≡ Menu


Download Of The Day: Firefox 3.0.1 (Critical Security Update)

Firefox 3.0.1 has been released and available for download. This update has been rated as having critical security impact by the Mozilla. Use the following instructions to upgrade Firefox.

Security Issues

An integer overflow flaw was found in the way Firefox displayed certain web content. A malicious web site could cause Firefox to crash, or execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-2785)

A flaw was found in the way Firefox handled certain command line URLs. If another application passed Firefox a malformed URL, it could result in Firefox executing local malicious content with chrome privileges. (CVE-2008-2933)

Download Firefox 3.0.1

=> Visit offical site to grab Firefox 3.0.1

How do I upgrade Firefox to version 3.0.1?

See how to install firefox-3.0.1.tar.bz2 in Linux

How do I update Firefox under Redhat / Fedora / CentOS Linux?

Simply type the following command, enter:
# yum update

How do I update Firefox under Debian / Ubuntu Linux?

Open terminal and simply type the following commands, enter:
$ sudo apt-get update
$ sudo apt-get upgrade

Security Alert: Ubuntu Linux kernel vulnerabilities

Ubuntu Linux today pushed out a new version of Linux kernel to fix serval local and remote security issues. A malicious CIFS server could cause a client system crash or possibly execute arbitrary code with kernel privileges. On SMP systems, a race condition existed in fcntl(). Local attackers could perform malicious locks, causing system crashes and leading to a denial of service. This security issue affects the following Ubuntu, Kubuntu, Edubuntu, and Xubuntu. releases:

=> Ubuntu 6.06 LTS
=> Ubuntu 7.04
=> Ubuntu 7.10

To fix this issue type the following two commands:
$ sudo apt-get update
$ sudo apt-get upgrade

You need to reboot your computer to effect the necessary changes, enter:
$ sudo reboot

Security Update: Ubuntu Linux PCRE Vulnerability (libpcre3)

Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service.

A security issue affects the following Ubuntu releases for CVE-2008-2371:

=> Ubuntu 6.06 LTS
=> Ubuntu 7.04
=> Ubuntu 7.10
=> Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

How do I fix this issue?

Type the following two commands, enter:
$ sudo apt-get update
$ sudo apt-get upgrade

Debian Linux Kernel v2.6.18 Local / Remote Packages Fix Overflow Conditions Bug

There are new two vulnerabilities have been discovered in the Debian Linux kernel that may lead to a denial of service or arbitrary code execution. The Common Vulnerabilities and Exposures project identifies the following problems:
=> Package : linux-2.6
=> Vulnerability : heap overflow
=> Problem type : local/remote
=> Debian-specific: no
=> CVE Id(s) : CVE-2008-1673 CVE-2008-2358

How do I fix this problem

Type the following command to update the internal database and to install corrected packages:
# apt-get update
# apt-get upgrade
# reboot

Ubuntu 8.10 Upgrade

I've just finished upgrading my desktop and laptop system without any problem. By default Ubuntu 8.04 LTS will not offer a upgrade to 8.10. This is because the 8.04 LTS version is a long term support release and 8.10 is a regular release. However, you can do network upgrade by configuring LTS release to normal release as follows:

Click on System > Administration > Software Sources

Next click on the "Updates" tab and change "Show new distribution release" to "Normal releases":

Fig.01: Ubuntu 8.10 Upgrade

Fig.01: Ubuntu 8.10 Upgrade

Click on Close to save the changes.

Ubuntu 8.10 Upgrade Over The Internet

Click on System > Administration > Update Manager:

Next click the Check button to check for new updates. If there are any updates to install, use the Install Updates button to install them, and press Check again after that is complete. Finally, a message will appear on screen, informing you of the availability of the new 8.10 release as follows:

Message Informing you of the availability of the new 8.10 release

Message Informing you of the availability of the new 8.10 release

Click on Upgrade button and just follow the on-screen instructions. The procedure may take some time.

A note about Ubuntu 8.10 server upgrade

Please see this article to perform network upgrade for Ubuntu servers.

Red Hat Enterprise Linux Security: An Updated autofs Package Available

An updated autofs package that fixes a bug is now available. The autofs utility controls the operation of the automount daemon, which automatically mounts, and then unmounts file systems after a period of inactivity. File systems can include network file systems, CD-ROMs, diskettes, and other media.

How do I update my autofs package?

Simply type the following command:
# yum update

Security Alert: Red hat / CentOS Linux Freetype Various Security Issues

Red hat issued important security update for freetype package that that fix various security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user loaded a carefully crafted font-file with a program linked against FreeType, it could cause the application to crash, or possibly execute arbitrary code

The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library.

How do I fix this issue?

Simply type the following command at a shell promot:
# yum update
Sample output:

Loading "rhnplugin" plugin
Loading "security" plugin
rhel-x86_64-server-vt-5   100% |=========================| 1.2 kB    00:00
rhel-x86_64-server-5      100% |=========================| 1.2 kB    00:00
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
---> Package freetype.i386 0:2.2.1-20.el5_2 set to be updated
---> Package freetype.x86_64 0:2.2.1-20.el5_2 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
 Package                 Arch       Version          Repository        Size
 freetype                i386       2.2.1-20.el5_2   rhel-x86_64-server-5  313 k
 freetype                x86_64     2.2.1-20.el5_2   rhel-x86_64-server-5  311 k
Transaction Summary
Install      0 Package(s)
Update       2 Package(s)
Remove       0 Package(s)
Total download size: 624 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): freetype-2.2.1-20. 100% |=========================| 311 kB    00:00
(2/2): freetype-2.2.1-20. 100% |=========================| 313 kB    00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating  : freetype                     ######################### [1/4]
  Updating  : freetype                     ######################### [2/4]
  Cleanup   : freetype                     ######################### [3/4]
  Cleanup   : freetype                     ######################### [4/4]
Updated: freetype.i386 0:2.2.1-20.el5_2 freetype.x86_64 0:2.2.1-20.el5_2