SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 7954 / 7959 / 7960)

The SUSE Linux Enterprise 11 Service Pack 2 kernel was respun with the 3.0.80 update to fix a severe compatibility problem with kernel module packages KMPs like e.g. drbd. An incompatible ABI change could lead to those modules not correctly working or crashing on loading and is fixed by this...

SuSE 11.2 / 11.3 Security Update : xorg-x11-libXp (SAT Patch Numbers 7844 / 7938)

This update of xorg-x11-libXp fixes several integer overflow issues. Bug 815451/821668 CVE-2013-2062 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell,...

SuSE 11.2 / 11.3 Security Update : flash-player (SAT Patch Numbers 7850 / 7917)

Adobe flash-player has been updated to the 11.2.202.291 security update which fixes security issues bnc824512, CVE-2013-3343, APSB13-16. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The...

SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 7763 / 7766 / 7767)

The SUSE Linux Enterprise 11 SP2 kernel has been updated to fix a critical security issue. - Incorrect strncpy usage in the network listening part of the iscsi target driver could have been used by remote attackers to crash the kernel or execute code. CVE-2013-2850 This required the iscsi target...

SuSE 11.2 / 11.3 Security Update : IBM Java (SAT Patch Numbers 7744 / 7920)

IBM Java 1.6.0 has been updated to SR13-FP2 which fixes bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text...

SuSE 11.1 / 11.2 Security Update : bind (SAT Patch Numbers 6604 / 6605)

The bind nameserver was updated to fix a crash denial of service that might have happened during high DNSSEC validation load. CVE-2012-3817 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. T...

SuSE 11.1 / 11.2 Security Update : zypper (SAT Patch Numbers 6527 / 6528)

The following issue has been fixed : - The zypper setuid wrapper linked against libzypp. This is not needed and added unnecessary attack vectors. CVE-2012-0420 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

SuSE 11.1 / 11.2 Security Update : gtk2 (SAT Patch Numbers 6389 / 6390)

The following issue has been fixed : - Specially crafted GIF and XBM files could have crashed gtk2 CVE-2012-2370 / CVE-2011-2485 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text...

SuSE 11.1 / 11.2 Security Update : xorg-x11-server-rdp (SAT Patch Numbers 6111 / 6113)

This update of xorg-x11-server-rdp fixed the following security issues : - memory exhaustion flaw CVE-2011-4028 / CVE-2011-4029 - race condition flaw. CVE-2010-2240 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE...

SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 3276 / 3280 / 3284)

This SUSE Linux Enterprise 11 Service Pack 1 kernel contains various security fixes and lots of other bugfixes. The following security issues were fixed : - local users could crash the system by causing a NULL deref in the keyctlsessiontoparent function. CVE-2010-2960 - local users could crash th...

SuSE 11 / 11.1 Security Update : GnuTLS (SAT Patch Numbers 3650 / 3651)

The SSL-renegotiation 'authentication gap' has been fixed in GnuTLS. CVE-2009-3555 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is...

SuSE 11 / 11.1 Security Update : clamav (SAT Patch Numbers 3645 / 3646)

This is an update of clamav to version 0.96.5 to fix : - Denial of service bugs while parsing PDFs. CVE-2010-4260 - Memory corruption due to an off-by-one error within the iconcb function CVE-2010-4261 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

SuSE 11 / 11.1 Security Update : CUPS (SAT Patch Numbers 3575 / 3576)

This updates fix several bugs, but only the security fixes are listed here : - Special IPP requests allow to crash cupsd remotely. CVE-2010-2941: CVSS v2 Base Score: 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P: CWE-399 - A NULL pointer dereference exists in the WriteProlog function of the texttops image filte...

SuSE 11 / 11.1 Security Update : PHP5 (SAT Patch Numbers 3489 / 3490)

The following issues have been fixed : - Insufficient handling of certain character sequences in the utf8decode function could be leveraged to conduct cross-site scripting XSS attacks. CVE-2010-3870 - php5 could also consume large amounts of memory and crash if a long mail address was passed to...

SuSE 11 / 11.1 Security Update : Acrobat Reader (SAT Patch Numbers 3268 / 3270)

Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code. CVE-2010-2883 / CVE-2010-2884 / CVE-2010-2887 / CVE-2010-2889 / CVE-2010-2890 / CVE-2010-3619 / CVE-2010-3620 / CVE-2010-3621 / CVE-2010-3622 / CVE-2010-3623 / CVE-2010-3624 / CVE-2010-3625 / CVE-2010-362...

SuSE 11 / 11.1 Security Update : tgt (SAT Patch Numbers 2958 / 2959)

This update of tgt fixes multiple overflows and a format string vulnerability : - CVE-2010-2221: CVSS v2 Base Score: 5.0 MEDIUM AV:N/AC:L/Au:N/C:N/I:N/A:P: Buffer Errors CWE-119 - CVE-2010-0743: CVSS v2 Base Score: 5.0 MEDIUM AV:N/AC:L/Au:N/C:N/I:N/A:P: Format String Vulnerability CWE-134...

SuSE 11 / 11.1 Security Update : bzip2 (SAT Patch Numbers 3121 / 3125)

This update fixes an integer overflow in the BZ2decompress function of bzip2/libbz2. This could have been exploited via a crafted archive to cause a denial of service or even execute arbitrary code. CVE-2010-0405 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packag...

SuSE 11 / 11.1 Security Update : gpg2 (SAT Patch Numbers 2820 / 2822)

This update fixes a vulnerability of GnuPG2 to arbitrary code execution by context-dependent attackers due to reusing a freed pointer when verifying a signature or importing a certificate with many 'Subject Alternate Names'. CVE-2010-2547 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

SuSE 11 / 11.1 Security Update : bogofilter (SAT Patch Numbers 2665 / 2666)

This update of bogofilter/bogolexer fixes a heap-based buffer underflow vulnerability which could be exploited to cause a denial of service or potentially execute arbitrary code. CVE-2010-2494 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

SuSE 11 / 11.1 Security Update : freetype2 (SAT Patch Numbers 3202 / 3203)

When loading specially crafted font files applications linked against freetype2 could crash or potentially even execute arbitrary code CVE-2010-3311 / CVE-2010-3053 / CVE-2010-3054. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...