Fwd: Linux distributors warn of security vulnerabilities, issue fixes
Rick Tomaschuk
rickl-ZACYGPecefkNbK0NzMECUg at public.gmane.org
Sun Jan 23 21:34:04 UTC 2005
Forwarded message
NETWORK WORLD NEWSLETTER: PHIL HOCHMUTH ON LINUX
01/17/05
Today's focus: Linux distributors warn of security
vulnerabilities, issue fixes
In this issue:
* Red Hat, Novell, Mandrakesoft fix Linux vulnerabilities
* Links related to Linux
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by SWsoft
Disillusioned by the huge overhead of most server virtualization
solutions? Check out the low overhead and outstanding
performance of VIRTUOZZO, the only server virtualization
technology designed for IT organizations consolidating servers
or using virtualization on new production servers. Get more
information about VIRTUOZZO:
http://www.fattail.com/redir/redirect.asp?CID=93888
_______________________________________________________________
WHAT'S HOT, AND NOT, IN 2005
What's in store for 2005? Network World takes as look at what's
hot, and what's not, in 2005. Will offshore outsourcing remain
strong? Will blade servers gain more market share? From industry
merger activity to software trends, find out what NW editors are
saying about 2005. Click here:
http://www.fattail.com/redir/redirect.asp?CID=93967
_______________________________________________________________
Today's focus: Linux distributors warn of security
vulnerabilities, issue fixes
By Phil Hochmuth
Several prominent Linux distributors released critical patches
last week for their respective operating systems. Red Hat,
Novell (formerly SuSE) and Mandrakesoft all issued updates to
their software deemed as "highly critical" by security Web site
Secunia.com.
Red Hat had two advisories, warning that users' systems could be
compromised by maliciously altered PDF or TIFF image files. One
concerned an update that fixes a potential vulnerability in the
LibTIFF library on Red Hat systems. The vulnerability could
allow a malicious user to execute arbitrary code on a Linux
machine via a specially crafted TIFF image file. An application
linked to the LibTIFF library could be tricked into running
code. The vulnerabilities affect several versions of Red Hat
Enterprise Server, Advanced Server and Advanced Workstation for
32- and 64-bit Intel processors.
The other vulnerability, also on Advanced Server, Workstation
and Enterprise Server, is in the xpdf library. This could allow
an attacker to trick a user into opening PDF file that would
cause a buffer overflow and leave the system open to having
arbitrary code run on it.
SuSE's security notices includes several vulnerability fixes,
including the XPDF problem found in Red Hat, as well as a bug in
the ViewCVS that could allow an attacker to execute HTTP or
script code on a machine. The problems affect SuSE Linux
Versions 7.x through 9.x, as well as SuSE Linux Enterprise
Server 7-9, SuSE Linux Office Server and eMail Server 3.1.
Mandrake said its Mandrakelinux 9.x and 10.x, as well as its
Corporate Server could be exploited by a faulty imlib library
related to image viewing. Again, this is exploited by tricking
users into viewing an altered image file, which causes a buffer
overflow on the system, opening up holes for arbitrary code.
RELATED EDITORIAL LINKS
Mandrakesoft security advisory and patch
http://www.nwfusion.com/nllinux964
Red Hat: Updated libtiff packages fix security issues
http://rhn.redhat.com/errata/RHSA-2005-019.html
Red Hat: Updated Xpdf packages fix security issues
http://rhn.redhat.com/errata/RHSA-2005-018.html
SuSE security advisory and patch
http://www.novell.com/linux/security/advisories/2005_01_sr.html
_______________________________________________________________
To contact: Phil Hochmuth
Phil Hochmuth is a Network World Senior Editor and a former
systems integrator. You can reach him at
<mailto:phochmut-cEZpJekPBX4 at public.gmane.org>.
_______________________________________________________________
This newsletter is sponsored by SWsoft
Disillusioned by the huge overhead of most server virtualization
solutions? Check out the low overhead and outstanding
performance of VIRTUOZZO, the only server virtualization
technology designed for IT organizations consolidating servers
or using virtualization on new production servers. Get more
information about VIRTUOZZO:
http://www.fattail.com/redir/redirect.asp?CID=93887
_______________________________________________________________
ARCHIVE LINKS
Breaking Linux news from Network World and around the 'Net,
updated daily: http://www.nwfusion.com/topics/linux.html
Archive of the Linux newsletter:
http://www.nwfusion.com/newsletters/linux/index.html
_______________________________________________________________
If your legacy network works well, why put in a hosted VoIP
solution?
While hosted voice is attractive, consumers are still searching
to understand the true value behind hosted VoIP. If legacy
networks work then why rip and replace with a new solution? View
this webcast hosted by IDC now for more information.
http://www.fattail.com/redir/redirect.asp?CID=93911
_______________________________________________________________
FEATURED READER RESOURCE
THE MOST POWERFUL NETWORKING COMPANIES
Network World's annual survey shows a whopping eight of the top
10 most powerful networking companies lost power over the past
year, yet the industry itself is more powerful than ever. See
which two in the top 10 bucked the losing trend, as well as
which companies make up the rest of the top 20. Click here:
<http://www.nwfusion.com/power/2004/122704vendorpom.html?ts>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2
International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To unsubscribe from promotional e-mail go to:
<http://www.nwwsubscribe.com/Preferences.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: rickl-ZACYGPecefkNbK0NzMECUg at public.gmane.org
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso-cEZpJekPBX4 at public.gmane.org>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships-3f4TfvlK/n9Wk0Htik3J/w at public.gmane.org>
Copyright Network World, Inc., 2005
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list