An update for openjpeg2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
Updated cvs packages that fix remote denial of service vulnerabilities are now available. (This is a legacy Red Hat fix, released by the Fedora Project).
This release also includes an updated RHNS-CA-CERT file, which contains an additional CA certificate. This is needed so that up2date can continue to communicate with Red Hat Network once the current CA certificate reaches its August 2003 expiration date.
A bug has been found in versions of lv that read a .lv file in the current directory. Local attackers can use this to place an .lv file in any directory to which they have write access.
Versions of man before 1.51 have a bug where a malformed man file can cause a program named “unsafe” to be run.
Updated zlib packages are now available which fix a buffer overflow vulnerability.
Updated mICQ packages are available for Red Hat Linux versions 7.2 and 7.3 that fix a remote crash.
Unpatched versions of mgetty prior to 1.1.29 would overflow an internal buffer if the caller name reported by the modem was too long.
Updated Kerberos packages for Red Hat Linux 9 fix a number of vulnerabilities found in MIT Kerberos.
Andreas Beck discovered that versions of pam_xauth supplied with Red Hat Linux since version 7.1 would forward authorization information from the root account to unprivileged users.
Al Viro found a buffer overflow in Window Maker 0.80.0 and earlier which may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer.
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets.
Two Cross-site scripting vulnerabilities have been found that affect SquirrelMail version 1.2.7 and earlier.
Updated mailman packages are now available for Red Hat Secure Web Server3.2 (U.S.). These updates resolve a cross-site scripting vulnerabilitypresent in versions of Mailman prior to 2.0.11.
This vulnerability makes it easy to perform various denial-of-service attacks against such programs. It is also possible that an attacker could manage a more significant exploit, such as running arbitrary code on the affected system.
New util-linux packages are available that fix a problem with /bin/login’sPAM implementation. This could, in some non-default setups, cause users toreceive credentials of other users. It is recommended that all usersupdate to the fixed packages.
The initscript distributed with the setserial package (which is not installed or enabled by default) uses predictable temporary file names, and should not be used. setserial-2.17-4 and earlier versions are affected.
A security hole has been found that does not affect the default configuration of Red Hat Linux, but can affect some custom configurations of Red Hat Linux 7.1 only. The bug is specific to the Linux 2.4 kernel series.
Updated curl packages are available for Red Hat Power Tools 6.x and 7.
Multiple security problems and a gpmctl vulnerability exists.
A number of possible buffer overruns were found in libraries includedin the affected packages. A denial-of-service vulnerability was also foundin the ksu program.
gpm-root (part of the gpm packge) fails to drop gid 0 priviledges when executing user commands.
A security bug has been discovered and fixed in the userhelper program.
New packages of am-utils are available for all Red Hat Linux platforms. This version includes an important security fix for a buffer overrun problem which is being actively exploited on the Internet.
52 queries. 9 mb Memory usage. 0.268 seconds.