SuSE 10 Security Update : kdelibs3,kdelibs3-devel,CVE-2007-1564 (ZYPP Patch Number 3988)

A bug in konqueror allowed attackers to abuse the FTP passive mode for portscans. CVE-2007-1564 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid29483;...

SuSE 10 Security Update : kdelibs3 (ZYPP Patch Number 3053)

A bug in KHTML could be exploited to conduct cross site scripting XSS attacks. CVE-2007-0537 Another bug allowed attackers to abuse the FTP passive mode for portscans. CVE-2007-1564 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : htdig (ZYPP Patch Number 4761)

A flaw in the htsearch Program could be exploited by attackers to conduct cross-site scripting XSS attacks. CVE-2007-6110 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descriptio...

SuSE 10 Security Update : w3m (ZYPP Patch Number 2439)

A format string problem in w3m -dump / -backend mode could be used by a malicious server to crash w3m or execute code. CVE-2006-6772 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : clamav (ZYPP Patch Number 4169)

This is an update to ClamAV 0.91.2 to fix various bugs like NULL pointer dereferences and uninitialized variables etc. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : inkscape (ZYPP Patch Number 3061)

Several format string problems where fixed in inkscape. - A format string vulnerability in Inkscape allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. CVE-2007-1463 - Format string vulnerability ...

SuSE 10 Security Update : gpg (ZYPP Patch Number 2994)

When printing a text stream with a GPG signature it was possible for an attacker to create a stream with 'unsigned text, signed text' where both unsigned and signed text would be shown without distinction which one was signed and which part wasn't. This is tracked by the Mitre CVE ID CVE-2007-126...

SuSE 10 Security Update : pcre (ZYPP Patch Number 4689)

Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. CVE-2006-7224 / CVE-2006-7225 / CVE-2006-7226 /...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3980)

This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

SuSE 10 Security Update : findutils-locate (ZYPP Patch Number 3966)

The cronjob that deletes old core files could be tricked to delete arbitrary files. Old core files are deleted if DELETEOLDCORE=yes is set. That is not the case by default though. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 3244)

This update fixes two vulnerabilities that affect the backend server and can only be exploited by authenticated users to cause a denial-of-service, or maybe to access other tables/databases without authentication. CVE-2007-0555 / CVE-2007-0556 %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

SuSE 10 Security Update : apache2-mod_python (ZYPP Patch Number 4449)

This update fixes a buffer overflow in apache2-modpython that occurs while using python-based output-filter. This bug can be triggered remotely to read possibly confidential data from the process space of the web-server and in rare cases to execute arbitrary code. CVE-2004-2680 %NASLMINLEVEL 7030...

SuSE 10 Security Update : vim and gvim (ZYPP Patch Number 4095)

This update of Vim addresses a format-string bug in 'helptags'. This bug can be exploited to execute code with the privileges of the user running Vim. CVE-2007-2953 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : heartbeat (ZYPP Patch Number 1978)

This update fixes both a local and a remote denial of service attack within heartbeat, as well as numerous other bugs in the messaging and membership layer, GUI, Cluster Resource Manager, Local Resource Manager and Resource Agents. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...

SuSE 10 Security Update : Java (ZYPP Patch Number 3891)

The IBM Java JRE/SDK has been brought to release 1.4.2 SR8, containing several bugfixes, including the following security fixes : - A buffer overflow vulnerability in the JavaTM Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself...

SuSE 10 Security Update : gnutls (ZYPP Patch Number 2117)

A security problem was fixed in the GNU TLS library, where excess data was not checked during signature checking with RSA keys with exponent 3. This problem could be used to fake those RSA signatures. CVE-2006-4790 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this...

SuSE 10 Security Update : ipsec-tools (ZYPP Patch Number 3099)

A bug in the IKE daemon 'racoon' allowed remote attackers shut down established tunnels. CVE-2007-1841 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid29466;...

SuSE 10 Security Update : t1lib (ZYPP Patch Number 4588)

A buffer overflow in t1lib could potentially be exploited to execute arbitrary code via specially crafted files. CVE-2007-4033 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 3131)

This update of ImageMagick fixes three integer overflow in DCM and XWD code. These bugs can be exploited remotely via other application. CVE-2007-1667 / CVE-2007-1797 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : krb5-apps-servers (ZYPP Patch Number 3022)

When using the krb5 telnet daemon it was possible for remote attackers to override authentication mechanisms and gain root access to the machine by supplying a special username. This is tracked by the Mitre CVE ID CVE-2007-0956. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...