SuSE 10 Security Update : cyrus-imapd (ZYPP Patch Number 7583)

Cyrus-imapd recognized commands before switching to an encrypted channel via STARTTLS. Attackers could potentially exploit that to inject plain text commands. CVE-2011-1926 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : evince (ZYPP Patch Number 7409)

This update of evince fixes a buffer overflow in linetoken. CVE-2011-0433 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid57185; scriptversion"1.6";...

SuSE 10 Security Update : dbus (ZYPP Patch Number 7482)

Local users could crash the D-Bus daemon by sending a specially crafted message CVE-2010-4352. This update also properly fixes CVE-2008-3834 / CVE-2009-1189. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'...

SuSE 10 Security Update : Mozilla XULrunner (ZYPP Patch Number 7427)

Mozilla XULRunner 1.9.1 was updated to version 1.9.1.18 to fix the following security issue : - Several invalid HTTPS certificates were placed on the certificate blacklist to prevent their misuse. MFSA 2011-11 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugi...

SuSE 10 Security Update : audiofile (ZYPP Patch Number 7394)

A heap-overflow in libaudiofile was fixed. The overflow existsed in the WAV processing code and can be exploited to execute arbitrary code. This update also contains fixed audiofile-32bit packages. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novel...

SuSE 10 Security Update : opie (ZYPP Patch Number 7594)

This update fixes off-by-one errors in opiesu CVE-2011-2489 and missing setuid return value checks in opielogin. CVE-2011-2490 This update also removes the setuid bit from opiesu program. If you rely on the setuid bit on opiesu, add the following line to /etc/permissions.local : /usr/bin/opiesu...

SuSE 10 Security Update : apache2-mod_auth_mysql (ZYPP Patch Number 7683)

This update of apache2-modauthmysql fixes a possible SQL injection vulnerability that can be exploited using multibyte character encoding. CVE-2008-2384: CVSS v2 Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N: SQL Injection. CWE-89 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...

SuSE 10 Security Update : openssl-certs (ZYPP Patch Number 7719)

This updates includes the latest SSL root certificates trusted by Mozilla as of 2011-08-31. This includes removing the DigiNotar CA. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : postfix (ZYPP Patch Number 7502)

Remote attackers could have potentially exploited a memory corruption issue in postfix' SASL implementation to execute arbitrary code CVE-2011-1720. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : pidgin, libpurple and finch (ZYPP Patch Number 7827)

This update fixes the following security issues : - 604225: MSN emoticon DoS. CVE-2010-1624 - 648273: multiple NULL pointer dereference weaknesses. CVE-2010-3711 - 722199: vulnerability in SILC protocol handling CVE-2011-3594 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text descripti...

SuSE 10 Security Update : popt (ZYPP Patch Number 7792)

Specially crafted RPM packages could have caused memory corruption in rpm when verifying signatures CVE-2011-3378. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...

SuSE 10 Security Update : flash-player (ZYPP Patch Number 7398)

The Adobe Flash Player was updated to the 10.2.153.1, fixing several bugs and one security issue : - This vulnerability CVE-2011-0609 could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the...

SuSE 10 Security Update : dhcp6 (ZYPP Patch Number 7465)

A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0997 %NASLMINLEVEL 70300 C...

SuSE 10 Security Update : radvd (ZYPP Patch Number 7824)

This update of radvd fixes multiple buffer overread flaws in the processra function that could have potentially lead to crashes CVE-2011-3604. Additionally, a temporary Denial of Service flaw that could be triggered with a flood of NDROUTERSOLICIT has been fixed. CVE-2011-3605 %NASLMINLEVEL 70300...

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7462)

Malicious clients could have downgraded a connection to a low strength cipher suite on session resumption if the server offers such ciphers CVE-2010-4180. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : rdesktop (ZYPP Patch Number 7525)

The following bug has been fixed : - A malicious server could access any file on clients connecting to it if the client shared some ressource. CVE-2011-1595 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7741)

This update brings Mozilla Firefox to 3.6.22. The purpose of this update is to blacklist the compromised DigiNotar Certificate Authority. For more information read : MFSA 2011-34 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : wireshark (ZYPP Patch Number 7500)

This update to wireshark version 1.4.5 fixes the following security issues : - Resource Management Errors. CWE-399, CVE-2011-1590 - Buffer Errors. CWE-119, CVE-2011-1591 - Numeric Errors CWE-189, CVE-2011-1592 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugi...

SuSE 10 Security Update : clamav (ZYPP Patch Number 7805)

This version update of clamav fixes a recursion level crash. CVE-2011-3627 was assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid57169;...

SuSE 10 Security Update : build (ZYPP Patch Number 7395)

The build script uses cpio to extract untrusted rpm packages for bootstrapping virtual machines. cpio is not safe to use for this task, therefore the build script now uses bsdtar instead. CVE-2010-4226 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...