SuSE 10 Security Update : dhcp6 (ZYPP Patch Number 7464)

A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0997 %NASLMINLEVEL 70300 C...

SuSE 10 Security Update : dhcp (ZYPP Patch Number 7456)

A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0997 %NASLMINLEVEL 70300 C...

SuSE 10 Security Update : X11 (ZYPP Patch Number 7417)

Remote attackers could execute arbitrary commands as root by assigning specially crafted hostnames to X11 clients via XDMCP. CVE-2011-0465 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : evince (ZYPP Patch Number 7346)

This update of evince fixes a buffer overflow in linetoken. CVE-2011-0433 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid53286; scriptversion"1.7";...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 7375)

php5 was updated to fix several security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if NASLLEVEL 3000 exit0; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid53285; scriptversion"1.7";...

SuSE 10 Security Update : quagga (ZYPP Patch Number 7355)

This security update of quagga fixes : - Direct BGP peers can send malformed extended communities which lead to a NULL pointer dereference. CVE-2010-1674 - A malformed ASPATHLIMIT path attribute will cause a session reset in Quagga. This malformed package is forwarded by other routers and can be...

SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7388)

IBM Java 5 was updated to SR 12 FP 4 fixing various security issues. For more details, please check the IBM JDK Alerts page : http://www.ibm.com/developerworks/java/jdk/alerts/ %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if NASLLEVEL...

SuSE 10 Security Update : libtiff (ZYPP Patch Number 7376)

Two buffer overflow were fixed in libtiff : - vecyccrgbconvert/JPEGDecode: CVE-2011-0191 - Fax4Decode: CVE-2011-0192 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : gimp (ZYPP Patch Number 7374)

Several gimp plugins were prone to buffer overflows. CVE-2010-4540 / CVE-2010-4541 / CVE-2010-4542 / CVE-2010-4543 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : java-1_6_0-ibm, java-1_6_0-ibm-32bit, java-1_6_0-ibm-64bit, java-1_6_0-ibm-alsa, java-1_6_0-ibm-alsa-32bit, java-1_6_0-ibm-demo, java-1_6_0-ibm-devel, java-1_6_0-ibm-devel-32bit, java-1_6_0-ibm-fonts, java-1_6_0-ibm-jdbc, java-1_6_0-ibm-jdbc-32bit, java-1_6_0-ibm-jdbc-64bit, java-1_6_0-ibm-plugin, java-1_6_0-ibm-plugin-32bit, java-1_6_0-ibm-src (ZYPP Patch Number 7369)

IBM Java 6 SR9 FP1 was updated to fix a critical security bug in float number handling : - The Java Runtime Environment hangs forever when converting '2.2250738585072012e-308' to a binary floating-point number. CVE-2010-4476 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text descriptio...

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7371)

Mozilla Firefox has been updated to version 3.6.15, fixing the following %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if NASLLEVEL 3000 exit0; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid52736;...

SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 7359)

Specially crafted PDF documents can crash acroread or lead to execution of arbitrary code. Acroread has been updated to version 9.4.2 to address the issues CVE-2010-4091 / CVE-2011-0562 / CVE-2011-0563 / CVE-2011-0565 / CVE-2011-0566 / CVE-2011-0567 / CVE-2011-0570 / CVE-2011-0585 / CVE-2011-0586...

SuSE 10 Security Update : Tomcat (ZYPP Patch Number 7337)

This tomcat6 update fixes : - CVE-2010-3718: CVSS v2 Base Score: 4.0 AV:N/AC:H/Au:N/C:P/I:P/A:N: Design Error CWE-DesignError - CVE-2011-0013: CVSS v2 Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N: XSS CWE-79 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is...

SuSE 10 Security Update : subversion (ZYPP Patch Number 7319)

The subversion server could have been crashed by clients inside SVNParentPath. This has been fixed. CVE-2010-4539 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : xpdf (ZYPP Patch Number 7324)

This update of xpdf fixes an out-of-bounds write in CharCodeToUnicode.cc and a bad instruction pointer while parsing malformed PDF files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if NASLLEVEL 3000 exit0;...

SuSE 10 Security Update : IBM Java 1.6 (ZYPP Patch Number 7342)

Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed : CVE-2010-4452 / CVE-2010-4454 / CVE-2010-4462 / CVE-2010-4463 / CVE-2010-4465 / CVE-2010-4467 / CVE-2010-4469 / CVE-2010-4473 / CVE-2010-4422 /...

SuSE 10 Security Update : RealPlayer (ZYPP Patch Number 6266)

RealPlayer 10 is vulnerable to a critical security problem in the flash plugin CVE-2007-5400. Real does not provide updated binaries of RealPlayer 10 and SUSE is not allowed to ship RealPlayer 11. Therefore this update disables the flash plugin by setting restrictive file system permissions...

SuSE 10 Security Update : gaim (ZYPP Patch Number 6350)

malformed responses to file transfers could cause a buffer overflow in pidgin. CVE-2009-1373 - the fix against integer overflows in the msn protocol handling was incomplete. CVE-2009-1376 - certain ICQ message types could crash pidgin. CVE-2009-1889 %NASLMINLEVEL 70300 C Tenable Network Security,...

SuSE 10 Security Update : acroread (ZYPP Patch Number 7087)

Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code. The fixed security issues have been tracked as : - CVE-2010-1297 - CVE-2010-1240 - CVE-2010-1285 - CVE-2010-1295 - CVE-2010-2168 - CVE-2010-2201 - CVE-2010-2202 - CVE-2010-2203 - CVE-2010-2204 -...

SuSE 10 Security Update : pidgin (ZYPP Patch Number 6342)

Several bugfixes were done for the Instant Messenger Pidgin : - Malformed responses to file transfers could cause a buffer overflow in pidgin CVE-2009-1373 and specially crafted packets could crash it. CVE-2009-1375 - The fix against integer overflows in the msn protocol handling was incomplete...