SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6666)

The Mozilla Firefox 3.5.5 release fixes some instability issues caused by the 3.5.4 security upgrade. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid49888;...

SuSE 10 Security Update : kdm (ZYPP Patch Number 6941)

The KDE display manager kdm contains a race condition which allows local attackers to make arbitrary files orld writable. CVE-2010-0436 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7168)

When loading specially crafted font files applications linked against freetype2 could crash or potentially even execute arbitrary code CVE-2010-3311 / CVE-2010-3053 / CVE-2010-3054. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...

SuSE 10 Security Update : kdegraphics3-pdf (ZYPP Patch Number 6652)

Specially crafted PDF files could cause buffer overflows in the pdftops filter when printing such a document. CVE-2009-3608: CVSS v2 Base Score: 9.3 CVE-2009-3609: CVSS v2 Base Score: 4. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : libvorbis (ZYPP Patch Number 7057)

This update of libvorbis fixes a memory corruption while parsing OGG files. The bug is exploitable by remote attackers to cause an application crash and could probably be exploited to execute arbitrary code. The issue has been tracked as CVE-2009-2663. %NASLMINLEVEL 70300 C Tenable Network...

SuSE 10 Security Update : cpio (ZYPP Patch Number 6948)

This update fixes a heap-based buffer overflow flaw that can happen while expanding specially crafted archive files. CVE-2010-0624 It also contains changes for : fixed Dat160 Tape Drive density information bnc415166 fixed cpio issues with file sizes = 2^32 fixed handling eof and eod marks...

SuSE 10 Security Update : w3m (ZYPP Patch Number 7076)

w3m does not handle embedded NUL characters in the common name and in subject alternative names of X.509 certificates CVE-2010-2074. This update fixes the issue and also turns on verification of x509 certificates by default which was not the case before. %NASLMINLEVEL 70300 C Tenable Network...

SuSE 10 Security Update : clamav (ZYPP Patch Number 6990)

Specially crafted CAB archives could crash clamav CVE-2010-1311 or bypass virus detection CVE-2010-0098. clamav has been updated to version 0.96 which fixes those issues. Citing freshmeat.net : This Release introduces new malware detection mechanisms and other significant improvements to the scan...

SuSE 10 Security Update : gzip (ZYPP Patch Number 6793)

The following bug has been fixed : Specially crafted gzip archives could trigger integer overflows. Attackers could exploit that to crash gzip or potentially execute arbitrary code CVE-2010-0001. Only 64bit architectures are affected by this flaw. %NASLMINLEVEL 70300 C Tenable Network Security,...

SuSE 10 Security Update : strongswan (ZYPP Patch Number 6529)

The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. CVE-2009-2661 This could lead to crashes of the pluto IKE daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6987)

The following bugs have been fixed : When using a multi-threaded MPM apache could leak memory of requests handled by a different thread when processing subrequests CVE-2010-0434. Specially crafted requests could crash modproxyajp. CVE-2010-0408 %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

SuSE 10 Security Update : MySQL (ZYPP Patch Number 6899)

This update fixes various security issues bnc557669 : upstream 47320 - checking server certificates CVE-2009-4028 upstream 48291 - error handling in subqueries CVE-2009-4019 upstream 47780 - preserving nullvalue flag in GeomFromWKB CVE-2009-4019 upstream 39277 - symlink behaviour fixed...

SuSE 10 Security Update : evolution-data-server (ZYPP Patch Number 7029)

The following bugs have been fixed : evolution considered S/MIME signatures to be valid even for modified mails CVE-2009-0547. specially crafted base64 encoded messages could cause a heap buffer overflow CVE-2009-0587. A POP3 server sending overly long lines could crash evolution. %NASLMINLEVEL...

SuSE 10 Security Update : netpbm (ZYPP Patch Number 6852)

This update of netpbm fxes a stack-based buffer overflow that could be triggered while processing the contents of XPM headers in image files. CVE-2009-4274: CVSS v2 Base Score: 5.8 moderate AV:N/AC:M/Au:N/C:N/I:P/A:P: Buffer Errors CWE-119 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6984)

The following bugs have been fixed : When using a multi-threaded MPM apache could leak memory of requests handled by a different thread when processing subrequests CVE-2010-0434. Specially crafted requests could crash modproxyajp. CVE-2010-0408 %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

SuSE 10 Security Update : pango (ZYPP Patch Number 6894)

This update of pango fixes a memory corruption bug that can possibly be exploited to execute arbitrary code remotely. This bug could occur while processing fonts from untrusted sources. CVE-2010-0421 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...

SuSE 10 Security Update : kdm (ZYPP Patch Number 6942)

The KDE display manager kdm contains a race condition which allows local attackers to make arbitrary files orld writable. CVE-2010-0436 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : Mozilla NSS (ZYPP Patch Number 6977)

Mozilla NSS was updated to version 3.12.6. This fixes all currently known issues in mozilla-nss, and also implements the new TLS/SSL renegotiation handling. CVE-2009-3555 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6943)

This update adds support for RFC5746 TLS renegotiations to address vulnerabilities tracked as CVE-2009-3555. It also fixes a mishandling of OOM conditions in bnwexpand. CVE-2009-3245 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : MySQL (ZYPP Patch Number 6897)

This update fixes various security issues bnc557669 : upstream 47320 - checking server certificates CVE-2009-4028 upstream 48291 - error handling in subqueries CVE-2009-4019 upstream 47780 - preserving nullvalue flag in GeomFromWKB CVE-2009-4019 upstream 39277 - symlink behaviour fixed...