SUSE SLED10 / SLES10 Security Update : Xen (SUSE-SU-2012:1487-1)

XEN received various security and bugfixes : - CVE-2012-4535: xen: Timer overflow DoS vulnerability XSA-20 - CVE-2012-4537: xen: Memory mapping failure DoS vulnerability XSA-22 The following additional bugs have been fixed : - bnc784087 - L3: Xen BUG at ioapic.c:129...

SUSE SLED10 Security Update : ImageMagick (SUSE-SU-2013:0756-1)

ImageMagick has been updated to fix an integer overflow CVE-2012-3438. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

SUSE SLED10 / SLES10 Security Update : glibc (SUSE-SU-2013:0858-1)

This collective update for the GNU C library glibc provides the following fixes : - Fix stack overflow in getaddrinfo with many results bnc813121, CVE-2013-1914 - Fix locking in IOcleanup bnc796982 - Fix buffer overflow in glob bnc691365 - Fix memory leak in execve bnc805899 Note that Tenable...

SUSE SLED10 / SLES10 Security Update : kernel (SUSE-SU-2012:1391-1)

This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. The following security issues have been fixed : CVE-2011-2494: kernel/taskstats.c in the Linux kernel allowed local users to obtain sensitive I/O statistics by sending taskstats commands to...

SUSE SLED10 / SLES10 Security Update : kernel (SUSE-SU-2013:0856-1)

The SUSE Linux Enterprise 10 SP4 kernel has been updated to fix various bugs and security issues. Security issues fixed : CVE-2012-4444: The ip6fragqueue function in net/ipv6/reassembly.c in the Linux kernel allowed remote attackers to bypass intended network restrictions via overlapping IPv6...

SUSE SLED10 / SLES10 Security Update : PostgreSQL (SUSE-SU-2012:1336-1)

PostgreSQL was updated to the latest stable release 8.1.23, fixing various bugs and security issues. The following security issues have been fixed : - CVE-2012-3488: This update fixes arbitrary read and write of files via XSL functionality. - CVE-2012-2655: postgresql: denial of service stack...

SUSE SLED10 / SLES10 Security Update : gpg (SUSE-SU-2013:1061-1)

This update for gpg provides the following fixes : - Set proper file permissions when en/de-crypting files bnc780943 - Fix an issue that could cause corruption of the public keys database. CVE-2012-6085, bnc798465 Note that Tenable Network Security has extracted the preceding description block...

SUSE SLED10 Security Update : subversion (SUSE-SU-2013:1217-1)

This update of subversion fixes two potential DoS vulnerabilities bug821505, CVE-2013-1968, CVE-2013-2112. Server-side bugfixes : - fix FSFS repository corruption due to newline in filename issue 4340 - fix svnserve exiting when a client connection is aborted r1482759 Other tool improvements and...

SUSE SLED10 / SLES10 Security Update : Xen (SUSE-SU-2012:1606-1)

This update fixes the following security issues in xen : - CVE-2012-5513: XENMEMexchange may overwrite hypervisor memory XSA-29 - CVE-2012-5515: Several memory hypercall operations allow invalid extent order values XSA-31 Also the following bugs have been fixed and upstream patches have been...

SUSE SLED10 / SLES10 Security Update : glibc (SUSE-SU-2012:1667-1)

This update for GNU C library glibc fixes multiple integer overflows in strtod and related functions. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as...

SUSE SLED10 / SLES10 Security Update : nfs-utils (SUSE-SU-2013:0822-1)

This update fixes a DNS spoofing problem with NFS rpc-gssd. CVE-2013-1923bnc813464 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

SUSE SLED10 / SLES10 Security Update : glibc (SUSE-SU-2012:1488-1)

This collective update to the GNU Lib C library glibc provides the following fixes : - Make addmntent return errors also for cached streams bnc676178, CVE-2011-1089 - Fix overflows in vfprintf bnc770891, CVE-2012-3406 - Fix incomplete results from nscd bnc753756 - Fix a deadlock in dlsym in case...

SUSE SLED10 / SLES10 Security Update : IBM Java 1.5.0 (SUSE-SU-2012:1489-1)

IBM Java 1.5.0 has been updated to SR15 which fixes bugs and security issues. More information can be found on : http://www.ibm.com/developerworks/java/jdk/alerts/ CVEs fixed: CVE-2012-3216, CVE-2012-3143, CVE-2012-5073, CVE-2012-5075, CVE-2012-5083, CVE-2012-5083, CVE-2012-1531, CVE-2012-5081,...

SUSE SLED10 Security Update : subversion (SUSE-SU-2013:0837-1)

This update fixes several DoS vulnerabilities in subversion's moddavsvn Apache HTTPD server module. CVE-2013-1849, CVE-2013-1846, CVE-2013-1845 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...

SUSE SLED10 / SLES10 Security Update : xorg-x11-server (SUSE-SU-2013:0857-1)

In some cases, input events are sent to X servers not currently the VT owner, allowing a user to capture passwords. This update fixes this issue. CVE-2013-1940 has been assigned to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE...

SUSE SLED10 Security Update : inkscape (SUSE-SU-2013:0350-1)

inkscape has been updated to fix a XXE Xml eXternal Entity attack during rasterization of SVG images. CVE-2012-5656, where the rendering of malicious SVG images could have connected from inkscape to internal hosts. Note that Tenable Network Security has extracted the preceding description block...

SUSE SLED10 / SLES10 Security Update : wireshark (SUSE-SU-2013:1276-1)

This wireshark version update to 1.6.16 includes several security and general bug fixes. http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html - The CAPWAP dissector could crash. Discovered by Laurent Butti. CVE-2013-4074 - The HTTP dissector could overrun the stack. Discovered by David...

SUSE SLED10 Security Update : Acrobat Reader (SUSE-SU-2013:0044-1)

Acrobat Reader was updated to 9.5.3 to fix various bugs and security issues. More information can be found at http://www.adobe.com/support/security/bulletins/apsb13-02.html The resolved security issues are CVE-2012-1530 , CVE-2013-0601 , CVE-2013-0602 , CVE-2013-0603 , CVE-2013-0604 , CVE-2013-06...

SuSE 10 Security Update : ClamAV (ZYPP Patch Number 8526)

ClamAV has been updated to the 0.97.7 release that contains various security related hardening fixes. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid65798;...

SuSE 10 Security Update : acroread (ZYPP Patch Number 8474)

Acrobat Reader was updated to 9.5.4 which fixes two critical security issues where attackers supplying PDFs could have caused code execution with acrobat. CVE-2013-0640 / CVE-2013-0641 More information can be found on : https://www.adobe.com/support/security/bulletins/apsb13-07.html %NASLMINLEVEL...