FLSA-2004:1888: Updated mod_ssl package fixes Apache security vulnerabilities

Red Hat 9441 Published by Philipp Esselbach 0

An updated mod_ssl packages ia vailable for Red Hat Linux 7.3

-----------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated mod_ssl package fixes Apache security
vulnerabilities
Advisory ID: FLSA:1888
Issue date: 2004-10-13
Product: Red Hat Linux
Keywords: Bugfix
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1888
CVE Names: CAN-2004-0488 CAN-2004-0700
-----------------------------------------------------------------------


-----------------------------------------------------------------------
1. Topic:

Updated mod_ssl packages that fix minor security issues in the Apache Web server are now available.

The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386

FLSA-2004:1737: Updated httpd packages fix a mod_proxy security vulnerability

Red Hat 9441 Published by Philipp Esselbach 0

An updated Apache package is available for Red Hat Linux 7.3

-----------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated httpd packages fix a mod_proxy security
vulnerability
Advisory ID: FLSA:1737
Issue date: 2004-10-13
Product: Red Hat Linux
Keywords: Bugfix
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1737
CVE Names: CAN-2004-0492
-----------------------------------------------------------------------


-----------------------------------------------------------------------
1. Topic:

Updated httpd packages that fix a security issue in the Apache Web server are now available.

The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386

FLSA-2004:1833: Updated lha resolves security vulnerabilities

Red Hat 9441 Published by Philipp Esselbach 0

Updated lha packages are available for Red Hat Linux 7.3 and 9

-----------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated lha resolves security vulnerabilities
Advisory ID: FLSA:1833
Issue date: 2004-10-13
Product: Red Hat Linux
Keywords: Security
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1833
CVE Names: CAN-2004-0234, CAN-2004-0235, CAN-2004-0694,
CAN-2004-0745, CAN-2004-0769, CAN-2004-0771
-----------------------------------------------------------------------


-----------------------------------------------------------------------
1. Topic:

Updated lha packages that fix multiple security vulnerabilities are now available.

LHA is an archiving and compression utility for LHarc format archives.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386

FLSA-2004:2102: Updated samba packages fix security vulnerability

Red Hat 9441 Published by Philipp Esselbach 0

Updated samba packages are available for Red Hat Linux 7.3 and 9

-----------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated samba resolves security vulnerabilities
Advisory ID: FLSA:2102
Issue date: 2004-10-13
Product: Red Hat Linux
Keywords: Security
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2102
CVE Names: CAN-2004-0815
-----------------------------------------------------------------------


-----------------------------------------------------------------------
1. Topic:

Updated samba packages that fix an input validation vulnerability are now available.

Samba provides file and printer sharing services to SMB/CIFS clients.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386

FLSA-2004:2068: Updated httpd packages fix security issues

Red Hat 9441 Published by Philipp Esselbach 1

Updated apache packages are available for Red Hat Linux 9 and Fedora Core 1

-----------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated httpd packages fix security issues
Advisory ID: FLSA:2068
Issue date: 2004-10-09
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2068
CVE Names: CAN-2004-0488 CAN-2004-0493 CAN-2004-0747
CVE Names: CAN-2004-0748 CAN-2004-0751 CAN-2004-0786
CVE Names: CAN-2004-0809 CAN-2004-0811
-----------------------------------------------------------------------


-----------------------------------------------------------------------
1. Topic:

Updated httpd packages that include fixes for security issues are now available.

The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server.

2. Relevant releases/architectures:

Red Hat Linux 9 - i386
Fedora Core 1 - i386

FLSA-2004:1257: Updated netpbm packages fix security vulnerabilities

Red Hat 9441 Published by Philipp Esselbach 0

Updated netpbm packages are available for Red Hat Linux 7.3 and 9

-----------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated netpbm resolves security vulnerabilities
Advisory ID: FLSA:1257
Issue date: 2004-10-08
Product: Red Hat Linux
Keywords: Security
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1257
CVE Names: CVE-2003-0924
-----------------------------------------------------------------------


-----------------------------------------------------------------------
1. Topic:

Updated netpbm packages that fix security vulnerabilities are now available.

The netpbm package contains a library of functions that support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps), and others.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386

FLSA-2004:1868: Updated php packages fix security issues

Red Hat 9441 Published by Philipp Esselbach 0

Updated PHP packages are available for Red Hat Linux 7.3 and 9

-----------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated php packages fix security issues
Advisory ID: FLSA:1868
Issue date: 2004-10-07
Product: Red Hat Linux
Keywords: Bugfix
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1868
CVE Names: CAN-2004-0594 CAN-2004-0595
-----------------------------------------------------------------------


-----------------------------------------------------------------------
1. Topic:

Updated php packages that fix various security issues are now available.

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386

FLSA-2004:1735: Updated cvs packages fix security vulnerabilities

Red Hat 9441 Published by Philipp Esselbach 0

Updated cvs packages are available for Red Hat Linux 7.3 and 9

-----------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated cvs resolves security vulnerabilities
Advisory ID: FLSA:1735
Issue date: 2004-10-07
Product: Red Hat Linux
Keywords: Security
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1735
CVE Names: CAN-2004-0414, CAN-2004-0416, CAN-2004-0417,
CAN-2004-0418, CAN-2004-0778
-----------------------------------------------------------------------


-----------------------------------------------------------------------
1. Topic:

Updated cvs packages that fix a security vulnerabilities are now available.

CVS is a version control system frequently used to manage source code repositories.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386

FLSA-2004:1324: Updated libxml2 resolves security vulnerability

Red Hat 9441 Published by Philipp Esselbach 0

Updated libxml2 packages are available for Red Hat Linux 7.3

-----------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated libxml2 resolves security vulnerability
Advisory ID: FLSA:1324
Issue date: 2004-10-04
Product: Red Hat Linux
Keywords: Security
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1324
CVE Names: CAN-2004-0110
-----------------------------------------------------------------------


-----------------------------------------------------------------------
1. Topic:

[Updated 4th October 2004]
The packages contained in the original release of this advisory were missing python 2.2 support. These updated packages restore the missing functionality.

Updated libxml2 packages that fix an overflow when parsing remote resources are now available.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386

RHSA-2004:546-01: Updated cyrus-sasl packages fix security flaw

Red Hat 9441 Published by Philipp Esselbach 0

Updated cyrus-sasl packages are available for Red Hat Enterprise Linux 2.1 and 3

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated cyrus-sasl packages fix security flaw
Advisory ID: RHSA-2004:546-01
Issue date: 2004-10-07
Updated on: 2004-10-07
Product: Red Hat Enterprise Linux
Keywords: environment
CVE Names: CAN-2004-0884
----------------------------------------------------------------------

1. Summary:

Updated cyrus-sasl packages that fix a setuid and setgid application vulnerability are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

RHSA-2004:479-01: Updated XFree86 packages fix security issues and bugs

Red Hat 9441 Published by Philipp Esselbach 0

Red Hat has released updated XFree86 packages for Red Hat Enterprise Linux 2.1

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated XFree86 packages fix security issues and bugs
Advisory ID: RHSA-2004:479-01
Issue date: 2004-10-06
Updated on: 2004-10-06
Product: Red Hat Enterprise Linux
Keywords: ATI Radeon 7000m
Obsoletes: RHBA-2004:155
CVE Names: CAN-2004-0687 CAN-2004-0688 CAN-2004-0692
----------------------------------------------------------------------

1. Summary:

Updated XFree86 packages that fix several security issues in libXpm, as well as other bug fixes, are now available for Red Hat Enterprise Linux 2.1.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

RHSA-2004:498-01: Updated samba packages fix security issue

Red Hat 9441 Published by Philipp Esselbach 0

Updated samba packages are available for Red Hat Enterprise Linux 2.1

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated samba packages fix security issue
Advisory ID: RHSA-2004:498-01
Issue date: 2004-10-04
Updated on: 2004-10-04
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0815
----------------------------------------------------------------------

1. Summary:

Updated samba packages that fix an input validation vulnerability are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

RHSA-2004:478-01: Updated XFree86 packages fix security issues and bugs

Red Hat 9441 Published by Philipp Esselbach 0

Updated XFree86 packages are available for Red Hat Enterprise Linux 3

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated XFree86 packages fix security issues and bugs
Advisory ID: RHSA-2004:478-01
Issue date: 2004-10-04
Updated on: 2004-10-04
Product: Red Hat Enterprise Linux
Obsoletes: RHEA-2004:352
CVE Names: CAN-2004-0419 CAN-2004-0687 CAN-2004-0688 CAN-2004-0692
----------------------------------------------------------------------

1. Summary:

Updated XFree86 packages that fix several security flaws in libXpm, as well as other bugs, are now available for Red Hat Enterprise Linux 3.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

RHSA-2004:412-01: Updated kdelibs and kdebase packages correct security issues

Red Hat 9441 Published by Philipp Esselbach 0

Updated kdelibs and kdebase packages are available for Red Hat Enterprise Linux 2.1 and 3

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated kdelibs and kdebase packages correct security issues
Advisory ID: RHSA-2004:412-01
Issue date: 2004-10-04
Updated on: 2004-10-04
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0689 CAN-2004-0746 CAN-2004-0721
----------------------------------------------------------------------

1. Summary:

Updated kdelib and kdebase packages that resolve multiple security issues are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

FLSA-2004:1325: Updated mod_python packages fix security vulnerability

Red Hat 9441 Published by Philipp Esselbach 0

Updated mod_python packages are available for Red HAt Linux 7.3

-----------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated mod_python resolves security vulnerability
Advisory ID: FLSA:1325
Issue date: 2004-10-03
Product: Red Hat Linux
Keywords: Security
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1325
CVE Names: CAN-2003-0973
-----------------------------------------------------------------------


-----------------------------------------------------------------------
1. Topic:

Updated mod_python packages that fix a security vulnerability are now available.

mod_python embeds the Python language interpreter within the Apache httpd server.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386

FLSA-2004:1372: Updated sysstat packages fix security vulnerabilities

Red Hat 9441 Published by Philipp Esselbach 0

Updated systat packages are available for Red Hat Linux 7.3

------------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated sysstat packages fix security vulnerabilities
Advisory ID: FLSA:1372
Issue date: 2004-10-03
Product: Red Hat Linux
Keywords: Bugfix
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1372
CVE Names: CAN-2004-0107
------------------------------------------------------------------------


------------------------------------------------------------------------
1. Topic:

Updated sysstat packages that fix various bugs and a minor security issue are now available.

Sysstat is a tool for gathering system statistics.

2. Relevent releases/architectures:

Red Hat Linux 7.3 - i386

FLSA-2004:1733: Updated squirrelmail resolves security vulnerabilities

Red Hat 9441 Published by Philipp Esselbach 0

Updated squirrelmail packages are available for Red Hat Linux 9

-----------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated squirrelmail resolves security vulnerabilities
Advisory ID: FLSA:1733
Issue date: 2004-10-02
Product: Red Hat Linux
Keywords: Security
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1733
CVE Names: CAN-2004-0519, CAN-2004-0520, CAN-2004-0521
-----------------------------------------------------------------------


-----------------------------------------------------------------------
1. Topic:

Updated squirrelmail packages that fix a security vulnerability are now available.

SquirrelMail is a standards-based webmail package written in PHP4.

2. Relevant releases/architectures:

Red Hat Linux 9 - i386

RHSA-2004:486-01: Updated mozilla packages fix security issues

Red Hat 9441 Published by Philipp Esselbach 0

Updated mozilla packages are available for Red Hat Enterprise Linux 2.1 and 3

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated mozilla packages fix security issues
Advisory ID: RHSA-2004:486-01
Issue date: 2004-09-30
Updated on: 2004-09-30
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0902 CAN-2004-0903 CAN-2004-0904 CAN-2004-0905 CAN-2004-0908
----------------------------------------------------------------------

1. Summary:

Updated mozilla packages that fix a number of security issues are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

Jesse Ruderman discovered a cross-domain scripting bug in Mozilla. If a user is tricked into dragging a javascript link into another frame or page, it becomes possible for an attacker to steal or modify sensitive information from that site. Additionally, if a user is tricked into dragging two links in sequence to another window (not frame), it is possible for the attacker to execute arbitrary commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0905 to this issue.

Gael Delalleau discovered an integer overflow which affects the BMP handling code inside Mozilla. An attacker could create a carefully crafted BMP file in such a way that it would cause Mozilla to crash or execute arbitrary code when the image is viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0904 to this issue.

Georgi Guninski discovered a stack-based buffer overflow in the vCard display routines. An attacker could create a carefully crafted vCard file in such a way that it would cause Mozilla to crash or execute arbitrary code when viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0903 to this issue.

Wladimir Palant discovered a flaw in the way javascript interacts with the clipboard. It is possible that an attacker could use malicious javascript code to steal sensitive data which has been copied into the clipboard. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0908 to this issue.

Georgi Guninski discovered a heap based buffer overflow in the "Send Page" feature. It is possible that an attacker could construct a link in such a way that a user attempting to forward it could result in a crash or arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0902 to this issue.

Users of Mozilla should update to these updated packages, which contain backported patches and are not vulnerable to these issues.

RHSA-2004:462-01: Updated squid package fixes security vulnerability

Red Hat 9441 Published by Philipp Esselbach 0

Updated squid packages are available for Red Hat Enterprise Linux 3

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated squid package fixes security vulnerability
Advisory ID: RHSA-2004:462-01
Issue date: 2004-09-30
Updated on: 2004-09-30
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0832
----------------------------------------------------------------------

1. Summary:

An updated squid package that fixes a security vulnerability in the NTLM authentication helper is now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Squid is a full-featured Web proxy cache.

An out of bounds memory read bug was found within the NTLM authentication helper routine. If Squid is configured to use the NTLM authentication helper, a remote attacker could send a carefully crafted NTLM authentication packet and cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0832 to this issue.

Note: The NTLM authentication helper is not enabled by default in Red Hat Enterprise Linux 3. Red Hat Enterprise Linux 2.1 is not vulnerable to this issue as it shipped with a version of Squid which did not contain the vulnerable helper.

Users of Squid should update to this erratum package, which contains a backported patch and is not vulnerable to this issue.

Previous Page

Next Page

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...