SuSE9 Security Update : net-snmp (YOU Patch Number 11999)

This update of net-snmp fixes the following bugs : - default and configurable maximum number of varbinds returnable to a GETBULK request. CVE-2007-5846 - added option to ignore accepted connections %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novel...

SuSE9 Security Update : Acrobat Reader (YOU Patch Number 10316)

This update fixes a buffer overflow in Acrobat Reader versions 5 and 7, where an attacker could execute code by providing a handmade PDF to the viewer. The Acrobat Reader 5 versions of 9.1 and 9.2 were upgraded to Acrobat Reader 7. This version upgrade can cause new dependencies to appear, please...

SuSE9 Security Update : unace (YOU Patch Number 10239)

This update fixes several buffer overflows while extracting, testing, or listing an archive file CVE-2005-0160 as well as a buffer overflow while handling long command-line options. CVE-2005-0161 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell,...

SuSE9 Security Update : clamav (YOU Patch Number 12293)

Various bugs such as an off-by-one buffer overflow in getunicodename , a bug in URL parsing of the 'phishing' checks, as well as minor other issues have been fixed in clamav. CVE-2008-5050 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE9 Security Update : Apache (YOU Patch Number 12609)

Specially crafted requests could lead to an integer overflow in modproxy. Attackers could exploit that to crash Apache or potentially cause execution of arbitrary code. CVE-2010-0010 The problem only affects 64bit architectures. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...

SuSE9 Security Update : Samba (YOU Patch Number 12812)

A cross-site request forgery CSRF and a cross-site scripting vulnerability have been fixed in samba's SWAT. - CVSS v2 Base Score: 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N. CVE-2011-2522 - CVSS v2 Base Score: 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N. CVE-2011-2694 %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

SuSE9 Security Update : clamav (YOU Patch Number 12821)

New clamav 0.9.7 packages fix an off-by-one vulnerability which could lead to a DoS condition. CVE-2011-2721 It also brings other enhancements, support for signatures based on SHA1 and SHA256, better error detection, as well as speed and memory optimizations. The complete list of changes is...

SuSE9 Security Update : glibc suite (YOU Patch Number 12813)

The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters e.g. umlauts. Affected passwords are potentially faster to crack via brute-force methods. CVE-2011-2483 SUSE's crypt implementation supports the blowfish password hashing...

SuSE9 Security Update : libpng (YOU Patch Number 12815)

This update of libpng fixes : - CVSS v2 Base Score: 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C: Resource Management Errors CWE-399. CVE-2008-6218 - CVSS v2 Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P: Buffer Errors CWE-119. CVE-2011-2690 - CVSS v2 Base Score: 5.0 AV:N/AC:M/Au:N/C:N/I:N/A:P: Buffer Errors...

SuSE9 Security Update : foomatic-filters (YOU Patch Number 12818)

The foomatic print filters of the hplip package contained a remote code execution vulnerability. Remote users, if allowed to access a print server such as CUPS, could execute arbitrary commands as lp system user. - CVSS v2 Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P: Input Validation CWE-20...

SuSE9 Security Update : IBM Java5 JRE and SDK (YOU Patch Number 12810)

IBM Java 1.5.0 SR12 FP5 has been released fixing bugs and security issues. The following security issues were fixed : - Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.231 and earlier allows remo...

SuSE9 Security Update : cyrus-imapd (YOU Patch Number 12776)

Cyrus-imapd recognized commands before switching to an encrypted channel via STARTTLS. Attackers could potentially exploit that to inject plain text commands. CVE-2011-1926 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE9 Security Update : glibc (YOU Patch Number 12775)

This update contains the following fixes : - Specially crafted input to the fnmatch function could cause an integer overflow. CVE-2011-1071 - The output of the 'locale' command was not properly quoted. CVE-2011-1095 - Don't search the current directory if $ORIGIN is in RPATH of libraries called b...

SuSE9 Security Update : ethereal (YOU Patch Number 12708)

This ethereal update fixes the use of uninitialized variables. CVE-2011-1590 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid54993; scriptversion"1.5";...

SuSE9 Security Update : dhcp6 (YOU Patch Number 12697)

A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0996 %NASLMINLEVEL 70300 C...

SuSE9 Security Update : OpenSSL (YOU Patch Number 12701)

Malicious clients could have downgraded a connection to a low strength cipher suite on session resumption if the server offers such ciphers CVE-2010-4180. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE9 Security Update : GnuTLS (YOU Patch Number 12705)

The SSL-renegotiation 'authentication gap' has been fixed in GnuTLS. CVE-2009-3555 Also a integer size issue was fixed which lead to incorrectly accepted certificates. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE9 Security Update : libtiff (YOU Patch Number 12702)

The following bugs have been fixed : - Specially crafted tiff files could cause a heap-based buffer overflow in the thunder-decoder. CVE-2011-1167 - Directories with a large number of files could cause an integer overflow in the tiffdump tool. CVE-2010-4665 %NASLMINLEVEL 70300 C Tenable Network...

SuSE9 Security Update : XFree86 (YOU Patch Number 12700)

The following bug has been fixed : - Remote attackers could execute arbitrary commands as root by assigning specially crafted hostnames to X11 clients via XDMCP. CVE-2011-0465 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE9 Security Update : dhcpcd (YOU Patch Number 12699)

A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0996 Note: this is a...