Articles / Red Hat

All articles tagged with Red Hat

September 21, 2009 10:02 Red Hat: Updated ecryptfs-utils packages fix a security i...

0

eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. A disclosure flaw was found in the way the “ecryptfs-setup-private” script passed passphrases to the “ecryptfs-wrap-passphrase” and “ecryptfs-add-passphrase” commands as command line arguments. A local user could obtain the passphrases of other users who were running the script from the process listing. Updated packages are available from updates.redhat.com.

September 21, 2009 10:01 Red Hat: Updated openssh packages fix a security issue

0

OpenSSH is OpenBSD’s SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the SSH protocol. An attacker able to perform a man-in-the-middle attack may be able to obtain a portion of plain text from an arbitrary ciphertext block when a CBC mode cipher was used to encrypt SSH communication. Updated packages are available from updates.redhat.com.

September 21, 2009 09:59 Red Hat: An updated lftp package fixes one security issue

0

LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. It was discovered that lftp did not properly escape shell metacharacters when generating shell scripts using the “mirror –script” command. A mirroring script generated to download files from a malicious FTP server could allow an attacker controlling the FTP server to run an arbitrary command as the user running lftp. Updated packages are available from updates.redhat.com.

September 21, 2009 09:57 Red Hat: Updated kernel packages fix several security issues

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. It was discovered that, when executing a new process, the clear_child_tid pointer is not cleared, possibly leading to a local denial of service or privilege escalation. A flaw was found in the way the do_sigaltstack() function copies the stack_t structure to user-space. On 64-bit machines, this flaw could lead to a four-byte information leak. A flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by mounting or performing a resize operation on a specially-crafted ext4 file system. Updated packages are available from updates.redhat.com.

September 21, 2009 09:49 Red Hat: Updated kernel-rt packages fix several security ...

0

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. Tavis Ormandy and Julien Tinnes reported a flaw in the SOCKOPS_WRAP macro which could be used to cause a local denial of service or privilege escalation. It was discovered that, when executing a new process, the clear_child_tid pointer is not cleared, possibly leading to a local denial of service or privilege escalation. A flaw was found in the way the do_sigaltstack() function copies the stack_t structure to user-space. On 64-bit machines, this flaw could lead to a four-byte information leak. Updated packages are available from updates.redhat.com.

September 21, 2009 09:47 Red Hat: Updated dnsmasq package fixes two security issues

0

Dnsmasq is a lightweight and easy to configure DNS forwarder and DHCP server. Core Security Technologies discovered a heap overflow flaw in dnsmasq when the TFTP service is enabled that could crash or, possibly, execute arbitrary code with the privileges of the dnsmasq service. A NULL pointer dereference flaw was discovered in dnsmasq when the TFTP service is enabled. This flaw could allow a malicious TFTP client to crash the dnsmasq service. Updated packages are available from updates.redhat.com.

August 30, 2009 13:04 Red Hat: Updated kernel packages fix two security issues

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the SOCKOPS_WRAP macro. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. A flaw was found in the udp_sendmsg() implementation when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. Updated packages are available from updates.redhat.com.

August 30, 2009 13:01 Red Hat: Updated gnutls packages fix a security issue

0

The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. Updated packages are available from updates.redhat.com.

August 25, 2009 02:17 Red Hat: Updated kernel packages fix two security issues

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the SOCKOPS_WRAP macro. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. A flaw was found in the udp_sendmsg() implementation when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. Updated packages are available from updates.redhat.com.

August 25, 2009 02:15 Red Hat: Updated kernel packages fix two security issues

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the SOCKOPS_WRAP macro. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. A flaw was found in the udp_sendmsg() implementation when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. Updated packages are available from updates.redhat.com.

August 25, 2009 02:01 Red Hat: Updated libvorbis packages fix one security issue

0

The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. An insufficient input validation flaw was found in the way libvorbis processes the codec file headers (static mode headers and encoding books) of the Ogg Vorbis audio file format (Ogg). A remote attacker could provide a specially-crafted Ogg file that would cause a denial of service (memory corruption and application crash) or, potentially, execute arbitrary code with the privileges of an application using the libvorbis library when opened by a victim. Updated packages are available from updates.redhat.com.

August 25, 2009 01:59 Red Hat: Updated pidgin packages fix a security issue

0

Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Federico Muttis of Core Security Technologies discovered a flaw in Pidgin’s MSN protocol handler. If a user received a malicious MSN message, it was possible to execute arbitrary code with the permissions of the user running Pidgin. Updated packages are available from updates.redhat.com.

August 24, 2009 15:26 Red Hat: Updated kernel packages fix several security issues

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver. This driver allowed interfaces using this driver to receive frames larger than what could be handled. This could lead to a remote denial of service or code execution. A buffer overflow flaw was found in the CIFSTCon() function of the CIFS implementation. When mounting a CIFS share, a malicious server could send an overly-long string to the client, possibly leading to a denial of service or privilege escalation on the client mounting the CIFS share. Several flaws were found in the way the CIFS implementation handles Unicode strings. CIFS clients convert Unicode strings sent by a server to their local character sets, and then write those strings into memory. If a malicious server sent a long enough string, it could write past the end of the target memory region and corrupt other memory areas, possibly leading to a denial of service or privilege escalation on the client mounting the CIFS share. Updated packages are available from updates.redhat.com.

August 24, 2009 15:25 Red Hat: Updated curl packages fix security issues

0

cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. Scott Cantor reported that cURL is affected by the previously published “null prefix attack”, caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse cURL into accepting it by mistake. Updated packages are available from updates.redhat.com.

August 24, 2009 15:23 Debian: New Ruby packages fix several issues

0

Several vulnerabilities have been discovered in Ruby. The return value from the OCSP_basic_verify function was not checked properly, allowing continued use of a revoked certificate. An issue in parsing BigDecimal numbers can result in a denial-of-service condition (crash). Updated packages are available from security.debian.org.

August 24, 2009 15:22 Debian: New libxml2 packages fix several issues

0

Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml2, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library. An XML document with specially-crafted Notation or Enumeration attribute types in a DTD definition leads to the use of a pointers to memory areas which have already been freed. Missing checks for the depth of ELEMENT DTD definitions when parsing child content can lead to extensive stack-growth due to a function recursion which can be triggered via a crafted XML document. Updated packages are available from security.debian.org.

August 24, 2009 15:21 Red Hat: Updated libxml and libxml2 packages fix multiple...

0

libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially-crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially-crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). Updated packages are available from updates.redhat.com.

August 24, 2009 15:20 Red Hat: Updated httpd packages fix multiple security issues

0

The Apache HTTP Server is a popular Web server. The httpd package shipped with Red Hat Enterprise Linux 3 contains embedded copies of the Apache Portable Runtime (APR) libraries. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the Apache Portable Runtime (APR) manages memory pool and relocatable memory allocations. An attacker could use these flaws to issue a specially-crafted request for memory allocation, which would lead to a denial of service (application crash) or, potentially, execute arbitrary code with the privileges of an application using the APR libraries. A denial of service flaw was found in the Apache mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. Updated packages are available from updates.redhat.com.

August 24, 2009 15:18 Red Hat: Updated apr and apr-util packages fix multiple s...

0

The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the Apache Portable Runtime (APR) manages memory pool and relocatable memory allocations. An attacker could use these flaws to issue a specially-crafted request for memory allocation, which would lead to a denial of service (application crash) or, potentially, execute arbitrary code with the privileges of an application using the APR libraries. Updated packages are available from updates.redhat.com.

August 24, 2009 15:17 Red Hat: Updated subversion packages fix multiple securit...

0

Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion (server and client) when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicious server could use these flaws to cause a heap overflow on a client when it attempts to checkout or update. These heap overflows can result in a crash or, possibly, arbitrary code execution. Updated packages are available from updates.redhat.com.

August 24, 2009 15:14 Debian: New imagemagick packages fix several vulnerabilities

0

Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. Multiple integer overflows in the XInitImage function allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. An off-by-one error allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a ‘\0’ character to an out-of-bounds address. A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. A heap-based buffer overflow in the PCX coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. Updated packages are available from security.debian.org.

August 24, 2009 14:58 Red Hat: Updated java-1.6.0-sun packages correct several ...

0

The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. It fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the “Advance notification of Security Updates for Java SE” page from Sun Microsystems, listed in the References section. Updated packages are available from updates.redhat.com.

August 24, 2009 14:55 Red Hat: Updated java-1.5.0-sun packages correct several ...

0

The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. It fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. These vulnerabilities are summarized on the “Advance notification of Security Updates for Java SE” page from Sun Microsystems. Updated packages are available from updates.redhat.com.

August 24, 2009 14:39 Red Hat: Updated kernel packages fix several security issues

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. The possibility of a timeout value overflow was found in the high-resolution timers functionality, hrtimers. This could allow a local, unprivileged user to execute arbitrary code, or cause a denial of service. A flaw was found in the Intel PRO/1000 network driver which could be used by a remote attacker to send a specially-crafted packet that would cause a denial of service or code execution. Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver, which could lead to a remote denial of service or code execution. The ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw to bypass the mmap_min_addr protection mechanism and perform a NULL pointer dereference attack, or bypass the Address Space Layout Randomization (ASLR) security feature. Ramon de Carvalho Valle reported two flaws in the eCryptfs implementation. A local attacker with permissions to perform an eCryptfs mount could modify the metadata of the files in that eCrypfts mount to cause a buffer overflow, leading to a denial of service or privilege escalation. Konstantin Khlebnikov discovered a race condition in the ptrace implementation. A local, unprivileged user could use this flaw to trigger a deadlock, resulting in a partial denial of service.

August 24, 2009 14:30 Red Hat: An updated Adobe Flash Player package fixes mult...

0

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. A clickjacking flaw was discovered in Flash Player. A specially-crafted SWF file could trick a user into unintentionally or mistakenly clicking a link or a dialog. A flaw was found in the Flash Player local sandbox. A specially-crafted SWF file could cause information disclosure when it was saved to the hard drive. Updated packages are available from updates.redhat.com.

August 24, 2009 14:27 Red Hat: An updated Adobe Flash Player package fixes mult...

0

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. A clickjacking flaw was discovered in Flash Player. A specially-crafted SWF file could trick a user into unintentionally or mistakenly clicking a link or a dialog. A flaw was found in the Flash Player local sandbox. A specially-crafted SWF file could cause information disclosure when it was saved to the hard drive. Updated packages are available from updates.redhat.com.

August 24, 2009 14:26 Red Hat: Updated seamonkey packages fix a security issue

0

SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library (provided by SeaMonkey) used to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running SeaMonkey. Updated packages are available from updates.redhat.com.

August 24, 2009 14:23 Red Hat: Updated nspr and nss packages fix security issues

0

Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. Updated packages are available from updates.redhat.com.

August 24, 2009 14:18 Red Hat: Updated bind packages fix a security issue

0

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handles dynamic update message packets containing the “ANY” record type. A remote attacker could use this flaw to send a specially-crafted dynamic update packet that could cause named to exit with an assertion failure. Updated packages are available from updates.redhat.com.

August 24, 2009 14:17 Red Hat: Updated bind packages fix a security issue

0

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. A flaw was found in the way BIND handles dynamic update message packets containing the “ANY” record type. A remote attacker could use this flaw to send a specially-crafted dynamic update packet that could cause named to exit with an assertion failure. Updated packages are available from updates.redhat.com.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.