Digital Edition

SYS-CON.TV
Red Hat and Other Linux Vendors Warn of Security Holes in Linux
LHA and lmlib are affected, say experts

Major Linux vendors, including Novell, Red Hat, Gentoo, and MandrakeSoft, have warned of potential security holes in two Linux components. The vulnerabilities are related to LHA, a compression module, and lmlib, a library used in graphics viewing applications in Gnome. Patches are available to correct both possible entry points.

 

Marcus Meissner of Novell’s SUSE Linux, said Imlib contains a bug that enables execution of harmful code, if a user is fooled into viewing a series of tainted bit-map image files.  Danish security firm Secunia explained that the security flaw is due to a boundary error in the decoding of runlength-encoded bitmap images. In such a case, a buffer overflow can be initiated. Many viruses cause buffer overruns, although the way by which they gain entry varies.

 

lmlib 1.x and limlib2 1.x are vulnerable. The Gnome project has issued patches, as have Linux vendors Gentoo and MandrakeSoft. Gentoo also has patches available for a bug that was discovered by Red Hat.

LHA, a utility for compressing and decompressing LHarc-format archives, according to Red Hat  could allow the execution of malicious code. However, unlike the lmlib bug, a user can execute a malicious archive or pass a specially-crafted command line to the lha command if one were tricked into testing the infected archive or extracting its contents. The bug affects all versions up to and including 1.14.

A patch is available from Red Hat. A universal precaution, as Secunia noted, is to stay away from archives that a user is not familiar with.

 

 

 

 

About Red Hat News Desk
Red Hat News Desk trawls the world's news information sources and brings you timely updates on its flagship Red Hat Enterprise Linux as well as the company's other product lines including database, content, and collaboration management applications; server and embedded operating systems; and software - including its most recent virtualization offerings.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

As DevOps methodologies expand their reach across the enterprise, organizations face the daunting ch...
As Marc Andreessen says software is eating the world. Everything is rapidly moving toward being soft...
ChatOps is an emerging topic that has led to the wide availability of integrations between group cha...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know ...
Is advanced scheduling in Kubernetes achievable?Yes, however, how do you properly accommodate every ...
The cloud era has reached the stage where it is no longer a question of whether a company should mig...
The need for greater agility and scalability necessitated the digital transformation in the form of ...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an over...
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and ...
While some developers care passionately about how data centers and clouds are architected, for most,...
"Since we launched LinuxONE we learned a lot from our customers. More than anything what they respon...
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily ...
"As we've gone out into the public cloud we've seen that over time we may have lost a few things - w...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Ser...
Sanjeev Sharma Joins June 5-7, 2018 @DevOpsSummit at @Cloud Expo New York Faculty. Sanjeev Sharma is...
We are given a desktop platform with Java 8 or Java 9 installed and seek to find a way to deploy hig...
"I focus on what we are calling CAST Highlight, which is our SaaS application portfolio analysis too...
"Cloud4U builds software services that help people build DevOps platforms for cloud-based software a...
The question before companies today is not whether to become intelligent, it’s a question of how and...