i386/netscape-navigator-4.74-0.6.2.i386.rpm

sources: ftp://updates.redhat.com/6.2/SRPMS/netscape-alpha-4.74-1.src.rpm ftp://updates.redhat.com/6.2/SRPMS/netscape-4.74-0.6.2.src.rpm

7. Verification:

MD5 sum Package Name -------------------------------------------------------------------------- 2520f9f234010f483d14ec524898ad29 5.2/SRPMS/netscape-4.74-0.5.2.src.rpm 2dd30f35857c05304e54253e7564634b 5.2/i386/netscape-common-4.74-0.5.2.i386.rpm 765fc5c8be9638560544379a3c7e1004 5.2/i386/netscape-communicator-4.74-0.5.2.i386.rpm d6ecb766f5d979e2787f239fefcce8fd 5.2/i386/netscape-navigator-4.74-0.5.2.i386.rpm 64999688cbd3b6be723c72d94dcb0f72 6.2/SRPMS/netscape-4.74-0.6.2.src.rpm e75ad6a500fa4ac0ef919f65aa8871bd 6.2/SRPMS/netscape-alpha-4.74-1.src.rpm 2796178bd0f400800d1fb5fccd39880b 6.2/alpha/netscape-common-4.74-1.alpha.rpm 2f2260eb8030751838f9d14a4eca71ae 6.2/alpha/netscape-communicator-4.74-1.alpha.rpm db641b2f9b63c3f986dece1ecc482d32 6.2/alpha/netscape-navigator-4.74-1.alpha.rpm 2f2f1be58b481030eb2da12dcd9a6a54 6.2/i386/netscape-common-4.74-0.6.2.i386.rpm 6b2045ecf408024a64962705c6395a1f 6.2/i386/netscape-communicator-4.74-0.6.2.i386.rpm 03b93972ba0f114d4be9ef50a2a21fa5 6.2/i386/netscape-navigator-4.74-0.6.2.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html

You can verify each package with the following command: rpm --checksig <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename>

Debian has provided the following upgrades:

Source archives:
http://security.debian.org/dists/potato/updates/non-free/source/netscape4.75_4.75-1potato1.diff.gz
MD5 checksum: 99ab453006b123ade6b62d508052e8aa

http://security.debian.org/dists/potato/updates/non-free/source/netscape4.75_4.75-1potato1.dsc
MD5 checksum: b6c8220d540580c62302e51bd310273c

http://security.debian.org/dists/potato/updates/non-free/source/netscape4.75_4.75.orig.tar.gz
MD5 checksum: 291d418188dd0d859c842b8e511f40dd

http://security.debian.org/dists/potato/updates/non-free/source/netscape4.base_4.75-1.dsc
MD5 checksum: 834ccd2acc61052bf9b01f58c5adb767

http://security.debian.org/dists/potato/updates/non-free/source/netscape4.base_4.75-1.tar.gz
MD5 checksum: c9f71e888d9ce42d7317a7a8255a25f4

Intel ia32 architecture:
http://security.debian.org/dists/potato/updates/non-free/binary-i386/communicator-base-475_4.75-1potato1_i386.deb
MD5 checksum: 401b63408d1477978fe16a855b9b2a14

http://security.debian.org/dists/potato/updates/non-free/binary-i386/communicator-nethelp-475_4.75-1potato1_all.deb
MD5 checksum: 763d8c075f0200d77ce1ad91af3d4c27

http://security.debian.org/dists/potato/updates/non-free/binary-i386/communicator-smotif-475-libc5_4.75-1potato1_i386.deb
MD5 checksum: d255e35d8365486b28a6e5c02bdf7e80

http://security.debian.org/dists/potato/updates/non-free/binary-i386/communicator-smotif-475_4.75-1potato1_i386.deb
MD5 checksum: a8b595e4ba544861109e91cf2f494d67

