______________________________________________________________________________

                        SuSE Security Announcement

        Package:                netscape
        Announcement-ID:        SuSE-SA:2000:48
        Date:                   Thursday, November 30th, 2000 19:00 MET
        Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0
        Vulnerability Type:     clientside remote vulnerability
        Severity (1-10):        4
        SuSE default package:   yes
        Other affected systems: systems w/ netscape versions before 4.76

    Content of this advisory:
        1) security vulnerability resolved: netscape
           problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, solutions, workarounds
        3) standard appendix (further information)

______________________________________________________________________________

1)  problem description, brief discussion, solution, upgrade information

    Michal Zalewski <lcamtuf@DIONE.IDS.PL> has found a buffer overflow in
    the html parser code of the Netscape Navigator in all versions before
    and including 4.75. html code of the form

    

    
    more form tags
    


    can crash the browser. It may be possible for an attacker to supply
    a webpage that executes arbitrary code as the user running netscape.
    As of today, no exploit code is known to exist in the wild.

    SuSE provides an update package for the vulnerable software. It is
    recommended to upgrade to the latest version found on our ftp server
    as described below. The update package introduces Netscape version
    4.76.

    NOTE:
    Please note that Netscape-4.76 is not available for the glibc-2.0-based
    SuSE Distributions SuSE-6.0 and 6.1 because Netscape doesn't provide
    any binaries for the glibc version in these distributions (glibc-2.0).
    For SuSE-6.0 and 6.1, we provide a libc5-based version of netscape-4.76
    which runs smoothly on all i386-based SuSE distributions 6.x and 7.x,
    provided the package shlibs5 is installed. The package can be found in
    the update/5.3 directory on our ftp server (see below).
    There are no packages available for platforms other than i386.

    NOTE:
    The packages on our ftp servers date back to October 31st. Since
    there is no release notes or README file with equivalent content
    in the netscape tarball, SuSE security was not aware of the fact
    that this release of netscape fixes the known problems. This
    information can be obtained from (along with information about
    other bugfixes)
       .

    Please choose the update package(s) for your distribution from the URLs
    listed below and download the necessary rpm files. Then, install the
    package using the command `rpm -Uhv file.rpm´. rpm packages have an
    internal md5 checksum that protects against file corruption. You can
    verify this checksum using the command (independently from the md5
    signatures below)
        `rpm --checksig --nogpg file.rpm',
    The md5 sums under each package are to prove the package authenticity,
    independently from the md5 checksums in the rpm package format.


    Intel i386 Platform

    SuSE-7.0
    SuSE-6.4
    SuSE-6.3
    SuSE-6.2
    
 
      7ccebaca7df0937a3c08fc30a27af858

    SuSE-6.1
    SuSE-6.0
    
 
      3c4f06c5fea4755083524eb135627380


______________________________________________________________________________

2)  Pending vulnerabilities in SuSE Distributions and Workarounds:

    - ssh/openssh

      Several inconsistencies and configuration bugs have been introduced
      in the SuSE rpm packages for the update of openssh (SuSE-SA:2000:47)
      that cause the openssh software to not work as reliably as usual.
      The packages are about to be reworked, the openssh announcement will
      be reissued.

    - pidentd

      The in.identd daemon on SuSE distributions can be crashed remotely.
      We're working on a fix.

    - bash1

      bash, version 1, handles temporary files in an unsafe manner that
      allows a local attacker to overwrite arbitrary files as the user
      running a bash1 with input redirection of the "<< EOF" style.
      The bash1 package is not used per default in SuSE-distributions.
      We're working on a fix (update packages).

    - tcsh

      The paragraph above about bash version 1 applies to the tcsh as
      well, in all versions. The tcsh is not used by SuSE scripts.
______________________________________________________________________________

3)  standard appendix:

    SuSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-security@suse.com
        -   general/linux/SuSE security discussion.
            All SuSE security announcements are sent to this list.
            To subscribe, send an email to
                <suse-security-subscribe@suse.com>.

    suse-security-announce@suse.com
        -   SuSE's announce-only mailing list.
            Only SuSE's security annoucements are sent to this list.
            To subscribe, send an email to
                <suse-security-announce-subscribe@suse.com>.

    For general information or the frequently asked questions (faq)
    send mail to:
        <suse-security-info@suse.com> or
        <suse-security-faq@suse.com> respectively.

    ==============================================    SuSE's security contact is <security@suse.com>.
    ==============================================
Regards,
Roman Drahtmüller.
- - --

SuSE: 'netscape' buffer overflow

November 30, 2000
Michal Zalewski has found a buffer overflow in the html parser code of the Netscape Navigator in all versions before and including 4.75.

