Fedora Essential and Critical Security Patch Updates - Page 821
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
A flaw in the handling of asynchronous signals. A remote attacker may be able to exploit a race condition to execute arbitrary code as root.
A flaw in the handling of asynchronous signals. A remote attacker may be able to exploit a race condition to execute arbitrary code as root.
This curl update fixes security vulnerability CVE-2006-1061 - curl can overflow a heap-based memory buffer if very long TFTP URL with valid host name is passed to curl. This update fixes instalation problems on multilib architectures, too.
Some of the wrapper scripts (including beagle-status) looked in the current directory for files with a specific name and ran that instead of the binary in the path. All such cases have been fixed in this release.
Coverity scanned the X.Org source code for problems and reported their findings to the X.Org development team. Upon analysis, Alan Coopersmith, a member of the X.Org development team, noticed a couple of serious security issues in the findings. In particular, the Xorg server can be exploited for root privilege escalation by passing a path to malicious modules using the -modulepath command line argument. Also, the Xorg server can be exploited to overwrite any root writable file on the filesystem with the -logfile command line argument.
Rebuilt against the latest kernel (2.6.15-1.1833_FC4).
Tavis Ormandy discovered a flaw in the way GnuPG verifies cryptographically signed data with inline signatures. It is possible for an attacker to add unsigned text to a signed message in such a way so that when the signed text is extracted, the unsigned text is extracted as well, appearing as if it had been signed. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0049 to this issue.
The update adds two new options for netstat; T stops trimming remote and local addresses; Z shows selinux context, and fixes doublefree bug in route and netstat.
Update to latest Fedora Core Kernel.
Update to latest Fedora Core Kernel.
Update to latest Fedora Core Kernel.
Update to latest Fedora Core Kernel.