|
|
| Top White Papers
Current Newswire:
SOT Linux Advisories: libxml2, muttMar 11, 2004, 15:59 (0 Talkback[s])SOT Linux Security Advisory Subject: Updated libxml2 package for SOT Linux 2003 1. Problem description libxml2 is a library for manipulating XML files. Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml2 that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0110 to this issue. All users are advised to upgrade to these updated packages, which contain a backported fix and are not vulnerable to this issue. 2. Updated packages SOT Linux 2003 Desktop: i386: SRPMS: SOT Linux 2003 Server: i386: SRPMS: 3. Upgrading package Before applying this update, make sure all previously released errata relevant to your system have been applied. Use up2date to automatically upgrade the fixed packages. If you want to upgrade manually, download the updated package from the SOT Linux FTP site (use the links above) or from one of our mirrors. The list of mirrors can be obtained at www.sot.com/en/linux Update the package with the following command: rpm -Uvh <filename> 4. Verification All packages are PGP signed by SOT for security. You can verify each package with the following command: rpm --checksig <filename> If you wish to verify the integrity of the downloaded package, run "md5sum <filename>" and compare the output with data given below. Package Name MD5 sum /Desktop/i386/libxml2-2.5.1-2.i386.rpm
84aa5b76d3b27710c447e624f33a89a2 5. References http://mail.gnome.org/archives/xml/2004-February/msg00070.html Copyright(c) 2001-2003 SOT SOT Linux Security Advisory Subject: Updated mutt package for SOT Linux 2003 1. Problem description Mutt is a text-based program for reading electronic mail. It was discovered that certain messages would cause mutt to crash. Mutt 1.4.2 fixes this bug. See CAN-2004-0078. Users of mutt should update to this update package, which contains a backported fix and is not vulnerable to this issue. 2. Updated packages SOT Linux 2003 Desktop: i386: SRPMS: SOT Linux 2003 Server: i386: SRPMS: 3. Upgrading package Before applying this update, make sure all previously released errata relevant to your system have been applied. Use up2date to automatically upgrade the fixed packages. If you want to upgrade manually, download the updated package from the SOT Linux FTP site (use the links above) or from one of our mirrors. The list of mirrors can be obtained at www.sot.com/en/linux Update the package with the following command: rpm -Uvh <filename> 4. Verification All packages are PGP signed by SOT for security. You can verify each package with the following command: rpm --checksig <filename> If you wish to verify the integrity of the downloaded package, run "md5sum <filename>" and compare the output with data given below. Package Name MD5 sum /Desktop/i386/mutt-1.4.2.1i-3.i386.rpm 96484dc0f28be6021045d661b70431a8 /Desktop/SRPMS/mutt-1.4.2.1i-3.src.rpm 6bf26a3ef768bb3acc9a4341916ed303 /Server/i386/mutt-1.4.2.1i-3.i386.rpm 96484dc0f28be6021045d661b70431a8 /Server/SRPMS/mutt-1.4.2.1i-3.src.rpm 6bf26a3ef768bb3acc9a4341916ed303 5. References http://www.mutt.org/ Copyright(c) 2001-2003 SOT
0 Talkback[s]
(click to add your comment)
|
