Red Hat 9038 Published by

A Mozilla security update is available for Red Hat Enterprise Linux 4

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Critical: mozilla security update
Advisory ID: RHSA-2005:277-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-277.html
Issue date: 2005-03-04
Updated on: 2005-03-04
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0255
----------------------------------------------------------------------

1. Summary:

Updated mozilla packages that fix a buffer overflow issue are now available.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64



3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

A bug was found in the Mozilla string handling functions. If a malicious website is able to exhaust a system's memory, it becomes possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0255 to this issue.

Please note that other security issues have been found that affect Mozilla. These other issues have a lower severity, and are therefore planned to be released as additional security updates in the future.

Users of Mozilla should upgrade to these updated packages, which contain a backported patch and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

150124 - CAN-2005-0255 Memory overwrite in string library

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mozilla-1.7.3-19.EL4.src.rpm
f38dbc4a876a2e8a7d22bf87b76fd615 mozilla-1.7.3-19.EL4.src.rpm

i386:
39ae3210517d35d921e930006841ee43 mozilla-1.7.3-19.EL4.i386.rpm
4ee1aef2c3beaa885da379f3269e8c6d mozilla-chat-1.7.3-19.EL4.i386.rpm
29012dae4a799da739161abbb2d92191 mozilla-devel-1.7.3-19.EL4.i386.rpm
eb579278872aa0c63991657c267709d9 mozilla-dom-inspector-1.7.3-19.EL4.i386.rpm
c35b92bcb3231bddb30ee8c5b085f7f1 mozilla-js-debugger-1.7.3-19.EL4.i386.rpm
55e70ed5c693b518abd3e6655b2756c3 mozilla-mail-1.7.3-19.EL4.i386.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
51c68d470ff73cda32e53faccf0d09de mozilla-nspr-devel-1.7.3-19.EL4.i386.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
998c5006ebadb4dc0667dd45c062481a mozilla-nss-devel-1.7.3-19.EL4.i386.rpm

ia64:
ca68d27df9d703f28caf702f03a2c815 mozilla-1.7.3-19.EL4.ia64.rpm
c9613d7843931c8f307e7d030bcfeebb mozilla-chat-1.7.3-19.EL4.ia64.rpm
50112396b34bd6724f61db2bdda37f3c mozilla-devel-1.7.3-19.EL4.ia64.rpm
08f955d73348162bc74d205b1afcb2f4 mozilla-dom-inspector-1.7.3-19.EL4.ia64.rpm
bcbad4d5cf1df6b85c25d5718c3297e7 mozilla-js-debugger-1.7.3-19.EL4.ia64.rpm
246c4095425ed95cf3d4e7524eabafc6 mozilla-mail-1.7.3-19.EL4.ia64.rpm
a0c490f4e9cd7f9d89b72a84fc8382b0 mozilla-nspr-1.7.3-19.EL4.ia64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
2bb0039d09b0b9e90ec2ba2a45b349d3 mozilla-nspr-devel-1.7.3-19.EL4.ia64.rpm
b6566d37c099e89a790247f5ee01511b mozilla-nss-1.7.3-19.EL4.ia64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
162f10e927ac46eb5c997fb8fb8aef31 mozilla-nss-devel-1.7.3-19.EL4.ia64.rpm

ppc:
4f14f23c3f82b7cd991c8c307346c3b4 mozilla-1.7.3-19.EL4.ppc.rpm
8929adbac27a0119b282fe1afc98f0ef mozilla-chat-1.7.3-19.EL4.ppc.rpm
b899f513c30ace575ab4e9b83162bb5e mozilla-devel-1.7.3-19.EL4.ppc.rpm
105b7865dc67efa9f589f805a64ec9af mozilla-dom-inspector-1.7.3-19.EL4.ppc.rpm
bf2755837521d659b2d497949dfc86c0 mozilla-js-debugger-1.7.3-19.EL4.ppc.rpm
7b8a29af2710b33b664548c933484f8f mozilla-mail-1.7.3-19.EL4.ppc.rpm
c615451892c2a69503c57a9f4e75e007 mozilla-nspr-1.7.3-19.EL4.ppc.rpm
c2de101cf5751833f149ae4102e21cff mozilla-nspr-devel-1.7.3-19.EL4.ppc.rpm
96b763974d10ac72401f364ff196b290 mozilla-nss-1.7.3-19.EL4.ppc.rpm
f7f3f84a81eae1936be81d1a3d887e58 mozilla-nss-devel-1.7.3-19.EL4.ppc.rpm

s390:
f2e1f2a5d33abf7e1b9350c169a2cc84 mozilla-1.7.3-19.EL4.s390.rpm
0a51da8cec34280604a009e7c09144bc mozilla-chat-1.7.3-19.EL4.s390.rpm
b5280f95e1d4fbcfd2fbe3ebe5c7128b mozilla-devel-1.7.3-19.EL4.s390.rpm
84a2fafb4d8581067fdd255d9ee161a8 mozilla-dom-inspector-1.7.3-19.EL4.s390.rpm
8da4e2d1d8c81cb195b911e8c40ed9f8 mozilla-js-debugger-1.7.3-19.EL4.s390.rpm
a983613094c5b1f2e9f1369c94aa651e mozilla-mail-1.7.3-19.EL4.s390.rpm
2d6ab4a4a5c13efaa9a84ce14393284a mozilla-nspr-1.7.3-19.EL4.s390.rpm
4086ab3ca9b912854a0eea21fd6f9a40 mozilla-nspr-devel-1.7.3-19.EL4.s390.rpm
91042804e7acdc601033c5953021defb mozilla-nss-1.7.3-19.EL4.s390.rpm
68a8b46fa0f9944d822e1f3cfd2582a1 mozilla-nss-devel-1.7.3-19.EL4.s390.rpm

s390x:
1802303fc112de0d5418f1bbb65ffe13 mozilla-1.7.3-19.EL4.s390x.rpm
e080b19af615c3f3fc6c9995c179bfa9 mozilla-chat-1.7.3-19.EL4.s390x.rpm
e66986eda1e3df2916cd01883acb4479 mozilla-devel-1.7.3-19.EL4.s390x.rpm
5269aba3adb89b23321948cfcad311bc mozilla-dom-inspector-1.7.3-19.EL4.s390x.rpm
d06443ccad52994058ee252d16801f87 mozilla-js-debugger-1.7.3-19.EL4.s390x.rpm
a768d5077632f588070be23882b937c2 mozilla-mail-1.7.3-19.EL4.s390x.rpm
baf7c42fdaa423b0c3494ee682a39dd1 mozilla-nspr-1.7.3-19.EL4.s390x.rpm
2d6ab4a4a5c13efaa9a84ce14393284a mozilla-nspr-1.7.3-19.EL4.s390.rpm
05d4351be5e8e1d5c382d9cf0b353713 mozilla-nspr-devel-1.7.3-19.EL4.s390x.rpm
37901c38badcb3d39cb7a64397ec4f93 mozilla-nss-1.7.3-19.EL4.s390x.rpm
91042804e7acdc601033c5953021defb mozilla-nss-1.7.3-19.EL4.s390.rpm
8d67688575c64ad370a5283342be5109 mozilla-nss-devel-1.7.3-19.EL4.s390x.rpm

x86_64:
9f52dbcbe3bf5a56f22eadf2969d9c6a mozilla-1.7.3-19.EL4.x86_64.rpm
598e7b559ed697719b65982ad5797252 mozilla-chat-1.7.3-19.EL4.x86_64.rpm
0ac7afa778ab2b8aaaf6d0f30016d0cd mozilla-devel-1.7.3-19.EL4.x86_64.rpm
97fc7abc0299fa2810ce0d225908433a mozilla-dom-inspector-1.7.3-19.EL4.x86_64.rpm
3d967bdd0340af26c9e8a0ab2ad5b0c6 mozilla-js-debugger-1.7.3-19.EL4.x86_64.rpm
95bc074f815a069613faf291c61a9a69 mozilla-mail-1.7.3-19.EL4.x86_64.rpm
62c81b6dc5d6b86f08a2541980221a11 mozilla-nspr-1.7.3-19.EL4.x86_64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
cb1cb0147b778d54e643576b3a5f2da1 mozilla-nspr-devel-1.7.3-19.EL4.x86_64.rpm
63d679f77661d47ea5b4292976ce756d mozilla-nss-1.7.3-19.EL4.x86_64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
bb682fbbfe26f9b914cee41e6bb27984 mozilla-nss-devel-1.7.3-19.EL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mozilla-1.7.3-19.EL4.src.rpm
f38dbc4a876a2e8a7d22bf87b76fd615 mozilla-1.7.3-19.EL4.src.rpm

i386:
39ae3210517d35d921e930006841ee43 mozilla-1.7.3-19.EL4.i386.rpm
4ee1aef2c3beaa885da379f3269e8c6d mozilla-chat-1.7.3-19.EL4.i386.rpm
29012dae4a799da739161abbb2d92191 mozilla-devel-1.7.3-19.EL4.i386.rpm
eb579278872aa0c63991657c267709d9 mozilla-dom-inspector-1.7.3-19.EL4.i386.rpm
c35b92bcb3231bddb30ee8c5b085f7f1 mozilla-js-debugger-1.7.3-19.EL4.i386.rpm
55e70ed5c693b518abd3e6655b2756c3 mozilla-mail-1.7.3-19.EL4.i386.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
51c68d470ff73cda32e53faccf0d09de mozilla-nspr-devel-1.7.3-19.EL4.i386.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
998c5006ebadb4dc0667dd45c062481a mozilla-nss-devel-1.7.3-19.EL4.i386.rpm

x86_64:
9f52dbcbe3bf5a56f22eadf2969d9c6a mozilla-1.7.3-19.EL4.x86_64.rpm
598e7b559ed697719b65982ad5797252 mozilla-chat-1.7.3-19.EL4.x86_64.rpm
0ac7afa778ab2b8aaaf6d0f30016d0cd mozilla-devel-1.7.3-19.EL4.x86_64.rpm
97fc7abc0299fa2810ce0d225908433a mozilla-dom-inspector-1.7.3-19.EL4.x86_64.rpm
3d967bdd0340af26c9e8a0ab2ad5b0c6 mozilla-js-debugger-1.7.3-19.EL4.x86_64.rpm
95bc074f815a069613faf291c61a9a69 mozilla-mail-1.7.3-19.EL4.x86_64.rpm
62c81b6dc5d6b86f08a2541980221a11 mozilla-nspr-1.7.3-19.EL4.x86_64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
cb1cb0147b778d54e643576b3a5f2da1 mozilla-nspr-devel-1.7.3-19.EL4.x86_64.rpm
63d679f77661d47ea5b4292976ce756d mozilla-nss-1.7.3-19.EL4.x86_64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
bb682fbbfe26f9b914cee41e6bb27984 mozilla-nss-devel-1.7.3-19.EL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mozilla-1.7.3-19.EL4.src.rpm
f38dbc4a876a2e8a7d22bf87b76fd615 mozilla-1.7.3-19.EL4.src.rpm

i386:
39ae3210517d35d921e930006841ee43 mozilla-1.7.3-19.EL4.i386.rpm
4ee1aef2c3beaa885da379f3269e8c6d mozilla-chat-1.7.3-19.EL4.i386.rpm
29012dae4a799da739161abbb2d92191 mozilla-devel-1.7.3-19.EL4.i386.rpm
eb579278872aa0c63991657c267709d9 mozilla-dom-inspector-1.7.3-19.EL4.i386.rpm
c35b92bcb3231bddb30ee8c5b085f7f1 mozilla-js-debugger-1.7.3-19.EL4.i386.rpm
55e70ed5c693b518abd3e6655b2756c3 mozilla-mail-1.7.3-19.EL4.i386.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
51c68d470ff73cda32e53faccf0d09de mozilla-nspr-devel-1.7.3-19.EL4.i386.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
998c5006ebadb4dc0667dd45c062481a mozilla-nss-devel-1.7.3-19.EL4.i386.rpm

ia64:
ca68d27df9d703f28caf702f03a2c815 mozilla-1.7.3-19.EL4.ia64.rpm
c9613d7843931c8f307e7d030bcfeebb mozilla-chat-1.7.3-19.EL4.ia64.rpm
50112396b34bd6724f61db2bdda37f3c mozilla-devel-1.7.3-19.EL4.ia64.rpm
08f955d73348162bc74d205b1afcb2f4 mozilla-dom-inspector-1.7.3-19.EL4.ia64.rpm
bcbad4d5cf1df6b85c25d5718c3297e7 mozilla-js-debugger-1.7.3-19.EL4.ia64.rpm
246c4095425ed95cf3d4e7524eabafc6 mozilla-mail-1.7.3-19.EL4.ia64.rpm
a0c490f4e9cd7f9d89b72a84fc8382b0 mozilla-nspr-1.7.3-19.EL4.ia64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
2bb0039d09b0b9e90ec2ba2a45b349d3 mozilla-nspr-devel-1.7.3-19.EL4.ia64.rpm
b6566d37c099e89a790247f5ee01511b mozilla-nss-1.7.3-19.EL4.ia64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
162f10e927ac46eb5c997fb8fb8aef31 mozilla-nss-devel-1.7.3-19.EL4.ia64.rpm

x86_64:
9f52dbcbe3bf5a56f22eadf2969d9c6a mozilla-1.7.3-19.EL4.x86_64.rpm
598e7b559ed697719b65982ad5797252 mozilla-chat-1.7.3-19.EL4.x86_64.rpm
0ac7afa778ab2b8aaaf6d0f30016d0cd mozilla-devel-1.7.3-19.EL4.x86_64.rpm
97fc7abc0299fa2810ce0d225908433a mozilla-dom-inspector-1.7.3-19.EL4.x86_64.rpm
3d967bdd0340af26c9e8a0ab2ad5b0c6 mozilla-js-debugger-1.7.3-19.EL4.x86_64.rpm
95bc074f815a069613faf291c61a9a69 mozilla-mail-1.7.3-19.EL4.x86_64.rpm
62c81b6dc5d6b86f08a2541980221a11 mozilla-nspr-1.7.3-19.EL4.x86_64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
cb1cb0147b778d54e643576b3a5f2da1 mozilla-nspr-devel-1.7.3-19.EL4.x86_64.rpm
63d679f77661d47ea5b4292976ce756d mozilla-nss-1.7.3-19.EL4.x86_64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
bb682fbbfe26f9b914cee41e6bb27984 mozilla-nss-devel-1.7.3-19.EL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mozilla-1.7.3-19.EL4.src.rpm
f38dbc4a876a2e8a7d22bf87b76fd615 mozilla-1.7.3-19.EL4.src.rpm

i386:
39ae3210517d35d921e930006841ee43 mozilla-1.7.3-19.EL4.i386.rpm
4ee1aef2c3beaa885da379f3269e8c6d mozilla-chat-1.7.3-19.EL4.i386.rpm
29012dae4a799da739161abbb2d92191 mozilla-devel-1.7.3-19.EL4.i386.rpm
eb579278872aa0c63991657c267709d9 mozilla-dom-inspector-1.7.3-19.EL4.i386.rpm
c35b92bcb3231bddb30ee8c5b085f7f1 mozilla-js-debugger-1.7.3-19.EL4.i386.rpm
55e70ed5c693b518abd3e6655b2756c3 mozilla-mail-1.7.3-19.EL4.i386.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
51c68d470ff73cda32e53faccf0d09de mozilla-nspr-devel-1.7.3-19.EL4.i386.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
998c5006ebadb4dc0667dd45c062481a mozilla-nss-devel-1.7.3-19.EL4.i386.rpm

ia64:
ca68d27df9d703f28caf702f03a2c815 mozilla-1.7.3-19.EL4.ia64.rpm
c9613d7843931c8f307e7d030bcfeebb mozilla-chat-1.7.3-19.EL4.ia64.rpm
50112396b34bd6724f61db2bdda37f3c mozilla-devel-1.7.3-19.EL4.ia64.rpm
08f955d73348162bc74d205b1afcb2f4 mozilla-dom-inspector-1.7.3-19.EL4.ia64.rpm
bcbad4d5cf1df6b85c25d5718c3297e7 mozilla-js-debugger-1.7.3-19.EL4.ia64.rpm
246c4095425ed95cf3d4e7524eabafc6 mozilla-mail-1.7.3-19.EL4.ia64.rpm
a0c490f4e9cd7f9d89b72a84fc8382b0 mozilla-nspr-1.7.3-19.EL4.ia64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
2bb0039d09b0b9e90ec2ba2a45b349d3 mozilla-nspr-devel-1.7.3-19.EL4.ia64.rpm
b6566d37c099e89a790247f5ee01511b mozilla-nss-1.7.3-19.EL4.ia64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
162f10e927ac46eb5c997fb8fb8aef31 mozilla-nss-devel-1.7.3-19.EL4.ia64.rpm

x86_64:
9f52dbcbe3bf5a56f22eadf2969d9c6a mozilla-1.7.3-19.EL4.x86_64.rpm
598e7b559ed697719b65982ad5797252 mozilla-chat-1.7.3-19.EL4.x86_64.rpm
0ac7afa778ab2b8aaaf6d0f30016d0cd mozilla-devel-1.7.3-19.EL4.x86_64.rpm
97fc7abc0299fa2810ce0d225908433a mozilla-dom-inspector-1.7.3-19.EL4.x86_64.rpm
3d967bdd0340af26c9e8a0ab2ad5b0c6 mozilla-js-debugger-1.7.3-19.EL4.x86_64.rpm
95bc074f815a069613faf291c61a9a69 mozilla-mail-1.7.3-19.EL4.x86_64.rpm
62c81b6dc5d6b86f08a2541980221a11 mozilla-nspr-1.7.3-19.EL4.x86_64.rpm
eb3c48388e576edb480b7c2effc4a33e mozilla-nspr-1.7.3-19.EL4.i386.rpm
cb1cb0147b778d54e643576b3a5f2da1 mozilla-nspr-devel-1.7.3-19.EL4.x86_64.rpm
63d679f77661d47ea5b4292976ce756d mozilla-nss-1.7.3-19.EL4.x86_64.rpm
0f87bb5b91f895f7f2ddc50d8fa7a783 mozilla-nss-1.7.3-19.EL4.i386.rpm
bb682fbbfe26f9b914cee41e6bb27984 mozilla-nss-devel-1.7.3-19.EL4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://www.mozilla.org/security/announce/mfsa2005-18.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255

8. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.