Guides Linux Mainstays Issue Patches

Linux Mainstays Issue Patches




Linux vendors Red Hat, Novell/SUSE, Mandrakesoft, Debian, and
Gentoo issued advisories and patches this week for a number of vulnerabilities.

Red Hat, Novell/SUSE, Mandrakesoft, Debian, and Gentoo issued advisories and patches this week for a number of vulnerabilities.

Red Hat issued updates for its
libtiff package, which
includes a function library for manipulating TIFF image files. Security
research firm iDefense had reported an integer overflow bug that affected
the package that could have allowed an attacker to exploit it when open, causing an
image to crash or execute arbitrary code.

The Xpdf
Red Hat packages were also updated to prevent the exploitation
of a buffer overflow that was found in the PDF viewer. Red Hat noted in
its advisory,
however, that the Exec-Shield technology (enabled by default
since Update 3) will block attempts to exploit this vulnerability on x86
architectures.

Red Hat Enterprise Linux Update 3, which was released in
September and also included NX (no execute) support, was a source of discussion on the main Linux Kernel developers’ list in June.

Red Hat also updated its
Mozilla packages
to fix a buffer overflow issue
(CAN-2004-1316) in the way the browser handles NNTP URLs.

Novell issued updates for multiple vulnerabilities in SUSE Linux. If exploited, they could lead to
systems being compromised, as well as cross-site scripting and DoS attacks. In an
e-mail to
the SUSE security announcement list, Marcus Meissner noted that the update
solved nine security vulnerabilities, including problems with acroread document parsing,
iproute2 denial of service,
namazu cross-site scripting, and an mpg123 play list option buffer overflow.

Both Debian
and Gentoo
issued updates for their respective exim
packages, which could have possibly been exploited to allow for a local
privilege escalation attack. Exim is a configurable message transfer
agent (MTA).

Additionally, Gentoo issued an
update
to cover the “multiple overflows [that] have been found in the imlib2 library image decoding routines,
potentially allowing the execution of arbitrary code.”

Not to be left out of the patch bonanza, Mandrakesoft
issued a patch
for its imlib image handler packages. There was a heap overflow as well as
integer overflow vulnerability in the packages that could have allowed an
attacker to crash a system or execute arbitrary code when an image file
was opened. The same vulnerability also exists in Gentoo’s imlib2
packages and has also had a patch issued for it.

This article was originally published on internetnews.com.

Latest Posts

KVM vs VMware Hypervisor Comparison 2020

The KVM vs VMware hypervisor comparison is a classic debate. Hypervisors have increased in usability and power over the last several years as more...

Compare HP’s iLo & Dell’s iDRAC Server Management Tools

Most servers shipped from the major manufacturers today come with some type of out-of-band management tool or baseboard management controller (BMC). Two of the...

Get-MsolUser PowerShell Attributes & Properties

This article has been updated for 2020. Please note that WAAD was retired in 2018, but the cmdlets listed in this article are still...

Microsoft Azure PowerShell Scripts and Commands

Using PowerShell scripts and commands for quickly executing tasks in Windows operating systems offers a number of benefits over traditional scripting languages, such as...

Microsoft Hyper V Review

Microsoft Hyper-V: The Bottom line Microsoft Hyper-V lagged behind VMware's virtualization tool, one of the most popular tools in the space, when it was first...

Related Stories