__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Red Hat Updated Mozilla Packages Fix Security Vulnerability [Red Hat Security Advisory RHSA-2003:162-17] July 17, 2003 21:00 GMT Number N-121 [REVISED 1 AUG 2003] [REVISED 27 Oct 2003] ______________________________________________________________________________ PROBLEM: A heap-based buffer overflow in Netscape and Mozilla allows a remote attacker to execute arbitrary code via a jar. PLATFORM: Red Hat Linux 7.1 Red Hat Linux 7.1 for iSeries Red Hat Linux 7.1 for pSeries Red Hat Linux 7.2 Red Hat Linux 7.3 Red Hat Linux 8.0 Red Hat Enterprise Linux products DAMAGE: The vulnerability may allow remote attackers to execute arbitrary code via a jar: URL referencing a malformed .jar file, which overflows a buffer during decompression. SOLUTION: Apply updated packages as stated in Red Hat's advisory. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. Mozilla is an open source web browser. The ASSESSMENT: updated packages is an upgrade to Mozilla version 1.0.2, which is not vulnerable to this issue. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/n-121.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2003-162.html ADDITIONAL LINKS: https://rhn.redhat.com/errata/RHSA-2003-163.html ______________________________________________________________________________ REVISION HISTORY: 08/01/03: Added updated packages for Linux 7.1 iSeries and pSeries systems. 10/27/03: Added additional link to Red Hat Advisory RHSA-2003:163 for information on patches to the Red Hat Enterprise Linux products. [***** Start Red Hat Security Advisory RHSA-2003:162-17 *****] Updated Mozilla packages fix security vulnerability Advisory: RHSA-2003:162-17 Last updated on: 31-JUL-03 Affected Products: Red Hat Linux 7.1 Red Hat Linux 7.1 for iSeries Red Hat Linux 7.1 for pSeries Red Hat Linux 7.2 Red Hat Linux 7.3 Red Hat Linux 8.0 CVEs (cve.mitre.org): CAN-2002-1308 Security Advisory Details: Updated Mozilla packages fixing various bugs and security issues are now available. [Updated 18 July 2003] Our Mozilla packages were found to be incompatible with Galeon. Updated versions of Galeon are now included for Red Hat Linux 7.2, 7.3, and 8.0. In addition new builds of Mozilla for Red Hat Linux 8.0 are included as the previous packages were built with the wrong compiler. [Updated 31 July 2003] Added packages for Red Hat Linux on IBM iSeries and pSeries systems. Mozilla is an open source web browser. A heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL referencing a malformed .jar file, which overflows a buffer during decompression. This issue affects versions Mozilla packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0. These errata packages upgrade Mozilla to version 1.0.2, which is not vulnerable to this issue. Mozilla 1.0.2 also contains a number of other stability and security enhancements. Updated packages: Red Hat Linux 7.1 -------------------------------------------------------------------------------- SRPMS: mozilla-1.0.2-2.7.1.src.rpm [ via FTP ] [ via HTTP ] 0ea62d7694ed12283afb3950082500d6 i386: mozilla-1.0.2-2.7.1.i386.rpm [ via FTP ] [ via HTTP ] 53bff095e62748c16d015aa9b593daf3 mozilla-chat-1.0.2-2.7.1.i386.rpm [ via FTP ] [ via HTTP ] e28aa8324f807b6e6d6c68756094b16c mozilla-devel-1.0.2-2.7.1.i386.rpm [ via FTP ] [ via HTTP ] 8efe869efa87cc7077541cf6feb4589d mozilla-dom-inspector-1.0.2-2.7.1.i386.rpm [ via FTP ] [ via HTTP ] 9feb61104257d1c768327862df98fe85 mozilla-js-debugger-1.0.2-2.7.1.i386.rpm [ via FTP ] [ via HTTP ] f135db91f8340fadb0dd366c428c316b mozilla-mail-1.0.2-2.7.1.i386.rpm [ via FTP ] [ via HTTP ] 35c65b77f6e5e43889299e03a2b69c57 mozilla-nspr-1.0.2-2.7.1.i386.rpm [ via FTP ] [ via HTTP ] d6e0875fd0ef5e5289f0965316132d85 mozilla-nspr-devel-1.0.2-2.7.1.i386.rpm [ via FTP ] [ via HTTP ] 2145ef81c9556b8257e3f8a5360fd949 mozilla-nss-1.0.2-2.7.1.i386.rpm [ via FTP ] [ via HTTP ] 4fb06f7ab7c8878922589bf88f1bd590 mozilla-nss-devel-1.0.2-2.7.1.i386.rpm [ via FTP ] [ via HTTP ] 86dc7c08ce51c6e5a77642935e082464 mozilla-psm-1.0.2-2.7.1.i386.rpm [ via FTP ] [ via HTTP ] d7e1b8fe2afa76cee0495d38f619a20d Red Hat Linux 7.1 for iSeries -------------------------------------------------------------------------------- SRPMS: mozilla-1.0.2-2.7.1.0p.src.rpm [ via FTP ] [ via HTTP ] f883fc0a68d14ed76a6e1ba70ccf0b32 ppc: mozilla-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] 5f437516e533b6f498e6e42a36137dce mozilla-chat-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] 3d11755b4aa3faeab98792a7d96e9e1c mozilla-devel-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] a7e502d282439aa7c53ad2a7b114f38f mozilla-dom-inspector-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] 5a14117f8d7b6b6aef2ce5beeacae806 mozilla-js-debugger-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] e5616e78564ddaa42ad5ee89708b44bc mozilla-mail-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] dc32a918546428ea0b5ebad8950397c0 mozilla-nspr-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] 1d72e61fe4f7c560c5837ffe41dc3757 mozilla-nspr-devel-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] df7da2420a2753265b1a19a9648b770b mozilla-nss-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] 5cdaec5be4f39875451df7c336cb924f mozilla-nss-devel-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] a4b21459f8cfeafb012f14c1bdc958bb mozilla-psm-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] 896584d079d920ca7789e7eed185dbfb Red Hat Linux 7.1 for pSeries -------------------------------------------------------------------------------- SRPMS: mozilla-1.0.2-2.7.1.0p.src.rpm [ via FTP ] [ via HTTP ] f883fc0a68d14ed76a6e1ba70ccf0b32 ppc: mozilla-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] 5f437516e533b6f498e6e42a36137dce mozilla-chat-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] 3d11755b4aa3faeab98792a7d96e9e1c mozilla-devel-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] a7e502d282439aa7c53ad2a7b114f38f mozilla-dom-inspector-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] 5a14117f8d7b6b6aef2ce5beeacae806 mozilla-js-debugger-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] e5616e78564ddaa42ad5ee89708b44bc mozilla-mail-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] dc32a918546428ea0b5ebad8950397c0 mozilla-nspr-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] 1d72e61fe4f7c560c5837ffe41dc3757 mozilla-nspr-devel-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] df7da2420a2753265b1a19a9648b770b mozilla-nss-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] 5cdaec5be4f39875451df7c336cb924f mozilla-nss-devel-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] a4b21459f8cfeafb012f14c1bdc958bb mozilla-psm-1.0.2-2.7.1.0p.ppc.rpm [ via FTP ] [ via HTTP ] 896584d079d920ca7789e7eed185dbfb Red Hat Linux 7.2 -------------------------------------------------------------------------------- SRPMS: mozilla-1.0.2-2.7.2.src.rpm [ via FTP ] [ via HTTP ] 091e7c8bed97714370a13edc59e541e5 i386: mozilla-1.0.2-2.7.2.i386.rpm [ via FTP ] [ via HTTP ] 8faed3fce6e562ab92e160ce50a3902f mozilla-chat-1.0.2-2.7.2.i386.rpm [ via FTP ] [ via HTTP ] ccdf0868d4ec2be860ee9611d37edf5c mozilla-devel-1.0.2-2.7.2.i386.rpm [ via FTP ] [ via HTTP ] e20342d6f5dfb1af33ee5287f9432a4b mozilla-dom-inspector-1.0.2-2.7.2.i386.rpm [ via FTP ] [ via HTTP ] db5315ec67e24ad2e25eb927ffd26fcd mozilla-js-debugger-1.0.2-2.7.2.i386.rpm [ via FTP ] [ via HTTP ] 3be5ea19103267fc7e9a21250f19b0ba mozilla-mail-1.0.2-2.7.2.i386.rpm [ via FTP ] [ via HTTP ] 282f5191699ad803e36e6c245dc12204 mozilla-nspr-1.0.2-2.7.2.i386.rpm [ via FTP ] [ via HTTP ] be8fba8aa43a219135df619873214291 mozilla-nspr-devel-1.0.2-2.7.2.i386.rpm [ via FTP ] [ via HTTP ] d3aea764a15e0b4da18f5c2d361481a6 mozilla-nss-1.0.2-2.7.2.i386.rpm [ via FTP ] [ via HTTP ] 7c3c988b12406f4fdca1482a597415f0 mozilla-nss-devel-1.0.2-2.7.2.i386.rpm [ via FTP ] [ via HTTP ] 9b4d4c39e477aacc273050f8ed29603d mozilla-psm-1.0.2-2.7.2.i386.rpm [ via FTP ] [ via