SuSE 10 Security Update : Mono (ZYPP Patch Number 4453)

This update fixes a buffer overflow in Mono's BigInteger implementation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid29389; scriptversion"1.17";...

SuSE 10 Security Update : Kerberos5 (ZYPP Patch Number 2440)

Bugs in the handling of pointers to uninitializes resp. already freed memory could potentially be abused by attackers to execute code. CVE-2006-6144 / CVE-2006-6143 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : Novell GroupWise client (ZYPP Patch Number 4494)

This update fixes a security vulnerability in the GroupWise system that allows a malicious user to intercept authentication credentials through a 'man in the middle' attack. CVE-2007-5195 / CVE-2007-5196 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...

SuSE 10 Security Update : nagios plugins (ZYPP Patch Number 4624)

fix possible buffer overflow during HTTP Location header parsing in checkhttp CVE-2007-5198 fix possible buffer overflow during snmpget parsing in checksnmp. CVE-2007-5623 if !definedfunc"nasllevel" || nasllevel = 70000 && nasllevel = 70200 && nasllevel = 80000 && nasllevel 80502 exit0; C Tenable...

SuSE 10 Security Update : Qt (ZYPP Patch Number 2187)

Multiple integer overflows have been found in image processing functions within the QT library. These could potentially lead to heap overflows and code execution. CVE-2006-4811 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : Kerberos 5 (ZYPP Patch Number 4249)

This update improves the patch for the previously released security update of krb5 to fix CVE-2007-3999 / CVE-2007-4000. CVE-2007-4743 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ...

SuSE 10 Security Update : openldap2-client (ZYPP Patch Number 2291)

OpenLDAP libldap's strval2strlen function contained a bug when processing the authcid string of certain Bind Requests, which could allow attackers to cause an affected application especially the OpenLDAP Server to crash. CVE-2006-5779 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...

SuSE 10 Security Update : avahi (ZYPP Patch Number 2986)

This update fixes a remote denial of service problem in avahi, where attackers could cause an endless loop. CVE-2006-6870 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descriptio...

SuSE 10 Security Update : kdebase3 (ZYPP Patch Number 3407)

A problem with the interaction between the Flash Player and the Konqueror webbrowser was fixed. The problem could lead to keypresses leaking to the applet instead of the browser. CVE-2007-2022 This update of khcindexbuilder also restricts the commands that can be executed with EGID 'man'...

SuSE 10 Security Update : apache2 (ZYPP Patch Number 4669)

Several bugs were fixed in the Apache2 webserver : These include the following security issues : - modstatus: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset 'detection'. CVE-2006-5752 - modcache: Prevent a...

SuSE 10 Security Update : KDE (ZYPP Patch Number 4433)

Users could log in as root without having to enter the password if auto login was enabled and if kdm was configured to require the root passwort to shutdown the system. CVE-2007-4569 JavaScript code could modify the URL in the address bar to make the currently displayed website appear to come fro...

SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 2154)

The previous MozillaFirefox update was errnously compiled with 'debug' enabled,which caused slow downs and did an excessive amount of logging. This update disables the debugging compiletime option and should restorethe lost performance. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The tex...

SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 2048)

Several security problems have been fixed in ImageMagick : - Several heap buffer overflow were found in the Sun Bitmap decoder of ImageMagick by an audit by the Google Security Team. This problem could be exploited by an attacker to execute code. CVE-2006-3744 - Multiple buffer overflows were fou...

SuSE 10 Security Update : cron (ZYPP Patch Number 3093)

By setting hard links to /etc/crontab users were able to prevent cron from running scheduled jobs. CVE-2007-1856 A re-emerged symlink bug allowed users to edit the crontab of other users. CVE-2005-1038 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...

SuSE 10 Security Update : cpio (ZYPP Patch Number 4184)

This update fixes a bug in function safernamesuffix of cpio which leads to a crashing stack. Exploitability is unknown. CVE-2007-4476 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; i...

SuSE 10 Security Update : LUM (ZYPP Patch Number 2274)

A security problem was fixed in 'novell-lum', the eDirectory based 'Linux User Management'. Under certain circumstances it was possible to login to the console without any password. ssh is not affected, since it rejects empty passwords. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The tex...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3290)

This Update fixes numerous vulnerabilities in PHP. Most of them were made public during the 'Month of PHP Bugs'. The vulnerabilities potentially lead to crashes, information leaks or even execution of malicious code. CVE-2007-1380 / CVE-2007-0988 / CVE-2007-1375 / CVE-2007-1521 / CVE-2007-1376 /...

SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 4542)

The IBM Java JRE/SDK has been brought to release 1.4.2 SR9, containing several bugfixes, including the following security fixes : - A buffer overflow vulnerability in the image parsing code in the JavaTM Runtime Environment may allow an untrusted applet or application to elevate its privileges. F...

SuSE 10 Security Update : openCryptoki (ZYPP Patch Number 4244)

The openCryptoki crypto framework package has been updated to fix a incorrect crypto initialisation which leads to weak IV initial vectors. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : libmusicbrainz (ZYPP Patch Number 2042)

This update fixes various buffer overflows that can by exploited by malicious servers to execute arbitrary code. CVE-2006-4197 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...