7848 matches found
flash-player: Update to 11.2.202.236 security release (critical)
Adobe Flash Player was updated to 11.2.202.236, fixing lots of bugs and critical security issues. We also disabled inclusion of mms.cfg again, as it caused trouble on hardware accelerated systems...
bind: Fixed a remote denial of service (important)
A remote denial of service in the bind nameserver via zero length rdata fields was fixed...
update for strongswan (important)
Strongswan's gmp plugin could treat empty RSA signature as valid ones...
update for chromium, v8 (important)
Chromium update to 21.0.1145 Fixed several issues around audio not playing with videos Crash Fixes Improvements to trackpad on Cr-48 Security Fixes bnc762481 - CVE-2011-3083: Browser crash with video + FTP - CVE-2011-3084: Load links from internal pages in their own process. - CVE-2011-3085: UI...
update for cobbler (important)
The xmlrpc interface of cobbler was prone to command injectoin...
opera to 11.62 (important)
The Opera web browser was updated to 11.62 fixing various bugs and security issues...
update for flash-player (critical)
flash-player update to 11.2.202.235 fixes a potential remote code execution vulnerability...
update for php5 (critical)
when used in CGI mode remote attackers could inject command line arguments to php...
update for samba (important)
docs-xml: fix default name resolve order; bso7564. - s3-aio-fork: Fix a segfault in vfsaiofork; bso8836. - docs: remove whitespace in example samba.ldif; bso8789. - s3-smbd: move printbackendinit behind initsysteminfo; bso8845. - s3-docs: Prepend '/' to filename argument; bso8826. - Restrict self...
update for acroread (important)
Acroread update to version 9.5.1 to fix several security issues...
update for samba (critical)
Samba upgrade to version 3.6.3 fixes the following security issue: - PIDL based autogenerated code allows overwriting beyond of allocated array. Remove attackers could exploit that to execute arbitrary code as root CVE-2012-1182, bso8815, bnc752797 Please see...
update for samba (critical)
Add the ldapsmb sources as else patches against them have no chance to apply. - Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe- cution as the "root" user; PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182; bso8815; bnc752797. -...
freetype2 update (important)
Specially crafted font files could cause buffer overflows in freetype...
update for chromium, v8 (important)
Update to 19.0.1079 Security Fixes bnc754456: High CVE-2011-3050: Use-after-free with first-letter handling High CVE-2011-3045: libpng integer issue from upstream High CVE-2011-3051: Use-after-free in CSS cross-fade handling High CVE-2011-3052: Memory corruption in WebGL canvas handling High...
flash-player update (critical)
Adobe Flash Player 11.1.102.63 fixes a memory corruption vulnerability in the NetStream class that could lead to code execution...
update for php5 (important)
php5 security update...
update for chromium, v8 (important)
Changes in chromium: - Update to 19.0.1066 Fixed Chrome install/update resets Google search preferences Issue: 105390 Don't trigger accelerated compositing on 3D CSS when using swiftshader Issue: 116401 Fixed a GPU crash Issue: 116096 More fixes for Back button frequently hangs Issue: 93427 Basti...
flash-player (important)
flash-player 11.1.102.63 fixes two security issues: - memory corruption vulnerability in Matrix3D could lead to code executionn CVE-2012-0768 - integer errors that could lead to information disclosure CVE-2012-0769...
libvorbis: fixed a heap based buffer overflow (important)
Specially crafted ogg files could cause a heap-based buffer overflow in the vorbis audio compression library that could potentially be exploited by attackers to cause a crash or execute arbitrary code CVE-2012-0444...
libpng12: Fixed a heap based buffer overflow (important)
A heap-based buffer overflow in libpng was fixed that could potentially be exploited by attackers to execute arbitrary code or cause an application to crash CVE-2011-3026. libpng 1.2 was updated to 1.2.47 to fix this issue...
csound: fixed two stack based buffer overflows (important)
This update of csound fixes two stack-based buffer overflows that could be exploited via malformed hetro and pvoc files CVE-2012-0270...
apache2: fixed various security bugs (important)
This update of apache2 fixes regressions and several security problems: bnc728876, fix graceful reload bnc741243, CVE-2012-0031: Fixed a scoreboard corruption shared mem segment by child causes crash of privileged parent invalid free during shutdown. bnc743743, CVE-2012-0053: Fixed an issue in...
java-1_6_0-openjdk: Update to iced tea 1.11.1 b24 security release (important)
java-160-openjdk was updated to the b24 release, fixing multiple security issues: Security fixes - S7082299, CVE-2011-3571: Fix inAtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687,...
mozilla-xulrunner192: 1.9.2.27 (important)
Mozilla XULRunner was updated to 1.9.2.27 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code CVE-2011-3026,...
No summary available - BOX (important)
This version upgrade of horde3-dimp to 4.3.11 fixes several issues including security related flaws, CVE-2012-0791 and adds new features...
No summary available - BOX (important)
This version upgrade of horde3 to 3.3.13 fixes several issues including a security related flaw, CVE-2012-0909 and adds new features...
flash-player to 11.1.102.62 (critical)
flash-player was updated to the security update to 11.1.102.62. It fixes lots of security issues, some already exploited in the wild. Details can be found on: https://www.adobe.com/support/security/bulletins/apsb12-03.h tml These vulnerabilities could cause a crash and potentially allow an attack...
MozillaFirefox to 10.0.1 (critical)
MozillaFirefox was updated to 10.0.1 to fix critical bugs and security issue. Following security issue was fixed: CVE-2012-0452: Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this...
VUL-0: nginx: heap overflow (important)
A flaw in the custom DNS resolver of nginx could lead to a heap based buffer overflow which could potentially allow attackers to execute arbitrary code or to cause a Denial of Service bnc731084, CVE-2011-4315...
kernel: security and bugfix update. (important)
The openSUSE 11.4 kernel was updated to fix bugs and security issues. Following security issues have been fixed: CVE-2011-4604: If root does read on a specific socket, it's possible to corrupt kernel memory over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used. CVE-2011-269...
MozillaFirefox: Version 10 (important)
Mozilla Firefox was updated to version 10 to fix bugs and security issues. MFSA 2012-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain...
xorg-x11-server (important)
The X server had two security issues and one bug that is fixed by this update. CVE-2011-4028: It is possible for a local attacker to deduce if a file exists or not by exploiting the way that Xorg creates its lock files. CVE-2011-4029: It is possible for a non-root local user to set the read...
tomcat6: Fix multiple weaknesses in HTTP DIGESTS (important)
This update fixes a regression in parameter passing in urldecoding of parameters that contain spaces. In addition, multiple weaknesses in HTTP DIGESTS are fixed CVE-2011-1184. CVE-2011-5062: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0....
MozillaFirefox (important)
Mozilla Firefox Version 9 fixes several security issues: MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access MFSA...
kernel: security and bugfix update. (important)
The openSUSE 11.3 kernel was updated to fix various bugs and security issues. Following security issues have been fixed: CVE-2011-4604: If root does read on a specific socket, it's possible to corrupt kernel memory over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used...
libxml2: fixing heap-based buffer overflow (CVE-2011-3919) (important)
A heap-based buffer overflow during decoding of entity references with overly long names has been fixed. CVE-2011-3919 has been assigned...
libqt4: fixed stack-based buffer overflow in glyph handling (CVE-2011-3922) (important)
A stack-based buffer overflow in the glyph handling of libqt4's harfbuzz has been fixed. CVE-2011-3922 has been assigned to this issue...
acroread (important)
Acrobat Reader was updated to version 9.4.7 to fix security issues CVE-2011-2462, CVE-2011-4369...
openssl: fixing various security issues (important)
Various security vulnerabilities have been fixed in openssl: - DTLS plaintext recovery attack CVE-2011-4108 - uninitialized SSL 3.0 padding CVE-2011-4576 - malformed RFC 3779 data can cause assertion failures CVE-2011-4577 - SGC restart DoS attack CVE-2011-4619 - invalid GOST parameters DoS attac...
glibc (important)
Specially crafted time zone files could cause a heap overflow in glibc CVE-2009-5029...
krb5-appl: Fixed remote buffer overflow in ktelnetd (important)
This update of krb5 applications fixes two security issues. CVE-2011-4862: A remote code execution in the kerberized telnet daemon was fixed. This only affects the ktelnetd from the krb5-appl RPM, not the regular telnetd supplied by SUSE. CVE-2011-1526 / MITKRB5-SA-2011-005: Fixed krb5 ftpd...
freetype2 (important)
This update of freetype2 fixes multiple security flaws that could allow attackers to cause a denial of service or to execute arbitrary code via specially crafted fonts CVE-2011-3256, CVE-2011-3439...
seamonkey (important)
seamonkey version 2.6 fixes several security issues: MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access MFSA...
krb5-appl: Fixed remote buffer overflow in ktelnetd (important)
This update of krb5 applications fixes two security issues. CVE-2011-4862: A remote code execution in the kerberized telnet daemon was fixed. This only affects the ktelnetd from the krb5-appl RPM, not the regular telnetd supplied by SUSE. CVE-2011-1526 / MITKRB5-SA-2011-005: Fixed krb5 ftpd...
freetype2 (important)
This update of freetype2 fixes multiple security flaws that could allow attackers to cause a denial of service or to execute arbitrary code via specially crafted fonts CVE-2011-3256, CVE-2011-3439...
seamonkey (important)
seamonkey version 2.6 fixes several security issues: MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access MFSA...
jasper (important)
Specially crafted JPEG2000 files could cause a heap buffer overflow in jasper CVE-2011-4516, CVE-2011-4517...
xorg-x11-libs (important)
Specially crafted font files could cause a buffer overflow in applications that use libXfont to load such files CVE-2011-2895...
Seamonkey update (critical)
Seamonkey was upgraded to version 2.5 in order to fix the following security problems: MFSA 2011-47/CVE-2011-3648 bmo690225 Potential XSS against sites using Shift-JIS MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards MFSA 2011-49/CVE-2011-3650 bmo674776...
bind (important)
specially crafted DNS queries could crash the bind name server CVE-2011-4313...