LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Buried in security updates

[Posted May 2, 2007 by corbet]

Debian has updated wordpress (multiple vulnerabilities)

Gentoo has updated ktorrent (multiple vulnerabilities), freetype (integer overflow), quagga (denial of service), mod_perl (denial of service), and tomcat (information disclosure).

Mandriva has updated ktorrent (directory traversal).

Red Hat has updated w3c-libwww (buffer overflows), unzip (multiple vulnerabilities), gcc (directory traversal in fastjar), gdb (buffer overflows), util-linux (access policy bypass), busybox (weak password generation), cpio (buffer overflow on 64-bit platforms), sendmail (configuration error allowing message spoofing), openssh (plaintext hostnames in known_hosts files - from 2005), shadow-utils (random permissions on new user mailboxes), gdm (race condition), and openldap (access permissions bypass). All of these updates are for RHEL4. Also updated is xscreensaver (password check bypass - for RHEL 2.1 through RHEL4).

rPath has updated the kernel (IPv6 source routing vulnerability).

Ubuntu has updated net-snmp (denial of service).

(Log in to post comments)

Buried in security updates

Posted May 2, 2007 18:38 UTC (Wed) by bunk (subscriber, #44933) [Link]

The rPath advisory says they also fixed CVE-2007-1861 (the netlink bug that allows local users to crash the machine).

Copyright © 2007, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds