Red Hat Inc. announced updates that fix remote-code execution and denial-of-service vulnerabilities in Red Hat...
Enterprise Linux and Red Hat Linux.
The Raleigh, N.C.-based distributor urged customers to upgrade immediately.
Separate alerts from Red Hat, released Thursday, described problems in the libxml2 and mod_python packages.
Libxml2, an XML-parsing library developed for the Gnome project, and can be found in Windows, Unix, VMS, OS2 and many other platforms. A buffer overflow flaw was found in libxml2 in versions up to 2.6.6. According to the alert, when fetching remote resources via FTP or HTTP, libxml2 uses a special parsing routine. If passed a specially constructed, long URL, the routine can overflow a buffer and an outsider would be able to execute the code of their choice.
Products affected by this flaw include Red Hat Enterprise Linux Advanced Server, Enterprise Server and Workstation Server versions 2.1 and 3, as well as Red Hat Linux Advanced Workstation 2.1, the company said.
Red Hat also released updated mod_python packages that repair a denial-of-service vulnerability in Red Hat Enterprise Linux AS, ES and WS versions 2.1 and 3, as well as Red Hat Linux Advanced Workstation 2.1.
Mod_python embeds the Python language interpreter within the Apache httpd server.
The DoS flaw was found in versions up to and including 2.7.10.