Article

Red Hat fixes vulnerabilities in four areas

Edmund X. DeJesus, Information Security magazine contributor

Red Hat recommends users upgrade to updated packages that address security vulnerabilities in PostgreSQL, stunnel, XFree64, and Zebra. The consequences

    Requires Free Membership to View

of the vulnerabilities include denial of service, execution of arbitrary code and privilege escalation.

PostgreSQL is an open source database system. Its pg_to_ascii() function suffers from buffer overflow problems that could be exploited to cause denial of service or execution of arbitrary code.

Stunnel is a "secure tunneling" wrapper for network connections, used to tunnel an unencrypted connection over an encrypted connection, or to provide an encrypted connection to services that don't support encryption. Problems in non-reentrant signal-handling stunnel functions could allow an attacker to hijack the service.

XFree86 is an implementation of the X Window System, including the core graphical user interface and video drivers. Xfree86's handling of font libraries has integer overflow problems that could allow local or remote attackers to gain root privileges, cause denial of service or execute arbitrary code.

Zebra is an open source implementation of TCP/IP routing software. Its telnet management service is susceptible to remote denial of service if a Zebra password has been enabled.

Affected Red Hat products include Enterprise Linux AS 2.1/ES 2.1/WS 2.1, Linux 7.2-9, and Linux Advanced Server 2.1 and Workstation 2.1 for Itanium.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: