SuSE 10 Security Update : sendmail (ZYPP Patch Number 6860)

This update of sendmail improves the handling of special-characters in the SSL certificate. CVE-2009-4565: CVSS v2 Base Score: 7.5 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : libtool (ZYPP Patch Number 6683)

libtool: libltdl may load modules from the current working directory. CVE-2009-3736 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : pango (ZYPP Patch Number 6800)

A long glyph string can trigger a heap-based buffer overflow in pango. CVE-2009-1194 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid49911; scriptversion"1.11";...

SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7133)

This SUSE Linux Enterprise 10 SP3 kernel update contains several bug fixes and fixes for the following security issues : - the stack of a process could grow into other mapped areas, therefore overwriting memory instead of terminating the process. CVE-2010-2240 - specially crafted requests could...

SuSE 10 Security Update : kdegraphics3-pdf (ZYPP Patch Number 6652)

Specially crafted PDF files could cause buffer overflows in the pdftops filter when printing such a document. CVE-2009-3608: CVSS v2 Base Score: 9.3 CVE-2009-3609: CVSS v2 Base Score: 4. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7168)

When loading specially crafted font files applications linked against freetype2 could crash or potentially even execute arbitrary code CVE-2010-3311 / CVE-2010-3053 / CVE-2010-3054. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...

SuSE 10 Security Update : Cyrus IMAPD (ZYPP Patch Number 6521)

This update fixes another buffer overflow in the Sieve code CVE-2009-3235. This can be exploited by users allowed to use their own sieve scripts to execute arbitrary code remotely. Additionally the handling of long headers was improved. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The tex...

SuSE 10 Security Update : Samba (ZYPP Patch Number 6551)

samba's makeconnectionsnum handles certain input incorrectly, which may lead to disclosure of the root directory. CVE-2009-2813 has been assigned to this issue. Additionally an information disclosure vulnerability in mount.cifs has been fixed CVE-2009-2948 as well as a DoS condition. CVE-2009-290...

SuSE 10 Security Update : perl-HTML-Parser (ZYPP Patch Number 6622)

Specially crafted HTML documents could cause perl-HTML-Parser to run into an endless loop. CVE-2009-3627 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid49915;...

SuSE 10 Security Update : xorg-x11 (ZYPP Patch Number 7002)

X clients could cause a memory corruption in the X Render extension which crashes the X server CVE-2010-1166. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : libvirt (ZYPP Patch Number 7150)

Improperly mapped source privileged ports in guests may allow obtaining privileged resources on the host. CVE-2010-2242 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : iscsitarget (ZYPP Patch Number 7109)

This update of iscscitarget/tgt fixes multiple overflows and a format string vulnerability : - CVE-2010-2221: CVSS v2 Base Score: 5.0 MEDIUM AV:N/AC:L/Au:N/C:N/I:N/A:P: Buffer Errors CWE-119 - CVE-2010-0743: CVSS v2 Base Score: 5.0 MEDIUM AV:N/AC:L/Au:N/C:N/I:N/A:P: Format String Vulnerability...

SuSE 10 Security Update : bzip2 (ZYPP Patch Number 7169)

This update fixes an integer overflow in the BZ2decompress function of bzip2/libbz2. This can be exploited via a crafted archive to cause a denial of service or even execute arbitrary code. CVE-2010-0405 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6666)

The Mozilla Firefox 3.5.5 release fixes some instability issues caused by the 3.5.4 security upgrade. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid49888;...

SuSE 10 Security Update : netpbm (ZYPP Patch Number 6852)

This update of netpbm fxes a stack-based buffer overflow that could be triggered while processing the contents of XPM headers in image files. CVE-2009-4274: CVSS v2 Base Score: 5.8 moderate AV:N/AC:M/Au:N/C:N/I:P/A:P: Buffer Errors CWE-119 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

SuSE 10 Security Update : Python (ZYPP Patch Number 6946)

This update of python has a copy of libxmlrpc that is vulnerable to denial of service bugs that can occur while processing malformed XML input. CVE-2009-2625: CVSS v2 Base Score: 5.0 moderate AV:N/AC:L/Au:N/C:N/I:N/A:P: Permissions, Privileges, and Access Control CWE-264 CVE-2009-3720: CVSS v2 Ba...

SuSE 10 Security Update : kdm (ZYPP Patch Number 6941)

The KDE display manager kdm contains a race condition which allows local attackers to make arbitrary files orld writable. CVE-2010-0436 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : avahi (ZYPP Patch Number 6790)

The avahi-daemon reflector could cause packet storms when reflecting legacy unicast mDNS traffic CVE-2009-0758. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : OpenLDAP 2 (ZYPP Patch Number 6598)

This update of openldap2 makes SSL certificate verification more robust against uses of the special character \0 in the subjects name. CVE-2009-2408 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : libpng (ZYPP Patch Number 7144)

Specially crafted png files could cause crashes or even execution of arbitrary code in applications using libpng to process such files. CVE-2010-1205 / CVE-2010-2249 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...