724 matches found
SuSE 10 Security Update : dbus-1 (ZYPP Patch Number 7593)
This update fixes the security issue that local users could disconnect system daemons from the bus by sending specially crafted messages. CVE-2011-2200 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...
SuSE 10 Security Update : libapr (ZYPP Patch Number 7611)
This update fixes the following security issues : - 650435: remote DoS in APR. CVE-2010-1623 - 693778: unconstrained recursion when processing patterns. CVE-2011-0419 / CVE-2011-1928 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...
SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7602)
This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes a regression in the last security update, which due to a version checking mismatch disabled multipath IO support. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...
SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7597)
Mozilla Firefox was updated to the 3.6.18 security release. - Miscellaneous memory safety hazards. MFSA 2011-19 / CVE-2011-2374 / CVE-2011-2376 / CVE-2011-2364 / CVE-2011-2365 - bmo617247 Use-after-free vulnerability when viewing XUL document with script disabled. MFSA 2011-20 / CVE-2011-2373 -...
SuSE 10 Security Update : glibc (ZYPP Patch Number 7575)
The following bugs have been fixed : - Specially crafted input to the fnmatch function could cause an integer overflow. CVE-2011-1071 - The output of the 'locale' command was not properly quoted. CVE-2011-1095 - Don't search the current directory if $ORIGIN is in RPATH of libraries called by setu...
SuSE 10 Security Update : libgssapi (ZYPP Patch Number 7544)
This update fixes insecure getenv usage, which could be used under some circumstances by local attackers do gain root privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7552)
This update of openssl fixes a timing attack. This attack can be used to obtain the private key of a TLS server whenever ECDSA signatures are used. CVE-2011-1945: CVSS v2 Base Score: 4.3 important AV:N/AC:M/Au:N/C:P/I:N/A:N: Cryptographic Issues. CWE-310 %NASLMINLEVEL 70300 C Tenable Network...
SuSE 10 Security Update : vino (ZYPP Patch Number 7532)
This security update fixes two out-of-bounds memory access vulnerabilities in vinos' libvncserver. CVE-2011-0904 / CVE-2011-0905 Additionally, another possible server crash has been fixed. bln440712 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...
SuSE 10 Security Update : wireshark (ZYPP Patch Number 7501)
This update to wireshark version 1.4.5 fixes the following security issues : - Resource Management Errors. CWE-399, CVE-2011-1590 - Buffer Errors. CWE-119, CVE-2011-1591 - Numeric Errors CWE-189, CVE-2011-1592 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugi...
SuSE 10 Security Update : pure-ftpd (ZYPP Patch Number 7466)
Pure-ftpd is vulnerable to the STARTTLS command injection issue similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...
SuSE 10 Security Update : logrotate (ZYPP Patch Number 7534)
This update for logrotate provides the following fixes : - Race condition in the createOutputFile function in logrotate allows local users to read log data by opening a file before the intended permissions are in place CVE-2011-1098. bnc677336 - The writeState function in logrotate might allow...
SuSE 10 Security Update : python (ZYPP Patch Number 7509)
This update of python fixes a possible denial of service bug or information leakage vulnerability while using user-crafted ftp:// or file:// URLs with urllib2. CVE-2011-1521: CVSS v2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text descripti...
SuSE 10 Security Update : firefox3-pango (ZYPP Patch Number 7460)
The following bug has been fixed : - Specially crafted font files could cause a heap corruption in applications linked against pango. CVE-2011-0020 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...
SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7505)
IBM Java 1.4.2 was updated to SR13 FP9, fixing bugs and security issues. More information can be found on the IBM JDK Alerts page : http://www.ibm.com/developerworks/java/jdk/alerts/ %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if...
SuSE 10 Security Update : vsftpd (ZYPP Patch Number 7373)
Certain file patterns could cause vsftpd to consume excessive CPU resulting in denial of service CVE-2011-0762. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
SuSE 10 Security Update : mailman (ZYPP Patch Number 7489)
This mailman update fixes several cross-site scripting XSS vulnerabilities. CVE-2011-0707 / CVE-2010-3089 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid53639;...
SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7463)
Malicious clients could have downgraded a connection to a low strength cipher suite on session resumption if the server offers such ciphers CVE-2010-4180. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...
SuSE 10 Security Update : dbus (ZYPP Patch Number 7483)
Local users could crash the D-Bus daemon by sending a specially crafted message CVE-2010-4352. This update also properly fixes CVE-2008-3834 / CVE-2009-1189. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'...
SuSE 10 Security Update : Mono (ZYPP Patch Number 7445)
The following bug has been fixed : - Mono loaded shared libraries from the current directory. CVE-2010-4159 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid5353...
SuSE 10 Security Update : Postfix (ZYPP Patch Number 7387)
The following bug has been fixed : - Postfix did not clear the receive buffer after the STARTTLS command. A man-in-the middle could therefore inject commands in the unencrypted stream that get interpreted in the encrypted phase after STARTTLS. CVE-2011-0411 %NASLMINLEVEL 70300 C Tenable Network...