Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2005 > Two Red Hat Security Advisories: 1. RHSA-2005:038-01 - Updated mozilla packages fix a buffer overflow 2. RHSA-2005:019-01 - Updated libtiff packages fix security issues

January 2005

Two Red Hat Security Advisories: 1. RHSA-2005:038-01 - Updated mozilla packages fix a buffer overflow 2. RHSA-2005:019-01 - Updated libtiff packages fix security issues

ID: 00033
Ref: 29/2005
Date: 17 January 2005:14:54:26
Version: 1
Title: Two Red Hat Security Advisories: 1. RHSA-2005:038-01 - Updated mozilla packages fix a buffer overflow 2. RHSA-2005:019-01 - Updated libtiff packages fix security issues
Abstract:
Vendors affected: Red Hat
Operating systems affected: Red Hat
Applications affected: Red Hat
Title
=====

Two Red Hat Security Advisories:

1. RHSA-2005:038-01 - Updated mozilla packages fix a buffer overflow

2. RHSA-2005:019-01 - Updated libtiff packages fix security issues

Detail
======

1. Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.
iSEC Security Research has discovered a buffer overflow bug in the way Mozilla
handles NNTP URLs. If a user visits a malicious web page or is convinced to
click on a malicious link, it may be possible for an attacker to execute
arbitrary code on the victim's machine. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-1316 to
this issue.

2. The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files.
iDEFENSE has reported an integer overflow bug that affects libtiff. An
attacker who has the ability to trick a user into opening a malicious
TIFF file could cause the application linked to libtiff to crash or
possibly execute arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1308 to this issue.
utility. An atacker who has the ability to trick a user into opening a
malicious TIFF file with tiffdump could possibly execute arbitrary code.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-1183 to this issue.





1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================


ESB-2005.0038 -- RHSA-2005:038-01
Updated mozilla packages fix a buffer overflow
14 January 2005

===========================================================================



Product: Mozilla
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Desktop version 3
Red Hat Enterprise Linux AS/ES/WS 2.1
Red Hat Linux Advanced Workstation 2.1
Linux variants
UNIX variants
Windows
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CAN-2004-1316

Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-038.html

Comment: Please note that the Windows and Mac OS X versions of Mozilla may also
be affected by these vulnerabilities. Packages for all platforms are
available at http://www.mozilla.org/products/mozilla1.x/.

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated mozilla packages fix a buffer overflow
Advisory ID: RHSA-2005:038-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-038.html
Issue date: 2005-01-13
Updated on: 2005-01-13
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-1316
- - - ---------------------------------------------------------------------

1. Summary:

Updated mozilla packages that fix a buffer overflow issue are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red
Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES
version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat
Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red
Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version
3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64,
x86_64

3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.

iSEC Security Research has discovered a buffer overflow bug in the way
Mozilla handles NNTP URLs. If a user visits a malicious web page or is
convinced to click on a malicious link, it may be possible for an attacker
to execute arbitrary code on the victim's machine. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1316 to
this issue.

Users of Mozilla should upgrade to these updated packages, which contain
backported patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied. Use Red Hat Network to download
and update your packages. To launch the Red Hat Update Agent, use the
following command:

up2date

For information on how to install packages manually, refer to the following
Web page for the System Administration or Customization guide specific to
your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

143994 - CAN-2004-1316 buffer overflow in mozilla

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mozilla-1.4.3-2.1.5.src.rpm
fefa59012cd31f131236a9375a0503f0 mozilla-1.4.3-2.1.5.src.rpm

i386:
46eb27212aa9c60a94c28cc4a5d25e42 mozilla-1.4.3-2.1.5.i386.rpm e8977f1973bff2de581837f21e03dd49 mozilla-chat-1.4.3-2.1.5.i386.rpm 028ec7c7d3a8602dd170d121ef1247d9 mozilla-devel-1.4.3-2.1.5.i386.rpm
ebb437146df9f11df6374d9a8aac93de mozilla-dom-inspector-1.4.3-2.1.5.i386.rpm
aa57587e31eb6010ed2ebefdf9db31db mozilla-js-debugger-1.4.3-2.1.5.i386.rpm
81569282cb766a9b7feb069ec6e6c2a9 mozilla-mail-1.4.3-2.1.5.i386.rpm 8da39274901c76ef6ea2abfbb762a14b mozilla-nspr-1.4.3-2.1.5.i386.rpm 258ba701c07cfcef587ad6ea76555279 mozilla-nspr-devel-1.4.3-2.1.5.i386.rpm
efaf0a6599ac580b26966feaf26d9dd2 mozilla-nss-1.4.3-2.1.5.i386.rpm 3383a0fc903e906f39d5fa122d78053b mozilla-nss-devel-1.4.3-2.1.5.i386.rpm

ia64:
7bd9778e4ca85b48da0d11847e41d33b mozilla-1.4.3-2.1.5.ia64.rpm 23f2abb5e47d69fa2a7e306c481304f1 mozilla-chat-1.4.3-2.1.5.ia64.rpm 567a749da35f376b7293537d12f1a6a4 mozilla-devel-1.4.3-2.1.5.ia64.rpm
f9b899f673c60915d395a592740fb471 mozilla-dom-inspector-1.4.3-2.1.5.ia64.rpm
f7fb841eaab55ea5cf252f91fcb44593 mozilla-js-debugger-1.4.3-2.1.5.ia64.rpm
382b1225cdb048a812cea97c63deba1b mozilla-mail-1.4.3-2.1.5.ia64.rpm c5122858d5d9fc328f0e624ea7c18de4 mozilla-nspr-1.4.3-2.1.5.ia64.rpm 73cc6599ee5e855b2420cb4616a13420 mozilla-nspr-devel-1.4.3-2.1.5.ia64.rpm
08588296179874ab3e2d64554b4e9898 mozilla-nss-1.4.3-2.1.5.ia64.rpm 8a216307ccd5a1170c0f2aff6677257c mozilla-nss-devel-1.4.3-2.1.5.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mozilla-1.4.3-2.1.5.src.rpm
fefa59012cd31f131236a9375a0503f0 mozilla-1.4.3-2.1.5.src.rpm

ia64:
7bd9778e4ca85b48da0d11847e41d33b mozilla-1.4.3-2.1.5.ia64.rpm 23f2abb5e47d69fa2a7e306c481304f1 mozilla-chat-1.4.3-2.1.5.ia64.rpm 567a749da35f376b7293537d12f1a6a4 mozilla-devel-1.4.3-2.1.5.ia64.rpm
f9b899f673c60915d395a592740fb471 mozilla-dom-inspector-1.4.3-2.1.5.ia64.rpm
f7fb841eaab55ea5cf252f91fcb44593 mozilla-js-debugger-1.4.3-2.1.5.ia64.rpm
382b1225cdb048a812cea97c63deba1b mozilla-mail-1.4.3-2.1.5.ia64.rpm c5122858d5d9fc328f0e624ea7c18de4 mozilla-nspr-1.4.3-2.1.5.ia64.rpm 73cc6599ee5e855b2420cb4616a13420 mozilla-nspr-devel-1.4.3-2.1.5.ia64.rpm
08588296179874ab3e2d64554b4e9898 mozilla-nss-1.4.3-2.1.5.ia64.rpm 8a216307ccd5a1170c0f2aff6677257c mozilla-nss-devel-1.4.3-2.1.5.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mozilla-1.4.3-2.1.5.src.rpm
fefa59012cd31f131236a9375a0503f0 mozilla-1.4.3-2.1.5.src.rpm

i386:
46eb27212aa9c60a94c28cc4a5d25e42 mozilla-1.4.3-2.1.5.i386.rpm e8977f1973bff2de581837f21e03dd49 mozilla-chat-1.4.3-2.1.5.i386.rpm 028ec7c7d3a8602dd170d121ef1247d9 mozilla-devel-1.4.3-2.1.5.i386.rpm
ebb437146df9f11df6374d9a8aac93de mozilla-dom-inspector-1.4.3-2.1.5.i386.rpm
aa57587e31eb6010ed2ebefdf9db31db mozilla-js-debugger-1.4.3-2.1.5.i386.rpm
81569282cb766a9b7feb069ec6e6c2a9 mozilla-mail-1.4.3-2.1.5.i386.rpm 8da39274901c76ef6ea2abfbb762a14b mozilla-nspr-1.4.3-2.1.5.i386.rpm 258ba701c07cfcef587ad6ea76555279 mozilla-nspr-devel-1.4.3-2.1.5.i386.rpm
efaf0a6599ac580b26966feaf26d9dd2 mozilla-nss-1.4.3-2.1.5.i386.rpm 3383a0fc903e906f39d5fa122d78053b mozilla-nss-devel-1.4.3-2.1.5.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mozilla-1.4.3-2.1.5.src.rpm
fefa59012cd31f131236a9375a0503f0 mozilla-1.4.3-2.1.5.src.rpm

i386:
46eb27212aa9c60a94c28cc4a5d25e42 mozilla-1.4.3-2.1.5.i386.rpm e8977f1973bff2de581837f21e03dd49 mozilla-chat-1.4.3-2.1.5.i386.rpm 028ec7c7d3a8602dd170d121ef1247d9 mozilla-devel-1.4.3-2.1.5.i386.rpm
ebb437146df9f11df6374d9a8aac93de mozilla-dom-inspector-1.4.3-2.1.5.i386.rpm
aa57587e31eb6010ed2ebefdf9db31db mozilla-js-debugger-1.4.3-2.1.5.i386.rpm
81569282cb766a9b7feb069ec6e6c2a9 mozilla-mail-1.4.3-2.1.5.i386.rpm 8da39274901c76ef6ea2abfbb762a14b mozilla-nspr-1.4.3-2.1.5.i386.rpm 258ba701c07cfcef587ad6ea76555279 mozilla-nspr-devel-1.4.3-2.1.5.i386.rpm
efaf0a6599ac580b26966feaf26d9dd2 mozilla-nss-1.4.3-2.1.5.i386.rpm 3383a0fc903e906f39d5fa122d78053b mozilla-nss-devel-1.4.3-2.1.5.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mozilla-1.4.3-3.0.7.src.rpm
ad9534b7525fb57427d5cdc11de82cf2 mozilla-1.4.3-3.0.7.src.rpm

i386:
a11b0fd761dc02738c3c67e25f320da1 mozilla-1.4.3-3.0.7.i386.rpm cf0a8398a63f7bd40a5049edebd7db87 mozilla-chat-1.4.3-3.0.7.i386.rpm 929f572c9364314d535c9a38f4d8a498 mozilla-devel-1.4.3-3.0.7.i386.rpm
eb72c9e1394030d4bb90a9991f52e81e mozilla-dom-inspector-1.4.3-3.0.7.i386.rpm
1fb99678c2d06bbe4895d8c62b6d1abb mozilla-js-debugger-1.4.3-3.0.7.i386.rpm
076ff55c5dbaf753cec88c0109888d96 mozilla-mail-1.4.3-3.0.7.i386.rpm e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-1.4.3-3.0.7.i386.rpm 90ddf2ef4341cb3bbee95fa669b9dc5d mozilla-nspr-devel-1.4.3-3.0.7.i386.rpm
8559fa287563eee48563137eb00e5b2b mozilla-nss-1.4.3-3.0.7.i386.rpm 01c7216160e7f373fd73b1c331a12148 mozilla-nss-devel-1.4.3-3.0.7.i386.rpm

ia64:
bc7bae6c79eea865e59a6217fd101a50 mozilla-1.4.3-3.0.7.ia64.rpm 5c66051e4d10a3e8879c5429b73a36af mozilla-chat-1.4.3-3.0.7.ia64.rpm 5d9f22a3498edec84c1e2e534ba0620a mozilla-devel-1.4.3-3.0.7.ia64.rpm
b495c264cb52d0f15c2e51ce29f743f5 mozilla-dom-inspector-1.4.3-3.0.7.ia64.rpm
9ca814199cadd2cd5797555b898a3006 mozilla-js-debugger-1.4.3-3.0.7.ia64.rpm
7014f4ab5dd4f53e8cd29e8c4e3fa4e2 mozilla-mail-1.4.3-3.0.7.ia64.rpm 22b1619f1c799aaca7661493924969f6 mozilla-nspr-1.4.3-3.0.7.ia64.rpm e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-1.4.3-3.0.7.i386.rpm f0a1eea9aeb6606e6e5d7eec65f612ed mozilla-nspr-devel-1.4.3-3.0.7.ia64.rpm
ee951417a6b9f33d19e0be4ca4e4429e mozilla-nss-1.4.3-3.0.7.ia64.rpm 8559fa287563eee48563137eb00e5b2b mozilla-nss-1.4.3-3.0.7.i386.rpm 82874daf499f0183a7f26ca73e005578 mozilla-nss-devel-1.4.3-3.0.7.ia64.rpm

ppc:
71dbd8350ebf7ad2a059b297172efbe7 mozilla-1.4.3-3.0.7.ppc.rpm db858090a8707492f94fbe5dcd7413d6 mozilla-chat-1.4.3-3.0.7.ppc.rpm 313dbd71e7845b6c7b0175d95341c831 mozilla-devel-1.4.3-3.0.7.ppc.rpm af177959280c44a84021583be2bcfd59 mozilla-dom-inspector-1.4.3-3.0.7.ppc.rpm
e649ccede061fbc6b2a3b67e8de0697e mozilla-js-debugger-1.4.3-3.0.7.ppc.rpm
0b819832f88d940f2c30330cfce471b9 mozilla-mail-1.4.3-3.0.7.ppc.rpm 8b45f1ea66ad2fcebf0d3823050ec7cc mozilla-nspr-1.4.3-3.0.7.ppc.rpm 6b9a5a195d4e80cf1308404e9c738990 mozilla-nspr-devel-1.4.3-3.0.7.ppc.rpm
61c1ea43cd206b34ba82d388f54e8747 mozilla-nss-1.4.3-3.0.7.ppc.rpm 356d0935643ca7057c90334e5ec950b9 mozilla-nss-devel-1.4.3-3.0.7.ppc.rpm

s390:
3dd8ec69ea05d3a829be28e7eefc617a mozilla-1.4.3-3.0.7.s390.rpm 757495d25d0109881396658d085790c7 mozilla-chat-1.4.3-3.0.7.s390.rpm 6863e768ecb6fbc9d5a19a98f0ec737d mozilla-devel-1.4.3-3.0.7.s390.rpm
45ecbc18e361e431360058e64e47e05e mozilla-dom-inspector-1.4.3-3.0.7.s390.rpm
a518a5ade274534c8144e3b5afbb8679 mozilla-js-debugger-1.4.3-3.0.7.s390.rpm
09da55cb5b3aa4b3a58f4025d2a8c10a mozilla-mail-1.4.3-3.0.7.s390.rpm 4677210674aea7f27c275b2917cc156a mozilla-nspr-1.4.3-3.0.7.s390.rpm 7bea294de9a88fc48919c8b0ba52e0be mozilla-nspr-devel-1.4.3-3.0.7.s390.rpm
7679f89fce879782df025fbebb729938 mozilla-nss-1.4.3-3.0.7.s390.rpm 43544f6fe51fe36a48ae70c92feb8404 mozilla-nss-devel-1.4.3-3.0.7.s390.rpm

s390x:
e65aa04ad572b7e55598f6018d25476f mozilla-1.4.3-3.0.7.s390x.rpm 657f03114553d097c34a33e51d7e9e00 mozilla-chat-1.4.3-3.0.7.s390x.rpm
8405cd59e689ffd6d762900c6edb736e mozilla-devel-1.4.3-3.0.7.s390x.rpm
95fa5e7b5615afa7d3e79c76a1c81a1f mozilla-dom-inspector-1.4.3-3.0.7.s390x.rpm
93551a339139bd0f49b128d014831b6e mozilla-js-debugger-1.4.3-3.0.7.s390x.rpm
b0c008c26ea226d72aef9c1c93cbc3e3 mozilla-mail-1.4.3-3.0.7.s390x.rpm
f62d53eeab524454606e2f19be58c2ca mozilla-nspr-1.4.3-3.0.7.s390x.rpm
4677210674aea7f27c275b2917cc156a mozilla-nspr-1.4.3-3.0.7.s390.rpm 034ca24c1cd18ddfa46304a5e67a84e9 mozilla-nspr-devel-1.4.3-3.0.7.s390x.rpm
fcf5756feebe0f19e29d13b6a439e6dc mozilla-nss-1.4.3-3.0.7.s390x.rpm 7679f89fce879782df025fbebb729938 mozilla-nss-1.4.3-3.0.7.s390.rpm 77218e542a45e24ded278db463d0438f mozilla-nss-devel-1.4.3-3.0.7.s390x.rpm

x86_64:
a27d4c67306f290a5d0c910223ccc4d8 mozilla-1.4.3-3.0.7.x86_64.rpm a11b0fd761dc02738c3c67e25f320da1 mozilla-1.4.3-3.0.7.i386.rpm adfd293311e18c4f612b130dfefa2dfd mozilla-chat-1.4.3-3.0.7.x86_64.rpm
94d458713bd6c5b6be2e3b579a2e58d7 mozilla-devel-1.4.3-3.0.7.x86_64.rpm
b78d4c71019afdcf52b41026196e9426 mozilla-dom-inspector-1.4.3-3.0.7.x86_64.rpm
af6e60db5bbc5dcd995122327eb832c3 mozilla-js-debugger-1.4.3-3.0.7.x86_64.rpm
c76ed9e84fd7e6c5d1828690811383d5 mozilla-mail-1.4.3-3.0.7.x86_64.rpm
59ca22eca688a39a9a5c9741ae428e54 mozilla-nspr-1.4.3-3.0.7.x86_64.rpm
e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-1.4.3-3.0.7.i386.rpm 5c90029ee49332f263839402e42b236b mozilla-nspr-devel-1.4.3-3.0.7.x86_64.rpm
8a47f807d74cf4681b899563e49dc439 mozilla-nss-1.4.3-3.0.7.x86_64.rpm
8559fa287563eee48563137eb00e5b2b mozilla-nss-1.4.3-3.0.7.i386.rpm ebf29e52da952d9fc8f49fbb89138d41 mozilla-nss-devel-1.4.3-3.0.7.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mozilla-1.4.3-3.0.7.src.rpm
ad9534b7525fb57427d5cdc11de82cf2 mozilla-1.4.3-3.0.7.src.rpm

i386:
a11b0fd761dc02738c3c67e25f320da1 mozilla-1.4.3-3.0.7.i386.rpm cf0a8398a63f7bd40a5049edebd7db87 mozilla-chat-1.4.3-3.0.7.i386.rpm 929f572c9364314d535c9a38f4d8a498 mozilla-devel-1.4.3-3.0.7.i386.rpm
eb72c9e1394030d4bb90a9991f52e81e mozilla-dom-inspector-1.4.3-3.0.7.i386.rpm
1fb99678c2d06bbe4895d8c62b6d1abb mozilla-js-debugger-1.4.3-3.0.7.i386.rpm
076ff55c5dbaf753cec88c0109888d96 mozilla-mail-1.4.3-3.0.7.i386.rpm e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-1.4.3-3.0.7.i386.rpm 90ddf2ef4341cb3bbee95fa669b9dc5d mozilla-nspr-devel-1.4.3-3.0.7.i386.rpm
8559fa287563eee48563137eb00e5b2b mozilla-nss-1.4.3-3.0.7.i386.rpm 01c7216160e7f373fd73b1c331a12148 mozilla-nss-devel-1.4.3-3.0.7.i386.rpm

x86_64:
a27d4c67306f290a5d0c910223ccc4d8 mozilla-1.4.3-3.0.7.x86_64.rpm a11b0fd761dc02738c3c67e25f320da1 mozilla-1.4.3-3.0.7.i386.rpm adfd293311e18c4f612b130dfefa2dfd mozilla-chat-1.4.3-3.0.7.x86_64.rpm
94d458713bd6c5b6be2e3b579a2e58d7 mozilla-devel-1.4.3-3.0.7.x86_64.rpm
b78d4c71019afdcf52b41026196e9426 mozilla-dom-inspector-1.4.3-3.0.7.x86_64.rpm
af6e60db5bbc5dcd995122327eb832c3 mozilla-js-debugger-1.4.3-3.0.7.x86_64.rpm
c76ed9e84fd7e6c5d1828690811383d5 mozilla-mail-1.4.3-3.0.7.x86_64.rpm
59ca22eca688a39a9a5c9741ae428e54 mozilla-nspr-1.4.3-3.0.7.x86_64.rpm
e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-1.4.3-3.0.7.i386.rpm 5c90029ee49332f263839402e42b236b mozilla-nspr-devel-1.4.3-3.0.7.x86_64.rpm
8a47f807d74cf4681b899563e49dc439 mozilla-nss-1.4.3-3.0.7.x86_64.rpm
8559fa287563eee48563137eb00e5b2b mozilla-nss-1.4.3-3.0.7.i386.rpm ebf29e52da952d9fc8f49fbb89138d41 mozilla-nss-devel-1.4.3-3.0.7.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mozilla-1.4.3-3.0.7.src.rpm
ad9534b7525fb57427d5cdc11de82cf2 mozilla-1.4.3-3.0.7.src.rpm

i386:
a11b0fd761dc02738c3c67e25f320da1 mozilla-1.4.3-3.0.7.i386.rpm cf0a8398a63f7bd40a5049edebd7db87 mozilla-chat-1.4.3-3.0.7.i386.rpm 929f572c9364314d535c9a38f4d8a498 mozilla-devel-1.4.3-3.0.7.i386.rpm
eb72c9e1394030d4bb90a9991f52e81e mozilla-dom-inspector-1.4.3-3.0.7.i386.rpm
1fb99678c2d06bbe4895d8c62b6d1abb mozilla-js-debugger-1.4.3-3.0.7.i386.rpm
076ff55c5dbaf753cec88c0109888d96 mozilla-mail-1.4.3-3.0.7.i386.rpm e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-1.4.3-3.0.7.i386.rpm 90ddf2ef4341cb3bbee95fa669b9dc5d mozilla-nspr-devel-1.4.3-3.0.7.i386.rpm
8559fa287563eee48563137eb00e5b2b mozilla-nss-1.4.3-3.0.7.i386.rpm 01c7216160e7f373fd73b1c331a12148 mozilla-nss-devel-1.4.3-3.0.7.i386.rpm

ia64:
bc7bae6c79eea865e59a6217fd101a50 mozilla-1.4.3-3.0.7.ia64.rpm 5c66051e4d10a3e8879c5429b73a36af mozilla-chat-1.4.3-3.0.7.ia64.rpm 5d9f22a3498edec84c1e2e534ba0620a mozilla-devel-1.4.3-3.0.7.ia64.rpm
b495c264cb52d0f15c2e51ce29f743f5 mozilla-dom-inspector-1.4.3-3.0.7.ia64.rpm
9ca814199cadd2cd5797555b898a3006 mozilla-js-debugger-1.4.3-3.0.7.ia64.rpm
7014f4ab5dd4f53e8cd29e8c4e3fa4e2 mozilla-mail-1.4.3-3.0.7.ia64.rpm 22b1619f1c799aaca7661493924969f6 mozilla-nspr-1.4.3-3.0.7.ia64.rpm e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-1.4.3-3.0.7.i386.rpm f0a1eea9aeb6606e6e5d7eec65f612ed mozilla-nspr-devel-1.4.3-3.0.7.ia64.rpm
ee951417a6b9f33d19e0be4ca4e4429e mozilla-nss-1.4.3-3.0.7.ia64.rpm 8559fa287563eee48563137eb00e5b2b mozilla-nss-1.4.3-3.0.7.i386.rpm 82874daf499f0183a7f26ca73e005578 mozilla-nss-devel-1.4.3-3.0.7.ia64.rpm

x86_64:
a27d4c67306f290a5d0c910223ccc4d8 mozilla-1.4.3-3.0.7.x86_64.rpm a11b0fd761dc02738c3c67e25f320da1 mozilla-1.4.3-3.0.7.i386.rpm adfd293311e18c4f612b130dfefa2dfd mozilla-chat-1.4.3-3.0.7.x86_64.rpm
94d458713bd6c5b6be2e3b579a2e58d7 mozilla-devel-1.4.3-3.0.7.x86_64.rpm
b78d4c71019afdcf52b41026196e9426 mozilla-dom-inspector-1.4.3-3.0.7.x86_64.rpm
af6e60db5bbc5dcd995122327eb832c3 mozilla-js-debugger-1.4.3-3.0.7.x86_64.rpm
c76ed9e84fd7e6c5d1828690811383d5 mozilla-mail-1.4.3-3.0.7.x86_64.rpm
59ca22eca688a39a9a5c9741ae428e54 mozilla-nspr-1.4.3-3.0.7.x86_64.rpm
e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-1.4.3-3.0.7.i386.rpm 5c90029ee49332f263839402e42b236b mozilla-nspr-devel-1.4.3-3.0.7.x86_64.rpm
8a47f807d74cf4681b899563e49dc439 mozilla-nss-1.4.3-3.0.7.x86_64.rpm
8559fa287563eee48563137eb00e5b2b mozilla-nss-1.4.3-3.0.7.i386.rpm ebf29e52da952d9fc8f49fbb89138d41 mozilla-nss-devel-1.4.3-3.0.7.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mozilla-1.4.3-3.0.7.src.rpm
ad9534b7525fb57427d5cdc11de82cf2 mozilla-1.4.3-3.0.7.src.rpm

i386:
a11b0fd761dc02738c3c67e25f320da1 mozilla-1.4.3-3.0.7.i386.rpm cf0a8398a63f7bd40a5049edebd7db87 mozilla-chat-1.4.3-3.0.7.i386.rpm 929f572c9364314d535c9a38f4d8a498 mozilla-devel-1.4.3-3.0.7.i386.rpm
eb72c9e1394030d4bb90a9991f52e81e mozilla-dom-inspector-1.4.3-3.0.7.i386.rpm
1fb99678c2d06bbe4895d8c62b6d1abb mozilla-js-debugger-1.4.3-3.0.7.i386.rpm
076ff55c5dbaf753cec88c0109888d96 mozilla-mail-1.4.3-3.0.7.i386.rpm e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-1.4.3-3.0.7.i386.rpm 90ddf2ef4341cb3bbee95fa669b9dc5d mozilla-nspr-devel-1.4.3-3.0.7.i386.rpm
8559fa287563eee48563137eb00e5b2b mozilla-nss-1.4.3-3.0.7.i386.rpm 01c7216160e7f373fd73b1c331a12148 mozilla-nss-devel-1.4.3-3.0.7.i386.rpm

ia64:
bc7bae6c79eea865e59a6217fd101a50 mozilla-1.4.3-3.0.7.ia64.rpm 5c66051e4d10a3e8879c5429b73a36af mozilla-chat-1.4.3-3.0.7.ia64.rpm 5d9f22a3498edec84c1e2e534ba0620a mozilla-devel-1.4.3-3.0.7.ia64.rpm
b495c264cb52d0f15c2e51ce29f743f5 mozilla-dom-inspector-1.4.3-3.0.7.ia64.rpm
9ca814199cadd2cd5797555b898a3006 mozilla-js-debugger-1.4.3-3.0.7.ia64.rpm
7014f4ab5dd4f53e8cd29e8c4e3fa4e2 mozilla-mail-1.4.3-3.0.7.ia64.rpm 22b1619f1c799aaca7661493924969f6 mozilla-nspr-1.4.3-3.0.7.ia64.rpm e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-1.4.3-3.0.7.i386.rpm f0a1eea9aeb6606e6e5d7eec65f612ed mozilla-nspr-devel-1.4.3-3.0.7.ia64.rpm
ee951417a6b9f33d19e0be4ca4e4429e mozilla-nss-1.4.3-3.0.7.ia64.rpm 8559fa287563eee48563137eb00e5b2b mozilla-nss-1.4.3-3.0.7.i386.rpm 82874daf499f0183a7f26ca73e005578 mozilla-nss-devel-1.4.3-3.0.7.ia64.rpm

x86_64:
a27d4c67306f290a5d0c910223ccc4d8 mozilla-1.4.3-3.0.7.x86_64.rpm a11b0fd761dc02738c3c67e25f320da1 mozilla-1.4.3-3.0.7.i386.rpm adfd293311e18c4f612b130dfefa2dfd mozilla-chat-1.4.3-3.0.7.x86_64.rpm
94d458713bd6c5b6be2e3b579a2e58d7 mozilla-devel-1.4.3-3.0.7.x86_64.rpm
b78d4c71019afdcf52b41026196e9426 mozilla-dom-inspector-1.4.3-3.0.7.x86_64.rpm
af6e60db5bbc5dcd995122327eb832c3 mozilla-js-debugger-1.4.3-3.0.7.x86_64.rpm
c76ed9e84fd7e6c5d1828690811383d5 mozilla-mail-1.4.3-3.0.7.x86_64.rpm
59ca22eca688a39a9a5c9741ae428e54 mozilla-nspr-1.4.3-3.0.7.x86_64.rpm
e4f4c80c3bff4618d42b54d50e89c1d6 mozilla-nspr-1.4.3-3.0.7.i386.rpm 5c90029ee49332f263839402e42b236b mozilla-nspr-devel-1.4.3-3.0.7.x86_64.rpm
8a47f807d74cf4681b899563e49dc439 mozilla-nss-1.4.3-3.0.7.x86_64.rpm
8559fa287563eee48563137eb00e5b2b mozilla-nss-1.4.3-3.0.7.i386.rpm ebf29e52da952d9fc8f49fbb89138d41 mozilla-nss-devel-1.4.3-3.0.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://www.isec.pl/vulnerabilities/isec-0020-mozilla.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1316

