Red Hat, SuSE release Linux patches

Linux vendors release patches to resolve operating-system vulnerabilities ranging from DoS attacks to buffer overflows.

Dawn Kawamoto Former Staff writer, CNET News

Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.

Dawn Kawamoto

Jan. 13, 2005 11:45 a.m. PT

2 min read

Linux vendors Red Hat, Novell and Mandrakesoft on Wednesday released patches for several vulnerabilities, ranging from flaws that could allow denial-of-service attacks to buffer overflows.

Five of the updates released were rated "highly critical" on Thursday by security information company Secunia. Red Hat released three of the updates, Novell's SuSE one and Mandrakesoft one.

SuSE issued updates to resolve flaws including a vulnerability that could allow malicious code to cause a local denial-of-service attack using a specially created Acrobat document. The vulnerabilities would affect most SuSE Linux-based products.

Another vulnerability in the Linux system components used to route network traffic could allow a malicious person to execute a local denial-of-service attack by inserting erroneous information into the netfilter data stream, according to SuSE.

Red Hat, meanwhile, issued a package of updates for its desktop, enterprise and advanced-workstation software.

An updated libtiff package was released to address vulnerabilities involving various integer overflows. The vulnerabilities would enable an attacker who has tricked a user into opening a malicious image file in the TIFF format to make a libtiff-related application crash or have the potential to compromise the computer with arbitrary code.

Red Hat also released updates for Xpdf packages to address a vulnerability to a potential buffer overflow. Xpdf is a stand-alone application for reading Portable Document Format documents and is also used by many Linux programs to process PDF files. This vulnerability could enable an attacker to create a PDF file that would crash Xpdf and possibility execute arbitrary code when opened, according to Red Hat's update.

Red Hat also released multiple patches to resolve flaws in its Xpm library. The XPixMap (XPM) format enables color images to be stored in an easily portable file.

Several stack overflow flaws and an integer overflow vulnerability were found in the libXpm library, which, in turn, is used to decode XPM images. If an attacker creates an XPM file that causes an application to crash, a computer system could be compromised.

Mandrakesoft also released an update for Imlib, a standard set of code used by older versions of the GNOME desktop to process graphics.

Image-related vulnerabilities have cropped up recently in other Linux software.

Last month, a couple of Linux groups issued patches for several flaws in common Linux code used in older GNOME desktop versions for processing graphics. Those vulnerabilities could enable attackers to compromise computers that display a malicious image file.