Summary


______________________________________________________________________________

                        SuSE Security Announcement

        Package:                netscape
        Announcement-ID:        SuSE-SA:2000:48
        Date:                   Thursday, November 30th, 2000 19:00 MET
        Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0
        Vulnerability Type:     clientside remote vulnerability
        Severity (1-10):        4
        SuSE default package:   yes
        Other affected systems: systems w/ netscape versions before 4.76

    Content of this advisory:
        1) security vulnerability resolved: netscape
           problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, solutions, workarounds
        3) standard appendix (further information)

______________________________________________________________________________

1)  problem description, brief discussion, solution, upgrade information

    Michal Zalewski <lcamtuf@DIONE.IDS.PL> has found a buffer overflow in
    the html parser code of the Netscape Navigator in all versions before
    and including 4.75. html code of the form

    

    
    more form tags
    


    can crash the browser. It may be possible for an attacker to supply
    a webpage that executes arbitrary code as the user running netscape.
    As of today, no exploit code is known to exist in the wild.

    SuSE provides an update package for the vulnerable software. It is
    recommended to upgrade to the latest version found on our ftp server
    as described below. The update package introduces Netscape version
    4.76.

    NOTE:
    Please note that Netscape-4.76 is not available for the glibc-2.0-based
    SuSE Distributions SuSE-6.0 and 6.1 because Netscape doesn't provide
    any binaries for the glibc version in these distributions (glibc-2.0).
    For SuSE-6.0 and 6.1, we provide a libc5-based version of netscape-4.76
    which runs smoothly on all i386-based SuSE distributions 6.x and 7.x,
    provided the package shlibs5 is installed. The package can be found in
    the update/5.3 directory on our ftp server (see below).
    There are no packages available for platforms other than i386.

    NOTE:
    The packages on our ftp servers date back to October 31st. Since
    there is no release notes or README file with equivalent content
    in the netscape tarball, SuSE security was not aware of the fact
    that this release of netscape fixes the known problems. This
    information can be obtained from (along with information about
    other bugfixes)
       .

    Please choose the update package(s) for your distribution from the URLs
    listed below and download the necessary rpm files. Then, install the
    package using the command `rpm -Uhv file.rpm´. rpm packages have an
    internal md5 checksum that protects against file corruption. You can
    verify this checksum using the command (independently from the md5
    signatures below)
        `rpm --checksig --nogpg file.rpm',
    The md5 sums under each package are to prove the package authenticity,
    independently from the md5 checksums in the rpm package format.


    Intel i386 Platform

    SuSE-7.0
    SuSE-6.4
    SuSE-6.3
    SuSE-6.2
    
 
      7ccebaca7df0937a3c08fc30a27af858

    SuSE-6.1
    SuSE-6.0
    
 
      3c4f06c5fea4755083524eb135627380


______________________________________________________________________________

2)  Pending vulnerabilities in SuSE Distributions and Workarounds:

    - ssh/openssh

      Several inconsistencies and configuration bugs have been introduced
      in the SuSE rpm packages for the update of openssh (SuSE-SA:2000:47)
      that cause the openssh software to not work as reliably as usual.
      The packages are about to be reworked, the openssh announcement will
      be reissued.

    - pidentd

      The in.identd daemon on SuSE distributions can be crashed remotely.
      We're working on a fix.

    - bash1

      bash, version 1, handles temporary files in an unsafe manner that
      allows a local attacker to overwrite arbitrary files as the user
      running a bash1 with input redirection of the "<< EOF" style.
      The bash1 package is not used per default in SuSE-distributions.
      We're working on a fix (update packages).

    - tcsh

      The paragraph above about bash version 1 applies to the tcsh as
      well, in all versions. The tcsh is not used by SuSE scripts.
______________________________________________________________________________

3)  standard appendix:

    SuSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-security@suse.com
        -   general/linux/SuSE security discussion.
            All SuSE security announcements are sent to this list.
            To subscribe, send an email to
                <suse-security-subscribe@suse.com>.

    suse-security-announce@suse.com
        -   SuSE's announce-only mailing list.
            Only SuSE's security annoucements are sent to this list.
            To subscribe, send an email to
                <suse-security-announce-subscribe@suse.com>.

    For general information or the frequently asked questions (faq)
    send mail to:
        <suse-security-info@suse.com> or
        <suse-security-faq@suse.com> respectively.

    ==============================================    SuSE's security contact is <security@suse.com>.
    ==============================================
Regards,
Roman Drahtmüller.
- - --

References

Severity

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved