Fwd: Linux distributors warn of security vulnerabilities, issue fixes

Rick Tomaschuk rickl-ZACYGPecefkNbK0NzMECUg at public.gmane.org
Sun Jan 23 21:34:04 UTC 2005


Forwarded message 

NETWORK WORLD NEWSLETTER: PHIL HOCHMUTH ON LINUX
01/17/05
Today's focus:  Linux distributors warn of security 
vulnerabilities, issue fixes


In this issue:

* Red Hat, Novell, Mandrakesoft fix Linux vulnerabilities
* Links related to Linux
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by SWsoft 

Disillusioned by the huge overhead of most server virtualization 
solutions? Check out the low overhead and outstanding 
performance of VIRTUOZZO, the only server virtualization 
technology designed for IT organizations consolidating servers 
or using virtualization on new production servers. Get more 
information about VIRTUOZZO: 
http://www.fattail.com/redir/redirect.asp?CID=93888
_______________________________________________________________
WHAT'S HOT, AND NOT, IN 2005 

What's in store for 2005? Network World takes as look at what's 
hot, and what's not, in 2005. Will offshore outsourcing remain 
strong? Will blade servers gain more market share? From industry 
merger activity to software trends, find out what NW editors are 
saying about 2005. Click here: 
http://www.fattail.com/redir/redirect.asp?CID=93967
_______________________________________________________________

Today's focus:  Linux distributors warn of security 
vulnerabilities, issue fixes

By Phil Hochmuth

Several prominent Linux distributors released critical patches 
last week for their respective operating systems. Red Hat, 
Novell (formerly SuSE) and Mandrakesoft all issued updates to 
their software deemed as "highly critical" by security Web site 
Secunia.com.

Red Hat had two advisories, warning that users' systems could be 
compromised by maliciously altered PDF or TIFF image files. One 
concerned an update that fixes a potential vulnerability in the 
LibTIFF library on Red Hat systems. The vulnerability could 
allow a malicious user to execute arbitrary code on a Linux 
machine via a specially crafted TIFF image file. An application 
linked to the LibTIFF library could be tricked into running 
code. The vulnerabilities affect several versions of Red Hat 
Enterprise Server, Advanced Server and Advanced Workstation for 
32- and 64-bit Intel processors.

The other vulnerability, also on Advanced Server, Workstation 
and Enterprise Server, is in the xpdf library. This could allow 
an attacker to trick a user into opening PDF file that would 
cause a buffer overflow and leave the system open to having 
arbitrary code run on it.

SuSE's security notices includes several vulnerability fixes, 
including the XPDF problem found in Red Hat, as well as a bug in 
the ViewCVS that could allow an attacker to execute HTTP or 
script code on a machine. The problems affect SuSE Linux 
Versions 7.x through 9.x, as well as SuSE Linux Enterprise 
Server 7-9, SuSE Linux Office Server and eMail Server 3.1.

Mandrake said its Mandrakelinux 9.x and 10.x, as well as its 
Corporate Server could be exploited by a faulty imlib library 
related to image viewing. Again, this is exploited by tricking 
users into viewing an altered image file, which causes a buffer 
overflow on the system, opening up holes for arbitrary code.

RELATED EDITORIAL LINKS

Mandrakesoft security advisory and patch
http://www.nwfusion.com/nllinux964

Red Hat: Updated libtiff packages fix security issues
http://rhn.redhat.com/errata/RHSA-2005-019.html

Red Hat: Updated Xpdf packages fix security issues
http://rhn.redhat.com/errata/RHSA-2005-018.html

SuSE security advisory and patch
http://www.novell.com/linux/security/advisories/2005_01_sr.html
_______________________________________________________________
To contact: Phil Hochmuth

Phil Hochmuth is a Network World Senior Editor and a former 
systems integrator. You can reach him at 
<mailto:phochmut-cEZpJekPBX4 at public.gmane.org>.
_______________________________________________________________
This newsletter is sponsored by SWsoft 

Disillusioned by the huge overhead of most server virtualization 
solutions? Check out the low overhead and outstanding 
performance of VIRTUOZZO, the only server virtualization 
technology designed for IT organizations consolidating servers 
or using virtualization on new production servers. Get more 
information about VIRTUOZZO: 
http://www.fattail.com/redir/redirect.asp?CID=93887
_______________________________________________________________
ARCHIVE LINKS

Breaking Linux news from Network World and around the 'Net, 
updated daily: http://www.nwfusion.com/topics/linux.html

Archive of the Linux newsletter:
http://www.nwfusion.com/newsletters/linux/index.html
_______________________________________________________________
If your legacy network works well, why put in a hosted VoIP 
solution?   

While hosted voice is attractive, consumers are still searching 
to understand the true value behind hosted VoIP.  If legacy 
networks work then why rip and replace with a new solution? View 
this webcast hosted by IDC now for more information. 
http://www.fattail.com/redir/redirect.asp?CID=93911
_______________________________________________________________
FEATURED READER RESOURCE
THE MOST POWERFUL NETWORKING COMPANIES

Network World's annual survey shows a whopping eight of the top 
10 most powerful networking companies lost power over the past 
year, yet the industry itself is more powerful than ever. See 
which two in the top 10 bucked the losing trend, as well as 
which companies make up the rest of the top 20. Click here:
<http://www.nwfusion.com/power/2004/122704vendorpom.html?ts>
_______________________________________________________________
May We Send You a Free Print Subscription? 
You've got the technology snapshot of your choice delivered 
at your fingertips each day. Now, extend your knowledge by 
receiving 51 FREE issues to our print publication. Apply 
today at http://www.subscribenw.com/nl2

International subscribers click here: 
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail 
newsletters, go to: 
<http://www.nwwsubscribe.com/Changes.aspx> 

To unsubscribe from promotional e-mail go to: 
<http://www.nwwsubscribe.com/Preferences.aspx> 

To change your e-mail address, go to: 
<http://www.nwwsubscribe.com/ChangeMail.aspx> 

Subscription questions? Contact Customer Service by replying to 
this message.

This message was sent to: rickl-ZACYGPecefkNbK0NzMECUg at public.gmane.org 
Please use this address when modifying your subscription. 
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor, 
at: <mailto:jcaruso-cEZpJekPBX4 at public.gmane.org> 

Inquiries to: NL Customer Service, Network World, Inc., 118 
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of 
Online Development, at: <mailto:sponsorships-3f4TfvlK/n9Wk0Htik3J/w at public.gmane.org> 

Copyright Network World, Inc., 2005


--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list