Articles / Red Hat

All articles tagged with Red Hat

October 18, 2011 09:05 Red Hat: Updated pidgin packages fix multiple security is...

0

Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the Pidgin SILC (Secure Internet Live Conferencing) protocol plug-in escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted SILC message. Multiple NULL pointer dereference flaws were found in the way the Pidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote attacker could use these flaws to crash Pidgin via a specially-crafted notification message. Updated packages are available from ftp.redhat.com.

October 12, 2011 06:03 Red Hat: Updated xorg-x11-server packages fix multiple se...

0

X.Org is an open source implementation of the X Window System. Multiple input sanitization flaws were found in the X.Org GLX (OpenGL extension to the X Window System) extension. A malicious, authorized client could use these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. An input sanitization flaw was found in the X.Org Render extension. A malicious, authorized client could use this flaw to leak arbitrary memory from the X.Org server process, or possibly crash the X.Org server. Updated packages are available from ftp.redhat.com.

October 12, 2011 06:01 Red Hat: Updated kernel packages fix several security issues

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local user to cause a denial of service or escalate their privileges. An integer overflow flaw in agp_allocate_memory() could allow a local user to cause a denial of service or escalate their privileges. A race condition flaw was found in the eCryptfs implementation. A local attacker could use the mount.ecryptfs_private utility to mount (and then access) a directory they would otherwise not have access to. A denial of service flaw was found in the way the taskstats subsystem handled the registration of process exit handlers. A local, unprivileged user could register an unlimited amount of these handlers, leading to excessive CPU time and memory use.

A flaw was found in the way mapping expansions were handled. A local, unprivileged user could use this flaw to cause a wrapping condition, triggering a denial of service. A flaw was found in the Performance Events implementation. It could falsely lead the NMI (Non-Maskable Interrupt) Watchdog to detect a lockup and panic the system. A local, unprivileged user could use this flaw to cause a denial of service (kernel panic) using the perf tool. A flaw in skb_gro_header_slow() could lead to GRO (Generic Receive Offload) fields being left in an inconsistent state. An attacker on the local network could use this flaw to trigger a denial of service.

A flaw was found in the way the Performance Events implementation handled PERF_COUNT_SW_CPU_CLOCK counter overflow. A local, unprivileged user could use this flaw to cause a denial of service. A flaw was found in the Trusted Platform Module (TPM) implementation. A local, unprivileged user could use this flaw to leak information to user-space. Flaws were found in the tpacket_rcv() and packet_recvmsg() functions. A local, unprivileged user could use these flaws to leak information to user-space.

October 12, 2011 05:59 Red Hat: Updated openswan packages fix one security issue

0

Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). A NULL pointer dereference flaw was found in the way Openswan’s pluto IKE daemon handled certain error conditions. A remote, unauthenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. Updated packages are available from ftp.redhat.com.

October 08, 2011 08:10 Red Hat: Updated rpm packages fix multiple security issues

0

The RPM Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code. Updated packages are available from ftp.redhat.com.

October 04, 2011 19:23 Red Hat: An updated thunderbird package fixes two securit...

0

Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. An integer underflow flaw was found in the way Thunderbird handled large JavaScript regular expressions. An HTML mail message containing malicious JavaScript could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

Updated packages are available from ftp.redhat.com.

October 04, 2011 19:18 Red Hat: An updated thunderbird package fixes several sec...

0

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird processed the “Enter” keypress event. A malicious HTML mail message could present a download dialog while the key is pressed, activating the default “Open” action. A remote attacker could exploit this vulnerability by causing the mail client to open malicious web content. A flaw was found in the way Thunderbird handled Location headers in redirect responses. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server. Thunderbird now treats two copies of the Location, Content-Length, or Content-Disposition header as an error condition.

A flaw was found in the way Thunderbird handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. An integer underflow flaw was found in the way Thunderbird handled large JavaScript regular expressions. An HTML mail message containing malicious JavaScript could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

Updated packages are available from ftp.redhat.com.

October 01, 2011 00:19 Red Hat: Updated firefox packages fix several security is...

0

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox processed the “Enter” keypress event. A malicious web page could present a download dialog while the key is pressed, activating the default “Open” action. A remote attacker could exploit this vulnerability by causing the browser to open malicious web content.

A flaw was found in the way Firefox handled Location headers in redirect responses. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server. Firefox now treats two copies of the Location, Content-Length, or Content-Disposition header as an error condition. A flaw was found in the way Firefox handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. An integer underflow flaw was found in the way Firefox handled large JavaScript regular expressions. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

Updated packages are available from ftp.redhat.com.

October 01, 2011 00:18 Red Hat: Updated seamonkey packages fix two security issues

0

SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. An integer underflow flaw was found in the way SeaMonkey handled large JavaScript regular expressions. A web page containing malicious JavaScript could cause SeaMonkey to access already freed memory, causing SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. Updated packages are available from ftp.redhat.com.

September 26, 2011 06:11 Red Hat: An updated Adobe Flash Player package fixes mult...

0

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. A flaw in flash-plugin could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. This update also fixes an information disclosure flaw in flash-plugin. Updated packages are available from ftp.redhat.com.

September 26, 2011 06:09 Red Hat: An updated frysk package fixes one security issue

0

frysk is an execution-analysis technology implemented using native Java and C++. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in the embedded Pango library. If a frysk application were used to debug or trace a process that uses HarfBuzz while it loaded a specially-crafted font file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Updated packages are available from ftp.redhat.com.

September 25, 2011 08:21 Red Hat: Updated pango packages fix one security issue

0

Pango is a library used for the layout and rendering of internationalized text. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in Pango. If a user loaded a specially-crafted font file with an application that uses Pango, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Updated packages are available from ftp.redhat.com.

September 25, 2011 08:20 Red Hat: Updated qt packages fix two security issues

0

Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A buffer overflow flaw was found in the way Qt handled certain gray-scale image files. If a user loaded a specially-crafted gray-scale image file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.

Updated packages are available from ftp.redhat.com.

September 25, 2011 08:19 Red Hat: Updated qt4 packages fix two security issues

0

Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting (XSS) attack. A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially-crafted font file with an application linked against Qt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.

Updated packages are available from ftp.redhat.com.

September 25, 2011 08:16 Red Hat: Updated evolution28-pango packages fix one secur...

0

Pango is a library used for the layout and rendering of internationalized text. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in Pango. If a user loaded a specially-crafted font file with an application that uses Pango, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Updated packages are available from ftp.redhat.com.

September 23, 2011 11:42 Red Hat: Updated kernel packages fix multiple security is...

0

The kernel packages contain the Linux kernel. A flaw in skb_gro_header_slow() could lead to GRO (Generic Receive Offload) fields being left in an inconsistent state. An attacker on the local network could use this flaw to trigger a denial of service. Updated packages are available from ftp.redhat.com.

September 20, 2011 07:27 Red Hat: Updated cyrus-imapd packages fix one security is...

0

The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arbitrary code with the privileges of the cyrus user. Updated packages are available from ftp.redhat.com.

September 20, 2011 07:25 Red Hat: Updated httpd packages fix one security issue

0

The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. Updated packages are available from ftp.redhat.com.

September 20, 2011 07:22 Red Hat: Updated httpd packages fix one security issue

0

The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. Updated packages are available from ftp.redhat.com.

September 20, 2011 07:20 Red Hat: An updated squid package fixes one security issue

0

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A buffer overflow flaw was found in the way Squid parsed replies from remote Gopher servers. A remote user allowed to send Gopher requests to a Squid proxy could possibly use this flaw to cause the squid child process to crash or execute arbitrary code with the privileges of the squid user, by making Squid perform a request to an attacker-controlled Gopher server. Updated packages are available from ftp.redhat.com.

September 19, 2011 05:55 Red Hat: Updated librsvg2 packages fix one security issue

0

The librsvg2 packages provide an SVG (Scalable Vector Graphics) library based on libart. A flaw was found in the way librsvg2 parsed certain SVG files. An attacker could create a specially-crafted SVG file that, when opened, would cause applications that use librsvg2 (such as Eye of GNOME) to crash or, potentially, execute arbitrary code. Updated packages are available from ftp.redhat.com.

September 18, 2011 13:37 Red Hat: Updated nss and nspr packages fix one security i...

0

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority (CA) issued fraudulent HTTPS certificates. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Updated packages are available from ftp.redhat.com.

September 10, 2011 10:48 Red Hat: Updated java-1.4.2-ibm-sap packages fix several ...

0

The IBM 1.4.2 SR13-FP10 Java release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM “Security alerts” page. Updated packages are available from ftp.redhat.com.

September 10, 2011 10:16 Red Hat: Updated gstreamer-plugins packages fix multiple ...

0

The gstreamer-plugins packages contain plug-ins used by the GStreamer streaming-media framework to support a wide variety of media formats. An integer overflow flaw, a boundary error, and multiple off-by-one flaws were found in various ModPlug music file format library (libmodplug) modules, embedded in GStreamer. An attacker could create specially-crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. Updated packages are available from ftp.redhat.com.

September 09, 2011 13:43 Red Hat: Updated kernel packages fix multiple security is...

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially-crafted SCTP packet to a target system, resulting in a denial of service. A flaw in the client-side NFS Lock Manager (NLM) implementation could allow a local, unprivileged user to cause a denial of service. Buffer overflow flaws in the netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface.

A flaw was found in the way the Xen hypervisor implementation emulated the SAHF instruction. When using a fully-virtualized guest on a host that does not use hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged guest user could trigger this flaw to cause the hypervisor to crash. An off-by-one flaw was found in the __addr_ok() macro in the Linux kernel’s Xen hypervisor implementation when running on 64-bit systems. A privileged guest user could trigger this flaw to cause the hypervisor to crash.

/proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. Updated packages are available from ftp.redhat.com.

September 09, 2011 13:38 Red Hat: An updated ca-certificates package fixes one sec...

0

This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure (PKI). It was found that a Certificate Authority (CA) issued fraudulent HTTPS certificates. This update removes that CA’s root certificate from the ca-certificates package, rendering any HTTPS certificates signed by that CA as untrusted. Updated packages are available from ftp.redhat.com.

September 08, 2011 10:53 Red Hat: Updated rsyslog packages fix one security issue

0

The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A two byte buffer overflow flaw was found in the rsyslog daemon’s parseLegacySyslogMsg function. An attacker able to submit log messages to rsyslogd could use this flaw to crash the daemon. Updated packages are available from ftp.redhat.com.

September 07, 2011 12:31 Red Hat: Updated httpd packages fix one security issue

0

The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. Updated packages are available from ftp.redhat.com.

September 07, 2011 12:30 Red Hat: Updated seamonkey packages fix one security issue

0

SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. It was found that a Certificate Authority (CA) issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. Updated packages are available from ftp.redhat.com.

September 07, 2011 12:27 Red Hat: Updated ecryptfs-utils packages fix several secu...

0

eCryptfs is a stacked, cryptographic file system. The setuid mount.ecryptfs_private utility allows users to mount an eCryptfs file system. This utility can only be run by users in the “ecryptfs” group. A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of a requested mount point when mounting an encrypted file system. A local attacker could possibly use this flaw to escalate their privileges by mounting over an arbitrary directory. A race condition flaw in umount.ecryptfs_private could allow a local attacker to unmount an arbitrary file system. It was found that mount.ecryptfs_private did not handle certain errors correctly when updating the mtab (mounted file systems table) file, allowing a local attacker to corrupt the mtab file and possibly unmount an arbitrary file system.

An insecure temporary file use flaw was found in the ecryptfs-setup-private script. A local attacker could use this script to insert their own key that will subsequently be used by a new user, possibly giving the attacker access to the user’s encrypted data if existing file permissions allow access. A race condition flaw in mount.ecryptfs_private could allow a local attacker to overwrite arbitrary files. A race condition flaw in the way temporary files were accessed in mount.ecryptfs_private could allow a malicious, local user to make arbitrary modifications to the mtab file.

A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of the directory to mount. A local attacker could use this flaw to mount (and then access) a directory they would otherwise not have access to. Updated packages are available from ftp.redhat.com.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.