SuSE 10 Security Update : CUPS (ZYPP Patch Number 7775)

This update fixes the following security issues : - 601830: CSRF via admin web interface. CVE-2010-0540 - 680210: users in group 'lp' can overwrite arbitrary files. CVE-2010-2431 - 711490: heap overflow in gif decoder. CVE-2011-2896 - 715643: heap overflow in gif decoder CVE-2011-3170 This update...

SuSE 10 Security Update : Apache (ZYPP Patch Number 7722)

This update fixes a remote denial of service bug memory exhaustion in the Apache 2 HTTP server, that could be triggered by remote attackers using multiple overlapping Request Ranges. CVE-2011-3192 It also fixes a bug, where the LimitRequestFieldsize config option into account when parsing headers...

SuSE 10 Security Update : nbd (ZYPP Patch Number 7450)

Nbd was updated to fix a buffer overflow in the mainloop function of nbd-server.c. This vulnerability can be exploited by remote attackers via long requests to execute arbitrary code. CVE-2011-0530: CVSS v2 Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P: Buffer Errors CWE-119 %NASLMINLEVEL 70300 C...

SuSE 10 Security Update : ruby (ZYPP Patch Number 7528)

This update improves the handling of big decimal integers. Prior to this update, a bug in VpMemAlloc could cause a denial of service situation or even lead to arbitrary code execution. CVE-2011-0188 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...

SuSE 10 Security Update : cyrus-imapd (ZYPP Patch Number 7785)

An authentication bypass CVE-2011-3372 and a DoS vulnerability CVE-2011-3481 have been fixed in the Cyrus IMAPd nntpd. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7756)

The following bug has been fixed : - Specially crafted AJP messages could have been used to bypass authentication. CVE-2011-3190 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : vino (ZYPP Patch Number 7531)

This security update fixes two out-of-bounds memory access vulnerabilities in vinos' libvncserver. CVE-2011-0904 / CVE-2011-0905 Additionally, another possible server crash has been fixed. bln440712 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...

SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 7404)

A buffer overflow in the intarray module potentially allowed attackers to execute arbitrary code as the user running postgresql. CVE-2010-4015:CVSS v2 Base Score: 4.9 Additionally a possible log forging problem was fixed too. CVE-2010-4014 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7399)

Specially crafted font files could crash applications that use freetype2 to render the fonts. CVE-2010-3814 / CVE-2010-3855 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : clamav (ZYPP Patch Number 7397)

Specially crafted VBA data in Microsoft Office documents could crash clamav or potentially even cause execution of arbitrary code. clamav was updated to version 0.97 to fix the issue. CVE-2011-1003 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novel...

SuSE 10 Security Update : flash-player (ZYPP Patch Number 7559)

This update of flash player fixes a cross-site scripting vulnerability CVE-2011-2107. For more information about this issue please refer to http://www.adobe.com/support/security/bulletins/apsb11-13.html . %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is ...

SuSE 10 Security Update : bind (ZYPP Patch Number 7614)

A remote denial of service vulnerability has been fixed in bind. Specially crafted packets could cause bind servers recursive as well as authoritative to exit. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : flash-player (ZYPP Patch Number 7518)

Flash Player has been updated to version 10.3, fixing bugs and security issues. More information can be found on : http://www.adobe.com/support/security/bulletins/apsb11-12.html %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if NASLLEVEL...

SuSE 10 Security Update : pure-ftpd (ZYPP Patch Number 7426)

pure-ftpd was updated to fix a security issue with an Open Enterprise Server specific patch : - A worldwriteable directory created and used by the OES pure-ftpd Netware extensions could be used by local attackers to overwrite system files and so gain privileges. CVE-2011-0988 %NASLMINLEVEL 70300 ...

SuSE 10 Security Update : wireshark (ZYPP Patch Number 7796)

This update of wireshark fixes the following vulnerabilities : - Wireshark IKE dissector vulnerability. CVE-2011-3266 - Wireshark Lua script execution vulnerability. CVE-2011-3360 - Wireshark buffer exception handling vulnerability. CVE-2011-3483 - Lucent/Ascend file parser susceptible to infinit...

SuSE 10 Security Update : postfix (ZYPP Patch Number 7502)

Remote attackers could have potentially exploited a memory corruption issue in postfix' SASL implementation to execute arbitrary code CVE-2011-1720. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : Xen (ZYPP Patch Number 7699)

This update fixes a denial of service Host Crash in the XEN hypervisor. CVE-2011-2901 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if NASLLEVEL 3000 exit0; include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : libapr1 (ZYPP Patch Number 7610)

This update fixes the following security issue : - 693778: unconstrained recursion when processing patterns. CVE-2011-0419 / CVE-2011-1928 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 7553)

This update for PHP5 fixes the following security issues : - Input Validation in the ZIP extension and NumberFormatter. CWE-20, CVE-2011-0421 / CVE-2011-1470 / CVE-2011-1467 - Numeric Errors in the SHM support and ZIP extension. CWE-189, CVE-2011-1092 / CVE-2011-1471 - Buffer overflows in the...

SuSE 10 Security Update : coreutils (ZYPP Patch Number 7658)

This update fixes the following security issue : - 697897: coreutils: when running 'su -c' to execute commands as different user the target user could inject command back into the calling user's terminal via the TIOCSTI ioctl. It also fixes a bug : - 702995: Added -L and -P commandline options to...