Linux Heavies Issue Patches
Linux vendors Red Hat, Novell/SUSE, Mandrakesoft, Debian and Gentoo have issued advisories and patches this week for a number of different vulnerabilities that have hit them.
Source: Internet NewsRed Hat issued updates for its libtiff package, which includes a function library for manipulating TIFF image files. Security research firm iDefense had reported an integer overflow bug that affected the package that could have allowed an attacker to exploit it when open, causing an image to crash or execute arbitrary code.
The Xpdf Red Hat packages were also updated to prevent the exploitation of a buffer overflow that was found in the PDF viewer. Red Hat noted in its advisory, however, that the Exec-Shield technology (enabled by default since Update 3) will block attempts to exploit this vulnerability on x86 architectures.
Red Hat Enterprise Linux Update 3, which was released in September and also included NX (no execute) support, was a source of discussion on the main Linux Kernel developers' list in June.
Red Hat also updated its Mozilla packages to fix a buffer overflow issue (CAN-2004-1316) in the way the browser handles NNTP (define) URLs.
0