2 Security Alerts
Red Hat Network has determined that the following advisory is applicable to
one or more of the systems you have registered:
Complete information about this errata can be found at the following location:
https://rhn.redhat.com/network/errat...s.pxt?eid=2035
Security Advisory - RHSA-2004:093-05
------------------------------------------------------------------------------
Summary:
Updated sysstat packages fix security vulnerabilities
Updated sysstat packages that fix various bugs and a minor security issue
are now available.
Description:
Sysstat is a tool for gathering system statistics.
A bug was found in the Red Hat sysstat package post and trigger scripts,
which used insecure temporary file names. A local attacker could overwrite
system files using carefully-crafted symbolic links in the /tmp directory.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0107 to this issue.
Other issues addressed in this advisory include:
* iostat -x should return all partitions on the system (up to a maximum of
1024)
* sar should handle network device names with more than 8 characters properly
Users of sysstat should upgrade to these updated packages, which
contain patches to correct these issues.
------------------------------------------------------------------------------
one or more of the systems you have registered:
Complete information about this errata can be found at the following location:
https://rhn.redhat.com/network/errat...s.pxt?eid=2035
Security Advisory - RHSA-2004:093-05
------------------------------------------------------------------------------
Summary:
Updated sysstat packages fix security vulnerabilities
Updated sysstat packages that fix various bugs and a minor security issue
are now available.
Description:
Sysstat is a tool for gathering system statistics.
A bug was found in the Red Hat sysstat package post and trigger scripts,
which used insecure temporary file names. A local attacker could overwrite
system files using carefully-crafted symbolic links in the /tmp directory.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0107 to this issue.
Other issues addressed in this advisory include:
* iostat -x should return all partitions on the system (up to a maximum of
1024)
* sar should handle network device names with more than 8 characters properly
Users of sysstat should upgrade to these updated packages, which
contain patches to correct these issues.
------------------------------------------------------------------------------
Red Hat Network has determined that the following advisory is applicable to
one or more of the systems you have registered:
Complete information about this errata can be found at the following location:
https://rhn.redhat.com/network/errat...s.pxt?eid=2034
Security Advisory - RHSA-2004:102-03
------------------------------------------------------------------------------
Summary:
Updated gdk-pixbuf packages fix denial of service vulnerability
Updated gdk-pixbuf packages that fix a denial of service vulnerability that
could affect applications such as Evolution are now available.
Description:
The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. In Red Hat Linux 9 this library is used by
applications, such as Evolution, to load images.
Thomas Kristensen discovered a bitmap file that would cause the Evolution
mail reader to crash. This issue was caused by a flaw that affects
versions of the gdk-pixbuf package prior to 0.20. To exploit this flaw, a
remote attacker could send (via email) a carefully-crafted BMP file, which
would cause Evolution to crash. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0111
to this issue.
Users are advised to upgrade to these updated packages containing
gdk-pixbuf version 0.22, which is not vulnerable to this issue.
------------------------------------------------------------------------------
one or more of the systems you have registered:
Complete information about this errata can be found at the following location:
https://rhn.redhat.com/network/errat...s.pxt?eid=2034
Security Advisory - RHSA-2004:102-03
------------------------------------------------------------------------------
Summary:
Updated gdk-pixbuf packages fix denial of service vulnerability
Updated gdk-pixbuf packages that fix a denial of service vulnerability that
could affect applications such as Evolution are now available.
Description:
The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. In Red Hat Linux 9 this library is used by
applications, such as Evolution, to load images.
Thomas Kristensen discovered a bitmap file that would cause the Evolution
mail reader to crash. This issue was caused by a flaw that affects
versions of the gdk-pixbuf package prior to 0.20. To exploit this flaw, a
remote attacker could send (via email) a carefully-crafted BMP file, which
would cause Evolution to crash. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0111
to this issue.
Users are advised to upgrade to these updated packages containing
gdk-pixbuf version 0.22, which is not vulnerable to this issue.
------------------------------------------------------------------------------
