SuSE Essential and Critical Security Patch Updates - Page 777
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
A command injection in cmd.php in cacti was fixed, which might have A command injection in cmd.php in cacti was fixed, which might have allowed remote attackers to inject commands and so execute code. allowed remote attackers to inject commands and so execute code. This issue is tracked by the Mitre CVE ID CVE-2006-6799. 2) Solution or Work-Around
A number of security issues have been fixed in the Mozilla browser A number of security issues have been fixed in the Mozilla browser suite, which could be used by remote attackers to gain privileges, suite, which could be used by remote attackers to gain privileges, access to confidential information or cause denial of service attacks. Since the Mozilla Suite 1.7 branch is no longer maintained t [More...]
A format string problem in w3m -dump / -backend mode could be used A format string problem in w3m -dump / -backend mode could be used by a malicious server to crash w3m or execute code. by a malicious server to crash w3m or execute code. In SUSE Linux 10.1, openSUSE 10.2 and SUSE Linux Enterprise Server and Desktop 10 this problem was not exploitable to execute code due to use of the FORTIFY SOUR [More...]
Various bugs in the Kerberos5 libraries and tools were fixed which Various bugs in the Kerberos5 libraries and tools were fixed which could be used by remote attackers to crash and potentially execute could be used by remote attackers to crash and potentially execute code in kadmind. - CVE-2006-6144 / MITKRB5-SA-2006-002: the RPC library could call anuninitialized function pointer, which created [More...]
The SUN Java packages have been upgraded to fix security problems. The SUN Java packages have been upgraded to fix security problems. SUN Java was upgraded on all affected distributions: - The Java 1.3 version to 1.3.1_19 for SUSE Linux Enterprise Server 8. - The Java 1.4 version (also known as Java 2) to 1.4.2_13 for SUSELinux Enterprise Desktop 1, SUSE Linux Enterprise Server 9, SUSE
A security problem was found and fixed in the Mono / C# web server A security problem was found and fixed in the Mono / C# web server implementation. implementation. By appending spaces to URLs attackers could download the source code of ASP.net scripts that would normally get executed by the web server. This issue is tracked by the Mitre CVE ID CVE-2006-6104 and only
Security problems were fixed in the WMF and Enhanced WMF handling Security problems were fixed in the WMF and Enhanced WMF handling in OpenOffice_org These could potentially be used to execute code in OpenOffice_org These could potentially be used to execute code or crash OpenOffice when a user could be convinced to open specially crafted document (for instance a document sent by E-mail). This is [More...]
This security update brings the current set of Mozilla security updates, with This security update brings the current set of Mozilla security updates, with following versions: following versions: - Mozilla Firefox to version 1.5.0.9 for Novell Linux Desktop 9,SUSE Linux Enterprise 10 and SUSE Linux 9.3 up to 10.1. - Mozilla Firefox to version 2.0.0.1 for openSUSE 10.2.
The Linux 2.6 kernel has been updated to fix various security issues. The Linux 2.6 kernel has been updated to fix various security issues. On SUSE Linux Enterprise Server 9 and SUSE Linux Enterprise 10 and their derived products this update also contains various bugfixes. - CVE-2006-4145: A bug within the UDF filesystem that caused machinehangs when truncating files on the filesystemwas fixed.
The anti virus scan engine ClamAV has been updated to version 0.88.7 The anti virus scan engine ClamAV has been updated to version 0.88.7 to fix various security problems: to fix various security problems: CVE-2006-5874: Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference.
This security update brings the Adobe Flash Player to version 7.0.69. This security update brings the Adobe Flash Player to version 7.0.69. The update fixes the following security problem: The update fixes the following security problem: CVE-2006-5330: CRLF injection vulnerabilities in Adobe Flash Player allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Sp [More...]
The libgsf library is used by various GNOME programs to handle for The libgsf library is used by various GNOME programs to handle for instance OLE2 data streams. instance OLE2 data streams. Specially crafted OLE documents enabled attackers to use a heap buffer overflow for potentially executing code. This issue is tracked by the Mitre CVE ID CVE-2006-4514.
Two security problems were fixed in the GNU Privacy Guard (GPG). Two security problems were fixed in the GNU Privacy Guard (GPG). - Specially crafted files could overflow a buffer when gpg was usedin interactive mode (CVE-2006-6169). - Specially crafted files could modify a function pointer andcould potentially execute code this way. (CVE-2006-6235).
The madwifi-ng Atheros Wireless LAN card driver is subject to The madwifi-ng Atheros Wireless LAN card driver is subject to a remotely exploitable stack buffer overflow, which either code a remotely exploitable stack buffer overflow, which either code execution possibility or at least a denial of service (kernel crash). A physical local attacker (within WLAN range) has to provide an malicious acc [More...]
Sebastian Krahmer of SUSE Security found that the Mono Sebastian Krahmer of SUSE Security found that the Mono System.Xml.Serialization class contained a /tmp race which potentially System.Xml.Serialization class contained a /tmp race which potentially allows local attackers to execute code as the user using the Serialization method. This is tracked by the Mitre CVE ID CVE-2006-5072.
OpenLDAP libldap's strval2strlen() function contained a bug when OpenLDAP libldap's strval2strlen() function contained a bug when processing the authcid string of certain Bind Requests, which could processing the authcid string of certain Bind Requests, which could allow attackers to cause an affected application (especially the OpenLDAP Server) to crash. This is tracked by the Mitre CVE ID CVE- [More...]
The phpMyAdmin package was upgraded to version 2.9.1.1. The phpMyAdmin package was upgraded to version 2.9.1.1. While we usually do not do version upgrades, fixing the occurring security problems of phpMyAdmin got too difficult so we decided to go with the current upstream version. This release includes fixes for the previously not fixed security problems tracked by the Mitre CVE IDs CVE-2006-33 [More...]
Two security problems that have been found in PowerDNS are fixed by this update: Two security problems that have been found in PowerDNS are fixed by this update: CVE-2006-4251: The PowerDNS Recursor can be made to crash by sending malformed questions to it over TCP potentially executing code. CVE-2006-4252: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space and crash.
Two security problem have been found and fixed in the PBX software Two security problem have been found and fixed in the PBX software Asterisk. Asterisk. CVE-2006-5444: Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) as used by Cisco SCCP phones, allows remote attackers to potentially execute arbitrary code via a certain dlen value that passes a signed inte [More...]
MozillaFirefox has been updated to the security update release MozillaFirefox has been updated to the security update release 1.5.0.8, MozillaThunderbird has been updated to 1.5.0.8, and the 1.5.0.8, MozillaThunderbird has been updated to 1.5.0.8, and the Mozilla Seamonkey suite has been updated to 1.0.6 to fix the following security issues. Full details of the security problems can be found on: [More...]