openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-6505)

Multiple issues have been fixed in php5 : - phpopensslapplyverificationpolicy fails to verify certificate CVE-2009-3291 - 'missing sainity checks around exif' CVE-2009-3292 - unspecified vulnerability in the imagecolortransparent CVE-2009-3293 - denial of service in exif module CVE-2009-2687...

openSUSE 10 Security Update : wireshark (wireshark-6533)

Specially crafted packets could crash the OPC UA dissector in Wireshark CVE-2009-3241 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update wireshark-6533. The text description of this plugin is C...

openSUSE 10 Security Update : postgresql (postgresql-6502)

Multiple security vulnerabilities have been fixed in PostgrSQL - CVE-2009-3229: allows remote authenticated users to cause a denial of service - CVE-2009-3230: allows remote authenticated users to gain higher privileges - CVE-2009-3231: when using LDAP authentication with anonymous binds, allows...

openSUSE 10 Security Update : finch (finch-6465)

This update of pidgin fixes a remote arbitrary code execution vulnerability in MSN SLP packet processing code. CORE-2009-0727 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update finch-6465. The te...

openSUSE 10 Security Update : poppler (poppler-6319)

This update of poppler: fix various security bugs that occur while decoding JBIG2 CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183. Further a denial of service bug in function...

openSUSE 10 Security Update : acroread (acroread-6332)

This update of acroread fixes the following vulnerabilities : - CVE-2009-1855: stack overflow that could lead to code execution - CVE-2009-1856: integer overflow with potential to lead to arbitrary code execution - CVE-2009-1857: memory corruption with potential to lead to arbitrary code executio...

openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-6421)

Secunia reported an integer underflow CVE-2009-0200 and a buffer overflow CVE-2009-0201 that could be triggered while parsing Word documents. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE 10 Security Update : libmysqlclient-devel (libmysqlclient-devel-6360)

the COMCREATEDB and COMDROPDB suffered from format string vulnerabilities CVE-2009-2446 - the command line client was prone to cross-site scripting XSS attacks CVE-2008-4456 - fix slave reconnect %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

openSUSE 10 Security Update : seamonkey (seamonkey-6310)

The Mozilla SeaMonkey browser suite was updated to version 1.1.16, fixing various bugs and security issues : - Security update to 1.1.16 - MFSA 2009-12/CVE-2009-1169 bmo460090,485217 Crash and remote code execution in XSL transformation - MFSA 2009-14/CVE-2009-1303/CVE-2009-1305 Crashes with...

openSUSE 10 Security Update : libopenssl-devel (libopenssl-devel-6291)

OpenSSL DTLS remote DoS in ChangeCipherSpec CVE-2009-1386 and in out-of-sequence message handling CVE-2009-1387 have been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-6125)

The Sun JDK 5 was updated to Update18 to fix various bugs and security issues. CVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.124 and earlier; and 1.4.219 and earlier do...

openSUSE 10 Security Update : struts (struts-5872)

Insufficient quoting of parameters allowed attackers to conduct cross site scripting XSS attacks CVE-2008-2025. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update struts-5872. The text descriptio...

openSUSE 10 Security Update : horde (horde-6099)

Version update to horde 3.1.9 fixes a cross-site-scripting XSS issue CVE-2008-5917 and an include file problem CVE-2009-0932. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update horde-6099. The te...

openSUSE 10 Security Update : NetworkManager-gnome (NetworkManager-gnome-6029)

The NetworkManager configuration was too permissive and allowed any user to read secrets CVE-2009-0365 or manipulate the configuration of other users CVE-2009-0578. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

openSUSE 10 Security Update : gvim (gvim-6023)

The VI Improved editor vim was updated to version 7.2.108 to fix various security problems and other bugs. CVE-2008-4677: The netrw plugin sent credentials to all servers. CVE-2009-0316: The python support used a search path including the current directory, allowing code injection when python cod...

openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5876)

The version update to SUN Java 1.6.011-b03 fixes numerous security issues such as privilege escalations. CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-535...

openSUSE 10 Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-5881)

The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used t...

openSUSE 10 Security Update : opera (opera-5867)

Opera 9.63 fixes the following security problems : - Manipulating text input contents can allow execution of arbitrary code - HTML parsing flaw can cause Opera to execute arbitrary code. - Long hostnames in file: URLs can cause execution of arbitrary code. - Script injection in feed preview can...

openSUSE 10 Security Update : htop (htop-5824)

insufficient character filters in htop when displaying commands allowed programs that rewrite their program name to inject escape sequences CVE-2008-5076. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

openSUSE 10 Security Update : mysql (mysql-5613)

Empty bit-strings in a query could crash the MySQL server CVE-2008-3963. Due to another flaw users could access tables of other users CVE-2008-4097, CVE-2008-4098. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...