Results 1 to 3 of 3
  1. #1
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,290

    2 Security Alerts

    Red Hat Network has determined that the following advisory is applicable to
    one or more of the systems you have registered:

    Complete information about this errata can be found at the following location:
    https://rhn.redhat.com/network/errat...s.pxt?eid=2035

    Security Advisory - RHSA-2004:093-05
    ------------------------------------------------------------------------------
    Summary:
    Updated sysstat packages fix security vulnerabilities

    Updated sysstat packages that fix various bugs and a minor security issue
    are now available.

    Description:
    Sysstat is a tool for gathering system statistics.

    A bug was found in the Red Hat sysstat package post and trigger scripts,
    which used insecure temporary file names. A local attacker could overwrite
    system files using carefully-crafted symbolic links in the /tmp directory.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CAN-2004-0107 to this issue.

    Other issues addressed in this advisory include:

    * iostat -x should return all partitions on the system (up to a maximum of
    1024)

    * sar should handle network device names with more than 8 characters properly

    Users of sysstat should upgrade to these updated packages, which
    contain patches to correct these issues.
    ------------------------------------------------------------------------------
    Red Hat Network has determined that the following advisory is applicable to
    one or more of the systems you have registered:

    Complete information about this errata can be found at the following location:
    https://rhn.redhat.com/network/errat...s.pxt?eid=2034

    Security Advisory - RHSA-2004:102-03
    ------------------------------------------------------------------------------
    Summary:
    Updated gdk-pixbuf packages fix denial of service vulnerability

    Updated gdk-pixbuf packages that fix a denial of service vulnerability that
    could affect applications such as Evolution are now available.

    Description:
    The gdk-pixbuf package contains an image loading library used with the
    GNOME GUI desktop environment. In Red Hat Linux 9 this library is used by
    applications, such as Evolution, to load images.

    Thomas Kristensen discovered a bitmap file that would cause the Evolution
    mail reader to crash. This issue was caused by a flaw that affects
    versions of the gdk-pixbuf package prior to 0.20. To exploit this flaw, a
    remote attacker could send (via email) a carefully-crafted BMP file, which
    would cause Evolution to crash. The Common Vulnerabilities
    and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0111
    to this issue.

    Users are advised to upgrade to these updated packages containing
    gdk-pixbuf version 0.22, which is not vulnerable to this issue.
    ------------------------------------------------------------------------------
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  2. #2
    Join Date
    Mar 2003
    Location
    New Jersey
    Posts
    1,277

  3. #3
    Join Date
    Jun 2003
    Posts
    673
    sysstat isn't part of the Linux kernel, and if you're using gdk-pixbuf on a BSD box, you'll need to upgrade it too. Just sayin'...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •