SUSE: Security Advisory (SUSE-SU-2014:0321-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2012:0706-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1)

NTP was updated to version 4.2.8p8 to fix several security issues and to ensure the continued maintainability of the package. These security issues were fixed : CVE-2016-4953: Bad authentication demobilized ephemeral associations bsc982065. CVE-2016-4954: Processing spoofed server packets...

SUSE SLES10 Security Update : Xen (SUSE-SU-2016:1445-1)

Xen was updated to fix the following security issues : CVE-2016-2841: net: ne2000: infinite loop in ne2000receive bsc969351 CVE-2016-2391: usb: multiple eoftimers in ohci module leads to NULL pointer dereference bsc967101 CVE-2016-2270: x86: inconsistent cachability flags on guest mappings XSA-15...

SUSE SLES10 Security Update : IBM Java 1.6.0 (SUSE-SU-2016:1388-1)

This IBM Java 1.6.0 SR16 FP25 release fixes the following issues : Security issues fixed : CVE-2016-0264: buffer overflow vulnerability in the IBM JVM bsc977648 CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix bsc977650 CVE-2016-0376: insecure...

SUSE SLES10 Security Update : openssl (SUSE-SU-2016:1360-1)

This update for OpenSSL fixes the following security issues : CVE-2016-2105: EVPEncodeUpdate overflow bsc977614 CVE-2016-2106: EVPEncryptUpdate overflow bsc977615 CVE-2016-2108: Memory corruption in the ASN.1 encoder bsc977617 CVE-2016-2109: ASN.1 BIO excessive memory allocation bsc976942...

SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2016:1352-1)

Mozilla Firefox was updated to fix the following vulnerabilities bsc977333 : CVE-2016-2805: Memory safety bug fixed in Firefox ESR 38.8 MFSA 2016-39, bsc977374 CVE-2016-2807: Memory safety bugs fixed in Firefox ESR 45.1, Firefox ESR 38.8 and Firefox 46 MFSA 2016-39, bsc977376 CVE-2016-2808: Write...

SUSE SLES10 Security Update : samba (SUSE-SU-2016:1105-1)

Samba was updated to fix three security issues. These security issues were fixed : CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication bso11688, bsc973031. CVE-2016-2111: Domain controller netlogon member computer could have been spoofed bso11749, bsc973032...

SUSE SLES10 Security Update : MozillaFirefox (SUSE-SU-2016:0820-1)

Mozilla Firefox was updated to 38.7.0 ESR, fixing the following security issues : MFSA 2016-16/CVE-2016-1952/CVE-2016-1953: Miscellaneous memory safety hazards rv:45.0 / rv:38.7 MFSA 2016-17/CVE-2016-1954: Local file overwriting and potential privilege escalation through CSP reports MFSA...

SUSE SLES10 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0776-1) (SLOTH)

IBM Java was updated to version 6.0-16.20, fixing various security issues. More information can be found on http://www.i bm.com/developerworks/java/jdk/alerts/. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2016:0678-1) (DROWN)

OpenSSL was update to fix security issues and bugs : CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle...

SUSE SLES10 Security Update : Xen (SUSE-SU-2016:0658-1)

Xen was updated to fix the following vulnerabilities : CVE-2014-0222: Qcow1 L2 table size integer overflows bsc877642 CVE-2015-4037: Insecure temporary file use in /net/slirp.c bsc932267 CVE-2015-5239: Integer overflow in vncclientread and protocolclientmsg bsc944463 CVE-2015-7504: Heap buffer...

SUSE SLES10 Security Update : bind (SUSE-SU-2016:0227-1)

This update for bind fixes the following issues : CVE-2015-8000: Remote denial of service by mis-parsing incoming responses. bsc958861 CVE-2015-5722: DoS against servers performing validation on DNSSEC-signed records. bsc944066 CVE-2015-5477: DoS against authoritative and recursive servers...

SUSE SLES10 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0113-1) (Bar Mitzvah) (FREAK)

This version update for java-160-ibm to version 6.0.16.15 fixes the following issues : CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883...

SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2015:2081-1)

MozillaFirefox ESR was updated to version 38.4.0ESR to fix multiple security issues. MFSA 2015-116/CVE-2015-4513 Miscellaneous memory safety hazards rv:42.0 / rv:38.4 MFSA 2015-122/CVE-2015-7188 Trailing whitespace in IP address hostnames can bypass same-origin policy MFSA 2015-123/CVE-2015-7189...

SUSE SLES10 Security Update : Xen (SUSE-SU-2015:1643-1)

Xen was updated to fix the following security issues : CVE-2015-5154: Host code execution via IDE subsystem CD-ROM. bsc938344 CVE-2015-3209: Heap overflow in QEMU's pcnet controller allowing guest to host escape. bsc932770 CVE-2015-4164: DoS through iret hypercall handler. bsc932996 CVE-2015-5165...

SUSE SLES10 Security Update : bind (SUSE-SU-2015:1322-1)

bind was updated to fix one security issue : CVE-2015-5477: Remote Denial-of-Service via TKEY queries. bsc939567 Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling. Note...

SUSE SLES10 Security Update : strongswan (SUSE-SU-2015:1228-1)

strongswan was updated to fix two security issues : An issue that could enable rogue servers to gain user credentials from a client in certain IKEv2 setups. CVE-2015-4171 A bug in decoding IDDERASN1DN ID payloads that could be used for remote denial of service attacks. CVE-2014-2891 Note that...

SUSE SLES10 Security Update : Xen (SUSE-SU-2015:1206-1)

Xen was updated to fix two security issues : CVE-2015-3209: Heap overflow in qemu pcnet controller allowing guest to host escape. XSA-135, bsc932770 CVE-2015-4164: DoS through iret hypercall handler. XSA-136, bsc932996 Note that Tenable Network Security has extracted the preceding description blo...

SUSE SLED11 / SLES10 Security Update : OpenSSL (SUSE-SU-2015:1183-2) (Logjam)

OpenSSL was updated to fix several security issues. CVE-2015-4000: The Logjam Attack weakdh.org has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. CVE-2015-1789: An out-of-bounds read in X509cmptime was...