Red Hat Essential and Critical Security Patch Updates
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Updated libxml2 packages that fix an overflow when parsing remote resources are now available.
Updated mod_python packages that fix a denial of service vulnerability are now available for Red Hat Linux.
Ulf Harnhammar discovered two integer overflow bugs and two buffer overflow bugs in versions of Metamail up to and including 2.7.
Updated kernel packages that fix security vulnerabilities which may allow local users to gain root privileges are now available.
If an account for a user is created, but marked as disabled using the mksmbpasswd script, it is possible for Samba to overwrite the user's password with the contents of an uninitialized buffer.
Updated XFree86 packages that fix a privilege escalation vulnerability are now available.
The effects of such an attack can vary depending on the application, but would usually result in a Denial of Service.
A local attacker could exploit this vulnerability by creating a carefully-crafted file and gaining root privileges.
New mutt packages that fix a remotely-triggerable crash in the menu drawing code are now available.
If Gaim uses an HTTP proxy for connecting to a server, it could run arbitrary code as the running user.
These could allow a local user the ability to overwrite or create files as the user running one of these utilities.
A number of temporary file bugs have been found in versions of NetPBM.These could allow a local user the ability to overwrite or create files asa different user who happens to run one of the the vulnerable utilities.
Dirk Mueller discovered a cross-site scripting bug in the admin interfacein versions of Mailman 2.1 before 2.1.4. The Common Vulnerabilities andExposures project (cve.mitre.org) has assigned the name CAN-2003-0965 tothis issue.
Updated kernel packages are now available that fix a few security issues.
In some situations, the login program could use a pointer that had beenfreed and reallocated.
A buffer overflow allows remote attackers to execute arbitrary code duringsymlink conversion.
A number of temporary file bugs have been found in versions of NetPBM.
Multiple buffer overflows that affect versions of Gaim 0.75 and earlier.
A local user could exploit this vulnerability to gain "slocate" group privileges and then read the entire slocate database.
This vulnerability allows remote attackers to execute arbitrary code duringsymlink conversion.