SuSE 10 Security Update : openCryptoki (ZYPP Patch Number 4244)

The openCryptoki crypto framework package has been updated to fix a incorrect crypto initialisation which leads to weak IV initial vectors. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : inkscape (ZYPP Patch Number 3061)

Several format string problems where fixed in inkscape. - A format string vulnerability in Inkscape allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. CVE-2007-1463 - Format string vulnerability ...

SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 4542)

The IBM Java JRE/SDK has been brought to release 1.4.2 SR9, containing several bugfixes, including the following security fixes : - A buffer overflow vulnerability in the image parsing code in the JavaTM Runtime Environment may allow an untrusted applet or application to elevate its privileges. F...

SuSE 10 Security Update : vim and gvim (ZYPP Patch Number 4095)

This update of Vim addresses a format-string bug in 'helptags'. This bug can be exploited to execute code with the privileges of the user running Vim. CVE-2007-2953 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3290)

This Update fixes numerous vulnerabilities in PHP. Most of them were made public during the 'Month of PHP Bugs'. The vulnerabilities potentially lead to crashes, information leaks or even execution of malicious code. CVE-2007-1380 / CVE-2007-0988 / CVE-2007-1375 / CVE-2007-1521 / CVE-2007-1376 /...

SuSE 10 Security Update : xpdf (ZYPP Patch Number 3969)

A buffer overflow in xpdf could be exploited by attackers to potentially execute arbitrary code. CVE-2007-3387 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : Samba (ZYPP Patch Number 4719)

This update fixes two buffer overflows in nmbd CVE-2007-4572 / CVE-2007-5398. Remote attackers could potentially exploit them to execute arbitrary code. The updated packages additionally contain fixes for numerous other defects. Please refer to the package changelog for details. %NASLMINLEVEL 703...

SuSE 10 Security Update : gnutls (ZYPP Patch Number 2117)

A security problem was fixed in the GNU TLS library, where excess data was not checked during signature checking with RSA keys with exponent 3. This problem could be used to fake those RSA signatures. CVE-2006-4790 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this...

SuSE 10 Security Update : heartbeat (ZYPP Patch Number 1978)

This update fixes both a local and a remote denial of service attack within heartbeat, as well as numerous other bugs in the messaging and membership layer, GUI, Cluster Resource Manager, Local Resource Manager and Resource Agents. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...

SuSE 10 Security Update : xscreensaver (ZYPP Patch Number 3241)

xscreensaver could crash under certain circumstances causing the screen to unlock. That could happen for example when LDAP is used for authentication and the network connection gets interrupted for a long time. CVE-2007-1859 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text descriptio...

SuSE 10 Security Update : ipsec-tools (ZYPP Patch Number 3099)

A bug in the IKE daemon 'racoon' allowed remote attackers shut down established tunnels. CVE-2007-1841 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid29466;...

SuSE 10 Security Update : gpg2 (ZYPP Patch Number 2354)

Specially crafted files could overflow a buffer when gpg2 was used in interactive mode. CVE-2006-6169 - Specially crafted files could modify a function pointer and execute code this way. CVE-2006-6235 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...

SuSE 10 Security Update : clamav (ZYPP Patch Number 2243)

The virus scan engine ClamAV was update to version 0.88.6. Following issues are fixed by this update : - freshclam: apply timeout patch from Everton da Silva Marques new options: ConnectTimeout and ReceiveTimeout - clamd: change stack size at the right place closes clamav bug103 -...

SuSE 10 Security Update : Java (ZYPP Patch Number 3891)

The IBM Java JRE/SDK has been brought to release 1.4.2 SR8, containing several bugfixes, including the following security fixes : - A buffer overflow vulnerability in the JavaTM Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself...

SuSE 10 Security Update : YaST2 (ZYPP Patch Number 4623)

This update fixes a security bug in yast2-core that allowed local attackers to provide malicious yast2 modules to yast2 that are executed with root privileges. To trigger this vulnerability root has to execute yast2 in an untrusted directory i.e. /tmp. Thanks to Stefan Nordhausen for reporting th...

SuSE 10 Security Update : gwenview (ZYPP Patch Number 2636)

This update fixes a crash during image scaling of very large images 247013. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid29457; scriptversion"1.12";...

SuSE 10 Security Update : libpng (ZYPP Patch Number 2325)

The sPLT chunk handling in libpng was incorrect and a handcrafted PNG file could be use to cause an out-of-bounds read, effectively crashing the PNG viewer or webbrowser. CVE-2006-5793 Additionally a 2 byte stackoverflow was fixed which we do not believe to be exploitable. It will cause an abort ...

SuSE 10 Security Update : gd (ZYPP Patch Number 3895)

This update fixes multiple integer overflows in the gd library. Specially crafted files could leverage them to at least crash gd based applications. CVE-2007-3472 / CVE-2007-3475 / CVE-2007-3476 / CVE-2007-3477 / CVE-2007-3478 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...

SuSE 10 Security Update : libvorbis (ZYPP Patch Number 3849)

An array boundary problem within libvorbis was fixed. CVE-2007-3106 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid29513;...

SuSE 10 Security Update : rsync (ZYPP Patch Number 3997)

An off by one buffer overflow within the fname function has been fixed. CVE-2007-4091 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...