Linux vendors Red Hat, Novell/SUSE, Mandrakesoft, Debian, and
Gentoo issued advisories and patches this week for a number of vulnerabilities.
Red Hat, Novell/SUSE, Mandrakesoft, Debian, and Gentoo issued advisories and patches this week for a number of vulnerabilities.
Red Hat issued updates for its
libtiff package, which
includes a function library for manipulating TIFF image files. Security
research firm iDefense had reported an integer overflow bug that affected
the package that could have allowed an attacker to exploit it when open, causing an
image to crash or execute arbitrary code.
The Xpdf
Red Hat packages were also updated to prevent the exploitation
of a buffer overflow that was found in the PDF viewer. Red Hat noted in
its advisory,
however, that the Exec-Shield technology (enabled by default
since Update 3) will block attempts to exploit this vulnerability on x86
architectures.
Red Hat Enterprise Linux Update 3, which was released in
September and also included NX (no execute) support, was a source of discussion on the main Linux Kernel developers’ list in June.
Red Hat also updated its
Mozilla packages
to fix a buffer overflow issue
(CAN-2004-1316) in the way the browser handles NNTP URLs.
Novell issued updates for multiple vulnerabilities in SUSE Linux. If exploited, they could lead to
systems being compromised, as well as cross-site scripting and DoS attacks. In an
e-mail to
the SUSE security announcement list, Marcus Meissner noted that the update
solved nine security vulnerabilities, including problems with acroread document parsing,
iproute2 denial of service,
namazu cross-site scripting, and an mpg123 play list option buffer overflow.
Both Debian
and Gentoo
issued updates for their respective exim
packages, which could have possibly been exploited to allow for a local
privilege escalation attack. Exim is a configurable message transfer
agent (MTA).
Additionally, Gentoo issued an
update
to cover the “multiple overflows [that] have been found in the imlib2 library image decoding routines,
potentially allowing the execution of arbitrary code.”
Not to be left out of the patch bonanza, Mandrakesoft
issued a patch
for its imlib image handler packages. There was a heap overflow as well as
integer overflow vulnerability in the packages that could have allowed an
attacker to crash a system or execute arbitrary code when an image file
was opened. The same vulnerability also exists in Gentoo’s imlib2
packages and has also had a patch issued for it.
This article was originally published on internetnews.com.
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
ServerWatch is a top resource on servers. Explore the latest news, reviews and guides for server administrators now.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
