Red Hat announced 4 new security updates this afternoon.
RHSA-2007:0384 Critical: krb5 security update
This update fixes three vulnerabilities in the krb5 packages for Red Hat Enterprise Linux 2.1 and 3. A list of vulnerabilities is included in Table 1 below. The Red Hat Security Response team has rated this update as having critical security impact.
| CVE-2007-2442 | A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash or potentially execute arbitrary code as root. |
| CVE-2007-2443 | A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. |
| CVE-2007-2798 | An authenticated attacker who can access kadmind could trigger this flaw and potentially execute arbitrary code on the Kerberos server. |
RHSA-2007:0532 Moderate: apache security update
This update addresses two vulnerabilities in the apache packages for Red Hat Enterprise Linux 2.1. A list of vulnerabilities is included in Table 2 below. The Red Hat Security Response Team has rated this update as having moderate security impact.
| CVE-2006-5752 | A local attacker who has the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated, which could lead to a denial of service. |
| CVE-2007-3304 | Sites with the server-status page publicly accessible and ExtendedStatus enabled were vulnerable to a cross-site scripting attack. |
RHSA-2007:0534 Moderate: httpd security update
This update addresses two vulnerabilities in the httpd packages for Red Hat Enterprise Linux 4. A list of vulnerabilities is included in Table 3 below. The Red Hat Security Response Team has rated this update as having moderate security impact.
| CVE-2006-5752 | A local attacker who has the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated, which could lead to a denial of service. |
| CVE-2007-3304 | Sites with the server-status page publicly accessible and ExtendedStatus enabled were vulnerable to a cross-site scripting attack. |
RHSA-2007:0562 Important: krb5 security update
This update fixes three vulnerabilities in the krb5 packages for Red Hat Enterprise Linux 4 and 5. A list of vulnerabilities is included in Table 4 below. The Red Hat Security Response team has rated this update as having important security impact.
| CVE-2007-2442 | A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash or potentially execute arbitrary code as root. |
| CVE-2007-2443 | A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. |
| CVE-2007-2798 | An authenticated attacker who can access kadmind could trigger this flaw and potentially execute arbitrary code on the Kerberos server. |
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!
Leave a Reply