SuSE 10 Security Update : tar (ZYPP Patch Number 4171)

This update fixes a bug in function safernamesuffix of tar which leads to a crashing stack. Exploitability is unknown. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : Kerberos 5 (ZYPP Patch Number 4249)

This update improves the patch for the previously released security update of krb5 to fix CVE-2007-3999 / CVE-2007-4000. CVE-2007-4743 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ...

SuSE 10 Security Update : mozilla-nss,mozilla-nss-devel (ZYPP Patch Number 2067)

A security problem in the SSL handling of the NSS libraries was found : If an RSA key with exponent 3 is used it may be possible to forge a PKCS verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature. This bug is tracked by the Mitre CVE ...

SuSE 10 Security Update : Cups (ZYPP Patch Number 4667)

A buffer overflow in the xpdf code contained in cups could be exploited by attackers to potentially execute arbitrary code. CVE-2007-4352 / CVE-2007-5392 / CVE-2007-5393 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : OpenOffice (ZYPP Patch Number 4320)

This update of OpenOfficeorg fixes a bug in TIFF parsing code that leads to a heap overflow. CVE-2007-2834 This bug can be exploited with user assistance to execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : gzip (ZYPP Patch Number 2085)

This update fixes several security problems that can be exploited to compromise the system in conjunction with other programs while processing malformated archive files. CVE-2006-4334 / CVE-2006-4335 / CVE-2006-4336 / CVE-2006-4337 / CVE-2006-4338 %NASLMINLEVEL 70300 C Tenable Network Security,...

SuSE 10 Security Update : clamav (ZYPP Patch Number 2631)

This update to ClamAV version 0.90 fixes various bugs : - A filedescriptor leak in the handling of CAB files can lead to a denial of service attack against the clamd scanner daemon caused by remote attackers. CVE-2007-0897 - A directory traversal in handling of MIME E-Mail headers could be used b...

SuSE 10 Security Update : openldap2 (ZYPP Patch Number 1916)

This fixes a bug in the Access Control Processing that allowed users with 'selfwrite' access to an attribute to modify arbitrary values of that attribute, instead of just allowing them to add/delete their own DN to/from that attribute. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...

SuSE 10 Security Update : Xorg X11 (ZYPP Patch Number 3083)

Integer overflows in the XC-MISC extension of the X-server could potentially be exploited to execute code with root privileges. CVE-2007-1003 Integer overflows in libx11 could cause crashes. CVE-2007-1667 Integer overflows in the font handling of the X-server could potentially be exploited to...

SuSE 10 Security Update : Java (ZYPP Patch Number 3891)

The IBM Java JRE/SDK has been brought to release 1.4.2 SR8, containing several bugfixes, including the following security fixes : - A buffer overflow vulnerability in the JavaTM Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself...

SuSE 10 Security Update : mutt (ZYPP Patch Number 3752)

This update of mutt fixes a vulnerability in the APOP implementation that allows an active attacker to guess three bytes of the password. CVE-2007-1558 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : Samba (ZYPP Patch Number 4719)

This update fixes two buffer overflows in nmbd CVE-2007-4572 / CVE-2007-5398. Remote attackers could potentially exploit them to execute arbitrary code. The updated packages additionally contain fixes for numerous other defects. Please refer to the package changelog for details. %NASLMINLEVEL 703...

SuSE 10 Security Update : gnutls (ZYPP Patch Number 2117)

A security problem was fixed in the GNU TLS library, where excess data was not checked during signature checking with RSA keys with exponent 3. This problem could be used to fake those RSA signatures. CVE-2006-4790 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this...

SuSE 10 Security Update : xscreensaver (ZYPP Patch Number 3241)

xscreensaver could crash under certain circumstances causing the screen to unlock. That could happen for example when LDAP is used for authentication and the network connection gets interrupted for a long time. CVE-2007-1859 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text descriptio...

SuSE 10 Security Update : ipsec-tools (ZYPP Patch Number 3099)

A bug in the IKE daemon 'racoon' allowed remote attackers shut down established tunnels. CVE-2007-1841 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid29466;...

SuSE 10 Security Update : gpg2 (ZYPP Patch Number 2354)

Specially crafted files could overflow a buffer when gpg2 was used in interactive mode. CVE-2006-6169 - Specially crafted files could modify a function pointer and execute code this way. CVE-2006-6235 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...

SuSE 10 Security Update : clamav (ZYPP Patch Number 2243)

The virus scan engine ClamAV was update to version 0.88.6. Following issues are fixed by this update : - freshclam: apply timeout patch from Everton da Silva Marques new options: ConnectTimeout and ReceiveTimeout - clamd: change stack size at the right place closes clamav bug103 -...

SuSE 10 Security Update : evolution-data-server (ZYPP Patch Number 3826)

A malicious IMAP server could execute code within evolution by sending a malformed response to a SEQUENCE command. CVE-2007-3257 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 3131)

This update of ImageMagick fixes three integer overflow in DCM and XWD code. These bugs can be exploited remotely via other application. CVE-2007-1667 / CVE-2007-1797 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : libexif (ZYPP Patch Number 3721)

A denial of service problem crash was fixed in the EXIF Loader of libexif, which could be used to crash the browser or image viewer when it interprets the EXIF tags in prepared JPEG files. CVE-2007-2645 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...