Advisory: Red Hat Essential and Critical Security Patch Updates
Find the information you need for your favorite open source distribution .
KNapster Vulnerability
It is possible for anyone to obtain any user-readable file by sending a properly formed "GET" command that contains the full path of the file. This vulnerability exists because knapster fails to check that the requested file is an explicitly shared MP3 file before providing it.
Red Hat, Inc. Bug Fix Advisory
Various bugs in the SGML tools shipped with Red Hat Linux 6.2have been fixed. These include: the install-catalog script could not properly remove some catalogs, the docbook-3.0 catalog entry references non-existent files, the stylesheets have a bug that causes problems when producing tex output
RedHat 6.2: Potential kernel vulnerabilities
Several problems were discovered in the kernel shipped in Red Hat Linux 6.2.Updated kernel packages are available for download now.
RedHat 6.2: UPDATED: Piranha web GUI exposure
The GUI portion of Piranha may allow any remote attacker to execute commands on the server.
RedHat 6.x: imwheel buffer overflow
A vulnerability exists in the imwheel package where local users can executearbitrary commands as root.
RedHat 6.x: Vulnerability with openldap
Local users can destroy the contents of any file on any mounted filesystem.
RedHat: gpm privilege problem
gpm-root (part of the gpm packge) fails to drop gid 0 priviledges when executing user commands.
RedHat: nmh vulnerability
By creating specially formed MIME headers, it was possibleto have nmh's 'mhshow' utility execute arbitrary shell code.
RedHat: userhelper vulnerability
A security bug was found in userhelper; the bug can be exploited to provide local users with root access.
RedHat: Two vulnerabilities in lpd
Authentication and configuration vulnerabilities that could lead to a root compromise exist.
RH4.x-6.x:New lpr packages available
New lpr packages are available to fix two security problems in lpd.
RH6.1: New version of usermode fixes security bug
A security bug has been discovered and fixed in the userhelper program.
RH6.1: ORBit, esound, gnome-core (RHSA-1999:058-01)
ORBit and gnome-session each contained a denial-of-service hole. ORBit and esound each contained a security hole.
RH6.1: initscripts (RHSA-1999:052-04)
One security bug and several functionality bugs have been fixed in a new release of initscripts.
RH6.1: syslogd (RHSA-1999:055-01)
A denial of service attack exists in the system log daemon, syslogd.
RH6.1: ypserv (RHSA-1999:046-01)
The ypserv package, which contains the ypserv NIS server and the yppasswdd password-change server, has been discovered to have security holes.
RH6.1: lpr (RHSA-1999:041-03)
There are potential problems with file access checking in the lpr and lpd programs. These could allow users to potentially print files they do not have access to. Also, there are bugs in remote printing in the lpd that shipped with Red Hat Linux 6.1.
RH6.1: wu-ftpd (RHSA-1999:043-01)
Various computer security groups have reported security problems in the WU-FTPD daemon, the FTP server shipped with all versions of Red Hat Linux.
