Articles / Red Hat

RSS All articles tagged with Red Hat

January 26, 2010 21:59 Red Hat: Updated kernel-rt packages fix multiple security...

0

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. An array index error was found in the gdth driver, which could cause a denial of service or, possibly, privilege escalation. A flaw was found in the FUSE implementation, possibly leading to a local denial of service or privilege escalation. A flaw was found in the Intel PRO/1000 Linux drivers, which could possibly be used to trigger a remote denial of service. A flaw was found in the Realtek r8169 Ethernet driver, which could possibly result in a remote denial of service. Updated packages are available from updates.redhat.com.

January 26, 2010 21:52 Red Hat: An updated gzip package fixes one security issue

0

The gzip package provides the GNU gzip data compression program. An integer underflow flaw, leading to an array index error, was found in the way gzip expanded archive files compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. If a victim expanded a specially-crafted archive, it could cause gzip to crash or, potentially, execute arbitrary code with the privileges of the user running gzip. This flaw only affects 64-bit systems. Updated packages are available from updates.redhat.com.

January 26, 2010 21:47 Red Hat: Updated kernel packages fix multiple security is...

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. An array index error was found in the gdth driver could cause a denial of service or, possibly, privilege escalation. A flaw was found in the FUSE implementation, possibly leading to a local denial of service or privilege escalation. A deficiency in the fasync_helper() implementation could allow a local, unprivileged user to leverage a use-after-free of locked, asynchronous file descriptors to cause a denial of service or privilege escalation. Permission issues were found in the megaraid_sas driver, which could allow local, unprivileged users to change the behavior of the driver. A NULL pointer dereference flaw was found in the firewire-ohci driver used for OHCI compliant IEEE 1394 controllers, causing a denial of service or privilege escalation. A buffer overflow flaw was found in the HFS file system implementation could lead to a denial of service. Updated packages are available from updates.redhat.com.

January 26, 2010 21:45 Red Hat: Updated kernel packages fix multiple security is...

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the IPv6 Extension Header (EH) handling implementation, which could possibly lead to a remote denial of service. A flaw was found in the e1000 and e1000e Intel PRO/1000 Linux drivers. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. A flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. Receiving overly-long frames with a certain revision of the network cards supported by this driver could possibly result in a remote denial of service. Updated packages are available from updates.redhat.com.

January 26, 2010 21:42 Red Hat: Updated openssl packages fix two security issues

0

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init() function after previous calls to the CRYPTO_cleanup_all_ex_data() function, which would cause a memory leak for each subsequent SSL connection. Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. Updated packages are available from updates.redhat.com.

January 26, 2010 17:09 Red Hat: Updated pidgin packages fix a security issue

0

Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A directory traversal flaw was discovered in Pidgin’s MSN protocol implementation. A remote attacker could send a specially-crafted emoticon image download request that would cause Pidgin to disclose an arbitrary file readable to the user running Pidgin. Updated packages are available from updates.redhat.com.

January 26, 2010 17:06 Red Hat: Updated gcc and gcc4 packages fix one security i...

0

The gcc and gcc4 packages include, among others, C, C++, and Java GNU compilers and related support libraries. libgcj contains a copy of GNU Libtool’s libltdl library. A flaw was found in the way GNU Libtool’s libltdl library looked for libraries to load. It was possible for libltdl to load a malicious library from the current working directory, which could lead to the execution of arbitrary code. Updated packages are available from updates.redhat.com.

January 26, 2010 17:05 Red Hat: Updated acroread packages fix multiple security ...

0

Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes several vulnerabilities in Adobe Reader. These vulnerabilities are summarized on the Adobe Security Advisory APSB10-02 page listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. Updated packages are available from updates.redhat.com.

January 26, 2010 17:00 Red Hat: Updated krb5 packages fix multiple security issues

0

Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). Multiple integer underflow flaws, leading to heap-based corruption, were found in the way the MIT Kerberos Key Distribution Center (KDC) decrypted ciphertexts encrypted with the Advanced Encryption Standard (AES) and ARCFOUR (RC4) encryption algorithms. If a remote KDC client were able to provide a specially-crafted AES- or RC4-encrypted ciphertext or texts, it could potentially lead to either a denial of service of the central KDC (KDC crash or abort upon processing the crafted ciphertext), or arbitrary code execution with the privileges of the KDC (i.e., root privileges). Updated packages are available from updates.redhat.com.

January 26, 2010 16:42 Red Hat: Updated kernel packages fix multiple security is...

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the Intel PRO/1000 Linux drivers. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. These flaws could also possibly be used to trigger a remote denial of service. A flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. Receiving overly-long frames with network cards supported by this driver could possibly result in a remote denial of service. Updated packages are available from updates.redhat.com.

January 26, 2010 13:27 Red Hat: Updated gd packages fix a security issue

0

The gd packages provide a graphics library used for the dynamic creation of images, such as PNG and JPEG. A missing input sanitization flaw, leading to a buffer overflow, was discovered in the gd library. A specially-crafted GD image file could cause an application using the gd library to crash or, possibly, execute arbitrary code when opened. Updated packages are available from updates.redhat.com.

January 26, 2010 13:26 Red Hat: An updated PyXML package fixes one security issue

0

PyXML provides XML libraries for Python. The distribution contains a validating XML parser, an implementation of the SAX and DOM programming interfaces, and an interface to the Expat parser. A buffer over-read flaw was found in the way PyXML’s Expat parser handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause Python applications using PyXML’s Expat parser to crash while parsing the file. Updated packages are available from updates.redhat.com.

December 28, 2009 14:27 Red Hat: Updated java-1.6.0-ibm packages fix several secu...

0

The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Updated packages are available from updates.redhat.com.

December 28, 2009 14:14 Red Hat: Updated condor packages fix one security issue

0

Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. A flaw was found in the way Condor managed jobs. This could allow a user that is authorized to submit jobs into Condor to queue a job as if it were submitted by a different local user, potentially leading to unauthorized access to that user’s account. Updated packages are available from updates.redhat.com.

December 28, 2009 14:13 Red Hat: Updated condor packages fix one security issue

0

Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. A flaw was found in the way Condor managed jobs. This could allow a user that is authorized to submit jobs into Condor to queue a job as if it were submitted by a different local user, potentially leading to unauthorized access to that user’s account. Updated packages are available from updates.redhat.com.

December 21, 2009 09:08 Red Hat: Updated kdegraphics packages fix a security issue

0

The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Petr Gajdos and Christian Kornacker of SUSE reported a buffer overflow flaw in KPDF’s Type 1 font parser. A specially-crafted PDF file with an embedded Type 1 font could cause KPDF to crash or, possibly, execute arbitrary code when opened. Updated packages are available from updates.redhat.com.

December 21, 2009 09:07 Red Hat: An updated gpdf package fixes a security issue

0

GPdf is a viewer for Portable Document Format (PDF) files. Petr Gajdos and Christian Kornacker of SUSE reported a buffer overflow flaw in GPdf’s Type 1 font parser. A specially-crafted PDF file with an embedded Type 1 font could cause GPdf to crash or, possibly, execute arbitrary code when opened. Updated packages are available from updates.redhat.com.

December 21, 2009 09:06 Red Hat: An updated xpdf package fixes a security issue

0

Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Petr Gajdos and Christian Kornacker of SUSE reported a buffer overflow flaw in Xpdf’s Type 1 font parser. A specially-crafted PDF file with an embedded Type 1 font could cause Xpdf to crash or, possibly, execute arbitrary code when opened. Updated packages are available from updates.redhat.com.

December 21, 2009 09:05 Red Hat: Updated firefox packages fix several security is...

0

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the Firefox NT Lan Manager (NTLM) authentication protocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially-crafted web page, they could send arbitrary requests, authenticated with the user’s NTLM credentials, to other applications on the user’s system. A flaw was found in the way Firefox displayed the SSL location bar indicator. An attacker could create an unencrypted web page that appears to be encrypted, possibly tricking the user into believing they are visiting a secure page. A flaw was found in the way Firefox displayed blank pages after a user navigates to an invalid address. If a user visits an attacker-controlled web page that results in a blank page, the attacker could inject content into that blank page, possibly tricking the user into believing they are viewing a legitimate page. Updated packages are available from updates.redhat.com.

December 21, 2009 09:04 Red Hat: Updated seamonkey packages fix several security ...

0

SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. A flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication protocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially-crafted web page, they could send arbitrary requests, authenticated with the user’s NTLM credentials, to other applications on the user’s system. A flaw was found in the way SeaMonkey displayed the SSL location bar indicator. An attacker could create an unencrypted web page that appears to be encrypted, possibly tricking the user into believing they are visiting a secure page. Updated packages are available from updates.redhat.com.

December 21, 2009 09:01 Red Hat: Updated kernel packages fix multiple security is...

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. Aa flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel that could be triggered by using jumbo frames for large amounts of network traffic. A NULL pointer dereference flaws were found in the r128 driver in the Linux kernel which could be used to cause a local denial of service or escalate their privileges. An information leak was found in the Linux kernel. On AMD64 systems, 32-bit processes could access and read certain 64-bit registers by temporarily switching themselves to 64-bit mode. The unixstreamconnect() function did not check if a UNIX domain socket was in the shutdown state. This could lead to a deadlock. A local, unprivileged user could use this flaw to cause a denial of service. Updated packages are available from updates.redhat.com.

December 21, 2009 08:59 Red Hat: Updated kernel packages fix multiple security is...

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw in the r128 driver could be used to cause a local denial of service or escalate their privileges. A NULL pointer dereference flaw in the NFSv4 implementation could possibly be used to cause a denial of service or escalate their privileges. A flaw in tcf_fill_node() could lead to an information leak. unix_stream_connect() did not check if a UNIX domain socket was in the shutdown state. This could lead to a deadlock. A local, unprivileged user could use this flaw to cause a denial of service. Updated packages are available from updates.redhat.com.

December 13, 2009 18:09 Red Hat: Updated kvm packages fix one security issue

0

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. On x86 platforms, the do_insn_fetch() function did not limit the amount of instruction bytes fetched per instruction. Users in guest operating systems could leverage this flaw to cause large latencies on SMP hosts that could lead to a local denial of service on the host operating system. This update fixes this issue by imposing the architecturally-defined 15 byte length limit for instructions. Updated packages are available from updates.redhat.com.

December 13, 2009 18:08 Red Hat: An updated Adobe Flash Player package fixes mult...

0

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. Updated packages are available from updates.redhat.com.

December 13, 2009 18:06 Red Hat: An updated Adobe Flash Player package fixes mult...

0

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. Updated packages are available from updates.redhat.com.

December 13, 2009 18:05 Red Hat: An updated ntp package fixes two security issues

0

The Network Time Protocol (NTP) is used to synchronize a computer’s time with a referenced time source. Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled certain malformed NTP packets. A remote attacker could use this flaw to create an NTP packet reply loop between two ntpd servers via a malformed packet with a spoofed source IP address and port, causing ntpd on those servers to use excessive amounts of CPU time and fill disk space with log messages. A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the privileges of the user running the ntpq command. Updated packages are available from updates.redhat.com.

December 13, 2009 18:04 Red Hat: An updated ntp package fixes a security issue

0

The Network Time Protocol (NTP) is used to synchronize a computer’s time with a referenced time source. Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated as malformed when received by another ntpd. A remote attacker could use this flaw to create an NTP packet reply loop between two ntpd servers via a malformed packet with a spoofed source IP address and port, causing ntpd on those servers to use excessive amounts of CPU time and fill disk space with log messages. Updated packages are available from updates.redhat.com.

December 13, 2009 18:03 Red Hat: Updated libtool packages fix one security issue

0

GNU Libtool is a set of shell scripts which automatically configure UNIX, Linux, and similar operating systems to generically build shared libraries. A flaw was found in the way GNU Libtool’s libltdl library looked for modules to load. It was possible for libltdl to load and run modules from an arbitrary library in the current working directory. If a local attacker could trick a local user into running an application (which uses libltdl) from an attacker-controlled directory containing a malicious Libtool control file (.la), the attacker could possibly execute arbitrary code with the privileges of the user running the application. Updated packages are available from updates.redhat.com.

December 13, 2009 18:03 Red Hat: Updated java-1.5.0-ibm packages fix several secu...

0

The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM “Security alerts” page listed in the References section. Updated packages are available from updates.redhat.com.

December 13, 2009 18:00 Red Hat: Updated java-1.4.2-ibm packages fix several secu...

0

The IBM 1.4.2 SR13-FP3 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM “Security alerts” page listed in the References section. Updated packages are available from updates.redhat.com.

Screenshot

Project Spotlight

Pybik

A 3D Rubik's cube game.

Screenshot

Project Spotlight

aria2

A multi-protocol, multi-source, cross-platform download utility.