Fedora Kernel 2.4.22 Moderate: Privilege Escalation by Paul Starzetz
Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux kernel versions 2.4.23 and previous which may allow a local attacker to gain root privileges.
Explore top 10 tips to secure your open-source projects now. Read More
×Find the information you need for your favorite open source distribution .
Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux kernel versions 2.4.23 and previous which may allow a local attacker to gain root privileges.
Both vulnerabilities will make the Ethereal application crash. The Q.931 vulnerability also affects Tethereal. It is not known if either vulnerability can be used to make Ethereal or Tethereal run arbitrary code.
An attacker could create a carefully crafted directory on a websitesuch that, if a user connects to that directory using the lftp clientand subsequently issues a 'ls' or 'rels' command, the attacker couldexecute arbitrary code on the users machine.
Phong Nguyen identified a severe bug in the way GnuPG creates anduses ElGamal keys, when those keys are used both to sign and encryptdata. This vulnerability can be used to trivially recover theprivate key.
XBoard 4.2.6 and older contains a script which writes to a file in /tmp with a predictable filename. Malicious users could use this vulnerability to force XBoard users to overwrite any file writableby them.