SuSE 10 Security Update : openssl (ZYPP Patch Number 5949)

This update improves the verification of return values. Prior to this udpate it was possible to bypass the certification chain checks of openssl. CVE-2008-5077 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : MySQL (ZYPP Patch Number 6446)

the COMCREATEDB and COMDROPDB suffered from format string vulnerabilities. CVE-2009-2446 - the command line client was prone to cross-site scripting XSS attacks. CVE-2008-4456 Additionally a problem that sometimes prevented slave hosts from reconnecting to the master server has been fixed...

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6296)

OpenSSL DTLS remote DoS in ChangeCipherSpec CVE-2009-1386 and in out-of-sequence message handling CVE-2009-1387 have been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : ClamAV (ZYPP Patch Number 5842)

Specially crafted jpg files could crash the clamd daemon of clamav. CVE-2008-5314 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41485; scriptversion"1.11";...

SuSE 10 Security Update : libpng (ZYPP Patch Number 6024)

A allocation mistake in libpng's pngread.c has been fixed CVE-2009-0040. The previous update was using an incomplete patch so it needed to be reissued. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : openswan (ZYPP Patch Number 6478)

The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. CVE-2009-2661 This could lead to crashes of the pluto IKE daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : rsh (ZYPP Patch Number 5589)

in.rexecd was not using the system wide limits, potentially allowing remote rexec users to exhaust all system resources. This patch fixes it. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : pam_mount (ZYPP Patch Number 5911)

This update fixes the temp-flle handling in the passwdehd script that allowed a symlink attack. CVE-2008-5138 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : libtiff (ZYPP Patch Number 6337)

This update of libtiff fixes a buffer underflow in LZWDecodeCompat. CVE-2009-2285 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41552; scriptversion"1.11";...

SuSE 10 Security Update : audiofile (ZYPP Patch Number 5948)

A heap-overflow in libaudiofile was fixed. The overflow existsed in the WAV processing code and can be exploited to execute arbitrary code. CVE-2008-5824 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : NetworkManager (ZYPP Patch Number 6027)

The NetworkManager configuration was too permissive and allowed any user to read secrets CVE-2009-0365 or manipulate the configuration of other users. CVE-2009-0578 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 6136)

This update brings the IBM Java 1.4.2 JDK and JRE to Service Release 13. It fixes lots of bugs and various %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if NASLLEVEL 3000 exit0; include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : icu (ZYPP Patch Number 6422)

icu does not properly handle invalid byte sequences during Unicode conversion. Remote attackers could potentially exploit that to conduct conduct cross-site scripting XSS attacks. CVE-2009-0153 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell,...

SuSE 10 Security Update : ethereal (ZYPP Patch Number 6443)

Flaws in the AFS dissector allowed attackers to crash ethereal via specially crafted network traffic. CVE-2009-2562 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : Emacs (ZYPP Patch Number 5297)

Xemacs automatically loaded fast-lock files which allowed local attackers to execute arbitrary code as the user editing the associated files. CVE-2008-2142 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : libpng (ZYPP Patch Number 6003)

A allocation mistake in libpng's pngread.c has been fixed. CVE-2009-0040 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41547;...

SuSE 10 Security Update : Python (ZYPP Patch Number 5837)

Integer Overflows in the python imageop module and in the expandtabs method potentially allowed attackers to execute arbitrary code. CVE-2008-4864 / CVE-2008-5031 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : libxml2 (ZYPP Patch Number 5755)

This update fixes an integer overflow in libxml2 that could lead to memory corruption and arbitrary code execution. CVE-2008-4226 Thanks to: Drew Yao of Apple Product Security %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : IBM Java (ZYPP Patch Number 6380)

The IBM JRE/JDK version 5 was updated to Service Release 10. It fixes a number of bugs and likely also several security issues. As usual IBM does not publish fixed security issues on the release date so a detailed list cannot be given at this time. Please check...

SuSE 10 Security Update : Java Struts (ZYPP Patch Number 6122)

Insufficient quoting of parameters allowed attackers to conduct cross-site scripting XSS attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41590;...