Articles / Red Hat

All articles tagged with Red Hat

April 01, 2009 14:53 Red Hat: Updated net-snmp packages fix a security issue

0

The Simple Network Management Protocol (SNMP) is a protocol used for network management. It was discovered that the snmpd daemon did not use TCP wrappers correctly, causing network hosts access restrictions defined in “/etc/hosts.allow” and “/etc/hosts.deny” to not be honored. A remote attacker could use this flaw to bypass intended access restrictions. Updated packages are available from updates.redhat.com.

April 01, 2009 14:49 Red Hat: Updated java-1.6.0-ibm packages fix several secu...

0

The IBM® 1.6.0 Java™ release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM “Security alerts” page listed in the References section. Updated packages are available from updates.redhat.com.

April 01, 2009 14:47 Red Hat: Updated acroread packages fix multiple security ...

0

Adobe Reader allows users to view and print documents in Portable Document Format (PDF). Multiple input validation flaws were discovered in the JBIG2 compressed images decoder used by Adobe Reader. A malicious PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader. Updated packages are available from updates.redhat.com.

April 01, 2009 14:46 Red Hat: Updated NetworkManager packages fix a security i...

0

NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. An information disclosure flaw was found in NetworkManager’s D-Bus interface. A local attacker could leverage this flaw to discover sensitive information, such as network connection passwords and pre-shared keys. Updated packages are available from updates.redhat.com.

April 01, 2009 14:45 Red Hat: Updated NetworkManager packages fix two security...

0

NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. An information disclosure flaw was found in NetworkManager’s D-Bus interface. A local attacker could leverage this flaw to discover sensitive information, such as network connection passwords and pre-shared keys. A potential denial of service flaw was found in NetworkManager’s D-Bus interface. A local user could leverage this flaw to modify local connection settings, preventing the system’s network connection from functioning properly. Updated packages are available from updates.redhat.com.

April 01, 2009 14:42 Red Hat: Updated glib2 packages fix several security issues

0

GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system. Diego Pettenò discovered multiple integer overflows causing heap-based buffer overflows in GLib’s Base64 encoding and decoding functions. An attacker could use these flaws to crash an application using GLib’s Base64 functions to encode or decode large, untrusted inputs, or, possibly, execute arbitrary code as the user running the application. Updated packages are available from updates.redhat.com.

April 01, 2009 14:39 Red Hat: Updated thunderbird package fixes several securi...

0

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. Additionally, it could potentially trick a Thunderbird user into surrendering sensitive information. Updated packages are available from updates.redhat.com.

March 23, 2009 15:45 Red Hat: Updated libvirt packages fix two security issues

0

libvirt is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. libvirt also provides tools for remotely managing virtualized systems. The libvirtd daemon was discovered to not properly check user connection permissions before performing certain privileged actions, such as requesting migration of an unprivileged guest domain to another system. libvirt_proxy, a setuid helper application allowing non-privileged users to communicate with the hypervisor, was discovered to not properly validate user requests. Updated packages are available from updates.redhat.com.

March 23, 2009 15:43 Red Hat: Updated ghostscript packages fix multiple securi...

0

Ghostscript is a set of software that provides a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in Ghostscript’s International Color Consortium Format library (icclib). Using specially-crafted ICC profiles, an attacker could create a malicious PostScript or PDF file with embedded images which could cause Ghostscript to crash, or, potentially, execute arbitrary code when opened by the victim. Updated packages are available from updates.redhat.com.

March 23, 2009 15:42 Red Hat: Updated curl packages fix a security issue

0

cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. David Kierznowski discovered a flaw in libcurl where it would not differentiate between different target URLs when handling automatic redirects. This caused libcurl to follow any new URL that it understood, including the “file://” URL type. This could allow a remote server to force a local libcurl-using application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed. Updated packages are available from updates.redhat.com.

March 23, 2009 15:41 Red Hat: Updated lcms packages resolve several security i...

0

Little Color Management System (LittleCMS, or simply “lcms”) is a small-footprint, speed-optimized open source color management engine. Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in LittleCMS. An application using LittleCMS could use excessive amount of memory, and possibly crash after using all available memory, if used to open specially-crafted images. Updated packages are available from updates.redhat.com.

March 23, 2009 11:38 Red Hat: Updated evolution and evolution-data-server pack...

0

Evolution is the integrated collection of e-mail, calendaring, contact management, communications, and personal information management (PIM) tools for the GNOME desktop environment. Evolution did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. It was discovered that evolution did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause evolution to disclose portions of its memory or crash during user authentication. Multiple integer overflow flaws which could cause heap-based buffer overflows were found in the Base64 encoding routines used by evolution and evolution-data-server. This could cause evolution, or an application using evolution-data-server, to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. Updated packages are available from updates.redhat.com.

March 23, 2009 11:37 Red Hat: Updated evolution-data-server fix multiple secur...

0

Evolution Data Server provides a unified back-end for applications which interact with contacts, task, and calendar information. Evolution Data Server was originally developed as a back-end for Evolution, but is now used by multiple other applications. Evolution Data Server did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. It was discovered that Evolution Data Server did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause an application using Evolution Data Server to disclose portions of its memory or crash during user authentication. Multiple integer overflow flaws which could cause heap-based buffer overflows were found in the Base64 encoding routines used by Evolution Data Server. This could cause an application using Evolution Data Server to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. Updated packages are available from updates.redhat.com.

March 23, 2009 11:35 Red Hat: Updated libsoup and evolution28-libsoup packages...

0

libsoup is an HTTP client/library implementation for GNOME written in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. An integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup’s Base64 encoding routine. An attacker could use this flaw to crash, or, possibly, execute arbitrary code. This arbitrary code would execute with the privileges of the application using libsoup’s Base64 routine to encode large, untrusted inputs. Updated packages are available from updates.redhat.com.

March 15, 2009 23:55 Red Hat: Updated kernel packages resolve several security...

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow was found in the Linux kernel Partial Reliable Stream Control Transmission Protocol (PR-SCTP) implementation. This could, potentially, lead to a denial of service if a Forward-TSN chunk is received with a large stream ID. A memory leak was found in keyctl handling. A local, unprivileged user could use this flaw to deplete kernel memory, eventually leading to a denial of service. A deficiency was found in the Remote BIOS Update (RBU) driver for Dell systems. A deficiency was found in the libATA implementation. This could, potentially, lead to a denial of service. Note: by default, “/dev/sg*” devices are accessible only to the root user. Updated packages are available from updates.redhat.com.

March 15, 2009 23:53 Red Hat: Updated icu packages fix a security issue

0

The International Components for Unicode (ICU) library provides robust and full-featured Unicode services. A flaw was found in the way ICU processed certain, invalid, encoded data. If an application used ICU to decode malformed, multibyte, character data, it may have been possible to bypass certain content protection mechanisms, or display information in a manner misleading to the user. Updated packages are available from updates.redhat.com.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.