SuSE 10 Security Update : acroread (ZYPP Patch Number 5042)

Adobe Acrobat Reader 8.1.2 contained a /tmp race in its 'acroread' wrapper script in the SSL certificate handling. CVE-2008-0883 Furthermore it contained several duplicated copies of system libraries, which have been removed for this update to make sure they are up-to-date security wise by using...

SuSE 10 Security Update : gvim and vim (ZYPP Patch Number 4821)

Vim allows to open content via external programs if the argument contains a 'http:' sub-string. It insecurely invoked external web browsers to fetch the remote content. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 5010)

This version update to 8.1.2 fixes numerous bugs, including some security problems. CVE-2008-0667 / CVE-2008-0655 / CVE-2008-0726 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : cairo (ZYPP Patch Number 5006)

This update fixes a regression that was caused by the previous security update. Several programs such as gedit didn't display some lines properly anymore. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : clamav (ZYPP Patch Number 5008)

This version upgrade to 0.92.1 fixes numerous flaws including some security problems. CVE-2008-0318 / CVE-2008-0728 Please note that the version number of the clamav library has changed in version 0.92. Programs linked against older libclamav therefore need to be updated as well. %NASLMINLEVEL...

SuSE 10 Security Update : nss_ldap (ZYPP Patch Number 4781)

nssldap returned incorrect data under certain circumstances to the calling process. Some applications could therefore work with wrong user data. CVE-2007-5794 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc...

SuSE 10 Security Update : Geronimo (ZYPP Patch Number 4967)

A chown in the geronimo init script could change ownership of directories it did not own, due to following symlinks. The default setup would corrupt /var/tmp on start. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : MySQL (ZYPP Patch Number 4879)

This update fixes several security vulnerabilities note: not all versions are affected by every bug : - CVE-2007-2583 - CVE-2007-2691 - CVE-2007-2692 - CVE-2007-5925 - CVE-2007-5969 - CVE-2007-6303 - CVE-2007-6304 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this...

SuSE 10 Security Update : X.org X11 (ZYPP Patch Number 4927)

The previous xorg-x11 security update contained a flaw. Due to this some applications using the shared memory extension did not work properly anymore. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : kdelibs3 (ZYPP Patch Number 4862)

This update is necessary to support the new FlashPlayer version, which required XEmbed support. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid30038;...

SuSE 10 Security Update : xorg-x11-Xnest (ZYPP Patch Number 4875)

This update fixes various Xserver security issues. File existence disclosure vulnerability. CVE-2007-5958 XInput Extension Memory Corruption Vulnerability IDEF2888 CVE-2007-6427. TOG-CUP Extension Memory Corruption Vulnerability IDEF2901 CVE-2007-6428. EVI Extension Integer Overflow Vulnerability...

SuSE 10 Security Update : libexif5 (ZYPP Patch Number 4883)

One bug in libexif5 was identified by a Google Security Audit done by Meder Kydyraliev. - Integer overflows in the thumbnail handler could be used to overflow buffers and potentially execute code or crash a program using libexif. CVE-2007-6352 %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

SuSE 10 Security Update : cups (ZYPP Patch Number 4805)

This update fixes a buffer overflow that can be exploited by users that are allowed to configure CUPS. CVE-2007-5848 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : Intel i810 chips (ZYPP Patch Number 4728)

The drm i915 component in the kernel before 2.6.22.2, when used with i965G and later chips ets, allows local users with access to an X11 session and Direct Rendering Manager DRM t o write to arbitrary memory locations and gain privileges via a crafted batchbuffer. This update also provides the...

SuSE 10 Security Update : TeX (ZYPP Patch Number 4818)

Buffer overflows in dvips and dviljk could be triggered by specially crafted dvi files CVE-2007-5935 / CVE-2007-5937. dvips additionally created temporary files in an insecure manner. CVE-2007-5936 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novel...

SuSE 10 Security Update : libsndfile (ZYPP Patch Number 4431)

This update fixes a possible buffer overflow that occurs while reading decoded PCM data from the FLAC library. CVE-2007-4974 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : squid (ZYPP Patch Number 4782)

This update of squid fixes a denial-of-service bug during cache update reply processing. CVE-2007-6239 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid29824;...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 4808)

This update fixes multiple bugs in php : - use system pcre library to fix several pcre vulnerabilities. CVE-2007-1659 / CVE-2006-7230 / CVE-2007-1660 / CVE-2006-7227 / CVE-2005-4872 / CVE-2006-7228 - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars. CVE-2007-5898 - overly...

SuSE 10 Security Update : rsync (ZYPP Patch Number 4798)

This update fixes a bug in rsync that allowed remote attackers to access restricted files outside a module's hierarchy if no chroot setup was used. CVE-2007-6199 Please read http://rsync.samba.org/security.html entry from November 28th, 2007 to get more information about a secure configuration of...

SuSE 10 Security Update : xen (ZYPP Patch Number 4766)

This update fixes various Xen issues. Two security problems were fixed: CVE-2007-5906: Xen allowed virtual guest system users to cause a denial of service hypervisor crash by using a debug register DR7 to set certain breakpoints. - Xen 3.1.1 does not prevent modification of the CR4 TSC from...