SuSE Essential and Critical Security Patch Updates - Page 777

SuSE: 2007-007: cacti cmd injection Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A command injection in cmd.php in cacti was fixed, which might have A command injection in cmd.php in cacti was fixed, which might have allowed remote attackers to inject commands and so execute code. allowed remote attackers to inject commands and so execute code. This issue is tracked by the Mitre CVE ID CVE-2006-6799. 2) Solution or Work-Around

LinuxSecurity.com Team
Jan 12, 2007

SuSE: 2007-006: mozilla Security Update

A number of security issues have been fixed in the Mozilla browser A number of security issues have been fixed in the Mozilla browser suite, which could be used by remote attackers to gain privileges, suite, which could be used by remote attackers to gain privileges, access to confidential information or cause denial of service attacks. Since the Mozilla Suite 1.7 branch is no longer maintained t [More...]

LinuxSecurity.com Team
Jan 12, 2007

SuSE: 2007-005: w3m Security Update

A format string problem in w3m -dump / -backend mode could be used A format string problem in w3m -dump / -backend mode could be used by a malicious server to crash w3m or execute code. by a malicious server to crash w3m or execute code. In SUSE Linux 10.1, openSUSE 10.2 and SUSE Linux Enterprise Server and Desktop 10 this problem was not exploitable to execute code due to use of the FORTIFY SOUR [More...]

LinuxSecurity.com Team
Jan 10, 2007

SuSE: 2007-004: krb5 security problems Security Update

Various bugs in the Kerberos5 libraries and tools were fixed which Various bugs in the Kerberos5 libraries and tools were fixed which could be used by remote attackers to crash and potentially execute could be used by remote attackers to crash and potentially execute code in kadmind. - CVE-2006-6144 / MITKRB5-SA-2006-002: the RPC library could call anuninitialized function pointer, which created [More...]

LinuxSecurity.com Team
Jan 10, 2007

SuSE: 2007-003: Sun Java security update Security Update

The SUN Java packages have been upgraded to fix security problems. The SUN Java packages have been upgraded to fix security problems. SUN Java was upgraded on all affected distributions: - The Java 1.3 version to 1.3.1_19 for SUSE Linux Enterprise Server 8. - The Java 1.4 version (also known as Java 2) to 1.4.2_13 for SUSELinux Enterprise Desktop 1, SUSE Linux Enterprise Server 9, SUSE

LinuxSecurity.com Team
Jan 09, 2007

SuSE: 2007-002: mono-web ASP.net sourcecode disclosure Security Update

A security problem was found and fixed in the Mono / C# web server A security problem was found and fixed in the Mono / C# web server implementation. implementation. By appending spaces to URLs attackers could download the source code of ASP.net scripts that would normally get executed by the web server. This issue is tracked by the Mitre CVE ID CVE-2006-6104 and only

LinuxSecurity.com Team
Jan 04, 2007

SuSE: 2007-001: OpenOffice_org WMF buffer overflows Security Update

Security problems were fixed in the WMF and Enhanced WMF handling Security problems were fixed in the WMF and Enhanced WMF handling in OpenOffice_org These could potentially be used to execute code in OpenOffice_org These could potentially be used to execute code or crash OpenOffice when a user could be convinced to open specially crafted document (for instance a document sent by E-mail). This is [More...]

LinuxSecurity.com Team
Jan 04, 2007

SuSE: 2006-080: Mozilla Firefox, Thunderbird Security Update

This security update brings the current set of Mozilla security updates, with This security update brings the current set of Mozilla security updates, with following versions: following versions: - Mozilla Firefox to version 1.5.0.9 for Novell Linux Desktop 9,SUSE Linux Enterprise 10 and SUSE Linux 9.3 up to 10.1. - Mozilla Firefox to version 2.0.0.1 for openSUSE 10.2.

LinuxSecurity.com Team
Dec 29, 2006

SuSE: 2006-079: Linux kernel Security Update

The Linux 2.6 kernel has been updated to fix various security issues. The Linux 2.6 kernel has been updated to fix various security issues. On SUSE Linux Enterprise Server 9 and SUSE Linux Enterprise 10 and their derived products this update also contains various bugfixes. - CVE-2006-4145: A bug within the UDF filesystem that caused machinehangs when truncating files on the filesystemwas fixed.

LinuxSecurity.com Team
Dec 21, 2006

SuSE: 2006-078: clamav 0.88.7 Security Update

The anti virus scan engine ClamAV has been updated to version 0.88.7 The anti virus scan engine ClamAV has been updated to version 0.88.7 to fix various security problems: to fix various security problems: CVE-2006-5874: Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference.

LinuxSecurity.com Team
Dec 18, 2006

SuSE: 2006-077: flash-player CRLF injection Security Update

This security update brings the Adobe Flash Player to version 7.0.69. This security update brings the Adobe Flash Player to version 7.0.69. The update fixes the following security problem: The update fixes the following security problem: CVE-2006-5330: CRLF injection vulnerabilities in Adobe Flash Player allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Sp [More...]

LinuxSecurity.com Team
Dec 14, 2006

SuSE: 2006-076: libgsf buffer overflows Security Update

The libgsf library is used by various GNOME programs to handle for The libgsf library is used by various GNOME programs to handle for instance OLE2 data streams. instance OLE2 data streams. Specially crafted OLE documents enabled attackers to use a heap buffer overflow for potentially executing code. This issue is tracked by the Mitre CVE ID CVE-2006-4514.

LinuxSecurity.com Team
Dec 14, 2006

SuSE: 2006-075: gpg Security Update

Two security problems were fixed in the GNU Privacy Guard (GPG). Two security problems were fixed in the GNU Privacy Guard (GPG). - Specially crafted files could overflow a buffer when gpg was usedin interactive mode (CVE-2006-6169). - Specially crafted files could modify a function pointer andcould potentially execute code this way. (CVE-2006-6235).

LinuxSecurity.com Team
Dec 13, 2006

SuSE: 2006-074: Madwifi remote root exploit Security Update

The madwifi-ng Atheros Wireless LAN card driver is subject to The madwifi-ng Atheros Wireless LAN card driver is subject to a remotely exploitable stack buffer overflow, which either code a remotely exploitable stack buffer overflow, which either code execution possibility or at least a denial of service (kernel crash). A physical local attacker (within WLAN range) has to provide an malicious acc [More...]

LinuxSecurity.com Team
Dec 11, 2006

SuSE: 2006-073: mono Security Update

Sebastian Krahmer of SUSE Security found that the Mono Sebastian Krahmer of SUSE Security found that the Mono System.Xml.Serialization class contained a /tmp race which potentially System.Xml.Serialization class contained a /tmp race which potentially allows local attackers to execute code as the user using the Serialization method. This is tracked by the Mitre CVE ID CVE-2006-5072.

LinuxSecurity.com Team
Dec 01, 2006

SuSE: 2006-072: openldap2-client Security Update

OpenLDAP libldap's strval2strlen() function contained a bug when OpenLDAP libldap's strval2strlen() function contained a bug when processing the authcid string of certain Bind Requests, which could processing the authcid string of certain Bind Requests, which could allow attackers to cause an affected application (especially the OpenLDAP Server) to crash. This is tracked by the Mitre CVE ID CVE- [More...]

LinuxSecurity.com Team
Nov 24, 2006

SuSE: 2006-071: phpMyAdmin Security Update

The phpMyAdmin package was upgraded to version 2.9.1.1. The phpMyAdmin package was upgraded to version 2.9.1.1. While we usually do not do version upgrades, fixing the occurring security problems of phpMyAdmin got too difficult so we decided to go with the current upstream version. This release includes fixes for the previously not fixed security problems tracked by the Mitre CVE IDs CVE-2006-33 [More...]

LinuxSecurity.com Team
Nov 24, 2006

SuSE: 2006-070: powerdns denial of service Security Update

Two security problems that have been found in PowerDNS are fixed by this update: Two security problems that have been found in PowerDNS are fixed by this update: CVE-2006-4251: The PowerDNS Recursor can be made to crash by sending malformed questions to it over TCP potentially executing code. CVE-2006-4252: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space and crash.

LinuxSecurity.com Team
Nov 16, 2006

SuSE: 2006-069: asterisk Security Update

Two security problem have been found and fixed in the PBX software Two security problem have been found and fixed in the PBX software Asterisk. Asterisk. CVE-2006-5444: Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) as used by Cisco SCCP phones, allows remote attackers to potentially execute arbitrary code via a certain dlen value that passes a signed inte [More...]

LinuxSecurity.com Team
Nov 16, 2006

SuSE: 2006-068: Mozilla Firefox, Thunderbird, SeaMonkey Security Update

MozillaFirefox has been updated to the security update release MozillaFirefox has been updated to the security update release 1.5.0.8, MozillaThunderbird has been updated to 1.5.0.8, and the 1.5.0.8, MozillaThunderbird has been updated to 1.5.0.8, and the Mozilla Seamonkey suite has been updated to 1.0.6 to fix the following security issues. Full details of the security problems can be found on: [More...]

LinuxSecurity.com Team
Nov 16, 2006