Red Hat and Apple have warned users of serious security flaws, including bugs in Apple's WebObjects Xcode plug-in and in Red Hat Enterprise Linux 4 kernel.
Addressing the problem, Apple recently released version 2.3 of its Xcode tools, fixing a problem that could allow remote attackers to bypass security restrictions.
An error in the WebObjects plug-in could be exploited remotely to gain access to an vulnerable system and modify WebObjects projects while Xcode is running, according to Apple.
Only Xcode systems with the plug-in installed are affected. The bug affects Xcode Tools versions previous to 2.3.
Red Hat advised users to upgrade the kernel in all RHEL 4-based systems due to a number of security flaws, including 11 it listed as "important." Another five were listed as having a "moderate" impact.
The more serious bugs affect basic components such as the IPv6, bridge, ATM and NFS client implementations. A flaw in the bridge implementation, for instance, can allow a remote user to cause forwarding of spoofed packets, while the ATM problem could allow a local user to cause a denial of service attack.
Various types of denial of service attacks are enabled by the flaws in implementations of IPv6, NFS, keyring, IP routing, SCTP-netfilter, threading, virtual memory, and in the sg driver.
Less serious problems were found in LSM, smbfs and three functions of SCTP (Stream Control Transmission Protocol).