Articles / Red Hat

All articles tagged with Red Hat

December 23, 2011 16:37 Red Hat: Updated pidgin packages fix multiple security is...

0

Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime (OSCAR) protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messaging systems, escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted OSCAR message. Multiple NULL pointer dereference flaws were found in the Jingle extension of the Extensible Messaging and Presence Protocol (XMPP) protocol plug-in in Pidgin. A remote attacker could use these flaws to crash Pidgin via a specially-crafted Jingle multimedia message. Updated packages are available from ftp.redhat.com.

December 23, 2011 16:35 Red Hat: An updated ipmitool package fixes one security i...

0

The ipmitool package contains a command line utility for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification. It was discovered that the IPMI event daemon (ipmievd) created its process ID (PID) file with world-writable permissions. A local user could use this flaw to make the ipmievd init script kill an arbitrary process when the ipmievd daemon is stopped or restarted. Updated packages are available from ftp.redhat.com.

December 23, 2011 16:28 Red Hat: Updated kernel packages fix several security issues

0

These packages contain the Linux kernel. A flaw in the Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service by sending a specially-crafted SCTP packet to a target system. A flaw in the client-side NFS Lock Manager (NLM) implementation could allow a local, unprivileged user to cause a denial of service. Flaws in the netlink-based wireless configuration interface could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface.

A flaw was found in the way the Linux kernel’s Xen hypervisor implementation emulated the SAHF instruction. When using a fully-virtualized guest on a host that does not use hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged guest user could trigger this flaw to cause the hypervisor to crash. A flaw in the __addr_ok() macro in the Linux kernel’s Xen hypervisor implementation when running on 64-bit systems could allow a privileged guest user to crash the hypervisor. /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process.

Updated packages are available from ftp.redhat.com.

December 21, 2011 06:42 Red Hat: Updated icu packages fix one security issue

0

The International Components for Unicode (ICU) library provides robust and full-featured Unicode services. A stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially-crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Updated packages are available from ftp.redhat.com.

December 21, 2011 06:38 Red Hat: Updated netpbm packages fix three security issues

0

The netpbm packages contain a library of functions which support programs for handling various graphics file formats. Two heap-based buffer overflow flaws were found in the embedded JasPer library, which is used to provide support for Part 1 of the JPEG 2000 image compression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker could create a malicious JPEG 2000 compressed image file that could cause jpeg2ktopam to crash or, potentially, execute arbitrary code with the privileges of the user running jpeg2ktopam. A stack-based buffer overflow flaw was found in the way the xpmtoppm tool processed X PixMap (XPM) image files. An attacker could create a malicious XPM file that would cause xpmtoppm to crash or, potentially, execute arbitrary code with the privileges of the user running xpmtoppm. Updated packages are available from ftp.redhat.com.

December 19, 2011 09:27 Red Hat: Updated jasper packages fix two security issues

0

JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary code. Updated packages are available from ftp.redhat.com.

December 19, 2011 09:23 Red Hat: Updated qemu-kvm packages fix one security issue

0

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way qemu-kvm handled VSC_ATR messages when a guest was configured for a CCID (Chip/Smart Card Interface Devices) USB smart card reader in passthrough mode. An attacker able to connect to the port on the host being used for such a device could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. Updated packages are available from ftp.redhat.com.

December 17, 2011 15:33 Red Hat: Updated perl packages fix multiple security issues

0

Perl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the “new” constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. It was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request.

A CRLF injection flaw was found in the way the Perl CGI module processed a sequence of non-whitespace preceded by newline characters in the header. A remote attacker could use this flaw to conduct an HTTP response splitting attack via a specially-crafted sequence of characters provided to the CGI module.

Updated packages are available from ftp.redhat.com.

December 15, 2011 10:16 Red Hat: An updated squid package fixes one security issue

1

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. An input validation flaw was found in the way Squid calculated the total number of resource records in the answer section of multiple name server responses. An attacker could use this flaw to cause Squid to crash. Updated packages are available from ftp.redhat.com.

December 15, 2011 10:15 Red Hat: Updated krb5 packages fix one security issue

0

Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS (Ticket-granting Server) requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially-crafted TGS request. Updated packages are available from ftp.redhat.com.

December 13, 2011 07:02 Red Hat: An updated php-pear package fixes one security i...

0

The php-pear package contains the PHP Extension and Application Repository (PEAR), a framework and distribution system for reusable PHP components. It was found that the “pear” command created temporary files in an insecure way when installing packages. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the “pear install” command. Updated packages are available from ftp.redhat.com.

December 13, 2011 07:00 Red Hat: Updated libxml2 packages fix several security is...

0

The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document. An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code.

Multiple flaws were found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. Updated packages are available from ftp.redhat.com.

December 13, 2011 06:59 Red Hat: Updated ruby packages fix two security issues

0

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that Ruby did not reinitialize the PRNG (pseudorandom number generator) after forking a child process. This could eventually lead to the PRNG returning the same result twice. An attacker keeping track of the values returned by one child process could use this flaw to predict the values the PRNG would return in other child processes (as long as the parent process persisted). A flaw was found in the Ruby SecureRandom module. When using the SecureRandom.random_bytes class, the PRNG state was not modified after forking a child process. This could eventually lead to SecureRandom.random_bytes returning the same string more than once. An attacker keeping track of the strings returned by one child process could use this flaw to predict the strings SecureRandom.random_bytes would return in other child processes (as long as the parent process persisted). Updated packages are available from ftp.redhat.com.

December 13, 2011 06:58 Red Hat: Updated qemu-kvm packages fix one security issue

0

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. A flaw was found in the way qemu-kvm handled VSC_ATR messages when a guest was configured for a CCID (Chip/Smart Card Interface Devices) USB smart card reader in passthrough mode. An attacker able to connect to the port on the host being used for such a device could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. Updated packages are available from ftp.redhat.com.

December 11, 2011 07:55 Red Hat: Updated libcap packages fix one security issue

0

The libcap packages provide a library and tools for getting and setting POSIX capabilities. It was found that capsh did not change into the new root when using the ”–chroot” option. An application started via the “capsh –chroot” command could use this flaw to escape the chroot restrictions. Updated packages are available from ftp.redhat.com.

December 11, 2011 07:54 Red Hat: Updated util-linux-ng packages fix multiple secu...

0

The util-linux-ng packages contain a large variety of low-level system utilities that are necessary for a Linux operating system to function. Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems. Updated packages are available from ftp.redhat.com.

December 11, 2011 07:52 Red Hat: Updated cups packages fix one security issue

0

The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the “lp” user. Updated packages are available from ftp.redhat.com.

December 11, 2011 07:51 Red Hat: An updated virt-v2v package fixes one security i...

0

virt-v2v is a tool for converting and importing virtual machines to libvirt-managed KVM (Kernel-based Virtual Machine), or Red Hat Enterprise Virtualization. Using virt-v2v to convert a guest that has a password-protected VNC console to a KVM guest removed that password protection from the converted guest: after conversion, a password was not required to access the converted guest’s VNC console. Now, converted guests will require the same VNC console password as the original guest. Updated packages are available from ftp.redhat.com.

December 11, 2011 07:41 Red Hat: Updated ipa packages fix one security issue

0

Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud based enterprise environments. A Cross-Site Request Forgery (CSRF) flaw was found in Red Hat Identity Management. If a remote attacker could trick a user, who was logged into the management web interface, into visiting a specially-crafted URL, the attacker could perform Red Hat Identity Management configuration changes with the privileges of the logged in user. Updated packages are available from ftp.redhat.com.

December 09, 2011 10:27 Red Hat: An updated sos package fixes one security issue

0

Sos is a set of tools that gather information about system hardware and configuration. The sosreport utility incorrectly included Certificate-based Red Hat Network private entitlement keys in the resulting archive of debugging information. An attacker able to access the archive could use the keys to access Red Hat Network content available to the host. Updated packages are available from ftp.redhat.com.

December 09, 2011 10:26 Red Hat: Updated nfs-utils packages fix two security issues

0

The nfs-utils packages provide a daemon for the kernel Network File System (NFS) server, and related tools such as the mount.nfs, umount.nfs, and showmount programs. A flaw was found in the way nfs-utils performed IP based authentication of mount requests. In configurations where a directory was exported to a group of systems using a DNS wildcard or NIS (Network Information Service) netgroup, an attacker could possibly gain access to other directories exported to a specific host or subnet, bypassing intended access restrictions. It was found that the mount.nfs tool did not handle certain errors correctly when updating the mtab (mounted file systems table) file. A local attacker could use this flaw to corrupt the mtab file. Updated packages are available from ftp.redhat.com.

December 09, 2011 10:24 Red Hat: An updated resource-agents package fixes one sec...

0

The resource-agents package contains a set of scripts to interface with several services to operate in a High Availability environment for both Pacemaker and rgmanager service managers. It was discovered that certain resource agent scripts set the LD_LIBRARY_PATH environment variable to an insecure value containing empty path elements. A local user able to trick a user running those scripts to run them while working from an attacker-writable directory could use this flaw to escalate their privileges via a specially-crafted dynamic library. Updated packages are available from ftp.redhat.com.

December 09, 2011 10:24 Red Hat: An updated kexec-tools package fixes three secur...

0

Kexec allows for booting a Linux kernel from the context of an already running kernel. Kdump used the SSH (Secure Shell) “StrictHostKeyChecking=no” option when dumping to SSH targets, causing the target kdump server’s SSH host key not to be checked. This could make it easier for a man-in-the-middle attacker on the local network to impersonate the kdump SSH target server and possibly gain access to sensitive information in the vmcore dumps. mkdumprd created initrd files with world-readable permissions. A local user could possibly use this flaw to gain access to sensitive information, such as the private SSH key used to authenticate to a remote server when kdump was configured to dump to an SSH target. mkdumprd included unneeded sensitive files in the resulting initrd. This could lead to an information leak when initrd files were previously created with world-readable permissions. Updated packages are available from ftp.redhat.com.

December 09, 2011 10:22 Red Hat: Updated glibc packages fix two security issues

0

The glibc packages contain the standard C libraries used by multiple programs on the system. A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. Updated packages are available from ftp.redhat.com.

December 07, 2011 07:45 Red Hat: Updated qemu-kvm packages fix one security issue

0

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that qemu-kvm did not properly drop supplemental group privileges when the root user started guests from the command line (“/usr/libexec/qemu-kvm”) with the “-runas” option. A qemu-kvm process started this way could use this flaw to gain access to files on the host that are accessible to the supplementary groups and not accessible to the primary group. Updated packages are available from ftp.redhat.com.

December 07, 2011 07:43 Red Hat: Updated kernel packages fix multiple security is...

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. Non-member VLAN (virtual LAN) packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service. A flaw was found in the Linux kernel in the way splitting two extents in ext4_ext_convert_to_initialized() worked. A local, unprivileged user with access to mount and unmount ext4 file systems could use this flaw to cause a denial of service. A NULL pointer dereference flaw was found in the way the Linux kernel’s key management facility handled user-defined key types. A local, unprivileged user could use the keyctl utility to cause a denial of service. Updated packages are available from ftp.redhat.com.

December 07, 2011 07:42 Red Hat: Updated tomcat6 packages fix several security is...

0

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Multiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially-crafted request that would cause the connector to treat the message body as a new request. A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user’s password was logged to Tomcat log files. Note: By default, only administrators have access to such log files.

A flaw was found in the way Tomcat handled sendfile request attributes when using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application running on a Tomcat instance could use this flaw to bypass security manager restrictions and gain access to files it would otherwise be unable to access, or possibly terminate the Java Virtual Machine (JVM).

Updated packages are available from ftp.redhat.com.

December 03, 2011 13:47 Red Hat: Updated cyrus-imapd packages fix two security is...

0

The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication credentials. A NULL pointer dereference flaw was found in the cyrus-imapd IMAP server, imapd. A remote attacker could send a specially-crafted mail message to a victim that would possibly prevent them from accessing their mail normally, if they were using an IMAP client that relies on the server threading IMAP feature. Updated packages are available from ftp.redhat.com.

December 03, 2011 13:46 Red Hat: Updated libarchive packages fix two security issues

0

The libarchive programming library can create and read several different streaming archive formats, including GNU tar and cpio. Two heap-based buffer overflow flaws were discovered in libarchive. If a user were tricked into expanding a specially-crafted ISO 9660 CD-ROM image or tar archive with an application using libarchive, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Updated packages are available from ftp.redhat.com.

December 01, 2011 13:24 Red Hat: Updated kernel packages fix multiple security is...

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. Using PCI passthrough without interrupt remapping support allowed Xen hypervisor guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. A flaw was found in the way CIFS (Common Internet File System) shares with DFS referrals at their root were handled. An attacker on the local network who is able to deploy a malicious CIFS server could create a CIFS network share that, when mounted, would cause the client system to crash. A NULL pointer dereference flaw was found in the way the Linux kernel’s key management facility handled user-defined key types. A local, unprivileged user could use the keyctl utility to cause a denial of service.

A flaw in the way memory containing security-related data was handled in tpm_read() could allow a local, unprivileged user to read the results of a previously run TPM command. A NULL pointer dereference flaw was found in the Linux kernel’s HFS file system implementation. A local attacker could use this flaw to cause a denial of service by mounting a disk that contains a specially-crafted HFS file system with a corrupted MDB extent record. The I/O statistics from the taskstats subsystem could be read without any restrictions. A local, unprivileged user could use this flaw to gather confidential information, such as the length of a password used in a process.

Updated packages are available from ftp.redhat.com.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.