Articles / Red Hat

All articles tagged with Red Hat

December 13, 2009 17:59 Red Hat: Updated expat packages fix two security issues

0

Expat is a C library written by James Clark for parsing XML documents. Two buffer over-read flaws were found in the way Expat handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using Expat to crash while parsing the file. Updated packages are available from updates.redhat.com.

December 13, 2009 17:58 Red Hat: An updated acpid package fixes one security issue

0

acpid is a daemon that dispatches ACPI (Advanced Configuration and Power Interface) events to user-space programs. It was discovered that acpid could create its log file (“/var/log/acpid”) with random permissions on some systems. A local attacker could use this flaw to escalate their privileges if the log file was created as world-writable and with the setuid or setgid bit set. Updated packages are available from updates.redhat.com.

December 06, 2009 14:08 Red Hat: Updated bind packages fix one security issue

0

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. Michael Sinatra discovered that BIND was incorrectly caching responses without performing proper DNSSEC validation, when those responses were received during the resolution of a recursive client query that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. Updated packages are available from updates.redhat.com.

December 06, 2009 14:07 Red Hat: An updated dstat package fixes one security issue

0

Dstat is a versatile replacement for the vmstat, iostat, and netstat tools. Robert Buchholz of the Gentoo Security Team reported a flaw in the Python module search path used in dstat. If a local attacker could trick a local user into running dstat from a directory containing a Python script that is named like an importable module, they could execute arbitrary code with the privileges of the user running dstat. Updated packages are available from updates.redhat.com.

December 06, 2009 14:05 Red Hat: Updated xerces-j2 packages fix a security issue

0

The xerces-j2 packages provide the Apache Xerces2 Java Parser, a high-performance XML parser. A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially-crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service (application hang due to excessive CPU use). Updated packages are available from updates.redhat.com.

November 29, 2009 20:41 Red Hat: Updated kdelibs packages fix one security issue

0

The kdelibs packages provide libraries for the K Desktop Environment (KDE). A buffer overflow flaw was found in the kdelibs string to floating point conversion routines. A web page containing malicious JavaScript could crash Konqueror or, potentially, execute arbitrary code with the privileges of the user running Konqueror. Updated packages are available from updates.redhat.com.

November 22, 2009 21:19 Red Hat: Updated cups packages fix multiple security issues

0

The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could, in a specially-crafted way, query for the list of current print jobs for a specific printer, leading to a denial of service (cupsd crash). Several cross-site scripting (XSS) flaws were found in the way the CUPS web server interface processed HTML form content. If a remote attacker could trick a local user who is logged into the CUPS web interface into visiting a specially-crafted HTML page, the attacker could retrieve and potentially modify confidential CUPS administration data. Updated packages are available from updates.redhat.com.

November 22, 2009 21:04 Red Hat: Updated httpd packages fix multiple security issues

0

The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client’s session (for example, an HTTPS connection to a website). A denial of service flaw was found in the Apache mod_deflate module which could cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. A NULL pointer dereference flaw was found in the Apache modproxyftp module which could result in a limited denial of service. A second flaw was found in the Apache modproxyftp module which could be used to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header. Updated packages are available from updates.redhat.com.

November 22, 2009 21:02 Red Hat: Updated httpd packages fix multiple security issues

0

The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client’s session (for example, an HTTPS connection to a website). A NULL pointer dereference flaw was found in the Apache modproxyftp module which could result in a limited denial of service. A second flaw was found in the Apache modproxyftp module which could be used to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header. Updated packages are available from updates.redhat.com.

November 22, 2009 20:58 Red Hat: An updated 4Suite package fixes one security issue

0

The 4Suite package contains XML-related tools and libraries for Python, including 4DOM, 4XSLT, 4XPath, 4RDF, and 4XPointer. A buffer over-read flaw was found in the way 4Suite’s XML parser handles malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using the 4Suite library to crash while parsing the file. Updated packages are available from updates.redhat.com.

November 22, 2009 20:57 Red Hat: Updated java-1.5.0-sun packages correct several ...

0

The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. These vulnerabilities are summarized on the “Advance notification of Security Updates for Java SE” page from Sun Microsystems. Updated packages are available from updates.redhat.com.

