SuSE 10 Security Update : audiofile (ZYPP Patch Number 5948)

A heap-overflow in libaudiofile was fixed. The overflow existsed in the WAV processing code and can be exploited to execute arbitrary code. CVE-2008-5824 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 6136)

This update brings the IBM Java 1.4.2 JDK and JRE to Service Release 13. It fixes lots of bugs and various %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if NASLLEVEL 3000 exit0; include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : icu (ZYPP Patch Number 6422)

icu does not properly handle invalid byte sequences during Unicode conversion. Remote attackers could potentially exploit that to conduct conduct cross-site scripting XSS attacks. CVE-2009-0153 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell,...

SuSE 10 Security Update : ethereal (ZYPP Patch Number 6443)

Flaws in the AFS dissector allowed attackers to crash ethereal via specially crafted network traffic. CVE-2009-2562 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : libpng (ZYPP Patch Number 6003)

A allocation mistake in libpng's pngread.c has been fixed. CVE-2009-0040 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41547;...

SuSE 10 Security Update : Python (ZYPP Patch Number 5837)

Integer Overflows in the python imageop module and in the expandtabs method potentially allowed attackers to execute arbitrary code. CVE-2008-4864 / CVE-2008-5031 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : libxml2 (ZYPP Patch Number 5755)

This update fixes an integer overflow in libxml2 that could lead to memory corruption and arbitrary code execution. CVE-2008-4226 Thanks to: Drew Yao of Apple Product Security %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : IBM Java (ZYPP Patch Number 6380)

The IBM JRE/JDK version 5 was updated to Service Release 10. It fixes a number of bugs and likely also several security issues. As usual IBM does not publish fixed security issues on the release date so a detailed list cannot be given at this time. Please check...

SuSE 10 Security Update : Java Struts (ZYPP Patch Number 6122)

Insufficient quoting of parameters allowed attackers to conduct cross-site scripting XSS attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41590;...

SuSE 10 Security Update : ClamAV (ZYPP Patch Number 6188)

This clamav version upgrade to 0.95.1 fixes a buffer overflow error in the cliurlcanon function and a denial of service condition occuring while parsing malformed UPack archives. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : Cups (ZYPP Patch Number 5845)

Previous updates for the PNG and HPGL filters were incomplete and are corrected now. CVE-2008-3641 / CVE-2008-5286 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : GnuTLS (ZYPP Patch Number 6073)

The previous security fix for gnutls CVE-2008-4989 introduced a regression in the X.509 validation code for self-signed certificates. This update fixes this problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : xterm (ZYPP Patch Number 5898)

XTerm evaluated various ANSI Escape sequences so that command execution was possible if an attacker could pipe raw data to an xterm. CVE-2008-2383 It is usually not recommended to display raw data on an xterm. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugi...

SuSE 10 Security Update : dbus (ZYPP Patch Number 5969)

The dbus package used a too permissive configuration. Therefore intended access control for some services was not applied. CVE-2008-4311 The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well. %NASLMINLEVEL 70300 ...

SuSE 10 Security Update : libsndfile (ZYPP Patch Number 6040)

Specially crafted CAF files could cause an integer overflow in libsndfile. CVE-2009-0186 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41550;...

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6267)

Three remote DoS vulnerabilities have been fixed in OpenSSL: a DTLS epoch record buffer memory DoS CVE-2009-1377, a DTLS fragment handling memory DoS CVE-2009-1378 and a DTLS fragment read after a free DoS. CVE-2009-1379 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of...

SuSE 10 Security Update : curl (ZYPP Patch Number 6015)

Arbitrary file access via HTTP-redirect has been fixed in curl. CVE-2009-0037 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : vim (ZYPP Patch Number 6025)

The VI Improved editor vim received bugfixes for some code execution problems. - Arbitrary code execution in vim helper plugins filetype.vim, zipplugin, xpm.vim, gzipvim, and netrw were fix ed. CVE-2008-4101: Arbitrary code execution when pressing K, ctrl- or g depending on the text under the...

SuSE 10 Security Update : ClamAV (ZYPP Patch Number 6144)

ClamAV update to version 0.95. This also fix some potential security bugs. CVE-2009-1241 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41486;...

SuSE 10 Security Update : hal (ZYPP Patch Number 6036)

The dbus package used a too permissive configuration. Therefore intended access control for some services was not applied. CVE-2008-4311 The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well. Additionally a bug i...