SuSE 10 Security Update : net-snmp (ZYPP Patch Number 5422)

This security update of net-snmp fixes a denial of service vulnerability CVE-2008-2292, an authentication bypass CVE-2008-0960 and several memory leaks. In addition net-snmp was patched to allow customization of the agent address set. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...

SuSE 10 Security Update : Subversion (ZYPP Patch Number 5362)

This update of subversion fixes multiple vulnerabilities. - list CVS or SVN commits on 'all-forbidden' files. CVE-2008-1290 - directly access hidden CVSROOT folders. CVE-2008-1291 - expose restricted content via the revision view, the log history, or the diff view. CVE-2008-1292 %NASLMINLEVEL 703...

SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5450)

MozillaFirefox was updated to version 2.0.0.16, which fixes various bugs and following security issues : - An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla CSS reference counting code. The vulnerability was caused by an insufficiently...

SuSE 10 Security Update : bind (ZYPP Patch Number 5409)

The transaction id and the udp source port used for DNS queries by the bind nameserver were predicatable. Attackers could potentially exploit that weakness to manipulate the DNS cache 'DNS cache poisoning', CVE-2008-1447. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description o...

SuSE 10 Security Update : clamav (ZYPP Patch Number 5416)

This update brings clamav to version 0.93.3. It lists CVE-2008-2713 as fixed, but this was fixed in 0.93.1 already, but not mentioned. The update contains stability and bugfixes. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : freetype2, (ZYPP Patch Number 5361)

This update of freetype2 fixes several potential vulnerabilities reported by iDefense. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid33431; scriptversion"1.18...

SuSE 10 Security Update : speex (ZYPP Patch Number 5364)

Specially crafted files or streams could potentially be abused to trick applications that support speex into executing arbitrary code. CVE-2008-1686 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : clamav (ZYPP Patch Number 5359)

Clamav was updated to version 0.93.1. It fixes various bugs and one security issue : - libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read. CVE-2008-2713 %NASLMINLEVEL 70300 C Tenable Network...

SuSE 10 Security Update : bind (ZYPP Patch Number 5274)

The IP number for the 'L' root DNS server changed. This patch updates the root.hint zone file to get the new IP number. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : mtr (ZYPP Patch Number 5291)

This update fixes a stack-based buffer overflow which could potentially be exploited by a remote attacker to execute arbitrary code. CVE-2008-2357 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : gnome-screensaver (ZYPP Patch Number 5179)

An attacker could log in without a valid password if the NIS server is down. CVE-2008-0887 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid33251;...

SuSE 10 Security Update : evolution (ZYPP Patch Number 5327)

Multiple buffer overflows have been fixed in evolution. CVE-2008-1108 / CVE-2008-1109 have been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : gstreamer010-plugins (ZYPP Patch Number 5185)

Specially crafted files or streams could potentially be abused to trick applications that support speex into executing arbitrary code. CVE-2008-1686 if !definedfunc"nasllevel" || nasllevel = 70000 && nasllevel = 70200 && nasllevel = 80000 && nasllevel 80502 exit0; C Tenable Network Security, Inc...

SuSE 10 Security Update : X.org (ZYPP Patch Number 5321)

This update fixes multiple vulnerabilities reported by iDefense : - RENDER Extension heap buffer overflow. CVE-2008-2360 - RENDER Extension crash. CVE-2008-2361 - RENDER Extension memory corruption. CVE-2008-2362 - MIT-SHM arbitrary memory read. CVE-2008-1379 - RECORD and Security extensions memo...

SuSE 10 Security Update : cups (ZYPP Patch Number 5201)

specially crafted PNG files could cause an integer overflow in the png filter. CVE-2008-1693 - specially crafted pdf files with embedded fonts could crash pdftops. CVE-2008-1693 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : Samba (ZYPP Patch Number 5292)

Samba has been updated to fix a security problem : - Secunia research discovered vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. CVE-2008-1105 The vulnerability is caused due to a boundary error within the 'receivesmbraw' function in...

SuSE 10 Security Update : vorbis-tools (ZYPP Patch Number 5193)

Specially crafted files or streams could potentially be abused to trick applications that support speex into executing arbitrary code. CVE-2008-1686 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : XEmacs (ZYPP Patch Number 5250)

Xemacs automatically loaded fast-lock files which allowed local attackers to execute arbitrary code as the user editing the associated files. CVE-2008-2142 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : libvorbis (ZYPP Patch Number 5259)

Several security problems were fixed in libvorbis : - Division by zero. CVE-2008-1419 - integer overflow. CVE-2008-1420 - integer overflow. CVE-2008-1423 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if NASLLEVEL 3000 exit0;...

SuSE 10 Security Update : Emacs (ZYPP Patch Number 5248)

Xemacs automatically loaded fast-lock files which allowed local attackers to execute arbitrary code as the user editing the associated files. CVE-2008-2142 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...