PT-2020-10912 · Suse +1 · Opensuse Leap +3

Name of the Vulnerable Software and Affected Versions: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1 SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1 openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions Description: A symlink...

Qualys Cloud Platform 8.21.2 New Features

The upcoming release of the Qualys Cloud Platform VM, PC, version 8.21.2, includes several new features in Qualys Cloud Platform and support for multiple technologies in Qualys Policy Compliance. The 8.21.2 release is scheduled to go live on 16th Sept, 2019. See full 8.21.2 new features blog post...

SuSE 11.3 Security Update : KVM (SAT Patch Number 10672)

KVM was updated to fix a buffer overflow in the floppy drive emulation, which could be used to carry out denial of service attacks or potential code execution against the host. This vulnerability is also known as VENOM. CVE-2015-3456 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

SuSE 11.3 Security Update : gd (SAT Patch Number 10530)

The graphics drawing library gd has been updated to fix one security issue : - possible buffer read overflow CVE-2014-9709 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is...

SuSE 11.3 Security Update : libmspack (SAT Patch Number 10402)

This update fixes the following security issue : - An integer overflow in the function qtmddecompress could have been exploited causing a denial of service endless loop bnc912214. CVE-2014-9556 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

SuSE 11.3 Security Update : vsftpd (SAT Patch Number 10372)

vsftpd has been updated to fix one security issue : - Config option denyfile was not handled correctly bnc915522, bnc900326. CVE-2015-1419 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. Th...

SuSE 11.3 Security Update : unzip (SAT Patch Number 10344)

This update fixes the following security issues : - input sanitization errors. bnc909214. CVE-2014-8139 - out-of-bounds read/write in testcompreb bnc914442. CVE-2014-9636 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...

SuSE 11.3 Security Update : libsndfile (SAT Patch Number 10221)

This update for libsndfile fixes two buffer read overflows in sd2parsersrcfork. CVE-2014-9496, bsc911796 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novel...

SuSE 11 Security Update : glibc (SAT Patch Numbers 10202,10204,10206)

This update for glibc fixes the following security issue : - A vulnerability was found and fixed in the GNU C Library, specifically in the function gethostbyname, that can lead to a local or remote buffer overflow. bsc913646. CVE-2015-0235 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

SuSE 11.3 Security Update : Ruby (SAT Patch Number 10126)

The Ruby script interpreter has been updated to fix two denial of service attacks when expanding XML. CVE-2014-8080 / CVE-2014-8090 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text...

SuSE 11.3 Security Update : popt (SAT Patch Number 10097)

This rpm update fixes the following security and non security issues. - check for bad invalid name sizes. CVE-2014-8118. bnc908128 - create files with mode 0. CVE-2013-6435. bnc906803 - honor --noglob in install mode. bnc892431 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

SuSE 11.3 Security Update : ntp (SAT Patch Number 10117)

This ntp update fixes the following critical security issue : - A potential remote code execution problem was found inside ntpd. The functions cryptorecv when using autokey authentication and ctlputdata where updated to avoid buffer overflows that could have been exploited. CVE-2014-9295 / VU8528...

SuSE 11.3 Security Update : shim (SAT Patch Number 9997)

shim has been updated to fix three security issues : - OOB read access when parsing DHCPv6 packets remote DoS. CVE-2014-3675 - Heap overflow when parsing IPv6 addresses provided by tftp:// DHCPv6 boot option RCE. CVE-2014-3676 - Memory corruption when processing user provided MOK lists...

SuSE 11.3 Security Update : Image Magick (SAT Patch Number 9976)

ImageMagick has been updated to fix four security issues : - Crafted jpeg file could have lead to a Denial of Service. CVE-2014-8716 - Out-of-bounds memory access in resize code. CVE-2014-8354 - Out-of-bounds memory access in PCX parser. CVE-2014-8355 - Out-of-bounds memory error in DCM decode...

SuSE 11.3 Security Update : libxml2 (SAT Patch Number 9914)

This update fixes a denial of service via recursive entity expansion. CVE-2014-3660 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell, Inc. if NASLLEVEL...

SuSE 11.3 Security Update : krb5 (SAT Patch Number 9827)

This update for krb5 fixes the following issues : - When randomizing the keys for a service principal, current keys could be returned. CVE-2014-5351 - klist -s crashes when handling multiple referral entries. bnc890623 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

SuSE 11.3 Security Update : flash-player (SAT Patch Number 9898)

This update fixes multiple code execution vulnerabilities in flash-player APSB14-22. CVE-2014-0564 / CVE-2014-0558 / CVE-2014-0569 have been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE...

SuSE 11.3 Security Update : wpa_supplicant (SAT Patch Number 9894)

This update fixes a remote code execution vulnerability in wpasupplicant's wpacli and hostapdcli tools. CVE-2014-3686 has been assigned to this issue. Additionally, password based authentication with PKCS5v2 has been enabled. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...

SuSE 11.3 Security Update : bash (SAT Patch Number 9740)

bash has been updated to fix a critical security issue. In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash scripts. CVE-2014-6271...

SuSE 11.3 Security Update : procmail (SAT Patch Number 9689)

procmail was updated to fix a security issue in its formail helper. - When formail processed specially crafted e-mail headers a heap corruption could be triggered, which would lead to a crash of formail. CVE-2014-3618 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...