Red Hat fixes multiple Mozilla packages
Red Hat has updated Mozilla packages based on version 1.4.3 to fix flaws in Red Hat Enterprise Linux an attacker could exploit in a variety of ways. Vulnerabilities outlined in the advisory include the following:
- A buffer overflow and integer overflows affect the libpng code inside Mozilla. A PNG file could be crafted in such a way that it could cause Mozilla to crash or execute arbitrary code when the image is viewed.
- A flaw in the POP3 capability could allow the server to send a carefully crafted response that would cause a heap overflow and potentially allow execution of arbitrary code.
- A flaw allows a CA certificate to be imported with a DN that's the same as that of the built-in CA root certificates, which can cause a denial of service to SSL pages, as the malicious certificate is treated as invalid.
- By using a NULL character in an ftp URI, Mozilla can be confused into opening a resource as a different MIME type.
- Mozilla does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates Web site spoofing and other attacks.
- Mozilla allows malicious Web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.
Users are advised to download the updated packages.
Multiple flaws in libpng 1.x
Multiple "highly critical" vulnerabilities in libpng 1.x could be exploited by an attacker to compromise machines or cause a denial-of-service attack, Secunia said in an advisory. The Copenhagen, Denmark-based security firm said researcher Chris Evans discovered the flaws, caused by NULL pointer dereference errors and boundary errors within various functions when processing PNG files. Some of these can be exploited to cause stack-based buffer overflows via specially crafted PNG files, the advisory said, adding that "The vulnerabilities can be exploited by tricking a user into visiting a malicious Web site or viewing a malicious e-mail with an affected application linked to libpng. The vendor advises users to upgrade to version 1.2.6rc1 or 1.0.16rc1 or apply appropriate patches.
Red Hat fixes glibc
Red Hat has updated glibc packages in Red Hat Enterprise Linux 2.1 to fix a flaw in the resolver library an attacker could exploit to remotely execute arbitrary code or cause a denial of service. The updated packages also fix a dlclose function bug on certain shared libraries that caused program crashes. Red Hat recommends all glibc users download the updated packages. The flaws affect the 2.1 version of Red Hat Enterprise Linux AS, ES, WS and Advanced Workstation 2.1 for the Itanium Processor.
Gentoo plugs security hole in SqWebMail
Gentoo Linux has updated the SqWebMail application in the Courier suite to fix a security hole. Researcher Luca Legato found the vulnerability, which makes the program susceptible to a cross-site scripting (XSS) attack. An XSS assault would allow an attacker to insert malicious code into a Web-based application. SqWebMail doesn't properly filter data coming from message headers before displaying them, Legato found. "By sending a carefully crafted message, an attacker can inject and execute script code in the victim's browser window," the advisory said. Gentoo said there is no known workaround at this time. All users are advised to upgrade to the latest available version of Courier.