SuSE 10 Security Update : eID-belgium (ZYPP Patch Number 6006)

eID-belgium uses EVPVerifyFinal incorrectly CVE-2009-0049 which allowed bypassing the validation of the certificate chain. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descripti...

SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6264)

This update of acroread fixes two vulnerabilities in the JavaScript API that allow attackers to execute arbitrary code with a malformed PDF file. CVE-2009-1492 / CVE-2009-1493 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6121)

Multiple flaws in the JBIG2 decoder and the JavaScript engine of the Adobe Reader allowed attackers to crash acroread or even execute arbitrary code by tricking users into opening specially crafted PDF files. CVE-2009-0658 / CVE-2009-0927 / CVE-2009-0193 / CVE-2009-0928 / CVE-2009-1061 /...

SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6994)

Specially crafted PDF documents could crash acroread or even lead to execution of arbitrary code. CVE-2010-0190 / CVE-2010-0191 / CVE-2010-0192 / CVE-2010-0193 / CVE-2010-0194 / CVE-2010-0195 / CVE-2010-0196 / CVE-2010-0197 / CVE-2010-0198 / CVE-2010-0199 / CVE-2010-0201 / CVE-2010-0202 /...

SuSE 10 Security Update : flash-player (ZYPP Patch Number 7223)

Adobe Flash Player was updated to version 10.1.102.64 to fix the following critical security issue : - An unspecified vulnerability could cause a crash and allow an attacker to take control of the affected system. CVE-2010-3654 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...

SuSE 10 Security Update : XEmacs (ZYPP Patch Number 6413)

Specially crafted tiff, png and jpeg images could cause integer overflows in xemacs and possible system compromise. CVE-2009-2688 Additionally two non-security bugs were fixed that enable xeamcs to use the configured fonts. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description...

SuSE 10 Security Update : pidgin (ZYPP Patch Number 6463)

This update of pidgin fixes a remote arbitrary code execution vulnerability in MSN SLP packet processing code. CORE-2009-0727 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : avahi (ZYPP Patch Number 6787)

The avahi-daemon reflector could cause packet storms when reflecting legacy unicast mDNS traffic CVE-2009-0758. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : gaim (ZYPP Patch Number 6461)

This update of gaim fixes a remote arbitrary code execution vulnerability in MSN SLP packet processing code. CORE-2009-0727 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : flash-player (ZYPP Patch Number 5877)

An unspecified vulnerability in flash-player allowed attackers to take control of the victim's system by having the victim load a specially crafted SWF file. CVE-2008-5499 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : acroread (ZYPP Patch Number 7087)

Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code. The fixed security issues have been tracked as : - CVE-2010-1297 - CVE-2010-1240 - CVE-2010-1285 - CVE-2010-1295 - CVE-2010-2168 - CVE-2010-2201 - CVE-2010-2202 - CVE-2010-2203 - CVE-2010-2204 -...

SuSE 10 Security Update : RealPlayer (ZYPP Patch Number 6266)

RealPlayer 10 is vulnerable to a critical security problem in the flash plugin CVE-2007-5400. Real does not provide updated binaries of RealPlayer 10 and SUSE is not allowed to ship RealPlayer 11. Therefore this update disables the flash plugin by setting restrictive file system permissions...

SuSE 10 Security Update : flash-player (ZYPP Patch Number 6769)

Specially crafted Flash SWF files can cause overflows in flash-player. Attackers could potentially exploit that to execute arbitrary code. CVE-2009-3794 / CVE-2009-3796 / CVE-2009-3797 / CVE-2009-3798 / CVE-2009-3799 / CVE-2009-3800 / CVE-2009-3951 %NASLMINLEVEL 70300 C Tenable Network Security,...

SuSE 10 Security Update : Realplayer and banshee (ZYPP Patch Number 7122)

The security support of Real Player 10 was discontinued a while ago by Real Networks. As there are known critical security problems in Real Player 10 and we are unable to fix them nor update to Real Player 11, we are disabling this player. The media player of SUSE Linux Enterprise Desktop 10, Hel...

SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6993)

Specially crafted PDF documents could crash acroread or even lead to execution of arbitrary code. CVE-2010-0190 / CVE-2010-0191 / CVE-2010-0192 / CVE-2010-0193 / CVE-2010-0194 / CVE-2010-0195 / CVE-2010-0196 / CVE-2010-0197 / CVE-2010-0198 / CVE-2010-0199 / CVE-2010-0201 / CVE-2010-0202 /...

SuSE 10 Security Update : flash-player (ZYPP Patch Number 6845)

The following bug has been fixed: Insufficient checks in flash-player allowed malicious flash applets to create illegal cross-domain requests CVE-2010-0186. The update also fixes a denial of service condition. CVE-2010-0187 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description...

SuSE 10 Security Update : xine (ZYPP Patch Number 5304)

Specially crafted NSF files could potentially be exploited to execute arbitrary code. CVE-2008-1878 Specially crafted files or streams could potentially be abused to trick applications that support speex into executing arbitrary code. CVE-2008-1686 %NASLMINLEVEL 70300 C Tenable Network Security,...

SuSE 10 Security Update : Novell ipsec tools (ZYPP Patch Number 6306)

This update of ipsec-tools fixes a crash of racoon in ISAKMP's de-fragmentation code due to a NULL pointer dereference. CVE-2009-1574 Additionally multiple memory leaks were fixed that allowed to execute a remote denial of service attack. CVE-2009-1632 %NASLMINLEVEL 70300 C Tenable Network...

SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 7148)

Specially crafted ppt files could cause a heap-based buffer overflow in OpenOfficeorg Impress. Attackers could exploit that to crash OpenOfficeorg or potentially even execute arbitrary code. CVE-2010-2935 / CVE-2010-2936 This update also fixes numerous non-security bugs. Please refer to the packa...

SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6161)

Multiple flaws in the JBIG2 decoder and the JavaScript engine of the Adobe Reader allowed attackers to crash acroread or even execute arbitrary code by tricking users into opening specially crafted PDF files. CVE-2009-0658 / CVE-2009-0927 / CVE-2009-0193 / CVE-2009-0928 / CVE-2009-1061 /...