Red Hat Essential and Critical Security Patch Updates
Find the information you need for your favorite open source distribution .
Redhat: 'netscape' update
New Netscape packages are available that fix a buffer overflow in parsing HTML.
Redhat: 'modutils' vulnerability
modutils, a package that helps the kernel automatically load kernel modules(device drivers etc.) when they're needed, could be abused to execute codeas root.
Redhat: 'bind' DoS vulnerability
A remote DoS (denial of service) attack is possible with bind versions prior to 8.2.2_P7.
Redhat: 'pine' and 'imap' updates
Updated pine and imap packages are available for Red Hat Linux 5.2, 6.x and 7.
Redhat: 'usermode' update
Becauseprograms invoked by userhelper are not actually running setuid-root,security measures built into recent versions of glibc are not active.
RedHat: 'usermode' format-string vulnerability
A malicious user can use the LANG or LC_ALL environment variable to create a format-string exploit.
Redhat: 'dump' update
The Red Hat 7.0 dump is being released for Red Hat 6.x and Red Hat 5.x in order to remove root setuid bits to prevent a known dump exploit.
Redhat; 'nss_ldap' race condition
A race condition has been found in the nss_ldap package. On a system running nscd, a malicious user can cause the system to hang.
Redhat: 'cyrus-sasl' update
An error existed in the authorization checks in the version of cyrus-sasl shipped with Red Hat Linux 7.
Redhat: 'apache' update
Updated apache, php, mod_perl, and auth_ldap packages are now available for Red Hat Linux 5.2, 6.0, 6.1, 6.2, and 7.
Redhat: 'ypbind' vulnerability
ypbind as shipped in Red Hat Linux 5.x and 6.x is vulnerable to a localroot exploit.
Redhat: 'ping' update
This update fixes various issues in ping including a possible buffer overflow.
Redhat: 'gnorpm' update [UPDATED]
A locally-exploitable security hole was found where a normal user could trick root running GnoRPM into writing to arbitrary files due to a bug in the gnorpm tmp file handling.
Redhat: 'usermode' update RHSA-2000:075-05
Updated usermode packages are now available for Red Hat Linux 6.x and 7.
Redhat: 'tmpwatch' vulnerability
tmpwatch as shipped in Red Hat Linux 6.1, 6.2, and 7.0 uses fork() to recursively process subdirectories, enabling a local user to perform a denial of service attack.
RedHat: 'traceroute' suid root vulnerability
A root exploit and several additional bugs in traceroute have beencorrected.
