Red Hat repairs bugs in two software packages

Remote code execution and denial-of-service vulnerabilities have been repaired in two software packages included in Red Hat Enterprise Linux.

Red Hat Inc. announced updates that fix remote-code execution and denial-of-service vulnerabilities in Red Hat

Enterprise Linux and Red Hat Linux.

The Raleigh, N.C.-based distributor urged customers to upgrade immediately.

Separate alerts from Red Hat, released Thursday, described problems in the libxml2 and mod_python packages.

Libxml2, an XML-parsing library developed for the Gnome project, and can be found in Windows, Unix, VMS, OS2 and many other platforms. A buffer overflow flaw was found in libxml2 in versions up to 2.6.6. According to the alert, when fetching remote resources via FTP or HTTP, libxml2 uses a special parsing routine. If passed a specially constructed, long URL, the routine can overflow a buffer and an outsider would be able to execute the code of their choice.

Products affected by this flaw include Red Hat Enterprise Linux Advanced Server, Enterprise Server and Workstation Server versions 2.1 and 3, as well as Red Hat Linux Advanced Workstation 2.1, the company said.

Red Hat also released updated mod_python packages that repair a denial-of-service vulnerability in Red Hat Enterprise Linux AS, ES and WS versions 2.1 and 3, as well as Red Hat Linux Advanced Workstation 2.1.

Mod_python embeds the Python language interpreter within the Apache httpd server.

The DoS flaw was found in versions up to and including 2.7.10.

Dig deeper on Red Hat Enterprise Linux Server

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchDataCenter

SearchServerVirtualization

SearchCloudComputing

SearchEnterpriseDesktop

Close