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFB5nsKXlSAg2UNWIIRAv66AKCG3vnayJrvQ9bquCzG8ryugmpiXwCeKs7B
jTsGuQR6dxaVdxZoIWluti8=
=7Lm/
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBQecoYyh9+71yA2DNAQLa1AP/eZZ2PXvGqmzn/2XByEolO1i+raxjX7I6
qaJp5kU+lEs5LpnN/GfKlMFvcx6H6QiT5i+P5RuMRU2pT9LMuxZQxMYC3FI8lB7v
yiuBAeG/6Ve9H7bvxGfblGeU4Z30rJHNBVkb40Uk9t1dedWvzuMft9zepaN1Bs9J
nCu1KRJm170=
=e2ut
- -----END PGP SIGNATURE-----



2.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================


ESB-2005.0037 -- RHSA-2005:019-01
Updated libtiff packages fix security issues
14 January 2005

===========================================================================



Product: libtiff
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Desktop version 3
Red Hat Enterprise Linux AS/ES/WS 2.1
Red Hat Linux Advanced Workstation 2.1
Linux variants
UNIX variants
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CAN-2004-1308 CAN-2004-1183

Ref: ESB-2004.0816

Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-019.html

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated libtiff packages fix security issues
Advisory ID: RHSA-2005:019-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-019.html
Issue date: 2005-01-13
Updated on: 2005-01-13
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-1308 CAN-2004-1183
- - - ---------------------------------------------------------------------

1. Summary:

Updated libtiff packages that fix various integer overflows are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux
ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red
Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x,
x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux
ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3
- - i386, ia64, x86_64

3. Problem description:

The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files.

iDEFENSE has reported an integer overflow bug that affects libtiff. An
attacker who has the ability to trick a user into opening a malicious
TIFF file could cause the application linked to libtiff to crash or
possibly execute arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1308 to this issue.

Dmitry V. Levin reported another integer overflow in the tiffdump
utility. An atacker who has the ability to trick a user into opening a
malicious TIFF file with tiffdump could possibly execute arbitrary code.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-1183 to this issue.

All users are advised to upgrade to these updated packages, which contain
backported fixes for these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

143505 - CAN-2004-1308 LibTIFF Directory Entry Count Integer Overflow Vulnerability 143577 - libtiff integer overflow.

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libtiff-3.5.5-19.src.rpm
9faf1a81c8cb9f7f6e6b712840b10951 libtiff-3.5.5-19.src.rpm

i386:
ebdab894fe8b36793f3d277ecac3e870 libtiff-3.5.5-19.i386.rpm 74c12e5af9b426a1c50bb906a50db452 libtiff-devel-3.5.5-19.i386.rpm

ia64:
c6c4648dfb26f03792898db6e75025e2 libtiff-3.5.5-19.ia64.rpm 0e2f3a5d95535589bdc71c96f6740b40 libtiff-devel-3.5.5-19.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libtiff-3.5.5-19.src.rpm
9faf1a81c8cb9f7f6e6b712840b10951 libtiff-3.5.5-19.src.rpm

ia64:
c6c4648dfb26f03792898db6e75025e2 libtiff-3.5.5-19.ia64.rpm 0e2f3a5d95535589bdc71c96f6740b40 libtiff-devel-3.5.5-19.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libtiff-3.5.5-19.src.rpm
9faf1a81c8cb9f7f6e6b712840b10951 libtiff-3.5.5-19.src.rpm

i386:
ebdab894fe8b36793f3d277ecac3e870 libtiff-3.5.5-19.i386.rpm 74c12e5af9b426a1c50bb906a50db452 libtiff-devel-3.5.5-19.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libtiff-3.5.5-19.src.rpm
9faf1a81c8cb9f7f6e6b712840b10951 libtiff-3.5.5-19.src.rpm

i386:
ebdab894fe8b36793f3d277ecac3e870 libtiff-3.5.5-19.i386.rpm 74c12e5af9b426a1c50bb906a50db452 libtiff-devel-3.5.5-19.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libtiff-3.5.7-22.el3.src.rpm
230133fd30cfec91969c831561481cf9 libtiff-3.5.7-22.el3.src.rpm

i386:
92b6f791091a438b1b798907dcdac625 libtiff-3.5.7-22.el3.i386.rpm 85e8a16f6b0a069ee6136eb05fd08271 libtiff-devel-3.5.7-22.el3.i386.rpm

ia64:
19f8fab02cba5e20525f98eedf00b81d libtiff-3.5.7-22.el3.ia64.rpm 92b6f791091a438b1b798907dcdac625 libtiff-3.5.7-22.el3.i386.rpm a8fe08e3128aeb918b9fd60f1750616a libtiff-devel-3.5.7-22.el3.ia64.rpm

