Red Hat Essential and Critical Security Patch Updates
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
On systems that use pam_smb and are configured to authenticate aremotely accessible service, an attacker can exploit this bug andremotely execute arbitrary code.
Recent updates to the kernel in Red Hat Linux versions 7.1, 7.2, 7.3 and8.0 did not also update the iptables utility, causing functions such asowner match to stop working.
Updated GDM packages are available which correct a bug allowing local usersto read any text files on the system, and a denial of service issue ifXDMCP is enabled.
Updated unzip packages resolving a vulnerability allowing arbitrary filesto be overwritten are now available.
Konqueror may inadvertently sendauthentication credentials to websites other than the intended website inclear text via the HTTP-referer header.
ddskk does not take appropriate security precautions when creatingtemporary files.
up2date versions 3.0.7 and 3.1.23 incorrectly check RPM GPG signatures. These are the versions found in Red Hat Linux 8.0 and 9.
Two security issues have been found in Postfix that affect the Postfixpackages in Red Hat Linux 7.3, 8.0, and 9.
An off-by-one bug has been discovered in versions of wu-ftpd up to andincluding 2.6.2.
Under certainconditions, OpenSSH versions prior to 3.6.1p1 reject an invalidauthentication attempt without first attempting authentication using PAM.
Updated stunnel packages are now available for Red Hat Linux 7.1, 7.2, 7.3,and 8.0. These updates correct a potential vulnerability in stunnel'ssignal handling.
A vulnerability in semi version 1.14.3 and earlier allows an attackerto overwrite arbitrary files with potentially arbitrary contents using theprivileges of the user running Emacs and semi.
A heap-based buffer overflow in Netscape and Mozilla allows remoteattackers to execute arbitrary code via a jar: URL referencing amalformed .jar file, which overflows a buffer during decompression.
Several security issues have been discovered affecting the Linux kernel.
Anattacker can embed malicious external-type hyperlinks that, if activated orfollowed by a victim, can execute arbitrary shell commands.
A heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL referencing a malformed .jar file, which overflows a buffer during decompression.
A buffer overflow bug in nfs-utils version 1.0.3and earlier.
his update contains fixes for a number of bugs discovered in the version of PHP included in Red Hat Linux 8.0 and 9.
The XFree86 4.2.1-20 packages which were originally released in this advisory were accidentally built with debugging info enabled due to a temporary problem with our build system.