SuSE 10 Security Update : xntp (ZYPP Patch Number 6072)

ntp didn't properly check the return value of the openssl function EVPVerifyFinal. CVE-2009-0021 Additionally a problem where ntpd refused to use keys from /etc/ntp.keys has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : ipsec-tools (ZYPP Patch Number 6301)

This update of ipsec-tools fixes a crash of racoon in ISAKMP's de-fragmentation code due to a NULL pointer dereference. CVE-2009-1574 Additionally multiple memory leaks were fixed that allowed to execute a remote denial of service attack. CVE-2009-1632 %NASLMINLEVEL 70300 C Tenable Network...

SuSE 10 Security Update : liblcms (ZYPP Patch Number 6048)

Specially crafted image files could cause an integer overflow in lcms. Attackers could potentially exploit that to crash applications using lcms or even execute arbitrary code. CVE-2009-0723 / CVE-2009-0581 / CVE-2009-0733 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description ...

SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5960)

This update brings IBM Java 5 to Service Release 9. It fixes the following security problems : - A security vulnerability in the Java Runtime Environment JRE may allow an untrusted applet or application to list the contents of the home directory of the user running the applet or application...

SuSE 10 Security Update : libpng (ZYPP Patch Number 6024)

A allocation mistake in libpng's pngread.c has been fixed CVE-2009-0040. The previous update was using an incomplete patch so it needed to be reissued. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6296)

OpenSSL DTLS remote DoS in ChangeCipherSpec CVE-2009-1386 and in out-of-sequence message handling CVE-2009-1387 have been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : ClamAV (ZYPP Patch Number 5842)

Specially crafted jpg files could crash the clamd daemon of clamav. CVE-2008-5314 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41485; scriptversion"1.11";...

SuSE 10 Security Update : libmikmod (ZYPP Patch Number 6034)

Specially crafted XM files or playing mod files with varying number of channels could crash applications using libmikmod. CVE-2009-0179 / CVE-2007-6720 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : fetchmail (ZYPP Patch Number 6409)

This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \0-character in the certificate's subject name. CVE-2009-2666 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : net-snmp (ZYPP Patch Number 5807)

Remote attackers could crash net-snmp via GETBULK-Request. CVE-2008-4309 In addition the following non-security issues have been fixed : - typo in error message. bnc439857 - fix duplicate registration warnings on startup. bnc326957 - container insert errors reproducable with shared ip setups...

SuSE 10 Security Update : dbus (ZYPP Patch Number 5701)

This update fixes a denial of service bug in dbus. CVE-2008-3834 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid35034; scriptversion"1.18";...

SuSE 10 Security Update : Samba (ZYPP Patch Number 5819)

Malicious clients could potentially retrieve arbitrary memory content from a samba server. CVE-2008-4314 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid35025;...

SuSE 10 Security Update : yast2-backup (ZYPP Patch Number 5739)

This updated of yast2-backup fixes a shellcode injection vulnerability and improves handling of symlinks for the backup process. CVE-2008-4636 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5786)

This update brings the Mozilla Firefox browser to version 2.0.0.18. It fixes following security issues : - The http-index-format MIME type parser nsDirIndexParser in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure,...

SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 5746)

The acroread package was update to fix several security vulnerabilities in the JavaScript engine. CVE-2008-2992 / CVE-2008-2549 / CVE-2008-4812 / CVE-2008-4813 / CVE-2008-4817 / CVE-2008-4816 / CVE-2008-4814 / CVE-2008-4815 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description...

SuSE 10 Security Update : clamav (ZYPP Patch Number 5768)

Various bugs such as a getunicodename off-by-one buffer overflow, a bug in URL parsing of phishing checks as well as minor other issues have been fixed in clamav. CVE-2008-5050 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 5740)

This update fixes an integer overflow in the WMF handler CVE-2008-2237 and multiple bugs in the EMF parser CVE-2008-2238. Additionally multiple non-security bugs were fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : libxml2 (ZYPP Patch Number 5756)

This update fixes an integer overflow in libxml2 that could lead to memory corruption and arbitrary code execution. CVE-2008-4226 Thanks to: Drew Yao of Apple Product Security %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 5767)

Missing sanity checks of FTP URLs allowed cross-site scripting XSS attacks via the modprodyftp module. CVE-2008-2939 Missing precautions allowed cross-site request forgery CSRF via the modproxybalancer interface. CVE-2007-6420 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...

SuSE 10 Security Update : MySQL (ZYPP Patch Number 5618)

Empty bit-strings in a query could crash the MySQL server. CVE-2008-3963 Due to another flaw users could access tables of other users. CVE-2008-4097 / CVE-2008-4098 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if NASLLEVEL 3000 exit0;...