‘Highly critical’ Linux flaw patches
p2pnet.net News:- Red Hat, Novell and Mandrakesoft have released patches for Linux vulnerabilities ranging from flaws that could allow denial-of-service attacks to buffer overflows.
And five of the updates were rated "highly critical" by Denmark’s Secunia, says CNET News
Red Hat released three of the updates, Novell’s SuSE one and Mandrakesoft one.
“Last month, a couple of Linux groups issued patches for several flaws in common Linux code used in older GNOME desktop versions for processing graphics,” says CNET, adding:
“Those vulnerabilities could enable attackers to compromise computers that display a malicious image file.”
===================
See:-
highly critical – Red Hat, SuSE release Linux patches, CNET News, January 13, 2005
January 15th, 2005 at 5:17 am
The vulnerabilities discussed in the original article were fixed a while ago.
Further, the companies did not necessarily create the patches themselves, as is seemingly implied in this article.
Regardless, they probably ALL released patches for all vulnerabilities.
Debian sure has and more:
http://www.debian.org/security/
For example:
for the Xpdf package vulnerability CAN-2004-1125
[ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125 ]
an updated binary was available for Debian December 30th, 2004
[ http://www.debian.org/security/2004/dsa-619 ]
it was discovered by an iDEFENSE security researcher
[ http://www.securiteam.com/unixfocus/6U00T0AC0S.html ]
and a patch was created by the vendor
[ http://www.foolabs.com/xpdf/download.html ]
January 17th, 2005 at 2:11 pm
But Linux aint supposed to have security issues! Say it aint so, Joe!