Digital Edition

SYS-CON.TV
Red Hat and Other Linux Vendors Warn of Security Holes in Linux
LHA and lmlib are affected, say experts

Major Linux vendors, including Novell, Red Hat, Gentoo, and MandrakeSoft, have warned of potential security holes in two Linux components. The vulnerabilities are related to LHA, a compression module, and lmlib, a library used in graphics viewing applications in Gnome. Patches are available to correct both possible entry points.

 

Marcus Meissner of Novell’s SUSE Linux, said Imlib contains a bug that enables execution of harmful code, if a user is fooled into viewing a series of tainted bit-map image files.  Danish security firm Secunia explained that the security flaw is due to a boundary error in the decoding of runlength-encoded bitmap images. In such a case, a buffer overflow can be initiated. Many viruses cause buffer overruns, although the way by which they gain entry varies.

 

lmlib 1.x and limlib2 1.x are vulnerable. The Gnome project has issued patches, as have Linux vendors Gentoo and MandrakeSoft. Gentoo also has patches available for a bug that was discovered by Red Hat.

LHA, a utility for compressing and decompressing LHarc-format archives, according to Red Hat  could allow the execution of malicious code. However, unlike the lmlib bug, a user can execute a malicious archive or pass a specially-crafted command line to the lha command if one were tricked into testing the infected archive or extracting its contents. The bug affects all versions up to and including 1.14.

A patch is available from Red Hat. A universal precaution, as Secunia noted, is to stay away from archives that a user is not familiar with.

 

 

 

 

About Red Hat News Desk
Red Hat News Desk trawls the world's news information sources and brings you timely updates on its flagship Red Hat Enterprise Linux as well as the company's other product lines including database, content, and collaboration management applications; server and embedded operating systems; and software - including its most recent virtualization offerings.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

The explosion of new web/cloud/IoT-based applications and the data they generate are transforming ou...
CI/CD is conceptually straightforward, yet often technically intricate to implement since it require...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple ...
Enterprises are striving to become digital businesses for differentiated innovation and customer-cen...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As au...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't com...
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, wi...
The now mainstream platform changes stemming from the first Internet boom brought many changes but d...
DXWorldEXPO LLC announced today that Ed Featherston has been named the "Tech Chair" of "FinTechEXPO ...
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in developm...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: D...
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with e...
In this presentation, you will learn first hand what works and what doesn't while architecting and d...
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitori...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use ...
If your cloud deployment is on AWS with predictable workloads, Reserved Instances (RIs) can provide ...
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear...
We build IoT infrastructure products - when you have to integrate different devices, different syste...
Consumer-driven contracts are an essential part of a mature microservice testing portfolio enabling ...