LOL: Netscape hole

jkenner@mindspring.com jkenner@mindspring.com
Fri, 01 Dec 2000 15:29:50 -0500 

After having tried to upgrade to glibc-2.2 manually, then after having tried to install Storm, which is based around Debian and glibc-2.something, I think the problems might be entirely from glibc bugs. There was recently a mess of RedHat security advisories that are mostly likely a direct result of the one they issued several hours before about glibc.

When I reinstallled my box, I moved everything else somewhere safe. Well, I've moved it back. So now the only thing thats messed up is the compiler, which I suppose I can fix when the DSL comes back up (I'm at the library.) By default, the Storm install doesnt support ELF binaries - only glibc ones! What the hell is up with that... do current Debian and RedHat installations also suffer from this hideous disability? If I can only run binaries compiled with glibc, FORGET using a default install!

My advice to those of you who are experience the Netscape addressbook crash is to get libc5 working on your system and install the "unsupported" version for Linux2.0 rather than NS's 2.2 version (which apparently depends on a development glibc-1.1 library. Ick.)
Ive never had it crash from that - the only crashes I had with netscape were due to problems with java applets hanging it, and none of the crashes are reliably reproducable either (fun).

plug-discuss@lists.PLUG.phoenix.az.us wrote:
> you are not the only one with this problem.
I have seen it in all versions of netscape for linux.

There have probably been numerous submissions of bug reports on
this to netscape, but it seems they are not listening.

I just keep filling in the to: address manually.

Hawke

"Furmanek, Greg" wrote:
> 
> Talking about problems with Netscape.
> 
> I seem to have a problem using
> the address book.
> 
> The program crashes if I want to fill
> in address using Address Book
> on e-mail.
> 
> Has anyone else had this problem?
> 
> RH 7.0
> AMD 450
> Updated Packages.
> (It wasn't working before the update.)
> 
> The Wolf
> 
> -> -----Original Message-----
> -> From: sinck@ugive.com [mailto:sinck@ugive.com]
> -> Sent: Monday, November 27, 2000 2:14 PM
> -> To: plug-discuss@lists.PLUG.phoenix.az.us
> -> Subject: OMG: LOL: Netscape hole
> ->
> ->
> ->
> -> From Bugtraq:
> ->
> ->   |
> -> ---------------------------------------------------------------------
> ->   |                    Red Hat, Inc. Security Advisory
> ->   |
> ->   | Synopsis:          New Netscape packages available
> ->   | Advisory ID:       RHSA-2000:109-05
> ->   | Issue date:        2000-11-17
> ->   | Updated on:        2000-11-27
> ->   | Product:           Red Hat Linux
> ->   | Keywords:          netscape HTML buffer overflow
> ->   | Cross references:  N/A
> ->   |
> -> ---------------------------------------------------------------------
> ->   |
> ->   | 1. Topic:
> ->   |
> ->   | New Netscape packages are available that fix a buffer overflow
> ->   | in parsing HTML.
> ->   |
> ->   | It is recommended that all Netscape users update to the fixed
> ->   | packages.
> ->   |
> ->   | [...]
> ->   |
> ->   | 3. Problem description:
> ->   |
> ->   | A buffer overflow exists in Netscape's HTML parsing code. By
> ->   | using specially designed code, a remote website could cause
> ->   | arbitrary code to be run on the local machine.
> ->
> -> Now there is a hole.  Gives a hole new meaning to "dynamic html".
> ->
> -> David
> ->
> -> ________________________________________________
> -> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your
> -> mail doesn't post to the list quickly and you use Netscape
> -> to write mail.
> ->
> -> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> -> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> ->
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

-- 
Make a few extra $$$.
Join http://www.processtree.com/?sponsor=29027

I will not be pushed, filed, stamped, indexed, briefed, debriefed, or
numbered!
My life is my own - No. 6

________________________________________________
See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.

Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss