Showing all newswire headlines

Updated imlib packages are now available for Red Hat Linux 6.2, 7, 7.1 and 7.2 which fix potential problems loading untrusted images.

Several buffer overflows were found in the tcpdump package by FreeBSD developers during a code audit, in versions prior to 3.5. However, newer versions of tcpdump, including 3.6.2, are also vulnerable to another buffer overflow in the AFS RPC decoding functions, which was discovered by Nick Cleaton. These vulnerabilities could be used by a remote attacker to crash the the tcpdump process or possibly even be exploited to execute arbitrary code as the user running tcpdump, which is usually root. The newer libpcap 0.6 has also been audited to make it more safe by implementing better buffer boundary checks in several functions.

Wojciech Purczynski reported a race condition in some utilities in the GNU fileutils package that may cause root to delete the entire filesystem. This only affects version 4.1 stable and 4.1.6 development versions, and the authors have fixed this in the latest development version.

Updated mpg321 packages are available for Red Hat Linux 7.2, which fix a buffer overflow in the network streaming code as well as other bugs.

Lukemftp (ftp(1), /usr/bin/ftp, /usr/bin/pftp) is a compfortable ftp client from NetBSD. A buffer overflow could be triggered by an malicious ftp server while the client parses the PASV ftp command. An attacker who control an ftp server to which a client using lukemftp is connected can gain remote access to the clients machine with the privileges of the user running lukeftp.

The shadow package contains several useful programs to maintain the entries in the /etc/passwd and /etc/shadow files. The SuSE Security Team discovered a vulnerability that allows local attackers to destroy the contents of these files or to extend the group privileges of certain users. This is possible by setting evil filesize limits before invoking one of the programs modifying the system files. Depening on the permissions of the system binaries this allows a local attacker to gain root privileges in the worst case. This however is not possible in a default installation. The bug has been fixed by ensuring the integrity of the data written to temporary files before moving them to the appropriate location of the system. There is no workaround so we recommend an update in any case. It is necessary to update the shadow package as well as the pam-modules package in order to prevent the truncation attacks.

Updated packages are available which fix a security issue in Mozilla.

Updated packages for sharutils are available which fix potential privilege escalation using the uudecode utility.

Updated perl-Digest-MD5 packages are available which work around a bug in the utf8 interaction between perl-Digest-MD5 and Perl.

A problem was discovered with Netfilter Network Address Translation (NAT) capabilities. It was found that iptables can leak information about how port forwarding is accomplished in unfiltered ICMP packets.

Netfilter ("iptables") can leak information about how port forwarding is done in unfiltered ICMP packets. The older "ipchains" code is not affected. This bug only affects users using the Network Address Translation features of firewalls built with netfilter ("iptables"). Red Hat Linux's firewall configuration tools use "ipchains," and those configurations are not vulnerable to this bug.

Updated mod_python packages have been made available for Red Hat Linux 7.2 and 7.3. These updates close a security issue in mod_python which allows the publisher handler to use modules which have only been indirectly imported. This re-issue adds packages for Red Hat Linux 7.3.

The ifup-dhcp script which is part of the sysconfig package is responsible for setting up network-devices using configuration data obtained from a DHCP server by the dhcpcd DHCP client. It is possible for remote attackers to feed this script with evil data via spoofed DHCP replies for example. This way ifup-dhcp could be tricked into executing arbitrary commands as root. The ifup-dhcp shellscript has been fixed to not source the file containing the possible evil data anymore. Even though the sysconfig package is installed by default, this problem only affects systems with certain dhcp network-setups so only users using DHCP should update their sysconfig package.

The imlib library can be used by X11 applications to handle various kinds of image data.

RALEIGH, NC--May 6, 2002--Red Hat, Inc. (Nasdaq:RHAT) today released Red Hat Linux version 7.3, a highly configurable operating system (OS) designed for deployments ranging from games and personal productivity to file, print and web serving. Red Hat Linux 7.3 adds new productivity tools, personal firewall configuration at installation, and video conferencing software to deliver everything individual users, educational institutions and small businesses need for flexible Internet-based computing.

The Nautilus file manager in Red Hat Linux 7.2 has a symlink vulnerability.

Updated mod_python packages have been made available for Red Hat Linux 7.

DocBook is a document markup language that can be transformed into other formats using a stylesheet. The default stylesheet provided with Red Hat Linux has an insecure option enabled.

The sudo program allows local users to execute certain configured commands with root priviledges. Sudo contains a heap overflow in its prompt assembling function. The input used to create the password prompt is user controlled and not properly length-checked before copied to certain heap locations. This allows local attackers to overflow the heap of sudo, thus executing arbitrary commands as root. We would like to thank GlobalInterSec for finding and researching this vulnerability. As a temporary workaround you may remove the setuid bit from sudo by issuing the following command as root: "chmod -s /usr/bin/sudo".

The radius daemon as shipped with the radiusd-cistron package is responsible for the RADIUS authentication service in networks and therefore considered a security critical application. ZARAZA reported security releated bugs in various radius server and client software. The list of vulnerable servers includes the cistron radius package. Within the cistron package, a buffer overflow in the digest calculation function and miscalculations of attribute lengths have been fixed which could allow remote attackers to execute arbitrary commands on the system running the radius server. Beside the cistron radius package the following radius packages have been vulnerable to the same attacks and have been fixed: freeradius, radiusclient and livingston-radius. The only workaround for this bug is to disable the radius-server until the new packages have been installed.