HTTP ] 254af66bbd9e2ff5a5c5fc674051be73 Red Hat Linux 7.3 -------------------------------------------------------------------------------- SRPMS: mozilla-1.0.2-2.7.3.src.rpm [ via FTP ] [ via HTTP ] 1422c777f85d9cf8c389d26b0409c884 i386: mozilla-1.0.2-2.7.3.i386.rpm [ via FTP ] [ via HTTP ] 79f4c4d5f606c44b99e0ba41541bf11c mozilla-chat-1.0.2-2.7.3.i386.rpm [ via FTP ] [ via HTTP ] 005d46a9a1548bcbbd912327f908bb49 mozilla-devel-1.0.2-2.7.3.i386.rpm [ via FTP ] [ via HTTP ] 6ceff96da5dfab5ab11dacbc8a91a25a mozilla-dom-inspector-1.0.2-2.7.3.i386.rpm [ via FTP ] [ via HTTP ] 6dc44762c79a1fe09e24b4197e788068 mozilla-js-debugger-1.0.2-2.7.3.i386.rpm [ via FTP ] [ via HTTP ] 2d0638f0319d3caffa17143fc137a9e9 mozilla-mail-1.0.2-2.7.3.i386.rpm [ via FTP ] [ via HTTP ] 37cf0ed35c4468baa063f4d675ea80b1 mozilla-nspr-1.0.2-2.7.3.i386.rpm [ via FTP ] [ via HTTP ] 4f5d57a79a3e09d189dbfcb3c3b68965 mozilla-nspr-devel-1.0.2-2.7.3.i386.rpm [ via FTP ] [ via HTTP ] 983ae99e55402c47f4d75f082799603b mozilla-nss-1.0.2-2.7.3.i386.rpm [ via FTP ] [ via HTTP ] 5b2a2c126e2a22e737e2613c27f25172 mozilla-nss-devel-1.0.2-2.7.3.i386.rpm [ via FTP ] [ via HTTP ] e94fc6cd89ea1d34ab7c863674b10633 mozilla-psm-1.0.2-2.7.3.i386.rpm [ via FTP ] [ via HTTP ] 80eeba8d0ff8c10871bba5df19602d08 Red Hat Linux 8.0 -------------------------------------------------------------------------------- SRPMS: mozilla-1.0.2-1.8.0.src.rpm [ via FTP ] [ via HTTP ] 1ab24a690bd15d75506dc6a8c2e273ee i386: mozilla-1.0.2-1.8.0.i386.rpm [ via FTP ] [ via HTTP ] 5911caaf582e1df67ce46193fdc76c29 mozilla-chat-1.0.2-1.8.0.i386.rpm [ via FTP ] [ via HTTP ] c077e7be3cdda9628f6ca13ca3e65166 mozilla-devel-1.0.2-1.8.0.i386.rpm [ via FTP ] [ via HTTP ] 9128c1af768a09eda849a69aa22f982e mozilla-dom-inspector-1.0.2-1.8.0.i386.rpm [ via FTP ] [ via HTTP ] 011722b79b93f93f0be6cce5fcd88574 mozilla-js-debugger-1.0.2-1.8.0.i386.rpm [ via FTP ] [ via HTTP ] 011015a782b908cbf1beb07752163333 mozilla-mail-1.0.2-1.8.0.i386.rpm [ via FTP ] [ via HTTP ] a08c04ce82a9542fe9cbd34ab2efa685 mozilla-nspr-1.0.2-1.8.0.i386.rpm [ via FTP ] [ via HTTP ] db1f0c95e0c6476669be3cf339a01840 mozilla-nspr-devel-1.0.2-1.8.0.i386.rpm [ via FTP ] [ via HTTP ] f21ec830971bed5fb97243f3bc40d2d4 mozilla-nss-1.0.2-1.8.0.i386.rpm [ via FTP ] [ via HTTP ] 4c93a87a06222772e2de2e244e2d3e59 mozilla-nss-devel-1.0.2-1.8.0.i386.rpm [ via FTP ] [ via HTTP ] 5fd5561787d6f3bc0d2ad2bb5f00f6d5 mozilla-psm-1.0.2-1.8.0.i386.rpm [ via FTP ] [ via HTTP ] c0fc99835abe54966ea45fcc34bcf67e Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1308 http://www.mozilla.org/releases/mozilla1.0.2/ -------------------------------------------------------------------------------- The listed packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/solutions/security/news/publickey/#key You can verify each package and see who signed it with the following command: rpm --checksig -v filename If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum filename The Red Hat security contact is security@redhat.com. More contact details at http://www.redhat.com/solutions/security/news/contact.html [***** End Red Hat Security Advisory RHSA-2003:162-10 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat, Inc. for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) N-111: Red Hat Updated unzip Packages Fix Trojan Vulnerability N-112: Red Hat Updated PHP Packages Fix Bugs N-113: Sun Buffer Overflow in LDAP Name Service N-114: Buffer Overrun in Microsoft HTML Converter Could Allow Code Execution N-115: Buffer Overrun in Microsoft Windows Could Lead to Data Corruption N-116: Flaw in Microsoft Windows Message Handling through Utility Manager Could Enable Privilege Elevation N-117: Microsoft RPC Interface Buffer Overrun Vulnerability N-118: Cisco IOS Interface Blocked by IPv4 Packet N-119: Microsoft Internet Security and Acceleration (ISA) Server Error Pages Could Allow Cross-Site Scripting Attack N-120: Unchecked Buffer in Microsoft Windows Shell Could Enable System Compromise