Linux Advisory Watch – September 30, 2005

47

Author: Benjamin D. Thomas

This week, advisories were released for python, XFree86, kdeedu, courier, zsync,
gtkdiskfree, util-linux, mantis, Webmin, Qt, PHP, firefox, mozilla, cups, HelixPlayer,
RealPlayer, wget, ghostscript, slocate, net-snmp, openssh, and binutils. The
distributors include Debian, Gentoo, and Red Hat.

 
   Debian
  Debian: New python2.2 packages fix arbitrary
code execution
  22nd, September, 2005

Updated package.

 
  Debian: New XFree86 packages
fix arbitrary code execution
  22nd, September, 2005

Updated package.

 
  Debian: New kdeedu packages fix insecure
temporary files
  22nd, September, 2005

Updated package.

 
  Debian: New python2.1 packages fix arbitrary
code execution
  23rd, September, 2005

Updated package.

 
  Debian: New courier packages fix cross-site
scripting
  24th, September, 2005

Updated package.

 
  Debian: New python2.3 packages fix arbitrary
code execution
  28th, September, 2005

Updated package.

 
  Debian: Updated zsync i386 packages fix
build error
  28th, September, 2005

Updated package.

 
  Debian: New gtkdiskfree packages fix
insecure temporary file
  29th, September, 2005

Updated package.

 
  Debian: New util-linux packages fix privilege
escalation
  29th, September, 2005

Updated package.

 
   Gentoo
  Gentoo: Mantis XSS and SQL injection
vulnerabilities
  24th, September, 2005

Mantis is affected by an SQL injection and several cross-site
scripting (XSS) vulnerabilities.

 
  Gentoo: Webmin, Usermin Remote code execution
through
  24th, September, 2005

If Webmin or Usermin is configured to use full PAM conversations,
it is vulnerable to the remote execution of arbitrary code with root privileges.

 
  Gentoo: Qt Buffer overflow in the included
zlib library
  26th, September, 2005

Qt is vulnerable to a buffer overflow which could potentially
lead to the execution of arbitrary code.

 
  Gentoo: PHP Vulnerabilities in included
PCRE and XML-RPC
  27th, September, 2005

PHP makes use of an affected PCRE library and ships with an
affected XML-RPC library and is therefore potentially vulnerable to remote
execution of arbitrary code.

 
   Red
Hat
  RedHat: Critical: firefox security update
  22nd, September, 2005

An updated firefox package that fixes several security bugs
is now available for Red Hat Enterprise Linux 4. This update has been
rated as having critical security impact by the Red Hat Security Response
Team.

 
  RedHat: Critical: mozilla security update
  22nd, September, 2005

Updated mozilla packages that fix several security bugs are
now available. This update has been rated as having critical security
impact by the Red Hat Security Response Team.

 
  RedHat: Moderate: cups security update
  27th, September, 2005

Updated CUPS packages that fix a security issue are now available
for Red Hat Enterprise Linux. This update has been rated as having moderate
security impact by the Red Hat Security Response Team.

 
  RedHat: Critical: HelixPlayer security
update
  27th, September, 2005

An updated HelixPlayer package that fixes a string format issue
is now available. This update has been rated as having critical security
impact by the Red Hat Security Response Team.

 
  RedHat: Critical: RealPlayer security
update
  27th, September, 2005

An updated RealPlayer package that fixes a format string bug
is now available. This update has been rated as having critical security
impact by the Red Hat Security Response Team.

 
  RedHat: Low: wget security update
  27th, September, 2005

Updated wget package that fixes several security issues is now
available. This update has been rated as having low security impact by
the Red Hat Security Response Team.

 
  RedHat: Low: ghostscript security update
  28th, September, 2005

Updated ghostscript packages that fix a PDF output issue and
a temporary file security bug are now available. This update has been
rated as having low security impact by the Red Hat Security Response Team.

 
  RedHat: Low: slocate security update
  28th, September, 2005

An updated slocate package that fixes a denial of service and
various bugs is now available. This update has been rated as having low
security impact by the Red Hat Security Response Team.

 
  RedHat: Low: net-snmp security update
  28th, September, 2005

Updated net-snmp packages that fix two security issues and various
bugs are now available. This update has been rated as having low security
impact by the Red Hat Security Response Team.

 
  RedHat: Low: openssh security update
  28th, September, 2005

Updated openssh packages that fix a potential security vulnerability
and various other bugs are now available. This update has been rated as
having low security impact by the Red Hat Security Response Team.

 
  RedHat: Low: binutils security update
  28th, September, 2005

An updated binutils package that fixes several bugs and minor
security issues is now available. This update has been rated as having
low security impact by the Red Hat Security Response Team.

 
  RedHat: Updated kernel packages available
for Red Hat
  28th, September, 2005

Updated kernel packages are now available as part of ongoing
support and maintenance of Red Hat Enterprise Linux version 3. This is
the sixth regular update. This security advisory has been rated as having
important security impact by the Red Hat Security Response Team.