[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : New Netscape packages fix Java security hole

Title: New Netscape packages fix Java security hole
Released by: Red Hat
Date: 18th August 2000
Printable version: Click here

                   Red Hat, Inc. Security Advisory

Synopsis:          New Netscape packages fix Java security hole

Advisory ID:       RHSA-2000:054-01

Issue date:        2000-08-18

Updated on:        2000-08-18

Product:           Red Hat Linux

Keywords:          Brown Orifice netscape java

Cross references:  N/A


1. Topic:

New Netscape packages are available to fix a serious security

problem with Java. It is recommended that all netscape users

update to the new packages. Users of Red Hat Linux 6.0 and 6.1

should use the packages for Red Hat Linux 6.2.

Packages will be made available for Red Hat Linux 5.2 when

fixed binaries are available from Netscape.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - i386, alpha

3. Problem description:

Due to a problem in the Java environment shipped with Netscape,

it would be possible for a java applet on a remote site to

view files on a local machine, and then provide access to those

files for other machines.

For more information, please see:


4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):


6. RPMs required:

Red Hat Linux 6.2:












7. Verification:

MD5 sum                           Package Name


e4901ef360fdf89bc26cb9511210e25e  6.2/SRPMS/netscape-4.75-0.6.2.src.rpm

7868b53573252f231b627b20f11501fd  6.2/SRPMS/netscape-alpha-4.75-0.6.2.src.rpm

2db1ac1eefd26ef37b5e938077fc0a86  6.2/alpha/netscape-common-4.75-0.6.2.alpha.rpm

470b471c4d3575ecfa18bdabdb459389  6.2/alpha/netscape-communicator-4.75-0.6.2.alpha.rpm

981b62eb767ebd405dda3864bbb35d54  6.2/alpha/netscape-navigator-4.75-0.6.2.alpha.rpm

138e80104c7054d2b894fd3a064ab28f  6.2/i386/netscape-common-4.75-0.6.2.i386.rpm

887e48c496d386d82a6d66ce31f6a6cb  6.2/i386/netscape-communicator-4.75-0.6.2.i386.rpm

3e8c1094bbccb8d7783febea6e430549  6.2/i386/netscape-navigator-4.75-0.6.2.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key

is available at:


You can verify each package with the following command:

    rpm --checksig  

If you only wish to verify that each package has not been corrupted or

tampered with, examine only the md5sum with the following command:

    rpm --checksig --nogpg 

8. References:


Copyright(c) 2000 Red Hat, Inc.

(C) 1999-2000 All rights reserved.