SuSE9 Security Update : IBM Java JRE and SDK (YOU Patch Number 12706)

IBM Java 1.4.2 was updated to SR13 FP9, fixing bugs and security issues. More information can be found on the IBM JDK Alerts page : http://www.ibm.com/developerworks/java/jdk/alerts/ %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if...

SuSE9 Security Update : Postfix (YOU Patch Number 12707)

The following bugs have been fixed : - Remote attackers could potentially exploit a memory corruption issue in postfix' SASL implementation to execute arbitrary code. CVE-2011-1720 - Also Postfix did not clear the receive buffer after the STARTTLS command. A man-in-the middle could therefore inje...

SuSE9 Security Update : vsftpd (YOU Patch Number 12690)

Certain file patterns could cause vsftpd to consume excessive CPU resulting in denial of service CVE-2011-0762. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE9 Security Update : freetype2 (YOU Patch Number 12656)

When loading specially crafted font files applications linked against freetype2 could crash or potentially even execute arbitrary code CVE-2010-3311, CVE-2010-3053, CVE-2010-3054. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...

SuSE9 Security Update : Samba (YOU Patch Number 12644)

A buffer overflow in the sidparse function of samba could potentially be exploited by remote attackers to execute arbitrary code. CVE-2010-3069 Additionally the update also contains fixes for the following non-security issues : - bnc567013 - Failed to join ADS Domain - bnc592198 - Samba 3.0 / 3.2...

SuSE9 Security Update : pango (YOU Patch Number 12614)

Specially crafted font files could cause a memory corruption in pango. Attackers could potentially exploit that to execute arbitrary code CVE-2010-0421. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE9 Security Update : tar (YOU Patch Number 12596)

A malicious remote tape server could cause a buffer overflow in tar. In order to exploit that an attacker would have to trick the victim to extract a file that causes tar to open a connection to the rmt server CVE-2010-0624. It's advisable to always use tar's --force-local local option to avoid...

SuSE9 Security Update : nmap (YOU Patch Number 12009)

nmap contains a copy of the pcre library. Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. This...

SuSE9 Security Update : xntp (YOU Patch Number 12559)

By sending specially crafted NTP packets attackers could make ntpd flood its log file with error messages or even run into an endless loop CVE-2009-3563. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE9 Security Update : OpenSSL (YOU Patch Number 12550)

The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's modssl was vulnerable to this kind of...

SuSE9 Security Update : Samba (YOU Patch Number 12518)

samba's makeconnectionsnum handles certain input incorrectly, which may lead to disclosure of the root directory. CVE-2009-2813 has been assigned to this issue. Additionally an information disclosure vulnerability in mount.cifs has been fixed CVE-2009-2948 as well as a DoS condition. CVE-2009-290...

SuSE9 Security Update : ipsec-tools (YOU Patch Number 12259)

Remote attackers could exploit memory leaks in the 'racoon' daemon to crash it. CVE-2008-3651, CVE-2008-3652 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE9 Security Update : Python (YOU Patch Number 12046)

Specially crafted images could trigger an integer overflow in the imageop module. CVE-2007-4965 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41186;...

SuSE9 Security Update : screen (YOU Patch Number 11260)

A special formed UTF-8 sequence in text could be used to crash the terminal multitasker screen by overwriting memory in the heap. This is potentially exploitable to execute code. CVE-2006-4573 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, In...

SuSE9 Security Update : freeradius (YOU Patch Number 11512)

A memory leak in the code for handling EAP-TTLS tunnels could be exploited by attackers to crash freeradius. CVE-2007-2028 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descripti...

SuSE9 Security Update : zoo (YOU Patch Number 10907)

A buffer overflow within the handling of file names has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41088; scriptversion"1.7";...

SuSE9 Security Update : perl-Convert-UUlib (YOU Patch Number 10044)

This update fixes a buffer overflow that could allow an attacker to execute arbitrary code. CVE-2005-1349 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41071;...

SuSE9 Security Update : Emacs (YOU Patch Number 12157)

Emacs automatically loaded fast-lock files which allowed local attackers to execute arbitrary code as the user editing the associated files. CVE-2008-2142 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE9 Security Update : Zip (YOU Patch Number 9530)

When zip performs recursive folder compression, it does not check for the length of resulting path. If the path is too long, a buffer overflow occurs leading to stack corruption and segmentation fault. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...

SuSE9 Security Update : libxml2 (YOU Patch Number 12237)

Specially crafted XML files could cause a crash or a heap-based buffer overflow in libxml2. CVE-2008-3281, CVE-2008-3529 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...