-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2002-47 http://www/turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Mozilla The cookie of the optional host being acquired non- just Release date : 2002-08-02 Solution: package : mozilla-1.0-7 Problem JavaScript vulnerability allows cookie of optional host being acquired. Solution: Please verify version and execute the command below. # rpm -qa | grep package name being captured Execution example --------------------------------------------------------------------- # rpm -Fvh Package-1.0.0-1.i586.rpm \ Package-doc-1.0.0-1.i586.rpm \ Package-devel-1.0.0-1.i586.rpm The case where rpm command is executed, please enter as follows on the command line. # rpm -Fvh package-1.0.0-1.i586.rpm package-doc-1.0.0-1.i586.rpm package-devel-1.0.0-1.i586.rpm --------------------------------------------------------------------- < Turbolinux 8 Workstation > # rpm -Fvh mozilla-1.0-7.i586.rpm \ mozilla-devel-1.0-7.i586.rpm < Turbolinux 7 Server > < Turbolinux 7 Workstation > When the nautilus-mozilla and the nautilus-suggested are installed, please do un installation. # rpm -qa | grep nautilus \ When executing, if the nautilus-mozilla and the nautilus-suggested are indicated, it is already installed. # rpm -e nautilus-mozilla \ nautilus-suggested In addition, please verify whether or not the galeon is installed. # rpm -qa | grep galeon \ The galeon is not installed when # rpm -Uvh mozilla-1.0-7.i586.rpm \ mozilla-devel-1.0-7.i586.rpm The galeon is installed when # rpm -Uvh mozilla-1.0-7.i586.rpm \ mozilla-devel-1.0-7.i586.rpm \ libxml-1.8.14-1.i586.rpm \ libxml-devel-1.8.14-1.i586.rpm \ galeon-1.2.1-1.i586.rpm < Turbolinux Server 6.5 > < Turbolinux Advanced Server 6 > < Turbolinux Server 6.1 > < Turbolinux Workstation 6.0 > If the mozilla package is not being recorded, update is not necessary. Package updates: http://www.turbolinux.co.jp/update/