SuSE9 Security Update : sendmail (YOU Patch Number 11200)

Without this update sendmail may crash when finishing a mail due to referencing an already freed variable. CVE-2006-4434 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE9 Security Update : yast2-backup (YOU Patch Number 12279)

This updated of yast2-backup fixes a sellcode injection vulnerability and improves handling of symlinks for the backup process. CVE-2008-4636 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE9 Security Update : libxml2 (YOU Patch Number 12032)

libxml2 contained a DoS condition in xmlCurrentChar's UTF-8 processing. CVE-2007-6284 has been assigned to this problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE9 Security Update : ethereal (YOU Patch Number 12323)

This update fixes problems that could crash wireshark when processing compressed data CVE-2008-3933 and Q.931 packets. CVE-2008-4685 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE9 Security Update : OpenLDAP 2 (YOU Patch Number 12222)

This update fixes a security problem in the liblber client library of openldap that allowed remote attackers to cause a denial of service program termination via crafted ASN.1 BER datagrams, which triggers an assertion error. CVE-2008-2952 Additionally a bug was fixed in ldapfreeconnection which...

SuSE9 Security Update : ethereal (YOU Patch Number 12424)

Version upgrade to Wireshark 1.0.7 to fix various vulnerabilities : - crash while loading a Tektronix .rf5 file. CVE-2009-1269 - crash in Check Point High-Availability Protocol CPHAP dissector. CVE-2009-1268 - LDAP dissector could crash on Windows. CVE-2009-1267 - PROFINET format string bug...

SuSE9 Security Update : vsftpd (YOU Patch Number 12192)

This update of vsftpd fixes a memory leak that can occur during authentication. CVE-2008-2375 Additionally non-security bugs for SLES10 were fixed. There were some issues with simultaneous FTP PUT of the same file name that lead to a corrupted file on the server. %NASLMINLEVEL 70300 C Tenable...

SuSE9 Security Update : dhcp-server (YOU Patch Number 11373)

A bug was fixed were a LDAP server with malicious data providing information to the DHCP server could crash and potentially execute code as the DHCP server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE9 Security Update : openldap2 (YOU Patch Number 11135)

This fixes a bug in the Access Control Processing that allowed users with 'selfwrite' access to an attribute to modify arbitrary values of that attribute, instead of just allowing them to add/delete their own DN to/from that attribute. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...

SuSE9 Security Update : ruby (YOU Patch Number 11442)

The ruby package was updated to fix a denial of service problem in its CGI module when parsing multipart MIME messages. CVE-2006-6303 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; i...

SuSE9 Security Update : PHP4 (YOU Patch Number 11666)

This update fixes multiple bugs in PHP : - Predictable generaton of an initialization vector IV in the mcrypt extension - Additional cookie attributes could be injected via a session ID. - Specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

SuSE9 Security Update : vim and gvim (YOU Patch Number 11722)

This update of Vim addresses a format-string bug in 'helptags'. This bug can be exploited to execute code with the privileges of the user running Vim. CVE-2007-2953 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE9 Security Update : libgsf (YOU Patch Number 11342)

Specially crafted OLE documents enabled attackers to use a heap buffer overlow for executing code. CVE-2006-4514 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE9 Security Update : Python (YOU Patch Number 12316)

Integer overflows in the python imageop module and in the expandtabs method potentially allowed attackers to execute arbitrary code. CVE-2008-4864, CVE-2008-5031 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE9 Security Update : squid (YOU Patch Number 12135)

A flaw in a previous previous security update could cause squid to crash under certain circumstances. CVE-2008-1612 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE9 Security Update : w3m (YOU Patch Number 11376)

A format string problem in w3m -dump / -backend mode could be used by a malicious server to crash w3m or execute code. CVE-2006-6772 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE9 Security Update : Python (YOU Patch Number 12046)

Specially crafted images could trigger an integer overflow in the imageop module. CVE-2007-4965 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41186;...

SuSE9 Security Update : arc (YOU Patch Number 10496)

This updates fixes two bugs : - Eric Romang discovered that the ARC archive program under Unix creates a temporary file with insecure permissions which may lead to an attacker stealing sensitive information. CVE-2005-2945 - Joey Schulze discovered that the temporary file was created in an insecur...

SuSE9 Security Update : YaST2 (YOU Patch Number 11952)

This update fixes a security bug in yast2-core that allows local attackers to provide malicious YaST2 modules to YaST2 which are subsequently executed with root privileges. To trigger this vulnerability root has to execute yast2 in an untrusted directory i.e. /tmp. %NASLMINLEVEL 70300 C Tenable...

SuSE9 Security Update : fetchmail (YOU Patch Number 12468)

This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \0-character in the certificate's subject name. CVE-2009-2666 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...