SuSE 10 Security Update : yast2-core (ZYPP Patch Number 7726)

This update of yast2-core fixes security issues, bugs, and adds a debugging feature. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid57270; scriptversion"1.6";...

SuSE 10 Security Update : CUPS (ZYPP Patch Number 7775)

This update fixes the following security issues : - 601830: CSRF via admin web interface. CVE-2010-0540 - 680210: users in group 'lp' can overwrite arbitrary files. CVE-2010-2431 - 711490: heap overflow in gif decoder. CVE-2011-2896 - 715643: heap overflow in gif decoder CVE-2011-3170 This update...

SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7689)

The following security issues were fixed in tomcat : - Fixed a tomcat user password information leak. CVE-2011-2204 - Fixed a tomcat information leak and DoS CVE-2011-2526 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 7393)

PHP5 was updated to fix several security issues. CVE-2010-4150 / CVE-2010-4645 / CVE-2010-4697 / CVE-2010-4698 / CVE-2010-4699 / CVE-2011-0708 / CVE-2011-0752 / CVE-2011-0753 / CVE-2011-0755 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : python (ZYPP Patch Number 7506)

This update of python fixes a possible denial of service bug or information leakage vulnerability while using user-crafted ftp:// or file:// URLs with urllib2. CVE-2011-1521: CVSS v2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text descripti...

SuSE 10 Security Update : dhcp (ZYPP Patch Number 7430)

A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0997 %NASLMINLEVEL 70300 C...

SuSE 10 Security Update : flash-player (ZYPP Patch Number 7559)

This update of flash player fixes a cross-site scripting vulnerability CVE-2011-2107. For more information about this issue please refer to http://www.adobe.com/support/security/bulletins/apsb11-13.html . %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is ...

SuSE 10 Security Update : cyrus-imapd (ZYPP Patch Number 7583)

Cyrus-imapd recognized commands before switching to an encrypted channel via STARTTLS. Attackers could potentially exploit that to inject plain text commands. CVE-2011-1926 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : Apache (ZYPP Patch Number 7722)

This update fixes a remote denial of service bug memory exhaustion in the Apache 2 HTTP server, that could be triggered by remote attackers using multiple overlapping Request Ranges. CVE-2011-3192 It also fixes a bug, where the LimitRequestFieldsize config option into account when parsing headers...

SuSE 10 Security Update : libgssapi (ZYPP Patch Number 7541)

This update fixes insecure getenv usage, which could be used under some circumstances by local attackers do gain root privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : openssl-certs (ZYPP Patch Number 7719)

This updates includes the latest SSL root certificates trusted by Mozilla as of 2011-08-31. This includes removing the DigiNotar CA. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : dhcpcd (ZYPP Patch Number 7433)

A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0996 %NASLMINLEVEL 70300 C...

SuSE 10 Security Update : libapr1 (ZYPP Patch Number 7610)

This update fixes the following security issue : - 693778: unconstrained recursion when processing patterns. CVE-2011-0419 / CVE-2011-1928 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 7645)

This update adds openssl patches since 2007 for : - CVE-2009-0590 - CVE-2008-5077 - CVE-2009-0789 - CVE-2009-3555 - CVE-2010-4180 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if NASLLEVEL 3000 exit0; include'deprecatednasllevel.inc';...

SuSE 10 Security Update : pam (ZYPP Patch Number 7815)

The pamenv module is vulnerable to a stack overflow CVE-2011-3148 and a DoS condition CVE-2011-3149 when parsing users .pamenvironment files. Additionally a missing return value check inside pamxauth has been fixed. CVE-2010-3316 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7740)

This update brings Mozilla Firefox to 3.6.22. The purpose of this update is to blacklist the compromised DigiNotar Certificate Authority. For more information read : MFSA 2011-34 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : cyrus-imapd (ZYPP Patch Number 7728)

This update of cyrus-imapd fixes a buffer overflow that could have been potentially exploited by remote attackers to cause a crash or run arbitrary code. CVE-2011-3208 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7755)

The following bug has been fixed : - Specially crafted AJP messages could have been used to bypass authentication. CVE-2011-3190 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : quagga (ZYPP Patch Number 7767)

This update fixes the following security issues : - 718056: OSPF6D buffer overflow while decoding Link State Update with Inter Area Prefix Lsa. CVE-2011-3323 - 718058: OSPF6D DoS while decoding Database Description packet. CVE-2011-3324 - 718059: OSPFD DoS while decoding Hello packet. CVE-2011-33...

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7766)

Server code for ECDH could have crashed if it received a specially crafted handshake message CVE-2011-3210. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...