SUSE-SU-2026:21992-1 Security update for libzypp, libsolv

This update for libzypp, libsolv fixes the following issues: libsolv was updated to 0.7.39. - fix solvchksumfree segfault when called with a NULL pointer - made repoaddsolv more robust against corrupt files bsc1265935 CVE-2026-9149 - fix potential buffer overflow when verifying EdDSA signatures...

EUVD-2012-0452

Malware in sbrugna...

SUSE CVE-2008-3187

zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service package data corruption via a spoofed key...

SUSE CVE-2012-0420

zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPPLOCKFILEROOT environment variable...

SUSE: Security Advisory (SUSE-SU-2020:0969-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Novell libzypp Security Bypass Vulnerability

libzypp also known as ZYPP is the U.S. Novell-sponsored open source set of manageable engines, drivers eg: Linux applications YaST, Zypper tools. A security vulnerability exists in libzypp. An attacker can exploit this vulnerability to bypass security restrictions and perform unauthorized...

SuSE 10 Security Update : glibc (ZYPP Patch Number 9035)

This update for glibc fixes the following security issue : - A vulnerability was found and fixed in the GNU C Library, specifically in the function gethostbyname, that can lead to a local or remote buffer overflow. bsc913646. CVE-2015-0235 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

openSUSE Security Update : PackageKit (openSUSE-SU-2013:0889-1)

The PackageKit zypp backend was fixed to only allow patches to be updated. Otherwise a regular user could install new packages or even downgrade older packages to ones with security problems. CVE-2013-1764 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...

Code injection

zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPPLOCKFILEROOT environment variable...

SuSE 10 Security Update : java-1_4_2-ibm (ZYPP Patch Number 8652)

IBM Java 1.4.2 has been updated to SR13-FP18 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ Also the following bug has been fixed : - mark files in jre/bin and bin/ as executable bnc823034 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Th...

SuSE 10 Security Update : strongswan (ZYPP Patch Number 8546)

This update fixes the ECDSA signature vulnerability in strongswan. CVE-2013-2944 was assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : subversion (ZYPP Patch Number 8628)

This update of subversion fixes two potential DoS vulnerabilities bug821505, CVE-2013-1968 / CVE-2013-2112. - Server-side bugfixes : - fix FSFS repository corruption due to newline in filename issue 4340 - fix svnserve exiting when a client connection is aborted r1482759 - Other tool improvements...

SuSE 10 Security Update : ibutils (ZYPP Patch Number 8641)

Various tmp races in ibdiagnet of ibutils have been fixed that could have been used by local attackers on machines where infiband was debugged to gain privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : krb5 (ZYPP Patch Number 8631)

This krb5 update fixes a security issue. - kpasswd UDP ping-pong bug825985 / CVE-2002-2443 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid68877;...

SuSE 10 Security Update : Mesa (ZYPP Patch Number 8604)

This update of Mesa fixes multiple integer overflows. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid67255; scriptversion"1.4";...

SuSE 10 Security Update : curl (ZYPP Patch Number 8614)

This update of curl fixes several security issues. - libcurl URL decode buffer boundary flaw bnc824517 / CVE-2013-2174 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : compat-curl2 (ZYPP Patch Number 8621)

This update of compat-curl2 fixes a security vulnerability : - libcurl URL decode buffer boundary flaw bnc824517 / CVE-2013-2174 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : openswan (ZYPP Patch Number 8627)

This openswan update fixes a remote buffer overflow issue. bnc824316 / CVE-2013-2053 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid67199; scriptversion"1.5";...

SuSE 10 Security Update : gpg (ZYPP Patch Number 8575)

This update for gpg provides the following fixes : - Set proper file permissions when en/de-crypting files. bnc780943 - Fix an issue that could cause corruption of the public keys database. CVE-2012-6085, bnc798465 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this...

SuSE 10 Security Update : gpg2 (ZYPP Patch Number 8576)

This update for gpg2 provides the following fixes : - Set proper file permissions when en/de-crypting files. bnc780943 - Fix an issue that could cause corruption of the public keys database. CVE-2012-6085, 798465 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this...