WEBppliance for Linux 3.1.12
Posted on: 10/29/2003 05:35 AM

Ensim has released WEBppliance for Linux 3.1.12

Resolved Issues:

This patch fixes the security vulnerabilities mentioned below:

MySQL buffer overflow vulnerability
Under this bug, a Password field with a value greater than 16 characters can cause a buffer overflow. It may be possible for an attacker with the ability to modify the user table to exploit this buffer overflow to execute arbitrary code as the MySQL user. For more details on this please refer to http://rhn.redhat.com/errata/RHSA-2003-281.html

Perl safe.pm vulnerability
When safe.pm versions 2.0.7 and earlier are used with Perl 5.8.0 and earlier, it is possible for an attacker to break out of safe compartments within Safe::reval and Safe::rdo by using a redefined @_ variable. For more details on this please refer to http://rhn.redhat.com/errata/RHSA-2003-256.html

Minor bugs in Apache and mod_ssl
A bug in the optional renegotiation code in mod_ssl which can cause cipher suite restrictions to be ignored. For more details on this please refer to http://rhn.redhat.com/errata/RHSA-2003-301.html

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. For more details on this please refer to http://rhn.redhat.com/errata/RHSA-2003-083.html

Sendmail vulnerability
The sucessful exploitation of a bug present in the prescan() function of unpatched Sendmail versions prior to 8.12.10 can lead to heap and stack structure overflows. Although no exploit currently exists, this issue is locally exploitable and may also be remotely exploitable. For more details on this please refer to http://rhn.redhat.com/errata/RHSA-2003-283.html

Read more


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/webppliance_for_linux_3112.html)