Red Hat announced 4 security updates this morning: RHSA-2007:0344, RHSA-2007:0380, RHSA-2007:0389, and RHSA-2007:0391.
RHSA-2007:0344 Moderate: evolution-data-server security update
This security update addresses one vulnerability in the evolution-data-server package for Red Hat Enterprise Linux 5. A remote attacker could acquire certain portions of a user’s credentials by sending certain responses when the evolution-data-server attempted to authenticate against an APOP server (CVE-2007-1558). The Red Hat Security Response Team has rated this update as having moderate security impact. More detailed information can be found on the Red Hat Network.
RHSA-2007:0380 Important: mod_jk security update
This security update addresses one vulnerability in the mod_jk package Red Hat Application Server. An attacker could construct a carefully crafted packet to circumvent content restrictions if Tomcat was used behind mod_jk and configured to only proxy some contexts (CVE-2007-1860). The Red Hat Security Response Team has rated this update as having important security impact. More detailed information can be found on the Red Hat Network.
RHSA-2007:0389 Moderate: quagga security update
This security update addresses one vulnerability in the quagga package for Red Hat Enterprise Linux 3, 4, and 5. Due to a memory read flaw, a BGP peer could cause Quagga to crash resulting in a Denial of Service (CVE-2007-1995). The Red Hat Security Response Team has rated this update as having moderate security impact. More detailed information can be found on the Red Hat Network.
RHSA-2007:0391 Moderate: file security update
This security update fixes one vulnerability in the file package for Red Hat Enterprise Linux 4 and 5. A new integer underflow flaw appeared in the file package as a result of the fix applied for CVE-2007-1536. An attacker could create a file which could lead to arbitrary code execution when examined by the file utility (CVE-2007-2799). The Red Hat Security Response Team has rated this update as having moderate security impact. More detailed informaton can be found on the Red Hat Network.
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!
[...] to RHSA-2007:0380, Red Hat has announced RHSA-2007:0379 relating to mod_jk for Red Hat Application Stack 1.1. An [...]