November 22, 2009 20:53 Red Hat: Updated tomcat packages fix several security issues

0

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that request dispatchers did not properly normalize user requests that have trailing query strings, allowing remote attackers to send specially-crafted requests that would cause an information leak. A flaw was found in the way the Tomcat AJP (Apache JServ Protocol) connector processes AJP connections. An attacker could use this flaw to send specially-crafted requests that would cause a temporary denial of service. It was discovered that the error checking methods of certain authentication classes did not have sufficient error checking, allowing remote attackers to enumerate (via brute force methods) usernames registered with applications running on Tomcat when FORM-based authentication was used. It was discovered that web applications containing their own XML parsers could replace the XML parser Tomcat uses to parse configuration files. A malicious web application running on a Tomcat instance could read or, potentially, modify the configuration and XML-based data of other web applications deployed on the same Tomcat instance. Updated packages are available from updates.redhat.com.

November 22, 2009 20:51 Red Hat: Updated tomcat packages fix several security issues

0

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that request dispatchers did not properly normalize user requests that have trailing query strings, allowing remote attackers to send specially-crafted requests that would cause an information leak. A flaw was found in the way the Tomcat AJP (Apache JServ Protocol) connector processes AJP connections. An attacker could use this flaw to send specially-crafted requests that would cause a temporary denial of service. It was discovered that the error checking methods of certain authentication classes did not have sufficient error checking, allowing remote attackers to enumerate (via brute force methods) usernames registered with applications running on Tomcat when FORM-based authentication was used. A cross-site scripting (XSS) flaw was found in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the “time” parameter. It was discovered that web applications containing their own XML parsers could replace the XML parser Tomcat uses to parse configuration files. A malicious web application running on a Tomcat instance could read or, potentially, modify the configuration and XML-based data of other web applications deployed on the same Tomcat instance. Updated packages are available from updates.redhat.com.

November 22, 2009 20:49 Red Hat: Updated libvorbis packages fix multiple security...

0

The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. Multiple flaws were found in the libvorbis library. A specially-crafted Ogg Vorbis media format file (Ogg) could cause an application using libvorbis to crash or, possibly, execute arbitrary code when opened. Updated packages are available from updates.redhat.com.

November 22, 2009 20:48 Red Hat: Updated java-1.6.0-sun packages correct several ...

0

The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Updated packages are available from updates.redhat.com.

November 22, 2009 20:11 Red Hat: An updated wget package fixes a security issue

0

GNU Wget is a file retrieval utility that can use HTTP, HTTPS, and FTP. Daniel Stenberg reported that Wget is affected by the previously published “null prefix attack”, caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Wget into accepting it by mistake. Updated packages are available from updates.redhat.com.

November 22, 2009 20:08 Red Hat: Updated kernel packages fix multiple security is...

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A system with SELinux enforced was more permissive in allowing local users in the unconfined_t domain to map low memory areas even if the mmap_min_addr restriction was enabled. Two NULL pointer dereference flaws were found which could be used to cause a local denial of service or privilege escalation. A flaw was found in the NFSv4 implementation which could leave files with the permission bits set to random values. A flaw was found in the Realtek r8169 Ethernet driver which could be abused by using jumbo frames for large amounts of network traffic. Missing initialization flaws were found which could lead to information leaks. Updated packages are available from updates.redhat.com.

November 22, 2009 20:06 Red Hat: Updated kernel packages fix security issues

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in each of the following functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe’s reader and writer counters. This could lead to a local denial of service or privilege escalation. Updated packages are available from updates.redhat.com.

November 22, 2009 19:59 Red Hat: Updated pidgin packages fix a security issue

0

Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An invalid pointer dereference bug was found in the way the Pidgin OSCAR protocol implementation processed lists of contacts. A remote attacker could send a specially-crafted contact list to a user running Pidgin, causing Pidgin to crash. Updated packages are available from updates.redhat.com.

November 22, 2009 19:57 Red Hat: An updated pidgin package fixes several security...

0

Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An invalid pointer dereference bug was found in the way the Pidgin OSCAR protocol implementation processed lists of contacts. A remote attacker could send a specially-crafted contact list to a user running Pidgin, causing Pidgin to crash. A NULL pointer dereference flaw was found in the way the Pidgin IRC protocol plug-in handles IRC topics. A malicious IRC server could send a specially-crafted IRC TOPIC message, which once received by Pidgin, would lead to a denial of service (Pidgin crash). A NULL pointer dereference flaw was found in the way the Pidgin MSN protocol plug-in handles improper MSNSLP invitations. A remote attacker could send a specially-crafted MSNSLP invitation request, which once accepted by a valid Pidgin user, would lead to a denial of service (Pidgin crash). Updated packages are available from updates.redhat.com.

November 22, 2009 19:34 Red Hat: Updated seamonkey packages fix several security ...

0

SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey creates temporary file names for downloaded files. If a local attacker knows the name of a file SeaMonkey is going to download, they can replace the contents of that file with arbitrary contents. A heap-based buffer overflow flaw was found in the SeaMonkey string to floating point conversion routines. A web page containing malicious JavaScript could crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. A flaw was found in the way SeaMonkey handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. A flaw was found in the way SeaMonkey displays a right-to-left override character when downloading a file. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. Updated packages are available from updates.redhat.com.

November 22, 2009 19:30 Red Hat: Updated firefox packages fix several security is...

0

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR). A flaw was found in the way Firefox handles form history. A malicious web page could steal saved form data by synthesizing input events, causing the browser to auto-fill form fields (which could then be read by an attacker). A flaw was found in the way Firefox creates temporary file names for downloaded files. If a local attacker knows the name of a file Firefox is going to download, they can replace the contents of that file with arbitrary contents. A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file processor. If Firefox loads a malicious PAC file, it could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. A heap-based buffer overflow flaw was found in the Firefox GIF image processor. A malicious GIF image could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. A heap-based buffer overflow flaw was found in the Firefox string to floating point conversion routines. A web page containing malicious JavaScript could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. A flaw was found in the way Firefox displays a right-to-left override character when downloading a file. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Updated packages are available from updates.redhat.com.

November 22, 2009 19:28 Red Hat: Updated samba packages fix multiple security issues

0

Samba is a suite of programs used by machines to share files, printers, and other information. A denial of service flaw was found in the Samba smbd daemon. An authenticated, remote user could send a specially-crafted response that would cause an smbd child process to enter an infinite loop. An uninitialized data access flaw was discovered in the smbd daemon when using the non-default “dos filemode” configuration option in “smb.conf”. An authenticated, remote user with write access to a file could possibly use this flaw to change an access control list for that file, even when such access should have been denied. A flaw was discovered in the way Samba handled users without a home directory set in the back-end password database (e.g. “/etc/passwd”). If a share for the home directory of such a user was created (e.g. using the automated ”homes” share), any user able to access that share could see the whole file system, possibly bypassing intended access restrictions. The mount.cifs program printed CIFS passwords as part of its debug output when running in verbose mode. When mount.cifs had the setuid bit set, a local, unprivileged user could use this flaw to disclose passwords from a file that would otherwise be inaccessible to that user. Updated packages are available from updates.redhat.com.

November 22, 2009 19:26 Red Hat: Updated samba packages fix a security issue

0

Samba is a suite of programs used by machines to share files, printers, and other information. A denial of service flaw was found in the Samba smbd daemon. An authenticated, remote user could send a specially-crafted response that would cause an smbd child process to enter an infinite loop. An authenticated, remote user could use this flaw to exhaust system resources by opening multiple CIFS sessions. Updated packages are available from updates.redhat.com.

November 22, 2009 19:03 Red Hat: Updated kernel packages fix multiple security is...

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. Multiple, missing initialization flaws were found in the Linux kernel. Padding data in several core network structures was not initialized properly before being sent to user-space. These flaws could lead to information leaks. Updated packages are available from updates.redhat.com.

November 22, 2009 18:55 Red Hat: Updated cups packages fix two security issues

0

The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The CUPS “pdftops” filter converts Portable Document Format (PDF) files to PostScript. Two integer overflow flaws were found in the CUPS “pdftops” filter. An attacker could create a malicious PDF file that would cause “pdftops” to crash or, potentially, execute arbitrary code as the “lp” user if the file was printed. Updated packages are available from updates.redhat.com.

November 22, 2009 18:54 Red Hat: Updated kdegraphics packages fix multiple securi...

0

The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in KPDF. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. Updated packages are available from updates.redhat.com.

November 22, 2009 18:53 Red Hat: Updated poppler packages fix multiple security i...

0

Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Multiple integer overflow flaws were found in poppler. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. Updated packages are available from updates.redhat.com.

November 22, 2009 18:52 Red Hat: An updated gpdf package fixes multiple security ...

0

GPdf is a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in GPdf. An attacker could create a malicious PDF file that would cause GPdf to crash or, potentially, execute arbitrary code when opened. Updated packages are available from updates.redhat.com.

November 22, 2009 18:51 Red Hat: Updated kdegraphics packages fix multiple securi...

0

The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in KPDF. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. Updated packages are available from updates.redhat.com.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.