The SuSE Security Team has reviewed critical parts of the Heimdal package such as the kadmind and kdc server. While doing so several potential buffer overflows and other bugs have been uncovered and fixed. Remote attackers can probably gain remote root access on systems without fixes. Since these services usually run on authentication servers these bugs are considered very serious.
Some potential local security vulnerabilities were found in the kernel during code audits; these have been fixed in the
Updated kernel fixes local security issues and provides several updated drivers to support newer hardware and fix bugs under Red Hat Linux 7.3.
A new errata kernel based on the
Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges of the victim.
A number of vulnerabilities were discovered in Apache versions prior to 1.3.27.
With the release of Mandrake Linux 9.0, we will no longer be supporting some older distributions, particularly versions 7.1 and Corporate Server 1.0.1. If you are still using one of these distributions, we suggest you upgrade to a more recent version of Mandrake Linux.
Xinetd contains a denial-of-service (DoS) vulnerability.
Péter Höltzl discovered a problem in the way syslog-ng handles macro expansion. When a macro is expanded a static length buffer is used accompanied by a counter. However, when constant chharacters are appended, the counter is not updated properly, leading to incorrect boundary checking. An attacker may be able to use specially crafted log messages inserted via UDP which overflows the buffer.
Heartbeat is a monitoring service that is used to implement failover in high-availablity environments. It can be configured to monitor other systems via serial connections, or via UDP/IP.
dvips contains a vulnerability allowing print users to execute arbitrary commands
Nathan Wallwork discovered a buffer overflow in heartbeat, a subsystem for High-Availability Linux. A remote attacker could send a specially crafted TCP packet that overflows a buffer, leaving heartbeat to execute arbitrary code as root.
Updated squirrelmail packages are now available for Red Hat Linux.
A directory traversal vulnerability was discovered in GNU tar version 1.13.25 and earlier that allows attackers to overwrite arbitrary files during extraction of the archive by using a ".." (dot dot) in an extracted filename.
A directory traversal vulnerability was discovered in unzip version 5.42 and earlier that allows attackers to overwrite arbitrary files during extraction of the archive by using a ".." (dot dot) in an extracted filename, as well as prefixing filenames in the archive with "/" (slash).
Updated packages for gv and ggv fix a local buffer overflow when reading malformed PDF or PostScript(R) files.
Updated packages for analog are available which fix a cross-site scripting problem and a denial of service problem.
The developers of Bugzilla, a web-based bug tracking system, discovered a problem in the handling of more than 47 groups. When a new product is added to an installation with 47 groups or more and "usebuggroups" is enabled, the new group will be assigned a groupset bit using Perl math that is not exact beyond 2^48. This results in the new group being defined with a "bit" that has several bits set. As users are given access to the new group, those users will also gain access to spurious lower group privileges. Also, group bits were not always reused when groups were deleted.
Package : fetchmail, fetchmail-ssl Vulnerability : buffer overflows Problem-Type : remote Debian-specific: no