http://security.debian.org/dists/potato/updates/non-free/binary-i386/communicator-spellchk-475_4.75-1potato1_all.deb
MD5 checksum: 2c42207d48399b1d9ea757a1ee677414

http://security.debian.org/dists/potato/updates/non-free/binary-i386/communicator_4.75-1_i386.deb
MD5 checksum: 3b67100464ed0aa6a22bef337c14798f

http://security.debian.org/dists/potato/updates/non-free/binary-i386/navigator-base-475_4.75-1potato1_i386.deb
MD5 checksum: f4ed466d94b761b3a5f252c859c1c38d

http://security.debian.org/dists/potato/updates/non-free/binary-i386/navigator-nethelp-475_4.75-1potato1_all.deb
MD5 checksum: 3e671e3bd853557df55915a395f57d39

http://security.debian.org/dists/potato/updates/non-free/binary-i386/navigator-smotif-475-libc5_4.75-1potato1_i386.deb
MD5 checksum: d46984adbf2703f26a5bbd1cff912967

http://security.debian.org/dists/potato/updates/non-free/binary-i386/navigator-smotif-475_4.75-1potato1_i386.deb
MD5 checksum: 3e7de9bb9c0c8c73519c3b7149de6af4

http://security.debian.org/dists/potato/updates/non-free/binary-i386/navigator_4.75-1_i386.deb
MD5 checksum: a4f735e76fb26bc46a99edb557e41d43

http://security.debian.org/dists/potato/updates/non-free/binary-i386/netscape-base-4-libc5_4.75-1_i386.deb
MD5 checksum: be2014f7b47913fc2d40dd3a2f7dc60f

http://security.debian.org/dists/potato/updates/non-free/binary-i386/netscape-base-475_4.75-1potato1_i386.deb
MD5 checksum: 4cae30606eb234d79c0469ad3e430ece

http://security.debian.org/dists/potato/updates/non-free/binary-i386/netscape-base-4_4.75-1_i386.deb
MD5 checksum: e594f5e58bfab22b5c4333d6e648b8bc

http://security.debian.org/dists/potato/updates/non-free/binary-i386/netscape-ja-resource-475_4.75-1potato1_all.deb
MD5 checksum: 2f5aadfe24499b6ed79d7c1810aedb70

http://security.debian.org/dists/potato/updates/non-free/binary-i386/netscape-java-475_4.75-1potato1_all.deb
MD5 checksum: 2b1d1abed84ac00eef02de530ad95028

http://security.debian.org/dists/potato/updates/non-free/binary-i386/netscape-ko-resource-475_4.75-1potato1_all.deb
MD5 checksum: b2335dabae4430a69773ba22b3d5100c

http://security.debian.org/dists/potato/updates/non-free/binary-i386/netscape-smotif-475-libc5_4.75-1potato1_i386.deb
MD5 checksum: 2397e4c0d8e556ea457b0095ad102d96

http://security.debian.org/dists/potato/updates/non-free/binary-i386/netscape-smotif-475_4.75-1potato1_i386.deb
MD5 checksum: 45f1df641dc6869f880ee32abc1c8eb2

http://security.debian.org/dists/potato/updates/non-free/binary-i386/netscape-zh-resource-475_4.75-1potato1_all.deb
MD5 checksum: 5cb68c9bf8a895488c4a75145c48c915


Mozilla Browser M15

Netscape Communicator 4.07

Netscape Communicator 4.06

RedHat netscape-communicator-4.07-1.i386.rpm

RedHat netscape-navigator-4.07-1.i386.rpm

RedHat netscape-common-4.07-1.i386.rpm

Netscape Communicator 4.08

Netscape Communicator 4.0

Netscape Communicator 4.5 BETA

Netscape Communicator 4.5

Netscape Communicator 4.51

Netscape Communicator 4.6

Netscape Communicator 4.61

Netscape Communicator 4.7

Netscape Communicator 4.72

Netscape Communicator 4.73


 

Privacy Statement
Copyright 2010, SecurityFocus