The Web    Google
Linux Heavies Issue Patches

Linux Heavies Issue Patches
January 13, 2005

Linux vendors Red Hat, Novell/SUSE, Mandrakesoft, Debian and Gentoo have issued advisories and patches this week for a number of different vulnerabilities that have hit them.

Red Hat issued updates for its libtiff package, which includes a function library for manipulating TIFF image files. Security research firm iDefense had reported an integer overflow bug that affected the package that could have allowed an attacker to exploit it when open, causing an image to crash or execute arbitrary code.

The Xpdf Red Hat packages were also updated to prevent the exploitation of a buffer overflow that was found in the PDF viewer. Red Hat noted in its advisory, however, that the Exec-Shield technology (enabled by default since Update 3) will block attempts to exploit this vulnerability on x86 architectures.

Red Hat Enterprise Linux Update 3, which was released in September and also included NX (no execute) support, was a source of discussion on the main Linux Kernel developers' list in June.

Red Hat also updated its Mozilla packages to fix a buffer overflow issue (CAN-2004-1316) in the way the browser handles NNTP URLs.

Novell's SUSE Linux issued updates for multiple vulnerabilities, which, if exploited, could lead to systems being compromised, as well as cross-site scripting and DoS attacks. In an e-mail to the SUSE security announcement list, Marcus Meissner noted that the update solved nine security vulnerabilities, including problems with acroread document parsing, iproute2 denial of service, namazu cross-site scripting and an mpg123 play list option buffer overflow.

Both Debian and Gentoo issued updates for their respective exim packages, which could have possibly been exploited to allow for a local privilege escalation attack. Exim is a configurable message transfer agent (MTA).

Additionally, Gentoo issued an update to cover the "multiple overflows [that] have been found in the imlib2 library image decoding routines, potentially allowing the execution of arbitrary code."

Not to be left out of the patch bonanza, Mandrakesoft issued a patch for its imlib image handler packages. There was a heap overflow as well as integer overflow vulnerability in the packages that could have allowed an attacker to crash a system or execute arbitrary code when an image file was opened. The same vulnerability also exists in Gentoo's imlib2 packages and has also had a patch issued for it.

  • 2/21: Derdero-B Worm Uses File Sharing
  • 1/31: Unfunner-A Worm Moves Via MSN Messenger
  • A case study in security incident forensics and response.
  • Experts Question UN's Anti-Spam Plan
  • MARID Floats Sender ID Compromise
  • Spam Foes Worry New FTC Rule Not Enough
  • 9/3: Worm Ends Antivirus Processes
  • 10/27: Anpes Mass-Mailing Worm Uses Outlook
  • 4/12: Mytob-AS Worm Uses SMTP Engine
  • IE Vulnerability Flagged
  • 7/28: Downloader-NE.dr a New Trojan
  • Compare Security Camera Products