Red Hat recommends users upgrade to updated packages that address security vulnerabilities in PostgreSQL, stunnel, XFree64, and Zebra. The consequences of the vulnerabilities include denial of service, execution of arbitrary code and privilege escalation.
PostgreSQL is an open source database system. Its pg_to_ascii() function suffers from buffer overflow problems that could be exploited to cause denial of service or execution of arbitrary code.
Stunnel is a "secure tunneling" wrapper for network connections, used to tunnel an unencrypted connection over an encrypted connection, or to provide an encrypted connection to services that don't support encryption. Problems in non-reentrant signal-handling stunnel functions could allow an attacker to hijack the service.
XFree86 is an implementation of the X Window System, including the core graphical user interface and video drivers. Xfree86's handling of font libraries has integer overflow problems that could allow local or remote attackers to gain root privileges, cause denial of service or execute arbitrary code.
Zebra is an open source implementation of TCP/IP routing software. Its telnet management service is susceptible to remote denial of service if a Zebra password has been enabled.
Affected Red Hat products include Enterprise Linux AS 2.1/ES 2.1/WS 2.1, Linux 7.2-9, and Linux Advanced Server 2.1 and Workstation 2.1 for Itanium.