[RHSA-2004:429-01] Netscape 4.8 contains security flaws

Wed Aug 18 15:40:00 UTC 2004

Netscape Navigator and Netscape Communicator 4.8 as distributed with Red
Hat Enterprise Linux 2.1 contain security flaws and should not be used.

2. Problem description:

Netscape Navigator and Netscape Communicator have been removed from the Red
Hat Enterprise Linux 2.1 CD-ROM distribution as part of Update 5. These
packages were based on Netscape 4.8, which is known to be vulnerable to
recent critical security issues, such as CAN-2004-0597, CAN-2004-0598, and
CAN-2004-0599. 

Netscape 7.2 contains fixes for these issues and is available from
http://www.netscape.com/.  Netscape 4.8 packages will also remain available
via Red Hat Network for those who choose to use them despite their known
security vulnerabilities.

Users of Netscape 4.8 are advised to switch to Mozilla, which is included
and supported in Red Hat Enterprise Linux 2.1, and offers comparable
functionality.

3. Solution:

Red Hat Enterprise 2.1 users who do not need the functionality of Netscape 
4.8 should uninstall the netscape packages.

4. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599

5. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBI3hCXlSAg2UNWIIRAiL5AKCUnrKuVqngBE/e0EFiALh6bgNOFQCcDYan
Su5PyPkP0gtCB+wT2whAFMw=
=uMrU
-----END PGP SIGNATURE-----