MESSAGE
| DATE | 2005-01-13 |
| FROM | From: "Inker, Evan"
|
| SUBJECT | Subject: [hangout] Red Hat, SuSE release Linux patches
|
From owner-hangouts-destenys-at-mrbrklyn.com Thu Jan 13 15:51:43 2005
X-UIDL: =n_!!*>0!!RG0"!_>M"!
Received: from www2.mrbrklyn.com (localhost [127.0.0.1])
by mrbrklyn.com (8.12.11/8.11.2/SuSE Linux 8.11.1-0.5) with ESMTP id j0DKphxc014844
for ; Thu, 13 Jan 2005 15:51:43 -0500
Received: (from mdom-at-localhost)
by www2.mrbrklyn.com (8.12.11/8.12.3/Submit) id j0DKpg9q014843
for hangouts-destenys; Thu, 13 Jan 2005 15:51:42 -0500
X-Authentication-Warning: www2.mrbrklyn.com: mdom set sender to owner-hangouts-at-www2.mrbrklyn.com using -f
Received: from mail70.messagelabs.com (mail70.messagelabs.com [193.109.255.115])
by mrbrklyn.com (8.12.11/8.11.2/SuSE Linux 8.11.1-0.5) with SMTP id j0DKpfhl014838
for ; Thu, 13 Jan 2005 15:51:41 -0500
X-VirusChecked: Checked
X-Env-Sender: EInker-at-gam.com
X-Msg-Ref: server-5.tower-70.messagelabs.com!1105649592!40166163!1
X-StarScan-Version: 5.4.5; banners=-,-,-
X-Originating-IP: [193.202.231.225]
Received: (qmail 15883 invoked from network); 13 Jan 2005 20:53:13 -0000
Received: from unknown (HELO w2gw-ldn02.gam.com) (193.202.231.225)
by server-5.tower-70.messagelabs.com with SMTP; 13 Jan 2005 20:53:13 -0000
Received: from ntas-ldn15.gam.com (unverified) by w2gw-ldn02.gam.com
(Content Technologies SMTPRS 4.3.12) with ESMTP id
for ; Thu,
13 Jan 2005 20:53:12 +0000
Received: by ntas-ldn15.gam.com with Internet Mail Service (5.5.2653.19) id
; Thu, 13 Jan 2005 20:53:12 -0000
Message-ID: <386AEEE1B7BAC34CB4DDF394C2349278D6E9B3-at-w2cs-nyk02.gam.com>
From: "Inker, Evan"
To: hangout-at-nylxs.com
Subject: [hangout] Red Hat, SuSE release Linux patches
Date: Thu, 13 Jan 2005 20:51:20 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C4F9B1.A2B97FD0"
Sender: owner-hangouts-at-mrbrklyn.com
Precedence: bulk
Reply-To: "Inker, Evan"
List: New Yorker GNU Linux Scene
Admin: To unsubscribe send unsubscribe name-at-domian.com in the body to hangout-request-at-www2.mrbrklyn.com
X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on www2.mrbrklyn.com
X-Spam-Status: No, score=-2.5 required=4.0 tests=AWL,BAYES_00,HTML_30_40,
HTML_MESSAGE,URI_REDIRECTOR autolearn=ham version=3.0.0
X-Spam-Level:
X-Keywords:
X-UID: 38660
Status: RO
Content-Length: 11548
Lines: 253
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C4F9B1.A2B97FD0
Content-Type: text/plain
Red Hat, SuSE release Linux patches
By Dawn Kawamoto
28.html>
http://news.com.com/Red+Hat%2C+SuSE+release+Linux+patches/2100-7349_3-553522
8.html
Story last modified Thu Jan 13 10:18:00 PST 2005
Linux vendors Red Hat, Novell and Mandrakesoft on Wednesday released patches
for several vulnerabilities, ranging from flaws that could allow
denial-of-service attacks to buffer overflows.
Five of the updates released were rated "highly critical" on Thursday by
security information company Secunia. Red Hat released three of the updates,
Novell's SuSE one and Mandrakesoft one.
SuSE issued
ity%2Fadvisories%2F2005_01_sr.html&siteId=3&oId=2102-7349_3-5535228&ontId=10
09&lop=nl.ex> updates to resolve flaws including a vulnerability that could
allow malicious code to cause a local denial-of-service attack using a
specially created Acrobat document. The vulnerabilities would affect most
SuSE Linux-based products.
Another vulnerability in the Linux system components used to route network
traffic could allow a malicious person to execute a local denial-of-service
attack by inserting erroneous information into the netfilter data stream,
according to SuSE.
Red Hat, meanwhile, issued a package of updates for its desktop, enterprise
and advanced-workstation software.
An updated libtiff package was released to address vulnerabilities involving
various integer overflows. The vulnerabilities would enable an attacker who
has tricked a user into opening a malicious image file in the TIFF format to
make a libtiff-related application crash or have the potential to compromise
the computer with arbitrary code.
Red Hat also released updates for Xpdf packages to address a vulnerability
to a potential buffer overflow. Xpdf is a stand-alone application for
reading Portable Document Format documents and is also used by many Linux
programs to process PDF files. This vulnerability could enable an attacker
to create a PDF file that would crash Xpdf and possibility execute arbitrary
code when opened, according to Red Hat's update.
.lede>
Red Hat also released multiple patches to resolve flaws in its Xpm library.
The XPixMap (XPM) format enables color images to be stored in an easily
portable file.
Several stack overflow flaws and an integer overflow vulnerability were
found in the libXpm library, which, in turn, is used to decode XPM images.
If an attacker creates an XPM file that causes an application to crash, a
computer system could be compromised.
Mandrakesoft also released an update for Imlib, a standard set of code used
by older versions of the GNOME desktop to process graphics.
Image-related vulnerabilities have cropped up recently in other Linux
software.
Last month, a couple of
tag=nl> Linux groups issued patches for several flaws in common Linux code
used in older GNOME desktop versions for processing graphics. Those
vulnerabilities could enable attackers to compromise computers that display
a malicious image file.
Copyright
(c)1995-2005 CNET Networks, Inc. All rights reserved.
****************************************************************************
This message contains confidential information and is intended only
for the individual or entity named. If you are not the named addressee
you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of this
message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
This message is provided for informational purposes and should not
be construed as an invitation or offer to buy or sell any securities or
related financial instruments.
GAM operates in many jurisdictions and is
regulated or licensed in those jurisdictions as required.
****************************************************************************
------_=_NextPart_001_01C4F9B1.A2B97FD0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
Message
=
Red Hat, SuSE release Linux patches=20
href=3D"http://news.com.com/Red+Hat%2C+SuSE+release+Linux+patches/2100-7349=
_3-5535228.html">color=3D#b23e3e>http://news.com.com/Red+Hat%2C+SuSE+release+Linux+patches/2=
100-7349_3-5535228.html=20
Story last modified Thu Jan 13 10:18:00 PST 2005=20
size=3D2>=3D2>
size=3D2>
Linux vendors Red Hat, Novell and Mandrakesoft =
on=20
Wednesday released patches for several vulnerabilities, ranging from flaws =
that=20
could allow denial-of-service attacks to buffer overflows.
Five of the updates released were rated "highly critical" on Thursday by=
security information company Secunia. Red Hat released three of the update=
s,=20
Novell's SuSE one and Mandrakesoft one.
SuSE issued href=3D"http://dw.com.com/redir?destUrl=3Dhttp%3A%2F%2Fwww.novell.com%2Flin=
ux%2Fsecurity%2Fadvisories%2F2005_01_sr.html&siteId=3D3&oId=3D2102-=
7349_3-5535228&ontId=3D1009&lop=3Dnl.ex">color=3D#b23e3e>updates to resolve flaws including a vulnerabili=
ty that=20
could allow malicious code to cause a local denial-of-service attack using =
a=20
specially created Acrobat document. The vulnerabilities would affect most S=
uSE=20
Linux-based products.
Another vulnerability in the Linux system components used to route netwo=
rk=20
traffic could allow a malicious person to execute a local denial-of-service=
attack by inserting erroneous information into the netfilter data stream,=
according to SuSE.
Red Hat, meanwhile, issued a package of updates for its desktop, enterpr=
ise=20
and advanced-workstation software.
An url=3D"http://rhn.redhat.com/errata/RHSA-2005-019.html">updated libtiff=20
package was released to address vulnerabilities involving vario=
us=20
integer overflows. The vulnerabilities would enable an attacker who has tri=
cked=20
a user into opening a malicious image file in the TIFF format to make a=20
libtiff-related application crash or have the potential to compromise the=
computer with arbitrary code.
Red Hat also released url=3D"http://rhn.redhat.com/errata/RHSA-2005-018.html">updates for Xpdf=20
packages to address a vulnerability to a potential buffer overf=
low.=20
Xpdf is a stand-alone application for reading Portable Document Format docu=
ments=20
and is also used by many Linux programs to process PDF files. This vulnerab=
ility=20
could enable an attacker to create a PDF file that would crash Xpdf and=20
possibility execute arbitrary code when opened, according to Red Hat's upda=
te.=20
href=3D"http://news.com.com/Snooping+by+satellite/2100-1028_3-5533560.html?=
tag=3Dnefd.lede"> SELEMENT>
Red Hat also released url=3D"http://secunia.com/advisories/13835">multiple patches to resolve fla=
ws in=20
its Xpm library. The XPixMap (XPM) format enables color images =
to be=20
stored in an easily portable file.
Several stack overflow flaws and an integer overflow vulnerability were =
found=20
in the libXpm library, which, in turn, is used to decode XPM images. If an=
attacker creates an XPM file that causes an application to crash, a comput=
er=20
system could be compromised.
Mandrakesoft also released an update for Imlib, a standard set of code u=
sed=20
by older versions of the GNOME desktop to process graphics.
Image-related vulnerabilities have cropped up recently in other Linux=20
software.
Last month, a couple of title=3D"Linux groups patch image flaw -- Wednesday, Dec 8, 2004"=20
href=3D"http://news.com.com/Linux+groups+patch+image+flaw/2100-1002_3-54840=
80.html?tag=3Dnl">color=3D#b23e3e>Linux groups issued patches for several flaws in=
common=20
Linux code used in older GNOME desktop versions for processing graphics. Th=
ose=20
vulnerabilities could enable attackers to compromise computers that display=
a=20
malicious image file.
href=3D"http://www.cnet.com/aboutcnet/0-13611-7-811029.html?tag=3Dft">Copyr=
ight=20
©1995-2005 CNET Networks, Inc. All rights reserved.
>
***************************************************************************=
*
This message contains confidential information and is intended only
for the individual or entity named. If you are not the named addressee
you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of this
message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
This message is provided for informational purposes and should not
be construed as an invitation or offer to buy or sell any securities or
related financial instruments.
GAM operates in many jurisdictions and is
regulated or licensed in those jurisdictions as required.
***************************************************************************=
*
------_=_NextPart_001_01C4F9B1.A2B97FD0--
____________________________
NYLXS: New Yorker Free Software Users Scene
Fair Use -
because it's either fair use or useless....
NYLXS is a trademark of NYLXS, Inc
|
|
