RedHat: zlib buffer overflow vulernability
Apr29
on April 29, 2003
at 9:38 am
Posted In: Uncategorized
Updated zlib packages are now available which fix a buffer overflow vulnerability.
Comment
Posts Tagged Red Hat Linux Distribution – Security Advisories
1459 results.
RedHat: micq denial of service vulnerability
Apr25
on April 25, 2003
at 11:58 am
Posted In: Uncategorized
Updated mICQ packages are available for Red Hat Linux versions 7.2 and 7.3 that fix a remote crash.
RedHat: mgetty buffer overflow vulnerability
Apr08
on April 8, 2003
at 10:04 am
Posted In: Uncategorized
Unpatched versions of mgetty prior to 1.1.29 would overflow an internal buffer if the caller name reported by the modem was too long.
RedHat: kerberos mutliple vulnerabilities
Apr02
on April 2, 2003
at 7:59 am
Posted In: Uncategorized
Updated Kerberos packages for Red Hat Linux 9 fix a number of vulnerabilities found in MIT Kerberos.
RedHat: pam_xauth information leak vulnerability
Feb13
on February 13, 2003
at 9:38 am
Posted In: Uncategorized
Andreas Beck discovered that versions of pam_xauth supplied with Red Hat Linux since version 7.1 would forward authorization information from the root account to unprivileged users.
RedHat: windowmaker buffer overflow vulnerability
Feb06
on February 6, 2003
at 12:01 pm
Posted In: Uncategorized
Al Viro found a buffer overflow in Window Maker 0.80.0 and earlier which may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer.
RedHat: kernel 2.4 ehternet vulnerability
Feb04
on February 4, 2003
at 3:38 pm
Posted In: Uncategorized
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets.
RedHat: SquirrelMail XSS vulnerabilities
Oct11
on October 11, 2002
at 10:23 am
Posted In: Uncategorized
Two Cross-site scripting vulnerabilities have been found that affect SquirrelMail version 1.2.7 and earlier.
Updated mailman packages are now available for Red Hat Secure Web Server3.2 (U.S.). These updates resolve a cross-site scripting vulnerabilitypresent in versions of Mailman prior to 2.0.11.
This vulnerability makes it easy to perform various denial-of-service attacks against such programs. It is also possible that an attacker could manage a more significant exploit, such as running arbitrary code on the affected system.
RedHat: ‘util-linux’ Elevated privileges vulnerability
Oct16
on October 16, 2001
at 7:53 pm
Posted In: Uncategorized
New util-linux packages are available that fix a problem with /bin/login’sPAM implementation. This could, in some non-default setups, cause users toreceive credentials of other users. It is recommended that all usersupdate to the fixed packages.
Red Hat: ‘setserial’ initscript temporary file vulnerability
Sep26
on September 26, 2001
at 6:11 pm
Posted In: Uncategorized
The initscript distributed with the setserial package (which is not installed or enabled by default) uses predictable temporary file names, and should not be used. setserial-2.17-4 and earlier versions are affected.
A security hole has been found that does not affect the default configuration of Red Hat Linux, but can affect some custom configurations of Red Hat Linux 7.1 only. The bug is specific to the Linux 2.4 kernel series.
Updated curl packages are available for Red Hat Power Tools 6.x and 7.
Multiple security problems and a gpmctl vulnerability exists.
A number of possible buffer overruns were found in libraries includedin the affected packages. A denial-of-service vulnerability was also foundin the ksu program.
gpm-root (part of the gpm packge) fails to drop gid 0 priviledges when executing user commands.
RH6.1: New version of usermode fixes security bug
Jan10
on January 10, 2000
at 10:55 pm
Posted In: Uncategorized
A security bug has been discovered and fixed in the userhelper program.
New packages of am-utils are available for all Red Hat Linux platforms. This version includes an important security fix for a buffer overrun problem which is being actively exploited on the Internet.