Red Hat and Apple have warned users of serious security flaws, including bugs in the Red Hat Enterprise Linux 4 kernel and Apple's WebObjects Xcode plug-in.
Red Hat advised users to upgrade the kernel in all RHEL 4-based systems due to a number of security flaws, including 11 it listed as "important." Another five were listed as having a "moderate" impact.
The more serious bugs affect basic components such as the IPv6, bridge, ATM and NFS client implementations. A flaw in the bridge implementation, for instance, can allow a remote user to cause forwarding of spoofed packets, while the ATM problem could allow a local user to cause a denial of service attack.
Various types of denial of service attacks are enabled by the flaws in implementations of IPv6, NFS, keyring, IP routing, SCTP-netfilter, threading, virtual memory, and in the sg driver.
Less serious problems were found in LSM, smbfs and three functions of SCTP (Stream Control Transmission Protocol).
In the meantime, Apple released version 2.3 of its Xcode tools, fixing a problem that could allow remote attackers to bypass security restrictions.
An error in the WebObjects plug-in could be exploited remotely to gain access to an vulnerable system and modify WebObjects projects while Xcode is running, according to Apple.
Only Xcode systems with the plug-in installed are affected. The bug affects Xcode Tools versions previous to 2.3.