LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Buried in security updates

[Posted May 2, 2007 by corbet]

Debian has updated wordpress (multiple vulnerabilities)

Gentoo has updated ktorrent (multiple vulnerabilities), freetype (integer overflow), quagga (denial of service), mod_perl (denial of service), and tomcat (information disclosure).

Mandriva has updated ktorrent (directory traversal).

Red Hat has updated w3c-libwww (buffer overflows), unzip (multiple vulnerabilities), gcc (directory traversal in fastjar), gdb (buffer overflows), util-linux (access policy bypass), busybox (weak password generation), cpio (buffer overflow on 64-bit platforms), sendmail (configuration error allowing message spoofing), openssh (plaintext hostnames in known_hosts files - from 2005), shadow-utils (random permissions on new user mailboxes), gdm (race condition), and openldap (access permissions bypass). All of these updates are for RHEL4. Also updated is xscreensaver (password check bypass - for RHEL 2.1 through RHEL4).

rPath has updated the kernel (IPv6 source routing vulnerability).

Ubuntu has updated net-snmp (denial of service).

(Log in to post comments)

Buried in security updates

Posted May 2, 2007 18:38 UTC (Wed) by bunk (guest, #44933) [Link]

The rPath advisory says they also fixed CVE-2007-1861 (the netlink bug that allows local users to crash the machine).

Copyright © 2007, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds