Linux vendors release security patches
Published: 14 Jan 2005 08:50 GMT
Linux vendors Red Hat, Novell and Mandrakesoft on Wednesday released patches for several vulnerabilities, ranging from flaws that could allow denial-of-service (DoS) attacks to buffer overflows.
Five of the updates released were rated "highly critical" on Thursday by security information company Secunia. Red Hat released three updates, while Novell's SuSE and Mandrakesoft each released one.
SuSE issued updates to resolve flaws including a vulnerability that could allow malicious code to cause a local DoS attack using a specially created Acrobat document. The vulnerabilities would affect most SuSE Linux-based products.
Another vulnerability in the Linux system components used to route network traffic could allow a malicious person to execute a local DoS attack by inserting erroneous information into the netfilter data stream, according to SuSE.
Red Hat, meanwhile, issued a package of updates for its desktop, enterprise and advanced-workstation software.
An updated libtiff package was released to address vulnerabilities involving various integer overflows. The vulnerabilities would enable an attacker who has tricked a user into opening a malicious image file in the TIFF format to make a libtiff-related application crash or have the potential to compromise the computer with arbitrary code.
Red Hat also released updates for Xpdf packages to address a vulnerability to a potential buffer overflow. Xpdf is a stand-alone application for reading Portable Document Format documents and is also used by many Linux programs to process PDF files. This vulnerability could enable an attacker to create a PDF file that would crash Xpdf and possibility execute arbitrary code when opened, according to Red Hat's update.
Red Hat also released multiple patches to resolve flaws in its Xpm library. The XPixMap (XPM) format enables colour images to be stored in an easily portable file.
Several stack overflow flaws and an integer overflow vulnerability were found in the libXpm library, which, in turn, is used to decode XPM images. If an attacker creates an XPM file that causes an application to crash, a computer system could be compromised.
Mandrakesoft also released an update for Imlib, a standard set of code used by older versions of the GNOME desktop to process graphics.
Image-related vulnerabilities have cropped up recently in other Linux software.
Last month, a couple of Linux groups issued patches for several flaws in common Linux code used in older GNOME desktop versions for processing graphics. Those vulnerabilities could enable attackers to compromise computers that display a malicious image file.
Did you find this article useful?
64 out of 107 people found this useful
- Share this article:
