Red Hat 9062 Published by

The Netscape 4.8 package in Red Hat Enterprise Linux 2.1 contain security flaws and should not be used.

---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Netscape 4.8 contains security flaws
Advisory ID: RHSA-2004:429-01
Issue date: 2004-08-18
Updated on: 2004-08-18
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0597 CAN-2004-0598 CAN-2004-0599
----------------------------------------------------------------------

1. Summary:

Netscape Navigator and Netscape Communicator 4.8 as distributed with Red Hat Enterprise Linux 2.1 contain security flaws and should not be used.

2. Problem description:

Netscape Navigator and Netscape Communicator have been removed from the Red Hat Enterprise Linux 2.1 CD-ROM distribution as part of Update 5. These packages were based on Netscape 4.8, which is known to be vulnerable to recent critical security issues, such as CAN-2004-0597, CAN-2004-0598, and CAN-2004-0599.



Netscape 7.2 contains fixes for these issues and is available from http://www.netscape.com/. Netscape 4.8 packages will also remain available via Red Hat Network for those who choose to use them despite their known security vulnerabilities.

Users of Netscape 4.8 are advised to switch to Mozilla, which is included and supported in Red Hat Enterprise Linux 2.1, and offers comparable functionality.

3. Solution:

Red Hat Enterprise 2.1 users who do not need the functionality of Netscape 4.8 should uninstall the netscape packages.

4. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599

5. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.