[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PISA-18-NOV-99-002

To: independence-l@independence.seul.org
Subject: PISA-18-NOV-99-002
From: cogNiTioN <cognition@bigfoot.com>
Date: Mon, 22 Nov 1999 17:27:23 +0000 (GMT)
Delivery-Date: Mon, 22 Nov 1999 11:26:49 -0500
Reply-To: independence-l@independence.seul.org
Sender: owner-independence-l@independence.seul.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

              .------------------------------------------------.
              |**** Project Independence Security Advisory ****|
              `-----------* ID: PISA-18-NOV-99-002 *-----------'
               Issued by: David Webster <cognition@bigfoot.com>

Issue Date: 18-NOV-99

Overview: New netscape packages available

Affected: Independence Release 6.0-0.8 (Redhat 6.0)

References:  http://home.netscape.com/eng/mozilla/4.7/relnotes/unix-4.7.html
	     RedHat Security Advisory; RHSA-1999:039-02

                                  -=-=-==-=-=-

Detailed Problem Description:

	A new version of Netscape has been released. This release
	fixes some security problems in Javascript and form signing,
	as well as adding some new features.

Solution:

	Update the affected RPM packages by downloading and
	installing the RPMs listed below. For each RPM, run:

		root# rpm -Uvh <filename>

	where <filename> is the name of the RPM.

	[Note: You need only install EITHER the compiled RPM,
	(*.i386.rpm) OR the source RPM, (*.src.rpm), NOT both.]

RPMs:
	[Note: URLs wrap.]

  ftp://ftp.redhat.com/pub/redhat/updates/6.1/i386/netscape-common-4.7-1.1.i386.rpm
  ftp://ftp.redhat.com/pub/redhat/updates/6.1/i386/netscape-communicator-4.7-1.1.i386.rpm
  ftp://ftp.redhat.com/pub/redhat/updates/6.1/i386/netscape-navigator-4.7-1.1.i386.rpm

Source RPMs:

  ftp://ftp.redhat.com/pub/redhat/updates/6.1/SRPMS/netscape-4.7-1.1.src.rpm

Verification:

MD5 sum                           Package Name
- --------------------------------------------------------------------------
da8414206db834a9cf40c387f1ac2920  netscape-common-4.7-1.1.i386.rpm
b1efd248d95a1a1cd7b9a5a1caef1922  netscape-communicator-4.7-1.1.i386.rpm
d5529c3e2403ff2a3ce4483b6c2eb131  netscape-navigator-4.7-1.1.i386.rpm
c8dd34bd0cad87bfd1d51a0c56713ac3  netscape-4.7-1.1.src.rpm
- --------------------------------------------------------------------------

These packages are GPG signed by Red Hat, Inc. for security.
Their key is available at: http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

This security advisory, and all future ones should be signed by me,
David Webster (aka cognition), with key ID: 45 FA C2 83

Which is avaliable from: [http://www.cognite.net/pgp.html],
			 and most good pgp key servers.

An archive of these messages can be currently be found on:
http://www.cognite.net/indy/

A process of automatic retrival is being worked on.

[Note: these problems were discovered, and fixed by RedHat.]

	.---------------------------------------------------.
	| And problems regarding this, or future advisories |
	| should be emailed to me: <cognition@bigfoot.com>  |
	`---------------------------------------------------'
-----BEGIN PGP SIGNATURE-----
Comment: David Webster (aka cogNiTioN) <http://www.cognite.net/>

iD8DBQE4OX0YDdLNO0X6woMRAlmgAKCV2RLKG5XRXvueHRSNEYF0x9QDgACggk8M
Bez0kGhx4Wnm4NiqLrIcuqo=
=QhGd
-----END PGP SIGNATURE-----

Prev by Date: PISA-18-NOV-99-001
Next by Date: PISA-18_NOV_99_003
Prev by thread: PISA-18-NOV-99-001
Next by thread: PISA-18_NOV_99_003
Index(es):
- Date
- Thread