SuSE 10 Security Update : Novell ipsec tools (ZYPP Patch Number 6306)

This update of ipsec-tools fixes a crash of racoon in ISAKMP's de-fragmentation code due to a NULL pointer dereference. CVE-2009-1574 Additionally multiple memory leaks were fixed that allowed to execute a remote denial of service attack. CVE-2009-1632 %NASLMINLEVEL 70300 C Tenable Network...

SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 7148)

Specially crafted ppt files could cause a heap-based buffer overflow in OpenOfficeorg Impress. Attackers could exploit that to crash OpenOfficeorg or potentially even execute arbitrary code. CVE-2010-2935 / CVE-2010-2936 This update also fixes numerous non-security bugs. Please refer to the packa...

SuSE 10 Security Update : flash-player (ZYPP Patch Number 7165)

Flash Player was updated to version 10.1.85.3 to fix a critical security issue. CVE-2010-2884 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid51738;...

SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6161)

Multiple flaws in the JBIG2 decoder and the JavaScript engine of the Adobe Reader allowed attackers to crash acroread or even execute arbitrary code by tricking users into opening specially crafted PDF files. CVE-2009-0658 / CVE-2009-0927 / CVE-2009-0193 / CVE-2009-0928 / CVE-2009-1061 /...

SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6584)

Adobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim's system via specially crafted PDF files. CVE-2007-0048 / CVE-2007-0045 / CVE-2009-2564 / CVE-2009-2979 / CVE-2009-2980 /...

SuSE 10 Security Update : amarok (ZYPP Patch Number 5931)

This update of amarok fixes several integer overflows and unchecked memory allocations that can be exploited by malformed Audible digital audio files. These bugs could be used in a user-assisted attack scenario to execute arbitrary code remotely. CVE-2009-0135 / CVE-2009-0136 %NASLMINLEVEL 70300 ...

SuSE 10 Security Update : acroread (ZYPP Patch Number 6802)

Specially crafted PDF files could crash acroread. Attackers could exploit that to potentially execute arbitrary code. CVE-2009-3953 / CVE-2009-3954 / CVE-2009-3955 / CVE-2009-3956 / CVE-2009-3957 / CVE-2009-3958 / CVE-2009-3959 / CVE-2009-4324 Acrobat reader was updated to version 9.3 to fix thos...

SuSE 10 Security Update : valgrind (ZYPP Patch Number 5803)

valgrind reads a file .valgrindrc in the current directory. Therefore local users could place such a file a world-writable directory such as /tmp and influence other users' valgrind when it's executed there. CVE-2008-4865 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description o...

SuSE 10 Security Update : flash-player (ZYPP Patch Number 6020)

Specially crafted swf files could cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute code on the victim's machine. CVE-2009-0519 / CVE-2009-0520 / CVE-2009-0114 / CVE-2009-0521 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of...

SuSE 10 Security Update : TeX (ZYPP Patch Number 7020)

Specially crafted dvi files could cause buffer overflows in dvips and dvipng CVE-2010-0827 / CVE-2010-0829 / CVE-2010-0739 / CVE-2010-1440. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6260)

This update of acroread fixes two vulnerabilities in the JavaScript API that allow attackers to execute arbitrary code with a malformed PDF file. CVE-2009-1492 / CVE-2009-1493 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : avahi (ZYPP Patch Number 5870)

Specially crafted mDNS packets could crash the Avahi daemon. CVE-2008-5081 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid51718; scriptversion"1.9";...

SuSE 10 Security Update : acroread (ZYPP Patch Number 7086)

Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code. The fixed security issues have been tracked as : - CVE-2010-1297 - CVE-2010-1240 - CVE-2010-1285 - CVE-2010-1295 - CVE-2010-2168 - CVE-2010-2201 - CVE-2010-2202 - CVE-2010-2203 - CVE-2010-2204 -...

SuSE 10 Security Update : imlib2 (ZYPP Patch Number 5832)

A security problem was fixed in imlib2 where loading a specific XPM file could corrupt memory. CVE-2008-5187 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : ImageMagick.rpm (ZYPP Patch Number 6284)

This update of ImageMagick fixes an integer overflow in the XMakeImage function that allowed remote attackers to cause a denial-of-service and possibly the execution of arbitrary code via a crafted TIFF file. CVE-2009-1882 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description ...

SuSE 10 Security Update : gimp (ZYPP Patch Number 6882)

Integer overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim's system by tricking the victim to open specially crafted files. - CVE-2009-3909: CVSS v2 Base Score: 4.3 moderate AV:N/AC:M/Au:N/C:N/I:N/A:P: Numeric Errors. CWE-189. CVE-2009-1570...

SuSE 10 Security Update : libxmlrpc (ZYPP Patch Number 6857)

This update of libxmlrpc is not vulnerable anymore to denial of service bugs that can occur while processing malformed XML input. - CVE-2009-3720: CVSS v2 Base Score: 5.0 MEDIUM AV:N/AC:L/Au:N/C:N/I:N/A:P: Insufficient Information CWE-noinfo CVE-2009-3560: CVSS v2 Base Score: 5.0 MEDIUM...

SuSE 10 Security Update : libxml (ZYPP Patch Number 6482)

This update of libxml does not use pointers after they were freed anymore. CVE-2009-2416 Additionally a stack-based buffer overflow was fixed while parsing the root XML document. CVE-2009-2414 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, In...

SuSE 10 Security Update : Ogg Vorbis tools (ZYPP Patch Number 5302)

Specially crafted files or streams could potentially be abused to trick applications that support speex into executing arbitrary code. CVE-2008-1686 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : Sun Java 1.6.0 (ZYPP Patch Number 7204)

Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following...