SuSE 10 Security Update : bind,bind-devel,bind-utils (ZYPP Patch Number 3976)

The bind nameserver generated predicatable DNS query IDs. Remote attackers could use that to perform DNS poisoning attacks. CVE-2007-2926 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc...

SuSE 10 Security Update : texinfo (ZYPP Patch Number 2263)

Specially crafted texinfo files could crash texinfo utilities like texi2dvi and potentially execute code. CVE-2006-4810 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : htdig (ZYPP Patch Number 4761)

A flaw in the htsearch Program could be exploited by attackers to conduct cross-site scripting XSS attacks. CVE-2007-6110 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descriptio...

SuSE 10 Security Update : poppler (ZYPP Patch Number 4630)

A buffer overflow in the xpdf code contained in poppler could be exploited by attackers to potentially execute arbitrary code. CVE-2007-4352 / CVE-2007-5392 / CVE-2007-5393 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : Qt3 (ZYPP Patch Number 3052)

qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror. CVE-2007-0242 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text descripti...

SuSE 10 Security Update : pcre (ZYPP Patch Number 4689)

Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. CVE-2006-7224 / CVE-2006-7225 / CVE-2006-7226 /...

SuSE 10 Security Update : libmusicbrainz (ZYPP Patch Number 2042)

This update fixes various buffer overflows that can by exploited by malicious servers to execute arbitrary code. CVE-2006-4197 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : inkscape (ZYPP Patch Number 3061)

Several format string problems where fixed in inkscape. - A format string vulnerability in Inkscape allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. CVE-2007-1463 - Format string vulnerability ...

SuSE 10 Security Update : apache2-mod_python (ZYPP Patch Number 4449)

This update fixes a buffer overflow in apache2-modpython that occurs while using python-based output-filter. This bug can be triggered remotely to read possibly confidential data from the process space of the web-server and in rare cases to execute arbitrary code. CVE-2004-2680 %NASLMINLEVEL 7030...

SuSE 10 Security Update : findutils-locate (ZYPP Patch Number 3966)

The cronjob that deletes old core files could be tricked to delete arbitrary files. Old core files are deleted if DELETEOLDCORE=yes is set. That is not the case by default though. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 3244)

This update fixes two vulnerabilities that affect the backend server and can only be exploited by authenticated users to cause a denial-of-service, or maybe to access other tables/databases without authentication. CVE-2007-0555 / CVE-2007-0556 %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

SuSE 10 Security Update : clamav (ZYPP Patch Number 4169)

This is an update to ClamAV 0.91.2 to fix various bugs like NULL pointer dereferences and uninitialized variables etc. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : w3m (ZYPP Patch Number 2439)

A format string problem in w3m -dump / -backend mode could be used by a malicious server to crash w3m or execute code. CVE-2006-6772 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : cron (ZYPP Patch Number 3093)

By setting hard links to /etc/crontab users were able to prevent cron from running scheduled jobs. CVE-2007-1856 A re-emerged symlink bug allowed users to edit the crontab of other users. CVE-2005-1038 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...

SuSE 10 Security Update : cpio (ZYPP Patch Number 4184)

This update fixes a bug in function safernamesuffix of cpio which leads to a crashing stack. Exploitability is unknown. CVE-2007-4476 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; i...

SuSE 10 Security Update : RealPlayer (ZYPP Patch Number 4081)

The media player RealPlayer was updated to version 10.0.9. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid29369; scriptversion"1.13";...

SuSE 10 Security Update : xpdf (ZYPP Patch Number 4644)

A buffer overflow in xpdf could be exploited by attackers to potentially execute arbitrary code. CVE-2007-4352 / CVE-2007-5392 / CVE-2007-5393 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : LUM (ZYPP Patch Number 2274)

A security problem was fixed in 'novell-lum', the eDirectory based 'Linux User Management'. Under certain circumstances it was possible to login to the console without any password. ssh is not affected, since it rejects empty passwords. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The tex...

SuSE 10 Security Update : ruby (ZYPP Patch Number 2224)

A denial of service problem in the CGI multipart parsing of 'ruby' was fixed, which could have allowed remote attackers to affect a denial of service attack against ruby based webservices. CVE-2006-5467 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...

SuSE 10 Security Update : Kerberos 5 (ZYPP Patch Number 3046)

A bug in the function krb5klogsyslog leads to a buffer overflow which could be exploited to execute arbitrary code. CVE-2007-0957 A double-free bug in the GSS-API library could crash kadmind. It's potentially also exploitable to execute arbitrary code. CVE-2007-1216 %NASLMINLEVEL 70300 C Tenable...