Article

Red Hat repairs bugs in two software packages

Michael S. Mimoso, Editorial Director

Red Hat Inc. announced updates that fix remote-code execution and denial-of-service vulnerabilities in Red Hat Enterprise Linux and Red Hat Linux.

The Raleigh, N.C.-based distributor urged customers to upgrade immediately.

    Requires Free Membership to View

Separate alerts from Red Hat, released Thursday, described problems in the libxml2 and mod_python packages.

Libxml2, an XML-parsing library developed for the Gnome project, and can be found in Windows, Unix, VMS, OS2 and many other platforms. A buffer overflow flaw was found in libxml2 in versions up to 2.6.6. According to the alert, when fetching remote resources via FTP or HTTP, libxml2 uses a special parsing routine. If passed a specially constructed, long URL, the routine can overflow a buffer and an outsider would be able to execute the code of their choice.

Products affected by this flaw include Red Hat Enterprise Linux Advanced Server, Enterprise Server and Workstation Server versions 2.1 and 3, as well as Red Hat Linux Advanced Workstation 2.1, the company said.

Red Hat also released updated mod_python packages that repair a denial-of-service vulnerability in Red Hat Enterprise Linux AS, ES and WS versions 2.1 and 3, as well as Red Hat Linux Advanced Workstation 2.1.

Mod_python embeds the Python language interpreter within the Apache httpd server.

The DoS flaw was found in versions up to and including 2.7.10.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: