Red Hat Linux Bugs
Home Up Search Trademarks how to use

For best results: this site requires that cookies be enabled for proper operation - see Legal Page for more info

Starting December 1, 2006 Techsinfo.be will no longer be available please update your links to http://techinfo.e2uhosting.net Thank you

Select Any of These

Red Hat Linux Bugs

LAST UPDATED: Tuesday, 27 March 2007 08:42:05 +0100

Changes to this page are IN PROGRESS

REDHAT 7.0 CYRUS-SASL AUTHORIZATION

Cyrus-SASL is an open-source implementation of SASL (Simple Authentication and Security Layer). The 1.5.24 package included with RedHat 7.0 contains a bug that allows authenticated users to access unauthorized resources. This bug only affects the version 1.5.24 that ships with RedHat Linux 7.0. The Cyrus-SASL 1.5.24 package available at the main project FTP site and older versions that shipped with RedHat PowerTools are not vulnerable. Patches are available for Alpha and i386 systems; download them respectively from 

ftp://updates.redhat.com/7.0/alpha/cyrus-sasl-1.5.24-11.alpha.rpm

and

ftp://updates.redhat.com/7.0/i386/cyrus-sasl-1.5.24-11.i386.rpm

REDHAT LINUX 6.1 ORBIT AND GNOME-SESSION SUSCEPTIBLE TO DOS ATTACKS

Users of RedHat Linux 6.1 on Sparc- and i386-based systems should take note of a problem with ORBit and gnome-session. Under specific circumstances, a bug that exists in ORBit and gnome-session allows attackers to crash a program remotely. Redhat has fixed the problem and added TCP Wrappers support to gnome-session (ORBit already has TCP Wrappers support). For more information or to download the respective patches, browse to

http://www.redhat.com/support/errata/RHSA1999058-01.html

REDHAT PIRANHA VIRTUAL SERVER PACKAGE CONTAINS TWO MAJOR SECURITY BUGS

Two distinct and important security issues have arisen with the Piranha virtual server and load-balancing package from RedHat. A vulnerability exists in Piranha version 0.4.12 in the passwd.php3 cgi-bin script. Due to improper checking of input, it is possible for any user who can authenticate to the Piranha package to execute arbitrary commands with the effective ID of the Web server, giving anyone the ability to leverage access to the machine. Furthermore, Piranha contains a default account, piranha, with the password q. Using this user name and password, in conjunction with the flaws in the passwd.php3 script, a remote user could execute arbitrary commands on the machine. Patches are available for Sparc, i386, and Alpha systems. They are available, respectively, from

ftp://updates.redhat.com/6.2/sparc/piranha-gui-0.4.13-1.sparc.rpm

ftp://updates.redhat.com/6.2/i386/piranha-gui-0.4.13-1.i386.rpm

ftp://updates.redhat.com/6.2/alpha/piranha-gui-0.4.13-1.alpha.rpm

Questions?

Just Check out some of our sponsors

Shop at BestPrices.Com!

web server downtime monitoring

COPYRIGHT 1998 - 2007 All names used are Trademarks of the respective companies