SuSE Essential and Critical Security Patch Updates - Page 776

SuSE: 2007-027: XFree86,Xorg Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Several X security problems were fixed that could be used by local Several X security problems were fixed that could be used by local attackers to crash the X server or potentially to execute code as attackers to crash the X server or potentially to execute code as root user. - CVE-2007-1003: Integer overflows in the XC-MISC extension of theX-server could potentially be exploited to execute code [More...]

LinuxSecurity.com Team
Apr 20, 2007

SuSE: 2007-026: clamav update Security Update

The AntiVirus scan engine clamav was updated to version 0.90.2. Among The AntiVirus scan engine clamav was updated to version 0.90.2. Among other bugs two security problems were fixed which could cause a remote other bugs two security problems were fixed which could cause a remote denial of service attack against clamav or potentially be used to execute code. - CVE-2007-1745: The chm_decompress_s [More...]

LinuxSecurity.com Team
Apr 20, 2007

SuSE: 2007-025: krb5 Security Update

The krb5 telnet daemon allowed remote attackers to skip The krb5 telnet daemon allowed remote attackers to skip authentication and gain root access (CVE-2007-0956) authentication and gain root access (CVE-2007-0956) A bug in the function krb5_klog_syslog() leads to a buffer overflow which could be exploited to execute arbitrary code (CVE-2007-0957). A double-free bug in the GSS-API library could [More...]

LinuxSecurity.com Team
Apr 05, 2007

SuSE: 2007-024: gpg Security Update

When printing a text stream with a GPG signature it was possible When printing a text stream with a GPG signature it was possible for an attacker to create a stream with "unsigned text, signed text" for an attacker to create a stream with "unsigned text, signed text" where both unsigned and signed text would be shown without distinction which one was signed and which part wasn't. This problem is [More...]

LinuxSecurity.com Team
Mar 30, 2007

SuSE: 2007-023: OpenOffice,libwpd security problems Security Update

Several security problems were fixed in the Wordperfect converter library Several security problems were fixed in the Wordperfect converter library libwpd and OpenOffice_org: libwpd and OpenOffice_org: For SUSE Linux 10.1 this aligns the version with the one shipped with SUSE Linux Enterprise Desktop 10. - CVE-2007-0002: Various problems were fixed in libwpd in OpenOffice_org

LinuxSecurity.com Team
Mar 21, 2007

SuSE: 2007-022: Mozilla security problems Security Update

The mozilla browsers in old products and Mozilla Seamonkey in SUSE The mozilla browsers in old products and Mozilla Seamonkey in SUSE Linux 10.1 were brought to Mozilla Seamonkey to version 1.0.8 and Linux 10.1 were brought to Mozilla Seamonkey to version 1.0.8 and Mozilla Thunderbird was brought to version 1.5.0.10 to fix various security issues. Note that Mozilla Firefox for all distributions a [More...]

LinuxSecurity.com Team
Mar 20, 2007

SuSE: 2007-021: Linux kernel Security Update

The Linux kernel was updated to fix the security problems listed below. The Linux kernel was updated to fix the security problems listed below. This advisory is for the bugs already announced for SUSE Linux Enterprise 10 and SUSE Linux 10.1 in SUSE-SA:2007:018. The packages associated with this update were already released 1 week ago.

LinuxSecurity.com Team
Mar 16, 2007

SuSE: 2007-020: php security problems Security Update

Multiple bugs have been fixed in the PHP4 and PHP5 script interpreters. Multiple bugs have been fixed in the PHP4 and PHP5 script interpreters. These include the following security related problems: CVE-2007-0906: Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) [More...]

LinuxSecurity.com Team
Mar 15, 2007

SuSE: 2007-019: MozillaFirefox Security Update

The Mozilla Firefox web browser was updated to security update version The Mozilla Firefox web browser was updated to security update version 1.5.0.10 on older products and Mozilla Firefox to version 2.0.0.2 on 1.5.0.10 on older products and Mozilla Firefox to version 2.0.0.2 on openSUSE 10.2 to fix various security issues. Updates for the Mozilla seamonkey suite before 10.2, Mozilla Suite and Mo [More...]

LinuxSecurity.com Team
Mar 06, 2007

SuSE: 2007-018: Linux Kernel Security Update

A kernel update has been released to fix the following security problems: A kernel update has been released to fix the following security problems: - CVE-2006-2936: The ftdi_sio driver allowed local users to cause a denialof service (memory consumption) by writing more data tothe serial port than the hardware can handle, which causesthe data to be queued. This requires this driver to beloaded, wh [More...]

LinuxSecurity.com Team
Feb 27, 2007

SuSE: 2007-017: clamav 0.90 Security Update

The anti-virus scan engine ClamAV was updated to the version 0.90 to The anti-virus scan engine ClamAV was updated to the version 0.90 to fix various bugs including 2 security bugs: fix various bugs including 2 security bugs: CVE-2007-0897: A file descriptor leak in the handling of CAB files can lead to a denial of service attack against the clamd scanner daemon caused by remote attackers.

LinuxSecurity.com Team
Feb 23, 2007

SuSE: 2007-016: samba remote denial of service Security Update

The Samba daemon was affected by a security problem, where a The Samba daemon was affected by a security problem, where a logic error in the deferred open code can lead to an infinite loop logic error in the deferred open code can lead to an infinite loop (CVE-2007-0452). This problem could be used by remote authenticated attackers that have access to the samba daemon.

LinuxSecurity.com Team
Feb 15, 2007

SuSE: 2007-015: AppArmor Security Update

Two new language features have been added to improve the Two new language features have been added to improve the confinement provided to applications executing other applications will confinement provided to applications executing other applications will confined by AppArmor. - Two new execute modifiers: 'P' and 'U' are provided and are flavorsof the existing 'p' and 'u' modifiers but indicate t [More...]

LinuxSecurity.com Team
Feb 15, 2007

SuSE: 2007-014: bind remote denial of service Security Update

Two security problems were fixed in the ISC BIND nameserver Two security problems were fixed in the ISC BIND nameserver version 9.3.4, which are addressed by this advisory: version 9.3.4, which are addressed by this advisory: CVE-2007-0493: If recursion is enabled, a remote attacker can dereference a freed fetch context causing the daemon to abort / crash. CVE-2007-0494: By sending specific DNS [More...]

LinuxSecurity.com Team
Jan 30, 2007

SuSE: 2007-012: squid Security Update

This update fixes a remotely exploitable denial-of-service This update fixes a remotely exploitable denial-of-service bug in squid that can be triggered by using special ftp:// bug in squid that can be triggered by using special ftp:// URLs. (CVE-2007-0247) Additionally the 10.2 package needed a fix for another DoS bug (CVE-2007-0248) and for max_user_ip handling in ntlm_auth.

LinuxSecurity.com Team
Jan 23, 2007

SuSE: 2007-013: xine Security Update

This update fixes several format string bugs that can be exploited remotely This update fixes several format string bugs that can be exploited remotely with user-assistance to execute arbitrary code. with user-assistance to execute arbitrary code. Since SUSE Linux version 10.1 format string bugs are not exploitable anymore. (CVE-2007-0017)2) Solution or Work-Around

LinuxSecurity.com Team
Jan 23, 2007

SuSE: 2007-011: Acrobat Reader 7.0.9 Security Update

The Adobe Acrobat Reader has been updated to version 7.0.9. The Adobe Acrobat Reader has been updated to version 7.0.9. This update also includes following security fixes: CVE-2006-5857: A memory corruption problem was fixed in Adobe Acrobat Reader can potentially lead to code execution. CVE-2007-0044: Universal Cross Site Request Forgery (CSRF) problems

LinuxSecurity.com Team
Jan 22, 2007

SuSE: 2007-010: IBMJava Security Update

Various security problems and bugs have been fixed in the IBMJava Various security problems and bugs have been fixed in the IBMJava JRE and SDK. JRE and SDK. The IBM Java packages were updated to: - IBM Java 1.4.2 to Service Refresh 7. - IBM JAVA 1.3.10 to Service Refresh 10.

LinuxSecurity.com Team
Jan 18, 2007

SuSE: 2007-009: Opera 9.10 Security Update

This update brings the Opera Web browser to version 9.10, including This update brings the Opera Web browser to version 9.10, including fixes for the following 2 security problems: fixes for the following 2 security problems: - CVE-2007-0126: Opera processes a JPEG DHT marker incorrectly, whichcan potentially lead to remote code execution. - CVE-2007-0127: Opera is affected by a typecasting bug [More...]

LinuxSecurity.com Team
Jan 15, 2007

SuSE: 2007-008: XFree86/Xorg Security Update

This update fixes three memory corruptions within the X server which This update fixes three memory corruptions within the X server which could be used by local attackers with access to this display to crash could be used by local attackers with access to this display to crash the X server and potentially execute code. CVE-2006-6101: Integer overflow in the ProcRenderAddGlyphs function in the Ren [More...]

LinuxSecurity.com Team
Jan 12, 2007