On last.fm: Green Day - Listen free and discover!
BNET Business Network:
BNET
TechRepublic
ZDNet
138 TalkBacks

By Dawn Kawamoto
Posted on ZDNet News: Jan 13, 2005 6:18:00 PM

Linux vendors Red Hat, Novell and Mandrakesoft on Wednesday released patches for several vulnerabilities, ranging from flaws that could allow denial-of-service attacks to buffer overflows.

Five of the updates released were rated "highly critical" on Thursday by security information company Secunia. Red Hat released three of the updates, Novell's SuSE one and Mandrakesoft one.

SuSE issued updates to resolve flaws including a vulnerability that could allow malicious code to cause a local denial-of-service attack using a specially created Acrobat document. The vulnerabilities would affect most SuSE Linux-based products.

Another vulnerability in the Linux system components used to route network traffic could allow a malicious person to execute a local denial-of-service attack by inserting erroneous information into the netfilter data stream, according to SuSE.

Red Hat, meanwhile, issued a package of updates for its desktop, enterprise and advanced-workstation software.

An updated libtiff package was released to address vulnerabilities involving various integer overflows. The vulnerabilities would enable an attacker who has tricked a user into opening a malicious image file in the TIFF format to make a libtiff-related application crash or have the potential to compromise the computer with arbitrary code.

Red Hat also released updates for Xpdf packages to address a vulnerability to a potential buffer overflow. Xpdf is a stand-alone application for reading Portable Document Format documents and is also used by many Linux programs to process PDF files. This vulnerability could enable an attacker to create a PDF file that would crash Xpdf and possibility execute arbitrary code when opened, according to Red Hat's update.

Red Hat also released multiple patches to resolve flaws in its Xpm library. The XPixMap (XPM) format enables color images to be stored in an easily portable file.

Several stack overflow flaws and an integer overflow vulnerability were found in the libXpm library, which, in turn, is used to decode XPM images. If an attacker creates an XPM file that causes an application to crash, a computer system could be compromised.

Mandrakesoft also released an update for Imlib, a standard set of code used by older versions of the GNOME desktop to process graphics.

Image-related vulnerabilities have cropped up recently in other Linux software.

Last month, a couple of Linux groups issued patches for several flaws in common Linux code used in older GNOME desktop versions for processing graphics. Those vulnerabilities could enable attackers to compromise computers that display a malicious image file.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 138 Talkback(s)
LINUX Vulnerable
This proves that all operating systems and all email and web browers are vulnerable to attack and hackers. So a person might as well stick with something that works together. If you run a Windows oper... (Read the rest)
Posted by: wcosales@... Posted on: 02/07/05 You are currently: a Guest | | Terms of Use
Quick Action  htotten | 01/13/05
For the record  PA-ITGuy | 01/13/05
If you want/need quicker patches than RH and SuSE have provided...  Michael Kelly | 01/13/05
True enough  PA-ITGuy | 01/13/05
version info  linuxoverwindows | 01/13/05
Gentoo uses portage for that  Michael Kelly | 01/13/05
Or, you can...  Yen_z | 01/13/05
Within a week.  libertyaikido | 01/13/05
whats a tiff?  linuxoverwindows | 01/29/05
No remote root exploits  richMan21 | 01/13/05
Who cares about executing arbitrary code, right?  NonZealot | 01/13/05
admin docs in pdf?  linuxoverwindows | 01/13/05
Common myth!  ShadeTree | 01/13/05
not true  doh123 | 01/14/05
log in as root?  doh123 | 01/14/05
And you think...  rapson | 01/14/05
sadly...  linuxoverwindows | 01/29/05
more holes found in buggy Linu$  mojoman_x@... | 01/13/05
yep....  ickusslime@... | 01/13/05
LOL  vdraken | 01/13/05
LOL  CodeBubba | 01/13/05
Re: more holes  alterego_z | 01/13/05
get your patches, dozers  linuxoverwindows | 01/13/05
Funnily enough, I haven't had to.....  mormop | 01/13/05
To be sure...  bill@... | 01/13/05
you give it a 3?  linuxoverwindows | 01/29/05
more holes found in buggy Linu$  AmusedAtItAll | 01/16/05
At least it's out in the 'open'  ReFoRMaT | 01/13/05
You'll love it  Martin Marvinski | 01/13/05
No, we should stop people from using Linux  NonZealot | 01/13/05
Re: No, we should stop people from using Linux  ReFoRMaT | 01/13/05
Re: Re: No, we should stop people from using Linux  ReFoRMaT | 01/13/05
cat outof.bag  linuxoverwindows | 01/13/05
Re: cat outof.bag  ReFoRMaT | 01/13/05
Actually  Mack DaNife | 01/13/05
there is a way... /var/log/system and others...  linuxoverwindows | 01/29/05
that's a myth  lengua99 | 01/14/05
Not quite that simple...  Real World | 01/13/05
yep  doh123 | 01/14/05
RE: You'll love it  richdave | 01/13/05
Who has a Democracy?  lengua99 | 01/14/05
More of a mixture  rapson | 01/14/05
Bam! In your face!  Mectron | 01/13/05
Re: Bam! In your face!  ReFoRMaT | 01/13/05
techtv  linuxoverwindows | 01/13/05
Hmmm.  Jack-Booted EULA | 01/13/05
Whoops.  Jack-Booted EULA | 01/13/05
Hack this!  Hugh Jass | 01/13/05
Tried to  AmusedAtItAll | 01/16/05
Bam! In your face?  dimonic | 01/13/05
Linux Games  Hugh Jass | 01/13/05
SparkIT  Saline | 01/13/05
Bam! In your face!  Gregory.J.Bradley@... | 01/13/05
I don't think so  lengua99 | 01/14/05
Re:I don't think so  dvm | 01/14/05
Google It  NovellisBettter | 01/16/05
Well known fact for years.  AmusedAtItAll | 01/16/05
RE: Bam! In your face!  richdave | 01/25/05
whatever  linuxoverwindows | 01/29/05
Cracks? Compared to what?  sokushi jonez | 01/13/05
It was just a matter of time  jim.bassett@... | 01/13/05
Bassett Hounded!  Roger Ramjet | 01/13/05
Rogered in the head  dstinson_z | 01/14/05
Care to elaborate?  Linux User 147560 | 01/14/05
Worms  PA-ITGuy | 01/14/05
Lists are irrelevant  AmusedAtItAll | 01/16/05
It's like getting Democrats to agree with Republicans  djc1309@... | 01/13/05
It's a free country  lengua99 | 01/14/05
i drive pontiac  linuxoverwindows | 01/29/05
RE: It was just a matter of time  richdave | 01/25/05
Is it true  garlock | 01/13/05
Linux Flaws  6ft6 | 01/13/05
Ignorant statement  Roger Ramjet | 01/13/05
Actually, I have to disagree somewhat  Physco Dude | 01/13/05
Plus...  rapson | 01/13/05
i see...  linuxoverwindows | 01/13/05
RE: Ignorant statement  richdave | 01/13/05
100% correct  PA-ITGuy | 01/13/05
UNIX has been around for a long time  6ft6 | 01/13/05
When was the last time  lengua99 | 01/14/05
You folks that think Unix can't be hacked...  PA-ITGuy | 01/14/05
Hatred? tell me  Saline | 01/13/05
Billie Boy  lengua99 | 01/14/05
Linux will never be like windows.  aaron.hodgson@... | 01/14/05
I'm from Missouri  Roger Ramjet | 01/14/05
Change your toon  PA-ITGuy | 01/14/05
Off the record  Roger Ramjet | 01/14/05
Hoped nobody thought of that  AmusedAtItAll | 01/16/05
Re:Ingorant Statement  dvm | 01/14/05
Yeah, by locking down the system  lengua99 | 01/18/05
That's why I use Gentoo.  nspacer | 01/13/05
You don't need to spend too much time compiling  Michael Kelly | 01/13/05
How do you remove something from Gentoo?  Roger Ramjet | 01/14/05
Almost the same way you install  Michael Kelly | 01/14/05
HEY!  Linux User 147560 | 01/13/05
Re: HEY!  ReFoRMaT | 01/13/05
this just in...  linuxoverwindows | 01/13/05
I wonder if we had the same two ...  Hugh Jass | 01/13/05
If Llinux is "buggy", then whats windows? A hoard of locusts??  kensys | 01/13/05
Re: If Llinux is "buggy", then whats windows? A hoard of locusts??  ReFoRMaT | 01/13/05
Herd  jsjag1 | 01/13/05
maybe a gaggle  linuxoverwindows | 01/13/05
Linux Needs a Patch?  CodeBubba | 01/13/05
40 virgins?  hvp | 01/13/05
Re: 40 virgins?  ReFoRMaT | 01/13/05
How many days without crashes?  auntigrav | 01/13/05
Re:How many days without crashes?  dvm | 01/14/05
companies with linux  fordman | 01/14/05
Don't forget these companies...  Linux User 147560 | 01/14/05
Do you write code?  seosamh_z | 01/14/05
Stupid or just arrogant?  ct2193@... | 01/13/05
prolly both  linuxoverwindows | 01/13/05
No software is completely safe these days  dbaelegance | 01/13/05
Message hot fix 1  dbaelegance | 01/13/05
Just goes to proove  PA-ITGuy | 01/13/05
You don't even need to understand the code to be able to use it.  Hugh Jass | 01/13/05
I just love posts like this guy's  Chad_z | 01/17/05
Certainly not !!!  flavio.becker | 01/13/05
Now read this! Hackers like Linux  ReFoRMaT | 01/13/05
You are on (to) something!  Roger Ramjet | 01/14/05
Fuzzy little penguin, actually  rapson | 01/14/05
Re: Fuzzy little penguin, actually  ReFoRMaT | 01/14/05
Exactly  rapson | 01/17/05
lol xp bashers beware  elliott78212 | 01/13/05
Really??  toddrose@... | 01/14/05
Re: Really??  ReFoRMaT | 01/14/05
Re: Re: Really??  ReFoRMaT | 01/14/05
Re: lol xp bashers beware  ReFoRMaT | 01/14/05
Perhaps I'm mistaken but...  AmusedAtItAll | 01/16/05
These are not LINUX patches  sks_z | 01/14/05
Ding, Ding, Ding . . .  Roger Ramjet | 01/14/05
I now remember why I don't read "talkbacks"  livewire^ | 01/14/05
Read it and weep  Roger Ramjet | 01/14/05
And again with the  Linux User 147560 | 01/14/05
As if...  Omch'Ar | 01/14/05
Red Hat, SUSE release Linux patches  PhoenixStorm26 | 01/14/05
Windows V Unix Bore  martin.westall@... | 01/19/05
LINUX Vulnerable  wcosales@... | 02/07/05

What do you think?

SmartPlanet

Click Here