Netscape Communicator JPEG-Comment Heap Overwrite Vulnerability Solution:
Netscape Communicator 4.74 and Mozilla M16 are not vulnerable to this issue.
NetBSD: See the advisory in the "Credit" section for upgrade instructions.
If upgrading is not preferable, several patches are available (included in the following archives):
http://www.openwall.com/advisories/OW-002-netscape-jpeg-r1.tar.gz http://www.openwall.com/advisories/OW-002-1.zip
i386: ftp://updates.redhat.com/6.2/i386/netscape-common-4.74-0.6.2.i386.rpm ftp://updates.redhat.com/6.2/i386/netscape-communicator-4.74-0.6.2.i386.rpm ftp://updates.redhat.com/6.2/i386/netscape-navigator-4.74-0.6.2.i386.rpm
sources: ftp://updates.redhat.com/6.2/SRPMS/netscape-alpha-4.74-1.src.rpm ftp://updates.redhat.com/6.2/SRPMS/netscape-4.74-0.6.2.src.rpm
7. Verification:
MD5 sum Package Name -------------------------------------------------------------------------- 2520f9f234010f483d14ec524898ad29 5.2/SRPMS/netscape-4.74-0.5.2.src.rpm 2dd30f35857c05304e54253e7564634b 5.2/i386/netscape-common-4.74-0.5.2.i386.rpm 765fc5c8be9638560544379a3c7e1004 5.2/i386/netscape-communicator-4.74-0.5.2.i386.rpm d6ecb766f5d979e2787f239fefcce8fd 5.2/i386/netscape-navigator-4.74-0.5.2.i386.rpm 64999688cbd3b6be723c72d94dcb0f72 6.2/SRPMS/netscape-4.74-0.6.2.src.rpm e75ad6a500fa4ac0ef919f65aa8871bd 6.2/SRPMS/netscape-alpha-4.74-1.src.rpm 2796178bd0f400800d1fb5fccd39880b 6.2/alpha/netscape-common-4.74-1.alpha.rpm 2f2260eb8030751838f9d14a4eca71ae 6.2/alpha/netscape-communicator-4.74-1.alpha.rpm db641b2f9b63c3f986dece1ecc482d32 6.2/alpha/netscape-navigator-4.74-1.alpha.rpm 2f2f1be58b481030eb2da12dcd9a6a54 6.2/i386/netscape-common-4.74-0.6.2.i386.rpm 6b2045ecf408024a64962705c6395a1f 6.2/i386/netscape-communicator-4.74-0.6.2.i386.rpm 03b93972ba0f114d4be9ef50a2a21fa5 6.2/i386/netscape-navigator-4.74-0.6.2.i386.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html
You can verify each package with the following command: rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename>
Debian has provided the following upgrades:
Source archives:
http://security.debian.org/dists/potato/updates/non-free/source/netscape4.75_4.75-1potato1.diff.gz
MD5 checksum: 99ab453006b123ade6b62d508052e8aa
http://security.debian.org/dists/potato/updates/non-free/source/netscape4.75_4.75-1potato1.dsc
MD5 checksum: b6c8220d540580c62302e51bd310273c
http://security.debian.org/dists/potato/updates/non-free/source/netscape4.75_4.75.orig.tar.gz
MD5 checksum: 291d418188dd0d859c842b8e511f40dd
http://security.debian.org/dists/potato/updates/non-free/source/netscape4.base_4.75-1.dsc
MD5 checksum: 834ccd2acc61052bf9b01f58c5adb767
http://security.debian.org/dists/potato/updates/non-free/source/netscape4.base_4.75-1.tar.gz
MD5 checksum: c9f71e888d9ce42d7317a7a8255a25f4
Intel ia32 architecture:
http://security.debian.org/dists/potato/updates/non-free/binary-i386/communicator-base-475_4.75-1potato1_i386.deb
MD5 checksum: 401b63408d1477978fe16a855b9b2a14
http://security.debian.org/dists/potato/updates/non-free/binary-i386/communicator-nethelp-475_4.75-1potato1_all.deb
MD5 checksum: 763d8c075f0200d77ce1ad91af3d4c27
http://security.debian.org/dists/potato/updates/non-free/binary-i386/communicator-smotif-475-libc5_4.75-1potato1_i386.deb
MD5 checksum: d255e35d8365486b28a6e5c02bdf7e80
http://security.debian.org/dists/potato/updates/non-free/binary-i386/communicator-smotif-475_4.75-1potato1_i386.deb
MD5 checksum: a8b595e4ba544861109e91cf2f494d67
http://security.debian.org/dists/potato/updates/non-free/binary-i386/communicator-spellchk-475_4.75-1potato1_all.deb
MD5 checksum: 2c42207d48399b1d9ea757a1ee677414
http://security.debian.org/dists/potato/updates/non-free/binary-i386/communicator_4.75-1_i386.deb
MD5 checksum: 3b67100464ed0aa6a22bef337c14798f
http://security.debian.org/dists/potato/updates/non-free/binary-i386/navigator-base-475_4.75-1potato1_i386.deb
MD5 checksum: f4ed466d94b761b3a5f252c859c1c38d
http://security.debian.org/dists/potato/updates/non-free/binary-i386/navigator-nethelp-475_4.75-1potato1_all.deb
MD5 checksum: 3e671e3bd853557df55915a395f57d39
http://security.debian.org/dists/potato/updates/non-free/binary-i386/navigator-smotif-475-libc5_4.75-1potato1_i386.deb
MD5 checksum: d46984adbf2703f26a5bbd1cff912967
http://security.debian.org/dists/potato/updates/non-free/binary-i386/navigator-smotif-475_4.75-1potato1_i386.deb
MD5 checksum: 3e7de9bb9c0c8c73519c3b7149de6af4
http://security.debian.org/dists/potato/updates/non-free/binary-i386/navigator_4.75-1_i386.deb
MD5 checksum: a4f735e76fb26bc46a99edb557e41d43
http://security.debian.org/dists/potato/updates/non-free/binary-i386/netscape-base-4-libc5_4.75-1_i386.deb
MD5 checksum: be2014f7b47913fc2d40dd3a2f7dc60f
http://security.debian.org/dists/potato/updates/non-free/binary-i386/netscape-base-475_4.75-1potato1_i386.deb
MD5 checksum: 4cae30606eb234d79c0469ad3e430ece
http://security.debian.org/dists/potato/updates/non-free/binary-i386/netscape-base-4_4.75-1_i386.deb
MD5 checksum: e594f5e58bfab22b5c4333d6e648b8bc
http://security.debian.org/dists/potato/updates/non-free/binary-i386/netscape-ja-resource-475_4.75-1potato1_all.deb
MD5 checksum: 2f5aadfe24499b6ed79d7c1810aedb70
http://security.debian.org/dists/potato/updates/non-free/binary-i386/netscape-java-475_4.75-1potato1_all.deb
MD5 checksum: 2b1d1abed84ac00eef02de530ad95028
http://security.debian.org/dists/potato/updates/non-free/binary-i386/netscape-ko-resource-475_4.75-1potato1_all.deb
MD5 checksum: b2335dabae4430a69773ba22b3d5100c
http://security.debian.org/dists/potato/updates/non-free/binary-i386/netscape-smotif-475-libc5_4.75-1potato1_i386.deb
MD5 checksum: 2397e4c0d8e556ea457b0095ad102d96
http://security.debian.org/dists/potato/updates/non-free/binary-i386/netscape-smotif-475_4.75-1potato1_i386.deb
MD5 checksum: 45f1df641dc6869f880ee32abc1c8eb2
http://security.debian.org/dists/potato/updates/non-free/binary-i386/netscape-zh-resource-475_4.75-1potato1_all.deb
MD5 checksum: 5cb68c9bf8a895488c4a75145c48c915
Mozilla Browser M15
Netscape Communicator 4.07
Netscape Communicator 4.06
RedHat netscape-communicator-4.07-1.i386.rpm
RedHat netscape-navigator-4.07-1.i386.rpm
RedHat netscape-common-4.07-1.i386.rpm
Netscape Communicator 4.08
Netscape Communicator 4.0
Netscape Communicator 4.5 BETA
Netscape Communicator 4.5
Netscape Communicator 4.51
Netscape Communicator 4.6
Netscape Communicator 4.61
Netscape Communicator 4.7
Netscape Communicator 4.72
