SuSE 10 Security Update : wireshark (ZYPP Patch Number 7795)

This update of wireshark fixes the following vulnerabilities : - Wireshark IKE dissector vulnerability. CVE-2011-3266 - Wireshark Lua script execution vulnerability. CVE-2011-3360 - Wireshark buffer exception handling vulnerability. CVE-2011-3483 - Lucent/Ascend file parser susceptible to infinit...

SuSE 10 Security Update : yast2-core (ZYPP Patch Number 7725)

This update of yast2-core fixes security issues, bugs, and adds a debugging feature. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid56619; scriptversion"1.7";...

SuSE 10 Security Update : cyrus-imapd (ZYPP Patch Number 7786)

An authentication bypass CVE-2011-3372 and a DoS vulnerability CVE-2011-3481 have been fixed in the Cyrus IMAPd nntpd. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : clamav (ZYPP Patch Number 7804)

This version update of clamav fixes a recursion level crash. CVE-2011-3627 was assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid56602;...

SuSE 10 Security Update : openssl-certs (ZYPP Patch Number 7718)

This updates includes the latest SSL root certificates trusted by Mozilla as of 2011-08-31. This includes removing the DigiNotar CA. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : ncpfs (ZYPP Patch Number 7710)

Following issues are fixed by this update : - The ncpfs mount and umount programs were affected by the /etc/mtab truncation problems on RLIMITFSIZE. CVE-2011-1679 - on errors, the mtab lock was not removed, blocking other applications from modifying /etc/mtab. CVE-2011-1680 - we now keep the...

SuSE 10 Security Update : pure-ftpd (ZYPP Patch Number 7723)

The OES Netware add-ons in pure-ftpd had a security problem and some bugs, which are fixed by this update. A local attacker could overwrite local files when the OES remote server feature of pure-ftpd is enabled due to a directory traversal. CVE-2011-3171 Additionally the following bugs have been...

SuSE 10 Security Update : dhcp (ZYPP Patch Number 7717)

This update of dhcp fixes two Denial of Service CVE-2011-2748 / CVE-2011-2749 vulnerabilities caused by specially crafted BOOTP packets. Additionally, the alias IP address handling of dhclient-script was fixed to not wipe out iptables connmark when renewing the lease. %NASLMINLEVEL 70300 C Tenabl...

SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7688)

The following security issues were fixed in tomcat : - Fixed a tomcat user password information leak. CVE-2011-2204 - Fixed a tomcat information leak and DoS CVE-2011-2526 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : apache2-mod_auth_mysql (ZYPP Patch Number 7682)

This update of apache2-modauthmysql fixes a possible SQL injection vulnerability that can be exploited using multibyte character encoding. CVE-2008-2384: CVSS v2 Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N: SQL Injection. CWE-89 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...

SuSE 10 Security Update : ClamAV (ZYPP Patch Number 7661)

New clamav packages fix an off-by-one vulnerability which could lead to a DoS condition. CVE-2011-2721 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...

SuSE 10 Security Update : libpng (ZYPP Patch Number 7669)

This update of libpng fixes : - CVE-2008-6218: CVSS v2 Base Score: 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C: Resource Management Errors CWE-399 - CVE-2011-2690: CVSS v2 Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P: Buffer Errors CWE-119 - CVE-2011-2692: CVSS v2 Base Score: 5.0 AV:N/AC:M/Au:N/C:N/I:N/A:P:...

SuSE 10 Security Update : foomatic-filters (ZYPP Patch Number 7676)

The foomatic print filters of the hplip package contained a remote code execution vulnerability. Remote users, if allowed to access a print server such as CUPS, could execute arbitrary commands as lp system user. CVE-2011-2697: CVSS v2 Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P: Input Validation...

SuSE 10 Security Update : coreutils (ZYPP Patch Number 7655)

This update of coreutils fixes the following security issue : - 697897: coreutils: when running 'su -c' to execute commands as different user the target user could inject command back into the calling users terminal via the TIOCSTI ioctl. This update also fixes the following non-security issues :...

SuSE 10 Security Update : libsndfile (ZYPP Patch Number 7638)

An integer overflow in libsndfile while processing certain PAF files has been fixed. CVE-2011-2696 has been assigned to this issue. Additionally an divide by zero error CVE-2009-4835 has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...

SuSE 10 Security Update : opie (ZYPP Patch Number 7595)

This update fixes off-by-one errors in opiesu CVE-2011-2489 and missing setuid return value checks in opielogin. CVE-2011-2490 This update also removes the setuid bit from opiesu program. If you rely on the setuid bit on opiesu, add the following line to /etc/permissions.local : /usr/bin/opiesu...

SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 7644)

This update adds openssl patches since 2007 for : - CVE-2009-0590 - CVE-2008-5077 - CVE-2009-0789 - CVE-2009-3555 - CVE-2010-4180 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if NASLLEVEL 3000 exit0; include'deprecatednasllevel.inc';...

SuSE 10 Security Update : nagios (ZYPP Patch Number 7624)

The following bug has been fixed : - statusmap.cgi was prone to a cross-site scripting XSS vulnerability. CVE-2011-1523 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7626)

IBM Java 1.6.0 SR9-FP2 fixes several of bugs and thew following security issues : - An unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.231 and earlier allows remote untrusted Java Web Start...

SuSE 10 Security Update : cyrus-imapd (ZYPP Patch Number 7584)

Cyrus-imapd recognized commands before switching to an encrypted channel via STARTTLS. Attackers could potentially exploit that to inject plain text commands. CVE-2011-1926 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...