ppc:
b8d6bab0db333287b4737527f5f276b5 libtiff-3.5.7-22.el3.ppc.rpm e9fd3b43c0b3d2adc9da465c09260e07 libtiff-devel-3.5.7-22.el3.ppc.rpm

ppc64:
feee358ad4505b384359daefe9b14a5d libtiff-3.5.7-22.el3.ppc64.rpm

s390:
c532e0a2c9dbcd499499431aeccef2f5 libtiff-3.5.7-22.el3.s390.rpm 87fc4f5c36a512ee3015e27159c0ca21 libtiff-devel-3.5.7-22.el3.s390.rpm

s390x:
092ccc24332cc5664aee3425879c51e1 libtiff-3.5.7-22.el3.s390x.rpm c532e0a2c9dbcd499499431aeccef2f5 libtiff-3.5.7-22.el3.s390.rpm b5a4e320b091a5a2ccff69d50c8a57e3 libtiff-devel-3.5.7-22.el3.s390x.rpm

x86_64:
a475413f7d6f4dee48624fbf0ab6cb53 libtiff-3.5.7-22.el3.x86_64.rpm 92b6f791091a438b1b798907dcdac625 libtiff-3.5.7-22.el3.i386.rpm 343b7da68281c2ec25351005bd1ab081 libtiff-devel-3.5.7-22.el3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libtiff-3.5.7-22.el3.src.rpm
230133fd30cfec91969c831561481cf9 libtiff-3.5.7-22.el3.src.rpm

i386:
92b6f791091a438b1b798907dcdac625 libtiff-3.5.7-22.el3.i386.rpm 85e8a16f6b0a069ee6136eb05fd08271 libtiff-devel-3.5.7-22.el3.i386.rpm

x86_64:
a475413f7d6f4dee48624fbf0ab6cb53 libtiff-3.5.7-22.el3.x86_64.rpm 92b6f791091a438b1b798907dcdac625 libtiff-3.5.7-22.el3.i386.rpm 343b7da68281c2ec25351005bd1ab081 libtiff-devel-3.5.7-22.el3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libtiff-3.5.7-22.el3.src.rpm
230133fd30cfec91969c831561481cf9 libtiff-3.5.7-22.el3.src.rpm

i386:
92b6f791091a438b1b798907dcdac625 libtiff-3.5.7-22.el3.i386.rpm 85e8a16f6b0a069ee6136eb05fd08271 libtiff-devel-3.5.7-22.el3.i386.rpm

ia64:
19f8fab02cba5e20525f98eedf00b81d libtiff-3.5.7-22.el3.ia64.rpm 92b6f791091a438b1b798907dcdac625 libtiff-3.5.7-22.el3.i386.rpm a8fe08e3128aeb918b9fd60f1750616a libtiff-devel-3.5.7-22.el3.ia64.rpm

x86_64:
a475413f7d6f4dee48624fbf0ab6cb53 libtiff-3.5.7-22.el3.x86_64.rpm 92b6f791091a438b1b798907dcdac625 libtiff-3.5.7-22.el3.i386.rpm 343b7da68281c2ec25351005bd1ab081 libtiff-devel-3.5.7-22.el3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libtiff-3.5.7-22.el3.src.rpm
230133fd30cfec91969c831561481cf9 libtiff-3.5.7-22.el3.src.rpm

i386:
92b6f791091a438b1b798907dcdac625 libtiff-3.5.7-22.el3.i386.rpm 85e8a16f6b0a069ee6136eb05fd08271 libtiff-devel-3.5.7-22.el3.i386.rpm

ia64:
19f8fab02cba5e20525f98eedf00b81d libtiff-3.5.7-22.el3.ia64.rpm 92b6f791091a438b1b798907dcdac625 libtiff-3.5.7-22.el3.i386.rpm a8fe08e3128aeb918b9fd60f1750616a libtiff-devel-3.5.7-22.el3.ia64.rpm

x86_64:
a475413f7d6f4dee48624fbf0ab6cb53 libtiff-3.5.7-22.el3.x86_64.rpm 92b6f791091a438b1b798907dcdac625 libtiff-3.5.7-22.el3.i386.rpm 343b7da68281c2ec25351005bd1ab081 libtiff-devel-3.5.7-22.el3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1183

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFB5nrmXlSAg2UNWIIRApRZAJ94nX6WaOhn0vkCR++Kwshqnq4N2wCeOSW5
AsJsq+UzZn0vN08LlbwTvVg=
=9XoM
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBQecgKSh9+71yA2DNAQKqdgP/ettnbxYsFsgotJmyQd5Qo7LAim2OA5/z
CcnBf3USTrLIAWM3KTmw4RX8fL0ATb+kcrnnybqD/5zy1WjcFdXq/ySDlNcJGlKP
Ja2axorZ/K10b0PHr03j4RnleCe0xVb0nvxgvfzB3DOz5mnImSOgO2mOlDYui3hm
s3H5Vbto7+k=
=psMD
- -----END PGP SIGNATURE-----

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |