Articles / Red Hat

All articles tagged with Red Hat

April 30, 2012 07:23 Red Hat: Updated rpm packages fix multiple security issues

0

The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library (such as the rpm command line tool, or the yum and up2date package managers) to crash or, potentially, execute arbitrary code.

Updated packages are available from ftp.redhat.com.

April 27, 2012 08:35 Red Hat: An updated Adobe Flash Player package fixes one ...

0

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the specially-crafted SWF content. Updated packages are available from ftp.redhat.com.

April 27, 2012 08:22 Red Hat: Updated libtasn1 packages fix one security issue

0

libtasn1 is a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash.

Updated packages are available from ftp.redhat.com.

April 25, 2012 06:34 Red Hat: Updated gnutls packages fix two security issues

0

The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.

Updated packages are available from ftp.redhat.com.

April 25, 2012 06:33 Red Hat: Updated openssl packages fix two security issues

0

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions (S/MIME) messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. A flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS) implementations in OpenSSL. An attacker could possibly use this flaw to perform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or S/MIME message by sending a large number of chosen ciphertext messages to a service using OpenSSL and measuring error response times.

Updated packages are available from ftp.redhat.com.

April 23, 2012 06:15 Red Hat: Updated gnutls packages fix three security issues

0

The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.

Updated packages are available from ftp.redhat.com.

April 20, 2012 09:32 Red Hat: Updated raptor packages fix one security issue

0

Raptor provides parsers for Resource Description Framework (RDF) files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Updated packages are available from ftp.redhat.com.

April 20, 2012 09:31 Red Hat: Updated openoffice.org packages fix one security...

0

OpenOffice.org is an office productivity suite. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If OpenOffice.org were to open a specially-crafted file (such as an OpenDocument Format or OpenDocument Presentation file), it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running OpenOffice.org had access to. A bug in the way Raptor handled external entities could cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. Updated packages are available from ftp.redhat.com.

April 18, 2012 08:41 Red Hat: Updated libpng packages fix one security issue

0

The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap-based buffer overflow flaw was found in the way libpng processed compressed chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Updated packages are available from ftp.redhat.com.

April 16, 2012 06:08 Red Hat: Updated glibc packages fix one security issue

0

The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. Updated packages are available from ftp.redhat.com.

April 12, 2012 08:05 Red Hat: An updated thunderbird package fixes multiple se...

0

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws were found in the way Thunderbird parsed certain Scalable Vector Graphics (SVG) image files. An HTML mail message containing a malicious SVG image file could cause an information leak, or cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw could allow malicious content to bypass intended restrictions, possibly leading to a cross-site scripting (XSS) attack if a user were tricked into dropping a “javascript:” link onto a frame.

It was found that the home page could be set to a “javascript:” link. If a user were tricked into setting such a home page by dragging a link to the home button, it could cause Firefox to repeatedly crash, eventually leading to arbitrary code execution with the privileges of the user running Firefox. A similar flaw was found and fixed in Thunderbird. A flaw was found in the way Thunderbird parsed certain, remote content containing “cssText”. Malicious, remote content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that by using the DOM fullscreen API, untrusted content could bypass the mozRequestFullscreen security protections. Malicious content could exploit this API flaw to cause user interface spoofing.

A flaw was found in the way Thunderbird handled content with multiple Content Security Policy (CSP) headers. This could lead to a cross-site scripting attack if used in conjunction with a website that has a header injection flaw.

Updated packages are available from ftp.redhat.com.

April 12, 2012 08:04 Red Hat: Updated firefox packages fix multiple security i...

0

Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Two flaws were found in the way Firefox parsed certain Scalable Vector Graphics (SVG) image files. A web page containing a malicious SVG image file could cause an information leak, or cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw could allow a malicious site to bypass intended restrictions, possibly leading to a cross-site scripting (XSS) attack if a user were tricked into dropping a “javascript:” link onto a frame.

It was found that the home page could be set to a “javascript:” link. If a user were tricked into setting such a home page by dragging a link to the home button, it could cause Firefox to repeatedly crash, eventually leading to arbitrary code execution with the privileges of the user running Firefox. A flaw was found in the way Firefox parsed certain web content containing “cssText”. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that by using the DOM fullscreen API, untrusted content could bypass the mozRequestFullscreen security protections. A web page containing malicious web content could exploit this API flaw to cause user interface spoofing.

A flaw was found in the way Firefox handled pages with multiple Content Security Policy (CSP) headers. This could lead to a cross-site scripting attack if used in conjunction with a website that has a header injection flaw.

Updated packages are available from ftp.redhat.com.

April 08, 2012 15:49 Red Hat: Updated systemtap packages fix one security issue

0

SystemTap is an instrumentation system for systems running the Linux kernel. An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system or, potentially, read arbitrary kernel memory. Additionally, a privileged user (root, or a member of the stapdev group) could trigger this flaw when tricked into instrumenting a specially-crafted ELF binary, even when unprivileged mode was not enabled. Updated packages are available from ftp.redhat.com.

April 06, 2012 18:47 Red Hat: Updated xen packages fix one security issue

0

The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap overflow flaw was found in the way QEMU emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash QEMU or, possibly, escalate their privileges on the host. Updated packages are available from ftp.redhat.com.

April 06, 2012 18:44 Red Hat: An updated python-sqlalchemy package fixes one s...

0

SQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible, high-level interface to SQL databases. It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, and did not filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perform an SQL injection attack against the application. Updated packages are available from ftp.redhat.com.

April 04, 2012 07:34 Red Hat: Updated kernel packages fix various security issues

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk. Flaws in ghash_update() and ghash_final() could allow a local, unprivileged user to cause a denial of service. A flaw was found in the Linux kernel’s Journaling Block Device (JBD). A local, unprivileged user could use this flaw to crash the system by mounting a specially-crafted ext3 or ext4 disk.

It was found that the KVM (Kernel-based Virtual Machine) subsystem did not check if the user requesting device assignment was privileged or not. A local, unprivileged user on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing. Two flaws were found in the way the __sys_sendmsg() function accessed user-space memory. A local, unprivileged user could use these flaws to cause a denial of service. A flaw was found in the way the KVM subsystem handled PIT (Programmable Interval Timer) IRQs when there was no virtual interrupt controller set up. A local, unprivileged user on the host could force this situation to occur, resulting in the host crashing.

A flaw was found in the way the XFS file system implementation handled on-disk Access Control Lists (ACLs). A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk. A flaw was found in the way the KVM hypervisor implementation emulated the syscall instruction for 32-bit guests. An unprivileged guest user could trigger this flaw to crash the guest. A divide-by-zero flaw was found in the igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service.

Updated packages are available from ftp.redhat.com.

April 04, 2012 07:33 Red Hat: An updated Adobe Flash Player package fixes two ...

0

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. A flaw was found in the way flash-plugin displayed certain SWF content. An attacker could use this flaw to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. A flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially-crafted web page. Updated packages are available from ftp.redhat.com.

March 19, 2012 09:59 Red Hat: Updated samba packages fix one security issue

0

Samba is a suite of programs used by machines to share files, printers, and other information. An input validation flaw was found in the way Samba handled Any Batched (AndX) requests. A remote, unauthenticated attacker could send a specially-crafted SMB packet to the Samba server, possibly resulting in arbitrary code execution with the privileges of the Samba server (root). Updated packages are available from ftp.redhat.com.

March 14, 2012 20:01 Red Hat: Updated libxml2 packages fix one security issue

0

The libxml2 library is a development toolbox providing the implementation of various XML standards. It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. Updated packages are available from ftp.redhat.com.

March 14, 2012 19:58 Red Hat: Updated httpd packages fix multiple security issues

0

The Apache HTTP Server is a popular web server. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server’s domain context could use this flaw to gain access to httpOnly cookies. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions. An attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a “.htaccess” file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the “apache” user.

A flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown.

March 14, 2012 19:50 Red Hat: Updated java-1.6.0-openjdk packages fix several ...

0

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.

The AtomicReferenceArray class implementation did not properly check if the array was of the expected Object type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. It was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. The HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially-crafted request.

The Java Sound component did not properly check buffer boundaries. Malicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. A flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. It was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data.

An off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially-crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened.

Updated packages are available from ftp.redhat.com.

March 12, 2012 08:32 Red Hat: Updated cvs packages fix one security issue

0

Concurrent Version System (CVS) is a version control system that can record the history of your files. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client. Updated packages are available from ftp.redhat.com.

March 12, 2012 08:31 Red Hat: Updated ImageMagick packages fix one security issue

0

ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. It was found that ImageMagick utilities tried to load ImageMagick configuration files from the current working directory. If a user ran an ImageMagick utility in an attacker-controlled directory containing a specially-crafted ImageMagick configuration file, it could cause the utility to execute arbitrary code. Updated packages are available from ftp.redhat.com.

March 12, 2012 08:30 Red Hat: An updated vixie-cron package fixes one security...

0

The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. The vixie-cron package adds improved security and more powerful configuration options to the standard version of cron. A race condition was found in the way the crontab program performed file time stamp updates on a temporary file created when editing a user crontab file. A local attacker could use this flaw to change the modification time of arbitrary system files via a symbolic link attack. Updated packages are available from ftp.redhat.com.

March 12, 2012 08:29 Red Hat: Updated boost packages fix two security issues

0

The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. Invalid pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker able to make an application using the Boost library process a specially-crafted regular expression could cause that application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. NULL pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker able to make an application using the Boost library process a specially-crafted regular expression could cause that application to crash. Updated packages are available from ftp.redhat.com.

March 12, 2012 08:24 Red Hat: Updated conga packages fix multiple security issues

0

The conga packages provide a web-based administration tool for remote cluster and storage management. Multiple cross-site scripting (XSS) flaws were found in luci, the conga web-based administration application. If a remote attacker could trick a user, who was logged into the luci interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user’s luci session. Updated packages are available from ftp.redhat.com.

March 08, 2012 07:06 Red Hat: Updated cups packages fix one security issue

0

The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the “lp” user. Updated packages are available from ftp.redhat.com.

March 08, 2012 07:05 Red Hat: Updated kvm packages fix one security issue

0

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. It was found that the kvm_vm_ioctl_assign_device() function in the KVM subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A member of the kvm group on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing. Updated packages are available from ftp.redhat.com.

March 08, 2012 07:04 Red Hat: Updated xorg-x11-server packages fix one securit...

0

X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. Updated packages are available from ftp.redhat.com.

March 08, 2012 07:03 Red Hat: Updated krb5 packages fix one security issue

0

Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). It was found that ftpd, a Kerberos-aware FTP server, did not properly drop privileges. On Red Hat Enterprise Linux 5, the ftpd daemon did not check for the potential failure of the effective group ID change system call. If the group ID change failed, a remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group. Updated packages are available from ftp.redhat.com.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.