Debians sikkerhedsbulletin
DSA-051-1 netscape -- uventet udførelse af javascript
- Rapporteret den:
- 23. apr 2001
- Berørte pakker:
- netscape
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Mitres CVE-ordbog: CVE-2001-0596.
- Yderligere oplysninger:
-
Florian Wesch har opdaget et problem (rapporteret til bugtraq) med den måde
Netscape behandler kommentarer i GIF-filer. Netscape-browseren ændrer ikke
GIF-filkommentaren på siden med oplysninger om billeder. Dette giver mulighed
for udførelse af javascript i "about:"-protokollen og kan for eksempel anvendes
til at uploade historikken (about:global) til en webserver, og på den måde
lække oplysninger af privat karakter. Dette problem er rettet i Netscape 4.77.
Da vi ikke har modtaget kildekoden til disse paker, er de ikke en del af Debian GNU/Linux-distributionen, men er for nemheds skyld pakket som `.deb'-filer, så det er nemmere at installere dem.
Vi anbefaler at du omgående opgraderer din Netscape-pakke og fjerne gamle versioner.
- Rettet i:
-
Debian GNU/Linux 2.2 (potato)
- Kildekode:
- http://security.debian.org/dists/stable/updates/contrib/source/netscape4.base_4.77-1.tar.gz
- http://security.debian.org/dists/stable/updates/contrib/source/netscape4.base_4.77-1.dsc
- http://security.debian.org/dists/stable/updates/main/source/netscape4.77_4.77-2.dsc
- http://security.debian.org/dists/stable/updates/main/source/netscape4.77_4.77-2.diff.gz
- http://security.debian.org/dists/stable/updates/contrib/source/netscape4.base_4.77-1.dsc
- Arkitekturuafhængig komponent:
- http://security.debian.org/dists/stable/updates/non-free/binary-all/netscape-ja-resource-477_4.77-2_all.deb
- http://security.debian.org/dists/stable/updates/non-free/binary-all/netscape-java-477_4.77-2_all.deb
- http://security.debian.org/dists/stable/updates/non-free/binary-all/netscape-ko-resource-477_4.77-2_all.deb
- http://security.debian.org/dists/stable/updates/non-free/binary-all/netscape-zh-resource-477_4.77-2_all.deb
- http://security.debian.org/dists/stable/updates/non-free/binary-all/navigator-nethelp-477_4.77-2_all.deb
- http://security.debian.org/dists/stable/updates/non-free/binary-all/communicator-nethelp-477_4.77-2_all.deb
- http://security.debian.org/dists/stable/updates/non-free/binary-all/communicator-spellchk-477_4.77-2_all.deb
- http://security.debian.org/dists/stable/updates/non-free/binary-all/netscape-java-477_4.77-2_all.deb
- Intel IA-32:
- http://security.debian.org/dists/stable/updates/contrib/binary-i386/netscape_4.77-1_i386.deb
- http://security.debian.org/dists/stable/updates/contrib/binary-i386/netscape-base-4-libc5_4.77-1_i386.deb
- http://security.debian.org/dists/stable/updates/contrib/binary-i386/netscape-base-4_4.77-1_i386.deb
- http://security.debian.org/dists/stable/updates/contrib/binary-i386/navigator_4.77-1_i386.deb
- http://security.debian.org/dists/stable/updates/contrib/binary-i386/communicator_4.77-1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/netscape-base-477_4.77-2_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/netscape-smotif-477_4.77-2_i386.deb
- http://security.debian.org/dists/stable/updates/non-free/binary-i386/netscape-base-477_4.77-2_i386.deb
- http://security.debian.org/dists/stable/updates/non-free/binary-i386/navigator-base-477_4.77-2_i386.deb
- http://security.debian.org/dists/stable/updates/non-free/binary-i386/navigator-smotif-477_4.77-2_i386.deb
- http://security.debian.org/dists/stable/updates/non-free/binary-i386/communicator-base-477_4.77-2_i386.deb
- http://security.debian.org/dists/stable/updates/non-free/binary-i386/communicator-smotif-477_4.77-2_i386.deb
- http://security.debian.org/dists/stable/updates/contrib/binary-i386/netscape-base-4-libc5_4.77-1_i386.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.