SuSE9 Security Update : unace (YOU Patch Number 10239)

This update fixes several buffer overflows while extracting, testing, or listing an archive file CVE-2005-0160 as well as a buffer overflow while handling long command-line options. CVE-2005-0161 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell,...

SuSE9 Security Update : libtiff (YOU Patch Number 12702)

The following bugs have been fixed : - Specially crafted tiff files could cause a heap-based buffer overflow in the thunder-decoder. CVE-2011-1167 - Directories with a large number of files could cause an integer overflow in the tiffdump tool. CVE-2010-4665 %NASLMINLEVEL 70300 C Tenable Network...

SuSE9 Security Update : Tomcat (YOU Patch Number 12687)

Apache Tomcat Local bypass of security manger file permissions. CVE-2010-3718 - Apache Tomcat Manager XSS vulnerability. CVE-2011-0013 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...

SuSE9 Security Update : clamav (YOU Patch Number 12662)

clamav was updated to version 0.96.4 which fixes problems when scanning pdf files CVE-2010-3434 and also contains numerous other bug fixes. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE9 Security Update : Perl (YOU Patch Number 12628)

perl Safe.pm module was affected by two problems where attackers could break out of such a safed execution CVE-2010-1447, CVE-2010-1168. This update fixes this problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE9 Security Update : XFree86 (YOU Patch Number 12612)

X clients could cause a memory corruption in the X Render extension which crashes the X server CVE-2010-1166. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE9 Security Update : libpng (YOU Patch Number 12599)

Denial of service while decompressing a highly compressed huge ancillary chunk has been fixed in libpng. CVE-2010-0205 has been assigned. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc...

SuSE9 Security Update : squid (YOU Patch Number 12597)

The following vulnerabilities have been fixed in squid : - DoS via special crafted auth header. CVE-2009-2855 - DoS via invalid DoS header. CVE-2010-0308 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE9 Security Update : pango (YOU Patch Number 12575)

A long glyph string can trigger a heap-based buffer overflow in pango. CVE-2009-1194 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid44591; scriptversion"1.10";...

SuSE9 Security Update : gzip (YOU Patch Number 12573)

The following bug has been fixed : - Specially crafted gzip archives could trigger integer overflows. Attackers could exploit that to crash gzip or potentially execute arbitrary code. CVE-2010-0001 Only 64bit architectures are affected by this flaw. %NASLMINLEVEL 70300 C Tenable Network Security,...

SuSE9 Security Update : kdelibs3 (YOU Patch Number 12563)

A faulty implementation of the dtoa function can lead to a remotely exploitable array overrun in kdelibs3. This issue has been tracked as CVE-2009-0689. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE9 Security Update : freeradius (YOU Patch Number 12507)

This update of freeradius fixes a remote denial-of-service bug in function raddecode which can be triggered by zero-length Tunnel-Password attributes to make radiusd crash. CVE-2009-3111 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE9 Security Update : wget (YOU Patch Number 11090)

This update fixes a security bug in wget, where evil servers could send terminal escape codes to the user calling wget. This would only affect interactive sessions. CVE-2004-1488 Additionally a previous '.file' fix was found to be buggy and replaced. This bug could lead to '.directories' not bein...

SuSE9 Security Update : qt3 (YOU Patch Number 11795)

An off-by-one error in the QUtf8Decoder::toUnicode method has been found which may allow a denial of service attack with specially crafted UTF-8 character sequences that trigger a buffer overflow. CVE-2007-4137 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plug...

SuSE9 Security Update : nagios-www (YOU Patch Number 10984)

An integer overflow exists within the handling of HTTP headers by CGIs. This could lead to arbitrary code execution by remote attackers on behalf of the Nagios CGI scripts. CVE-2006-2162 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of...

SuSE9 Security Update : sendmail (YOU Patch Number 11200)

Without this update sendmail may crash when finishing a mail due to referencing an already freed variable. CVE-2006-4434 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE9 Security Update : XFree86 (YOU Patch Number 12170)

This update fixes multiple vulnerabilities reported by iDefense : - RENDER Extension heap buffer overflow. CVE-2008-2360 - RENDER Extension crash. CVE-2008-2361 - RENDER Extension memory corruption . CVE-2008-2362 - MIT-SHM arbitrary memory read. CVE-2008-1379 - RECORD and Security extensions...

SuSE9 Security Update : IBMJava5 JRE and IBMJava5 SDK (YOU Patch Number 12265)

IBM Java 5 was updated to SR8a to fix a security issue : - A vulnerability in the Java Management Extensions JMX agent when local monitoring is enabled, allowed remote attackers to 'perform unauthorized operations'. CVE-2008-3103 This update also includes new timezone data and fixes missing...

SuSE9 Security Update : arc (YOU Patch Number 10496)

This updates fixes two bugs : - Eric Romang discovered that the ARC archive program under Unix creates a temporary file with insecure permissions which may lead to an attacker stealing sensitive information. CVE-2005-2945 - Joey Schulze discovered that the temporary file was created in an insecur...

SuSE9 Security Update : bind (YOU Patch Number 12197)

The transaction id and the udp source port used for DNS queries by the bind nameserver were predictable. Attackers could potentially exploit that weakness to manipulate the DNS cache 'DNS cache poisoning', CVE-2008-1447. Additionally the root.hint zone file was updated to contain the new IP numbe...