SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6665)

The Mozilla Firefox 3.5.5 release fixes some instability issues caused by the 3.5.4 security upgrade. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid42868;...

SuSE 10 Security Update : expat (ZYPP Patch Number 6618)

Specially crafted XML documents could make expat run into an enless loop, therefore locking up applications using expat. CVE-2009-3720 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ...

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6656)

The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's modssl was vulnerable to this kind of...

SuSE 10 Security Update : kdegraphics3-pdf (ZYPP Patch Number 6653)

Specially crafted PDF files could cause buffer overflows in the pdftops filter when printing such a document. CVE-2009-3608: CVSS v2 Base Score: 9.3 CVE-2009-3609: CVSS v2 Base Score: 4. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : xpdf (ZYPP Patch Number 6556)

Specially crafted PDF files could cause buffer overflows in xpdf when viewing such a document. CVE-2009-3603 / CVE-2009-3604 / CVE-2009-3605 / CVE-2009-3606 / CVE-2009-3608 / CVE-2009-3609 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. i...

SuSE 10 Security Update : neon (ZYPP Patch Number 6548)

neon did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers. CVE-2009-2408 Specially crafted XML documents that contain a large number of nested entity references could cause neon to consume large amounts ...

SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6571)

This update of the Apache webserver fixes various security issues : - the option IncludesNOEXEC could be bypassed via .htaccess. CVE-2009-1195 - modproxy could run into an infinite loop when used as reverse proxy. CVE-2009-1890 - moddeflate continued to compress large files even after a network...

SuSE 10 Security Update : libapr (ZYPP Patch Number 6546)

This update of libapr-util1 and libapr1 fixes multiple integer overflows that could probably be used to execute arbitrary code remotely. CVE-2009-2412 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : freeradius (ZYPP Patch Number 6499)

This update of freeradius fixes a remote denial-of-service bug in function raddecode which can be triggered by zero-length Tunnel-Password attributes to make radiusd crash. CVE-2009-3111 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : compat-curl2 (ZYPP Patch Number 6408)

This update of libcurl2 fixes the 0-character handling in the subject name of a SSL certificate. This bug could be used to execute an undetected man-in-the-middle-attack. CVE-2009-2417 Additionally the arbitrary file access problem was fixed. CVE-2009-0037 %NASLMINLEVEL 70300 C Tenable Network...

SuSE 10 Security Update : libpng (ZYPP Patch Number 6326)

This update of libpng improves the parsing of 1-bit interlaced images. This bug could be abused to use 'out-of-bounds pixels' to read memory. CVE-2009-2042 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : openswan (ZYPP Patch Number 6328)

Two vulnerabilities in the openswan ASN.1 parser when handling RDNs, UTCTIME and GENERALIZEDTIME strings could lead to remote crashes of the pluto daemon. CVE-2009-2185 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : CUPS (ZYPP Patch Number 5296)

specially crafted PNG files could cause an integer overflow in the png filter. CVE-2008-1693 - specially crafted pdf files with embedded fonts could crash pdftops. CVE-2008-1693 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : strongswan (ZYPP Patch Number 6116)

By sending a specially crafted Dead Peer Detection DPD packet remote attackers could crash the pluto IKE daemon. CVE-2009-0790 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : Websphere Community Edition (ZYPP Patch Number 6312)

This update of WebSphere fixes the following vulnerabilities : - GERONIMO-3838: close potential denial of service attack - fix Apache Geronimo web administration console directory traversal vulnerabilities. CVE-2008-5518 - fix Apache Geronimo web administration console XSS vulnerabilities...

SuSE 10 Security Update : postgresql-pl (ZYPP Patch Number 6208)

Due to tight package dependencies postgresql-pl has to be updated to match the recently released postgresql packages. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : ia32el (ZYPP Patch Number 6466)

A 32bit x86 user program could crash the Itanium IA64 kernel in the IA 32 Intel 32bit emulation. CVE-2009-2707 Updating IA32EL to 70427022, the same version as shipped on SLES 10 SP3, fixes this problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...

SuSE 10 Security Update : fetchmail (ZYPP Patch Number 6409)

This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \0-character in the certificate's subject name. CVE-2009-2666 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6453)

This update fixes a single critical security issues in the SUSE Linux Enterprise 10 SP 2 kernel. - A missing check in the MSGPROBE handling can be used to execute privileges to root. CVE-2009-2698 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell...

SuSE 10 Security Update : Emacs (ZYPP Patch Number 5297)

Xemacs automatically loaded fast-lock files which allowed local attackers to execute arbitrary code as the user editing the associated files. CVE-2008-2142 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...