EUVD-2007-6136

Malware in sbrugna...

OPENSUSE-SU-2024:10138-1 yast2-core-3.2.0-1.1 on GA media

These are all security issues fixed in the yast2-core-3.2.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11531-1 yast2-core-4.4.0-1.4 on GA media

These are all security issues fixed in the yast2-core-4.4.0-1.4 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2007-6167

Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory...

openSUSE Security Update : yast2-core (openSUSE-SU-2011:0921-2)

This update contains yast2 core changes to change the hash generation of new passwords to the new secure style. Please read the general notes below : The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters e.g. umlauts. Affected...

openSUSE Security Update : yast2-core (openSUSE-SU-2011:0921-2)

This update contains yast2 core changes to change the hash generation of new passwords to the new secure style. Please read the general notes below : The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters e.g. umlauts. Affected...

SuSE 10 Security Update : yast2-core (ZYPP Patch Number 7726)

This update of yast2-core fixes security issues, bugs, and adds a debugging feature. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid57270; scriptversion"1.6";...

SuSE 10 Security Update : yast2-core (ZYPP Patch Number 7725)

This update of yast2-core fixes security issues, bugs, and adds a debugging feature. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid56619; scriptversion"1.7";...

SuSE 11.1 Security Update : yast2-core (SAT Patch Number 5078)

This update of yast2-core fixes security issues and a bug : - When setting a password for a user, use blowfish algorithm id 2y instead of 2a. bnc700876 / CVE-2011-2483 - Log YCP client arguments only with y2debug, not to reveal AutoYaST passwords. bnc492746 - ini-agent: Fixed a test failure 'wron...

SuSE 10 Security Update : YaST2 (ZYPP Patch Number 4623)

This update fixes a security bug in yast2-core that allowed local attackers to provide malicious yast2 modules to yast2 that are executed with root privileges. To trigger this vulnerability root has to execute yast2 in an untrusted directory i.e. /tmp. Thanks to Stefan Nordhausen for reporting th...

Design/Logic Flaw

Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory...

CVE-2007-6167

Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory...

CVE-2007-6167

CVE-2007-6167 concerns an untrusted search path vulnerability in the SUSE Linux component yast2-core . An attacker could cause local code execution by placing a malicious yast2 module in the current working directory, taking advantage of a search path weakness. The issue impacts local users who c...

CVE-2007-6167

Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory...

openSUSE 10 Security Update : yast2-core (yast2-core-4634)

This update fixes a security bug in yast2-core that allowed local attackers to provide malicious yast2 modules to yast2 that are executed with root privileges. To trigger this vulnerability root has to execute yast2 in an untrusted directory i.e. /tmp. Thanks to Stefan Nordhausen for reporting th...