Guides Linux Mainstays Issue Patches

Linux Mainstays Issue Patches




Linux vendors Red Hat, Novell/SUSE, Mandrakesoft, Debian, and
Gentoo issued advisories and patches this week for a number of vulnerabilities.

Red Hat, Novell/SUSE, Mandrakesoft, Debian, and Gentoo issued advisories and patches this week for a number of vulnerabilities.

Red Hat issued updates for its
libtiff package, which
includes a function library for manipulating TIFF image files. Security
research firm iDefense had reported an integer overflow bug that affected
the package that could have allowed an attacker to exploit it when open, causing an
image to crash or execute arbitrary code.

The Xpdf
Red Hat packages were also updated to prevent the exploitation
of a buffer overflow that was found in the PDF viewer. Red Hat noted in
its advisory,
however, that the Exec-Shield technology (enabled by default
since Update 3) will block attempts to exploit this vulnerability on x86
architectures.

Red Hat Enterprise Linux Update 3, which was released in
September and also included NX (no execute) support, was a source of discussion on the main Linux Kernel developers’ list in June.

Red Hat also updated its
Mozilla packages
to fix a buffer overflow issue
(CAN-2004-1316) in the way the browser handles NNTP URLs.

Novell issued updates for multiple vulnerabilities in SUSE Linux. If exploited, they could lead to
systems being compromised, as well as cross-site scripting and DoS attacks. In an
e-mail to
the SUSE security announcement list, Marcus Meissner noted that the update
solved nine security vulnerabilities, including problems with acroread document parsing,
iproute2 denial of service,
namazu cross-site scripting, and an mpg123 play list option buffer overflow.

Both Debian
and Gentoo
issued updates for their respective exim
packages, which could have possibly been exploited to allow for a local
privilege escalation attack. Exim is a configurable message transfer
agent (MTA).

Additionally, Gentoo issued an
update
to cover the “multiple overflows [that] have been found in the imlib2 library image decoding routines,
potentially allowing the execution of arbitrary code.”

Not to be left out of the patch bonanza, Mandrakesoft
issued a patch
for its imlib image handler packages. There was a heap overflow as well as
integer overflow vulnerability in the packages that could have allowed an
attacker to crash a system or execute arbitrary code when an image file
was opened. The same vulnerability also exists in Gentoo’s imlib2
packages and has also had a patch issued for it.

This article was originally published on internetnews.com.

Latest Posts

How to Convert a Physical Computer to a Virtual Machine

Many organizations are implementing virtualization technology into their networks to convert physical computers to virtual machines (VM). This helps reduce overall physical hardware costs,...

HPE ProLiant DL380 Gen10: Rack Server Overview and Insight

The HPE ProLiant DL380 series has consistently been a market leader in the server space. The Gen10 released in 2017 further increased HPE's market...

Best Server Management Software & Tools 2021

Finding the best server management software tools for your organization can have a major impact on the success of your business operations. Manually handling...

IBM AS/400: Lasting the Test of Time

Some server operating systems (OS) were built to survive the test of time – the IBM AS/400 is one such system.  The AS/400 (Application System/400)...

What is Disaster Recovery?

The modern organization's heavy dependence on using data to drive their business has made having a Disaster Recovery (DR) plan in place a necessity....

Related Stories