SuSE 10 Security Update : xine-lib (ZYPP Patch Number 5205)

Specially crafted NSF files could potentially be exploited to execute arbitrary code. CVE-2008-1878 Specially crafted files or streams could potentially be abused to trick applications that support speex into executing arbitrary code. CVE-2008-1686 %NASLMINLEVEL 70300 C Tenable Network Security,...

SuSE 10 Security Update : bzip2 (ZYPP Patch Number 5114)

Specially crafted files could crash the bzip2-decoder. CVE-2008-1372 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid32212; scriptversion"1.17";...

SuSE 10 Security Update : nagios (ZYPP Patch Number 5165)

This update fixes several cross-site scripting XSS issues in nagios. CVE-2007-5624 / CVE-2007-5803 / CVE-2008-1360 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : poppler (ZYPP Patch Number 5186)

Specially crafted PDF files with embedded fonts could potentially be abused to trick applications that process PDF files into executing arbitrary code. CVE-2008-1693 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : OpenLDAP 2 (ZYPP Patch Number 4989)

Authenticated users could crash the LDAP server 'slapd' via the 'NOOP' command. CVE-2007-6698 / CVE-2008-0658 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : libpng (ZYPP Patch Number 5181)

Specially crafted png files could overwrite arbitrary memory. Attackers could potentially exploit that to execute arbitrary code. CVE-2008-1382 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : flash-player (ZYPP Patch Number 5159)

This flash player update to version 9.0.124.0 fixes several security problems. In the worst case an attacker could potentially have flash-player execute arbitrary code via specially crafted files. CVE-2007-5275 / CVE-2007-6243 / CVE-2007-6637 / CVE-2007-6019 / CVE-2007-0071 / CVE-2008-1655 /...

SuSE 10 Security Update : Tk (ZYPP Patch Number 4974)

Specially crafted GIF images could cause a buffer overflow and crash tk. It seems unlikely but not entirely impossible that this overflow can be exploited to execute arbitrary code. CVE-2008-0553 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell,...

SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 5128)

This update fixes multiple bugs in apache : - cross-site scripting problem in modimap. CVE-2007-5000 - cross-site scripting problem in modstatus. CVE-2007-6388 - cross-site scripting problem in the ftp proxy module. CVE-2008-0005 - cross-site scripting problem in the error page for status code 41...

SuSE 10 Security Update : xine (ZYPP Patch Number 5139)

Specially crafted files could cause integer overflows in the xine library. Attackers could potentially exploit that to execute arbitrary code with the privileges of the user who opened such a file. CVE-2008-1482 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this...

SuSE 10 Security Update : xine (ZYPP Patch Number 5116)

This update fixes a bug in the function sdpplinparse that allowed remote attackers to access process memory out-of a buffers bound. This vulnerability can be used to execute arbitrary code remotely if successfully exploited. CVE-2008-0073 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5070)

This update of tomcat fixes cross-site scripting bugs CVE-2007-2449 as well as it improves the list of supported SSL ciphers. CVE-2007-1858 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : unzip (ZYPP Patch Number 4977)

Specially crafted files could lead unzip into using uninitialized memory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid31676; scriptversion"1.16";...

SuSE 10 Security Update : boost (ZYPP Patch Number 4978)

Certain regular expressions could cause the boost library to crash. CVE-2008-0171 / CVE-2008-0172 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid31452;...

SuSE 10 Security Update : xine (ZYPP Patch Number 5080)

This update of xine fixes a possible buffer overflow that can be triggered via FLAC tags to execute arbitrary code CVE-2008-0486 and a possible buffer overflow in the matroska demuxer. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : bind (ZYPP Patch Number 4932)

Certain input data could trigger a buffer overflow in the 'inetnetwork' function of libbind. Applications that use this function could therefore potentially be crashed or exploited to execute arbitrary code. Bind itself is not affected though. CVE-2008-0122 %NASLMINLEVEL 70300 C Tenable Network...

SuSE 10 Security Update : icu (ZYPP Patch Number 5014)

Certain regular expressions could crash the ICU library. CVE-2007-4770 / CVE-2007-4771 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid31400; scriptversion"1.18...

SuSE 10 Security Update : ethereal (ZYPP Patch Number 5058)

This update fixes the following bugs : - the SCTP dissector could crash - the SNMP dissector could crash - the TFTP dissector could crash Wireshark maybe a bug in the Cairo library on specific platforms %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...

SuSE 10 Security Update : perl-Tk (ZYPP Patch Number 5034)

Specially crafted GIF files could crash perl-Tk. CVE-2006-4484 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid31339; scriptversion"1.16";...

SuSE 10 Security Update : acroread (ZYPP Patch Number 5042)

Adobe Acrobat Reader 8.1.2 contained a /tmp race in its 'acroread' wrapper script in the SSL certificate handling. CVE-2008-0883 Furthermore it contained several duplicated copies of system libraries, which have been removed for this update to make sure they are up-to-date security wise by using...