SuSE 10 Security Update : glibc (ZYPP Patch Number 8351)

This collective update to the GNU Lib C library glibc provides the following fixes : - Make addmntent return errors also for cached streams. bnc676178, CVE-2011-1089 - Fix overflows in vfprintf. bnc770891, CVE-2012-3406 - Fix incomplete results from nscd. bnc753756 - Fix a deadlock in dlsym in ca...

SuSE 10 Security Update : Xen (ZYPP Patch Number 8359)

XEN received various security and bugfixes : - xen: Timer overflow DoS vulnerability XSA-20. CVE-2012-4535 - xen: Memory mapping failure DoS vulnerability XSA-22 The following additional bugs have beenfixed:. CVE-2012-4537 - L3: Xen BUG at ioapic.c:129 26102-x86-IOAPIC-legacy-not-first.patch...

SuSE 10 Security Update : flash-player (ZYPP Patch Number 8360)

This update of flash-player fixes multiple unspecified buffer overflows, memory corruptions and other security-related issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if NASLLEVEL 3000 exit0; include'deprecatednasllevel.inc';...

SuSE 10 Security Update : bind (ZYPP Patch Number 8322)

The following issue has been fixed : - Specially crafted RDATA could have caused bind to lockup. A different flaw than CVE-2012-4244. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; i...

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8327)

MozillaFirefox was updated to the 10.0.9ESR security release which fixes bugs and security issues : - Security researchers Thai Duong and Juliano Rizzo reported that SPDY's request header compression leads to information leakage, which can allow the extraction of private data such as session...

SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 8311)

PostgreSQL was updated to the latest stable release 8.1.23, fixing various bugs and security issues. The following security issues have been fixed : - This update fixes arbitrary read and write of files via XSL functionality. CVE-2012-3488 - postgresql: denial of service stack exhaustion via...

SuSE 10 Security Update : IBM Java (ZYPP Patch Number 8284)

IBM Java 1.5.0 was updated to SR11 which fixes bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ Also three bugs have been fixed : - fix bnc771808: create symlink /usr/bin/javaws properly - fix bnc666744: mark all configuration files as %confignoreplace - fix bnc773021:...

SuSE 10 Security Update : ghostscript (ZYPP Patch Number 8290)

This update fixes an array index error leading to a heap-based buffer overflow in ghostscript-library. CVE-2012-4405 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8293)

This update fixes header code injection issues in PHP5. CVE-2011-1398 / CVE-2011-4388 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid62198; scriptversion"1.5";...

SuSE 10 Security Update : bind (ZYPP Patch Number 8298)

The bind nameserver was updated to version 9.6-ESV-R7-P3 to fix a single security problem, where loading a zone file could have caused an assertion abort of the named service. CVE-2012-4244 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : IBM Java (ZYPP Patch Number 8283)

IBM Java 1.5.0 was updated to SR14 fixing bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ Also three bugs have been fixed : - fix bnc771808: create symlink /usr/bin/javaws properly - fix bnc666744: mark all configuration files as %confignoreplace - fix bnc773021: add...

SuSE 10 Security Update : IBM Java (ZYPP Patch Number 8281)

IBM Java 1.4.2 was updated to SR13 FP13 fixing bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ Also the following bug has been fixed : - fix bnc666744: mark all configuration files as %confignoreplace %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...

SuSE 10 Security Update : inn (ZYPP Patch Number 8276)

A STARTTLS injection issue has been fixed in inn. CVE-2012-3523 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid62061;...

SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 8262)

This compat-openssl097g rollup update contains various security fixes : - incorrect integer conversions in OpenSSL could have resulted in memory corruption during buffer management operations. CVE-2012-2131 / CVE-2012-2110 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description ...

SuSE 10 Security Update : Xen (ZYPP Patch Number 8268)

XEN was updated to fix multiple bugs and security issues. The following security issues have been fixed : - xen: hypercall setdebugreg vulnerability XSA-12. CVE-2012-3494 - xen: Qemu VT100 emulation vulnerability XSA-17. CVE-2012-3515 - xen: pv bootloader doesn't check the size of the bzip2 or lz...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8264)

This update changes the default configuration to use FilesMatch with 'SetHandler' rather than 'AddHandler' to protect weakly written web applications from content confusion. Since this is a hardening measure, no CVE was assigned. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...

SuSE 10 Security Update : libxml2 (ZYPP Patch Number 8235)

This update fixes libxml2 integer overflows. CVE-2012-2807 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid62003; scriptversion"1.6";...

SuSE 10 Security Update : nut (ZYPP Patch Number 8166)

This update of nut fixes a denial of service flaw that could have been exploited by remote attackers to cause an application crash of upsd. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : quota (ZYPP Patch Number 8255)

The quota package was updated to fix an issue with tcpwrappers, where hosts.allow/deny files would have not been correctly honored. CVE-2012-3417 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : openssh (ZYPP Patch Number 8248)

This collective security update of openssh fixed multiple security issues : - memory exhaustion in gssapi due to integer overflow. bnc756370, CVE-2011-5000 - forced command option information leak bnc744643, CVE-2012-0814 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description o...