Red Hat posted 4 new security updates today.
RHSA-2007:0376 Important: kernel security and bug fix update
This update fixes several vulnerabilities in the kernel packages for Red Hat Enterprise Linux 5. A list of fixes is included in Table 1 below. The Red Hat Security Response Team has rated this update as having important security impact.
| CVE-2006-7203 | a flaw in the mount handling routine for 64-bit systems that allowed a local user to cause denial of service. |
| CVE-2007-1353 | a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak |
| CVE-2007-2453 | a bug in the random number generator that prevented the manual seeding of the entropy pool |
| CVE-2007-2525 | a flaw in the PPP over Ethernet implementation that allowed a remote user to cause a denial of service |
| N/A | a race condition between ext3_link/unlink that could create an orphan inode list corruption. |
| N/A | a bug in the e1000 driver that could lead to a watchdog timeout panic. |
RHSA-2007:0395 Low: mod_perl security update
This update addresses one vulnerability in the mod_perl packages for Red Hat Enterprise Linux 3, 4, and 5. If a server implemented a mod_perl registry module using the “namespace_from_uri” method of the ModPerl::RegistryCooker class, an attacker could request a URI causing resource consumption leading to a Denial of Service (DoS). The Red Hat Security Response Team has rated this update as having low security impact.
RHSA-2007:0497 Moderate: iscsi-initiator-utils security update
This update resolves two vulnerabilities in the iscsi-initiator-utils packages for Red Hat Enterprise Linux 5. A local attacker could cause the server to stop responding resulting in a Denial of Service (DoS) (CVE-2007-3099, CVE-2007-3100). The Red Hat Security Response Team has rated this update as having moderate security impact.
RHSA-2007:0501 Moderate: libexif integer overflow
This update fixes one vulnerability in the libexif packages for Red Hat Enterprise Linux 4 and 5. Due to an integer overflow, an attacker could use an EXIF image to execute arbitrary code or crash the application linked to libexif (CVE-2007-4168). The Red Hat Security Response Team has rated this update as having moderate security impact.
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!
July 13th, 2007 at 9:15 am
Hi
Looks good! Very useful, good stuff. Good resources here. Thanks much!
G’night