SuSE 10 Security Update : expat (ZYPP Patch Number 8015)

The following issues have been fixed : - expat was prone to a hash collision attack that could lead to excessive CPU usage. CVE-2012-0876 - expat didn't close file descriptors in some cases. CVE-2012-1147 - specially crafted XML files could lead to a memory leak. CVE-2012-1148 %NASLMINLEVEL 70300...

SuSE 10 Security Update : bind (ZYPP Patch Number 8169)

The following issue has been fixed : - Records with zero length rdata field could have crashed named or disclosed portions of memory to clients. CVE-2012-1667 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc...

SuSE 10 Security Update : taglib (ZYPP Patch Number 8041)

The following issue has been fixed : - Specially crafted ogg files could have crashed taglib %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid59524;...

SuSE 10 Security Update : t1lib (ZYPP Patch Number 8089)

This update of t1lib fixes memory corruptions and a heap-based overflow in the afm font parser. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if NASLLEVEL 3000 exit0; include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8133)

PHP5 was updated with incremental fixes to the previous update : - Additional unsafe cgi wrapper scripts are also fixed now. CVE-2012-2335 - Even more commandline option handling is filtered, which could lead to crashes of the php interpreter. CVE-2012-2336 %NASLMINLEVEL 70300 C Tenable Network...

SuSE 10 Security Update : quagga (ZYPP Patch Number 8108)

This update of quagga fixes multiple security flaws that could have caused a Denial of Service via specially crafted packets. CVE-2012-1820 / CVE-2012-0249 / CVE-2012-0250 / CVE-2012-0255 Additionally, issues with service owned directories in combination with logrotate were fixed. %NASLMINLEVEL...

SuSE 10 Security Update : strongswan (ZYPP Patch Number 8138)

This update fixed a security issue in strongswan's 'gmp' plugin which could be exploited by attackers to forge RSA signature/certificate to authenticate as any legitimate user. CVE-2012-2388 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : openssl (ZYPP Patch Number 8143)

This update of openssl fixes the following denial of service vulnerabilities : - Denial of Service via CBC mode handling. CVE-2012-2333 - A deadlock condition introduced by the previous memory leak fix due to entering a lock twice. This would only happen in multithreaded programs. In addition,...

SuSE 10 Security Update : python-pam (ZYPP Patch Number 8031)

python-pam was prone to a double-free issue which is fixed by the update. CVE-2012-1502 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid59308; scriptversion"1.4...

SuSE 10 Security Update : sudo, sudo-debuginfo (ZYPP Patch Number 8134)

This update fixes a security problem in sudo : Multiple netmask values used in Host / HostList configuration caused any host to be allowed access. CVE-2012-2337 Also a bug in wildcard matching could allow too relaxed matches within subdirectories of the specified path so /usr/bin/ would also matc...

SuSE 10 Security Update : openssl (ZYPP Patch Number 8112)

This update of openssl fixes an integer conversation issue which could cause a heap-based memory corruption. CVE-2012-2110 Additionally, a check for negative buffer length values was added CVE-2012-2131 and a memory leak when creating public keys fixed. %NASLMINLEVEL 70300 C Tenable Network...

SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 6236)

The Linux kernel on SUSE Linux Enterprise 10 Service Pack 2 was updated to fix various security issues and several bugs. The following security issues were fixed: CVE-2009-0834: The auditsyscallentry function in the Linux kernel on the x8664 platform did not properly handle 1 a 32-bit process...

SuSE 10 Security Update : the Linux Kernel (x86_64) (ZYPP Patch Number 6730)

This update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel. The following security issues were fixed: CVE-2009-3939: A sysctl variable of the megaraidsas driver was worldwriteable, allowing local users to cause a denial of service or potential code...

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5605)

This kernel security update fixes lots of bugs and some %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid59130; scriptversion"1.5";...

SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7137)

This SUSE Linux Enterprise 10 SP3 kernel update contains several bug fixes and fixes for the following security issues : - the stack of a process could grow into other mapped areas, therefore overwriting memory instead of terminating the process. CVE-2010-2240 - specially crafted requests could...

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6810)

This update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel. The following security issues were fixed : - Two sysfs filers in the qla2xxx driver were worldwriteable, so users could change SCSI attributes of the qla2xxx driver. CVE-2009-4536:...

SuSE 10 Security Update : Linux kernel (x86_64) (ZYPP Patch Number 2096)

This kernel update fixes the following security problems : - A double userspace copy in a SCTP ioctl allows local attackers to overflow a buffer in the kernel, potentially allowing code execution and privilege escalation. 199441. CVE-2006-3745 - Local attackers were able to crash PowerPC systems...

SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 7036)

IBM Java 1.4.2 was updated to version U13 FP 4 iFixes to fix the SSL renegotiation flaw reported as CVE-2009-3555, as well as SAP installer related bugs. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5239)

This kernel update fixes the following security problems : - tunneled ipv6 packets SIT could trigger a memory leak in the kernel. Remote attackers could exploit that to crash machines. CVE-2008-2136 Additionally the following bugfixes have been included for all platforms : -...

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6460)

This update fixes a single critical security issues in the SUSE Linux Enterprise 10 SP 2 kernel. - A missing check in the MSGPROBE handling can be used to execute privileges to root. CVE-2009-2698 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell...