Multiple buffer overflows in STLport 5.0.2 might allow local users to execute arbitrary code via (1) long locale environment variables to a strcpy function call in c_locale_glibc2.c and (2) long arguments to unspecified functions in num_put_float.cpp.

*   LogicMonitor is the leading fully automated, cloud-based infrastructure monitoring and observability platform for enterprise IT and managed service providers. Gain IT insights, seamless data collaboration at scale, and visibility into networks, cloud, applications, servers, log data and more within one unified platform.
    
*   Ditch time-consuming emails! Give your internal team and clients the tools they need to quickly and easily report bugs and give feedback with annotated screenshots.
    
*   1
    
    Integrates Eclipse with the SAP NetWeaver Application Server.
    
    **Downloads:** 721,098 This Week
    
    **Last Update:** 2016-07-20
    
    See Project
    
*   2
    
    **movistartv**
    
    Movistar+ Deco Virtual - Software decodificador
    
    Kodi Movistar+ TV es un ADDON para XBMC/ Kodi que permite disponer de un decodificador de los servicios IPTV de Movistar integrado en uno de los mediacenters mas populares. El proyecto no trata solo de replicar los servicios de televisión, sino un concepto diferente de servicios integrados donde la TV tenga un protagonismo central pero no el único y que permita tanto ver la TV como un video de youtube, disponer un catalogo de películas y música .. Autor: Victor M. Juidiaz Portilla (https://www.linkedin.com/in/victor-manuel-juidiaz-portilla-27bb48106) Foro "Oficial": http://www.kodimania.com/index.php?topic=860.0 Las principales funcionalidades de TV son: - Actualización automática de canales. - Guía de programación (EPG). - Grabaciones en la Nube y en local. - Últimos 7 días - Visualización de grabaciones en la nube. - Sincronización de grabaciones a local para evitar su caducidad. - Gestión avanzada de series. - Timeshift. - DLNA
    
    **Downloads:** 450,575 This Week
    
    **Last Update:** 2020-02-08
    
    See Project
    
*   3
    
    This project is the old location for the plugin list for Notepad++ Plugin Manager. Please use https://github.com/bruderstein/npppluginmanager for any issues and current code
    
    **Downloads:** 380,219 This Week
    
    **Last Update:** 2019-07-19
    
    See Project
    
*   4
    
    Free alternative for Office productivity tools: Apache OpenOffice - formerly known as OpenOffice.org - is an open-source office productivity software suite containing word processor, spreadsheet, presentation, graphics, formula editor, and database management applications. OpenOffice is available in many languages, works on all common computers, stores data in ODF - the international open standard format - and is able to read and write files in other formats, included the format used by the most common office suite packages. OpenOffice is also able to export files in PDF format. OpenOffice has supported extensions, in a similar manner to Mozilla Firefox, making easy to add new functionality to an existing OpenOffice installation.
    
    **Downloads:** 244,296 This Week
    
    **Last Update:** 2022-04-27
    
    See Project
    
*   Alchemy serves over 1 million workers at 7,500 locations worldwide with training & compliance solutions & services for manufacturing, food processing, distribution & packaging companies of all sizes.
    
*   5
    
    **KeePass**
    
    A lightweight and easy-to-use password manager
    
    KeePass Password Safe is a free, open source, lightweight, and easy-to-use password manager for Windows, Linux and Mac OS X, with ports for Android, iPhone/iPad and other mobile devices. With so many passwords to remember and the need to vary passwords to protect your valuable data, it’s nice to have KeePass to manage your passwords in a secure way. KeePass puts all your passwords in a highly encrypted database and locks them with one master key or a key file. As a result, you only have to remember one single master password or select the key file to unlock the whole database. And the databases are encrypted using the best and most secure encryption algorithms currently known, AES and Twofish. See our features page for details.
    
    **Downloads:** 188,915 This Week
    
    **Last Update:** 2022-07-05
    
    See Project
    
*   6
    
    • Designed for Linux and Windows email system administrators, Scrollout F1 is an easy to use, already adjusted email firewall (gateway) offering free anti-spam and anti-virus protection aiming to secure existing email servers, old or new, such as Microsoft Exchange, Lotus Domino, Postfix, Exim, Sendmail, Qmail and others. • Built-in multilayer security levels make configuration effort equal to a car radio. • It combines simplicity with effective protection using powerful open source with additional set of rules & filters. • Available as 64bit: - ISO image (Internet connection required during installation) - install from scratch (Internet connection required during installation). • Minimum Requirements (for 5,000 messages/day): 1 GB of RAM 30 GB storage drive 1 Processor x86/AMD64 1 Ethernet x 1 IPv4 address UDP ports: 53 123 4500 6277 24441 TCP ports: 25 80 443 2703
    
    **Downloads:** 181,031 This Week
    
    **Last Update:** 2018-04-08
    
    See Project
    
*   7
    
    **TurboVNC**
    
    High-speed, 3D-friendly, TightVNC-compatible remote desktop software
    
    TurboVNC is a high-performance, enterprise-quality version of VNC based on TightVNC, TigerVNC, and X.org. It contains a variant of Tight encoding that is tuned for maximum performance and compression with 3D applications (VirtualGL), video, and other image-intensive workloads. TurboVNC, in combination with VirtualGL, provides a complete solution for remotely displaying 3D applications with interactive performance. TurboVNC's high-speed encoding methods have been adopted by TigerVNC and libvncserver, and TurboVNC is also compatible with any other TightVNC derivative. TurboVNC forked from TightVNC in 2004 and still covers all of the TightVNC 1.3.x features, but TurboVNC contains numerous feature enhancements and bug fixes relative to TightVNC, and it compresses 3D and video workloads much better than TightVNC while using generally only 5-20% of the CPU time of the latter. Using non-default settings, TurboVNC can also be made to compress 2D workloads as "tightly" as TightVNC.
    
    **Downloads:** 168,339 This Week
    
    **Last Update:** 2022-05-03
    
    See Project
    
*   8
    
    An advanced and multi-platform BitTorrent client with a nice Qt user interface as well as a Web UI for remote control and an integrated search engine. qBittorrent aims to meet the needs of most users while using as little CPU and memory as possible.
    
    **Downloads:** 122,719 This Week
    
    **Last Update:** 2022-05-25
    
    See Project
    
*   9
    
    **scrcpy**
    
    Display and control your Android device
    
    scrcpy is an application for displaying and controlling your Android device through USB connection (or over TCP/IP). It is cross-platform (GNU/Linux, macOS and Windows) and does not require any root access. scrcpy displays only the device screen but offers great performance (30~60fps) and quality (1920×1080 or above). It’s got low latency (35~70ms) and a very low startup time (less than a second). It offers plenty of great features and is non-intrusive, with nothing left installed inside the device. scrcpy works with Android devices with at least API 21 (Android 5.0) and adb debugging must be enabled on the device.
    
    **Downloads:** 4,334 This Week
    
    **Last Update:** 2022-06-15
    
    See Project
    
*   The dashboard and mobile app allows users to manage their marketing, sales, accounting, reporting, payment and communication needs all in one place. As premium partners of channels such as VRBO, Booking.com, Airbnb, Homeaway and Expedia, with the ability to manage advanced setups, no other platform gives you the type of control and peace of mind that a Hostaway user has. The software is designed with teams in mind - it's easy to train staff and keep them happy while improving business at the same time! Hostaway also provides a booking engine, wordpress website and both marketing and sales tools for managing your valuable direct bookings.
    
*   10
    
    The Anti-Spam SMTP Proxy (ASSP) Server project aims to create an open source platform-independent SMTP Proxy server which implements auto-whitelists, self learning Hidden-Markov-Model and/or Bayesian, Greylisting, DNSBL, DNSWL, URIBL, SPF, SRS, Backscatter, Virus scanning, attachment blocking, Senderbase and multiple other filter methods. Click 'Files' to download the professional version 2.6.5 build 21218. A linux(ubuntu 18.04 LTS) and a freeBSD 11.2 based ready to run OVA of ASSP V2 are also available for download. NOTICE: V1 development has been stopped at the end of 2014 (1.10.1 build 16060). Possibly there will be done some bugfixing in future. Please upgrade to V2, which is and will be actively maintained.
    
    **Downloads:** 99,486 This Week
    
    **Last Update:** 3 hours ago
    
    See Project
    
*   11
    
    **Sweet Home 3D**
    
    An interior design application to draw house plans & arrange furniture
    
    Sweet Home 3D is an interior design application that helps you to quickly draw the floor plan of your house, arrange furniture on it, and visit the results in 3D.
    
    **Downloads:** 73,130 This Week
    
    **Last Update:** 1 day ago
    
    See Project
    
*   12
    
    **unitedrpms**
    
    Fast and open solution where everyone can help
    
    Join us in Gitter! https://gitter.im/unitedrpms-people/Lobby Enable the URPMS repository in your system - https://github.com/UnitedRPMs/unitedrpms.github.io/blob/master/README.md
    
    **Downloads:** 413,535 This Week
    
    **Last Update:** 1 day ago
    
    See Project
    
*   13
    
    **libjpeg-turbo**
    
    SIMD-accelerated libjpeg-compatible JPEG codec library
    
    libjpeg-turbo is a JPEG image codec that uses SIMD instructions (MMX, SSE2, NEON, AltiVec) to accelerate baseline JPEG compression and decompression on x86, x86-64, ARM, and PowerPC systems. On such systems, libjpeg-turbo is generally 2-6x as fast as libjpeg, all else being equal. On other types of systems, libjpeg-turbo can still outperform libjpeg by a significant amount, by virtue of its highly-optimized Huffman coding routines. In many cases, the performance of libjpeg-turbo rivals that of proprietary high-speed JPEG codecs. libjpeg-turbo implements both the traditional libjpeg API as well as the less powerful but more straightforward TurboJPEG API. libjpeg-turbo also features colorspace extensions that allow it to compress from/decompress to 32-bit and big-endian pixel buffers (RGBX, XBGR, etc.), as well as a full-featured Java interface.
    
    **Downloads:** 62,532 This Week
    
    **Last Update:** 2022-02-25
    
    See Project
    
*   14
    
    VirtualGL redirects 3D commands from a Unix/Linux OpenGL application onto a server-side GPU and converts the rendered 3D images into a video stream with which remote clients can interact to view and control the 3D application in real time.
    
    **Downloads:** 56,958 This Week
    
    **Last Update:** 2022-05-16
    
    See Project
    
*   15
    
    **PINN**
    
    PINN is an enhancement of NOOBS
    
    PINN is an enhancement of NOOBS for the Raspberry Pi. It allows the installation of MULTIPLE OSes on the same SD/HDD/SSD device with an OS chooser when booting. Built-in Admin tools allow you to backup & restore your OSes and fix OS problems by including basic disk checking, password changing, and a command shell.
    
    **Downloads:** 59,827 This Week
    
    **Last Update:** 2022-04-12
    
    See Project
    
*   16
    
    **Webmin**
    
    A web-based interface for system administration of UNIX
    
    A web-based system administration tool for Unix servers and services. https://github.com/webmin/webmin
    
    **Downloads:** 49,768 This Week
    
    **Last Update:** 6 days ago
    
    See Project
    
*   17
    
    Code::Blocks is a free, open-source, cross-platform C, C++ and Fortran IDE built to meet the most demanding needs of its users. It is designed to be very extensible and fully configurable. Finally, an IDE with all the features you need, having a consistent look, feel and operation across platforms. Built around a plugin framework, Code::Blocks can be extended with plugins. Any kind of functionality can be added by installing/coding a plugin. For instance, compiling and debugging functionality is already provided by plugins! We hope you enjoy using Code::Blocks! The Code::Blocks Team
    
    **Downloads:** 48,307 This Week
    
    **Last Update:** 4 days ago
    
    See Project
    
*   18
    
    **Tor Browser**
    
    Browser for using Tor on Windows, Mac OS X or Linux
    
    Tor Browser enables you to use Tor on Windows, Mac OS X, or Linux without needing to install any software. Tor is a software that bounces your communications around a distributed network of relays run by volunteers. This effectively prevents anyone watching your Internet connection from learning what sites you visit; it prevents the sites you visit from learning your physical location; and allows you access to sites which are blocked. Tor Browser can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained (portable).
    
    **Downloads:** 2,124 This Week
    
    **Last Update:** 5 days ago
    
    See Project
    
*   19
    
    **Info-ZIP project**
    
    Info-ZIP portable compression/archiver utilities (Zip, UnZip, WiZ, etc.)
    
    **Downloads:** 46,567 This Week
    
    **Last Update:** 2021-04-08
    
    See Project
    
*   20
    
    FreeType is written in C. It is designed to be small, efficient, and highly customizable while capable of producing high-quality output (glyph images) of most vector and bitmap font formats for digital typography. FreeType is a freely available and portable software library to render fonts.
    
    **Downloads:** 44,977 This Week
    
    **Last Update:** 2022-05-01
    
    See Project
    
*   21
    
    **XAMPP**
    
    An easy to install Apache distribution containing MySQL, PHP, and Perl
    
    XAMPP is a very easy to install Apache Distribution for Linux, Solaris, Windows, and Mac OS X. The package includes the Apache web server, MySQL, PHP, Perl, a FTP server and phpMyAdmin.
    
    **Downloads:** 39,029 This Week
    
    **Last Update:** 2022-06-15
    
    See Project
    
*   22
    
    **Etcher**
    
    A safe way to flash OS images to SD cards & USB drives
    
    Etcher is a powerful OS image flasher. It protects a user from accidentally overwriting hard-drives by making drive selection obvious; and with validated flashing there is no more writing images to corrupted drives. It is also called balenaEtcher since it is developed by balena. In addition, Etcher can flash directly Raspberry Pi devices that support usbboot. Use for .iso and .img files, as well as zipped folders to create live SD cards and USB flash drives. Written with Electron for cross platform use (windows, macOS, and Linux).
    
    **Downloads:** 1,495 This Week
    
    **Last Update:** 2022-06-16
    
    See Project
    
*   23
    
    **TGM Gaming Macro**
    
    Lets you have a macro mouse n keyboard functionally with ordinary one.
    
    TGM is a gaming macro that lets you have a macro mouse and keyboard functionally with ordinary one. You can create or record multiple macros and assign them to any key combinations to trigger and loop them when you need how you need. TGM is made for gamers but it's capable of so much more. So you can use it for daily tasks as well. For any question, bug report or feature request feel free to visit forum tab. Note: To simulate arrow keys you might need to turn off NumLock. VirusTotal Result: https://www.virustotal.com/gui/file/29cf266079de80dac853d1d7c5d4c83eadb1d6f9cd8733605414d66413fba31d/detection VirusTotal shows too many false positives. but since this an open source project, you can download the source and build yourself. https://github.com/trksyln/TGMacro
    
    **Downloads:** 51,965 This Week
    
    **Last Update:** 2021-06-15
    
    See Project
    
*   24
    
    **NikGapps**
    
    A Custom Google Apps Package that Suits Everyone Needs!
    
    NikGapps project started with the goal to provide custom gapps packages that suits everyone's needs. A package that a user needs but cannot find and ends up setting up the device installing more apps and removing unwanted apps manually.
    
    **Downloads:** 32,600 This Week
    
    **Last Update:** 6 hours ago
    
    See Project
    
*   25
    
    **GParted**
    
    A partition editor to graphically manage disk partitions
    
    GNOME Partition Editor for creating, reorganizing, and deleting disk partitions. It uses libparted from the parted project to detect and manipulate partition tables. Optional file system tools permit managing file systems not included in libparted.
    
    **Downloads:** 25,454 This Week
    
    **Last Update:** 2 days ago
    
    See Project

CVE-2006-0963: Best Open Source Mac Software 2022

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

An error in the way zlib handles the inflation of certain compressed files can cause a program which uses zlib to crash when opening an invalid file.

This problem does not affect the old stable distribution (woody).

For the stable distribution (sarge), this problem has been fixed in version 1.2.2-4.sarge.1.

For the unstable distribution, this problem has been fixed in version 1.2.2-7.

We recommend that you upgrade your zlib package.

CVE-2005-2096: Debian -- Security Information -- DSA-740-1 zlib

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

**Bugtraq mailing list archives****A new whitepaper by Watchfire - HTTP Request Smuggling**

_From_: Ory Segal <orysegal () netvision net il>  
_Date_: Mon, 06 Jun 2005 19:09:04 +0300  

Ory Segal wrote:

> Hello,
> 
> Today, Watchfire released a new whitepaper, titled "HTTP Request Smuggling". The full paper can be found in the following link: http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf <BLOCKED::http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf\>
> 
> The paper's abstract is copied below:
> 
> "We describe a new web entity attack technique – “HTTP Request Smuggling”. The attack technique and the derived attacks are relevant to most web environments and is the result of a HTTP server or device’s failure to properly handle malformed inbound HTTP requests. HTTP Request Smuggling works by taking advantage of the discrepancies in parsing when one or more HTTP devices/entities (e.g. Cache Server, Proxy Server, Web Application Firewall, etc.) are in the data flow between the user and the web server. HTTP Request Smuggling enables various attacks – web cache poisoning, session hijacking, cross-site scripting and most serious the ability to bypass web application firewall protection. HTTP Request Smuggling sends multiple specially-crafted HTTP requests that cause the two attacked entities to see two different sets of requests, allowing the hacker to smuggle a request to one device without the other device being aware of it. In the Web Cache poisoning attack, this smuggled request will trick the cache server into unintendedly associating a URL to another URL’s page (content), and caching this content for the URL. In the Web Application Firewall attack the smuggled request could be a worm (like Nimda or Code Red) or buffer overflow attack targeting the web server. Finally, because HTTP Request Smuggling enables the attacker to insert or sneak a request into the flow it allows the attacker to manipulate the web server’s request/response sequencing which can allow for credential hijacking and other malicious outcomes."
> 
> Thank you,
> \*Ory Segal
> \*/Director of Security Research/
> Watchfire (Israel) LTD.
> Tel: +972-9-9586077, Ext.236
> Mobile: +972-54-7739359
> e-mail: osegal <BLOCKED::mailto:osegal () watchfire com> at watchfire.com

**Current thread:**

*   **A new whitepaper by Watchfire - HTTP Request Smuggling** _Ory Segal (Jun 06)_

CVE-2005-2088: Bugtraq: A new whitepaper by Watchfire

Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247.

CVE-2005-0245

Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long hostname or username to be inserted into a reply to a STAT command while a file is being transferred.

CVE-2004-1883

chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow.  NOTE: it was later reported that 2.2 is also affected.

CVE-2004-2466

Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.

Skip to content

*   *   Console
    *   Support
    *   Developers
    *   Partner Connect
    *   redhat.com
    *   Start a trial
    

Contact us

Welcome,

Log in to your Red Hat account

Log in

Your Red Hat account gives you access to your member profile and preferences, and the following services based on your customer status:

*   Customer Portal
*   User management

*   Certification Central

Register now

Not registered yet? Here are a few reasons why you should be:

*   Browse Knowledgebase articles, manage support cases and subscriptions, download updates, and more from one place.
*   View users in your organization, and edit their account information, preferences, and permissions.
*   Manage your Red Hat certifications, view exam history, and download certification-related logos and documents.

For your security, if you're on a public computer and have finished using your Red Hat services, please be sure to log out.

Log out

Account Log in

*   Products
*   Solutions
*   Services & support
*   Resources
*   Partners
*   About

**Red Hat Support****Go beyond support by engaging with our experts**

Our teams collaborate with you to ensure you accomplish your goals with Red Hat solutions. The relationship we build with you is designed to provide you with the tools and resources you need to find success on your IT journey.

**Configured for your success**

We develop a holistic understanding of your experience as a customer by ensuring our support and engineering teams work together.

Our support team works hand in hand with the best engineers in the industry to quickly turn customer feedback into product improvements. This direct line of communication allows us to hone in on proactive fixes that can impact your bottom line.

**Find the right level of support**

We have different tiers of support designed to meet your unique needs.

**Self-support**

**Standard**

**Premium**

Access to Red Hat products

Access to our knowledgebase and tools in our  
award-winning Customer Portal

Access to support engineers during standard business hours

Access to support engineers 24x7 for high-severity issues

We also feature specialized support options that can be tailored to the unique needs of companies of all sizes and industries. The Red Hat® Enhanced Solution Support offering reduces downtime and boosts confidence through access to senior level engineers, as well as resolution and restoration SLAs—helping you stay up and running as you innovate, scale, and deploy. Our engineers help restore your operations quickly and accelerate the path to final resolution, identifying the root cause which helps protect against recurrences in the future. Enhanced Solution Support engineers, who are already familiar with your environment, will be there to assist with critical issues in production environments so that you can consistently deliver the cloud services your customers demand. This offering is available for Red Hat OpenShift® and Red Hat OpenStack® Platform customers.

**Personalized support**

Connect with a technical adviser for collaborative planning and specialized guidance. Our Technical Account Managers help you streamline deployments, resolve issues, and shape your technology strategy to meet your toughest business challenges.

Explore Technical Account Management

**Award winners since 2011**

We’ve evolved the traditional software subscription model, combining the best elements of our services to exceed customer expectations. The Association of Support Professionals has honored Red Hat’s Customer Portal as one of “The Top Ten Best Support Websites” for 9 years running.

See why the Customer Portal keeps earning industry recognition

**What they're saying**

> We have found the support from Red Hat to be exemplary. Whenever we need anything from them, they have given it … Red Hat is now our backbone. Our business cannot run if Red Hat is not there.

> We cannot afford the service to go down. Too many people depend on it. Red Hat is a trusted vendor. Our customers can have faith in us...If there is an issue, Red Hat support means it can be addressed quickly.

**Check out our support channels**

**Have questions?**

CVE-2004-0747: Support

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

Several vulnerabilities have been found in Apache 2 and mod\_dav for Apache 1.3 which could allow a remote attacker to cause a Denial of Service or a local user to get escalated privileges.

The Apache HTTP server is one of most popular web servers on the internet. mod\_ssl provides SSL v2/v3 and TLS v1 support for it and mod\_dav is the Apache module for Distributed Authoring and Versioning (DAV).

A potential infinite loop has been found in the input filter of mod\_ssl (CAN-2004-0748) as well as a possible segmentation fault in the char\_buffer\_read function if reverse proxying to a SSL server is being used (CAN-2004-0751). Furthermore, mod\_dav, as shipped in Apache httpd 2 or mod\_dav 1.0.x for Apache 1.3, contains a NULL pointer dereference which can be triggered remotely (CAN-2004-0809). The third issue is an input validation error found in the IPv6 URI parsing routines within the apr-util library (CAN-2004-0786). Additionally a possible buffer overflow has been reported when expanding environment variables during the parsing of configuration files (CAN-2004-0747).

A remote attacker could cause a Denial of Service either by aborting a SSL connection in a special way, resulting in CPU consumption, by exploiting the segmentation fault in mod\_ssl or the mod\_dav flaw. A remote attacker could also crash a httpd child process by sending a specially crafted URI. The last vulnerabilty could be used by a local user to gain the privileges of a httpd child, if the server parses a carefully prepared .htaccess file.

There is no known workaround at this time.

All Apache 2 users should upgrade to the latest version:

 # emerge sync

 # emerge -pv ">=www-servers/apache-2.0.51"
 # emerge ">=www-servers/apache-2.0.51"

All mod\_dav users should upgrade to the latest version:

 # emerge sync

 # emerge -pv ">=net-www/mod\_dav-1.0.3-r2"
 # emerge ">=net-www/mod\_dav-1.0.3-r2"

CVE-2004-0809: Multiple vulnerabilities (GLSA 200409-21) — Gentoo security

Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.

Skip to content

*   *   Console
    *   Support
    *   Developers
    *   Partners
    *   redhat.com
    *   Start a trial
    

Contact us

Welcome,

Log in to your Red Hat account

Log in

Your Red Hat account gives you access to your member profile and preferences, and the following services based on your customer status:

*   Customer Portal
*   Red Hat Connect for Business Partners

*   User management
*   Certification Central

Register now

Not registered yet? Here are a few reasons why you should be:

*   Browse Knowledgebase articles, manage support cases and subscriptions, download updates, and more from one place.
*   View users in your organization, and edit their account information, preferences, and permissions.
*   Manage your Red Hat certifications, view exam history, and download certification-related logos and documents.

For your security, if you're on a public computer and have finished using your Red Hat services, please be sure to log out.

Log out

Account Log in

*   Products
*   Solutions
*   Services & support
*   Resources
*   Red Hat & open source

**Red Hat Support****Go beyond support by engaging with our experts**

Our teams collaborate with you to ensure you accomplish your goals with Red Hat solutions. The relationship we build with you is designed to provide you with the tools and resources you need to find success on your IT journey.

**Configured for your success**

We develop a holistic understanding of your experience as a customer by ensuring our support and engineering teams work together.

Our support team works hand in hand with the best engineers in the industry to quickly turn customer feedback into product improvements. This direct line of communication allows us to hone in on proactive fixes that can impact your bottom line.

**Find the right level of support**

We have different tiers of support designed to meet your unique needs.

**Self-support**

**Standard**

**Premium**

Access to Red Hat products

Access to our knowledgebase and tools in our  
award-winning Customer Portal

Access to support engineers during standard business hours

Access to support engineers 24x7 for high-severity issues

We also feature specialized support options that can be tailored to the unique needs of companies of all sizes and industries. The Red Hat® Enhanced Solution Support offering reduces downtime and boosts confidence through access to senior level engineers, as well as resolution and restoration SLAs—helping you stay up and running as you innovate, scale, and deploy. Our engineers help restore your operations quickly and accelerate the path to final resolution, identifying the root cause which helps protect against recurrences in the future. Enhanced Solution Support engineers, who are already familiar with your environment, will be there to assist with critical issues in production environments so that you can consistently deliver the cloud services your customers demand. This offering is available for Red Hat OpenShift® and Red Hat OpenStack® Platform customers.

**Personalized support**

Connect with a technical adviser for collaborative planning and specialized guidance. Our Technical Account Managers help you streamline deployments, resolve issues, and shape your technology strategy to meet your toughest business challenges.

Explore Technical Account Management

**Award winners since 2011**

We’ve evolved the traditional software subscription model, combining the best elements of our services to exceed customer expectations. The Association of Support Professionals has honored Red Hat’s Customer Portal as one of “The Top Ten Best Support Websites” for 9 years running.

See why the Customer Portal keeps earning industry recognition

**What they're saying**

> We have found the support from Red Hat to be exemplary. Whenever we need anything from them, they have given it … Red Hat is now our backbone. Our business cannot run if Red Hat is not there.

> We cannot afford the service to go down. Too many people depend on it. Red Hat is a trusted vendor. Our customers can have faith in us...If there is an issue, Red Hat support means it can be addressed quickly.

**Check out our support channels**

**Have questions?**

CVE-2004-0686: Support

Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.

Tag

#buffer_overflow