SuSE Essential and Critical Security Patch Updates - Page 779
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
The Linux kernel of the SUSE Linux Enterprise 9 products has been The Linux kernel of the SUSE Linux Enterprise 9 products has been updated to fix the security problems list below. updated to fix the security problems list below. This update has already been released for the SUSE Linux Retail products, the Enterprise kernels got delayed due to QA problems. Since SUSE Linux Enterprise Server 8 is [More...]
Damian Put discovered a bug in the UPX decoder used for scanning UPX Damian Put discovered a bug in the UPX decoder used for scanning UPX compressed Windows executables. The bug allows for a heap buffer compressed Windows executables. The bug allows for a heap buffer overflow and may potentially be exploitable to execute arbitrary code. ClamAV has been version updated to version 0.88.4 in order to [More...]
This security update fixes crashes in the PCF handling of freetype2 This security update fixes crashes in the PCF handling of freetype2 which might be used to crash freetype2 using applications or even which might be used to crash freetype2 using applications or even to execude code in them. 2) Solution or Work-Around
This update of libtiff is the result of a source-code audit done by This update of libtiff is the result of a source-code audit done by Tavis Ormandy, Google Security Team. It fixes various bugs that can Tavis Ormandy, Google Security Team. It fixes various bugs that can lead to denial-of-service conditions as well as to remote code execution while parsing a tiff image provided by an attacker. 2) [More...]
The following security problem was fixed in the Apache and Apache 2 The following security problem was fixed in the Apache and Apache 2 web servers: web servers: mod_rewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. Depending on stack alignment this could be used to potentially execute code.
The Linux kernel has been updated to fix several security issues. The Linux kernel has been updated to fix several security issues. This advisory refers to kernel updates for SUSE Linux 9.1 - 10.1. For the SUSE Linux Enterprise 9 and 10, Novell Linux Desktop 9, Open Enterprise Server products the kernel update is still in testing and will be released within the next week.
Various unspecified security problems have been fixed in Acrobat Various unspecified security problems have been fixed in Acrobat Reader version 7.0.8. Reader version 7.0.8. Adobe does not provide detailed information about the nature of the security problems. Therefore, it is necessary to assume that remote code execution is possible.
Following security problems were found and fixed in OpenOffice_org: Following security problems were found and fixed in OpenOffice_org: - CVE-2006-2198: A security vulnerability in OpenOffice.org may make it possible toinject basic code into documents which is executed upon loadingof the document. The user will not be asked or notified and themacro will have full access to system resources with c [More...]
The KDE Display Manager KDM stores the type of the previously used The KDE Display Manager KDM stores the type of the previously used session in the user's home directory. session in the user's home directory. By using a symlink a local attacker could trick kdm into also storing content of files that are normally not accessible by users, like for instance /etc/shadow.
The web browser Opera has been upgraded to version 9.0 to add lots of The web browser Opera has been upgraded to version 9.0 to add lots of new features, and to fix the following security problem: new features, and to fix the following security problem: - CVE-2006-3198: An integer overflow vulnerability exists in the OperaWeb Browser due to the improper handling of JPEG files. If excessively larg [More...]
The freetype2 library renders TrueType fonts for open source projects. The freetype2 library renders TrueType fonts for open source projects. More than 900 packages on SUSE Linux use this library. Therefore the More than 900 packages on SUSE Linux use this library. Therefore the integer overflows in this code found by Josh Bressers and Chris Evans might have a high impact on the security of a desk [More...]
The database server MySQL was updated to fix the following security problems: The database server MySQL was updated to fix the following security problems: - Attackers could read portions of memory by using a user name withtrailing null byte or via COM_TABLE_DUMP command (CVE-2006-1516,CVE-2006-1517). - Attackers could potentially execute arbitrary code by causing abuffer overflow via specially [More...]
This update fixes several security problems in the Mozilla Firefox This update fixes several security problems in the Mozilla Firefox 1.5 browser, Thunderbird 1.5 mail reader and Seamonkey Suite. 1.5 browser, Thunderbird 1.5 mail reader and Seamonkey Suite. It also brings Mozilla Firefox and Thunderbird up to version 1.5.0.4 bugfix level and the Seamonkey Suite to version 1.0.2.
In SUSE-SA:2006:031 we announced bugfixes for PHP4. In SUSE-SA:2006:031 we announced bugfixes for PHP4. Unfortunately the patches to fix CVE-2006-2657 contained a bug which made arrays work unreliable or not all and so broke several PHP applications. We have released fixed packages for this problem, as listed below.
This update fixes remote code execution vulnerabilities in the WWW This update fixes remote code execution vulnerabilities in the WWW statistical analyzer awstats. statistical analyzer awstats. Since back porting awstats fixes is error prone we have upgraded it to upstream version 6.6 which also includes new features. Following security issues were fixed:
The Mail Transfer Agent sendmail has a remote exploitable problem, The Mail Transfer Agent sendmail has a remote exploitable problem, where a specially crafted MIME messages can crash sendmail and block where a specially crafted MIME messages can crash sendmail and block queue processing. This issue is tracked by the Mitre CVE ID CVE-2006-1173 and CERT VU#146718.
This update fixes the following security issues in the PHP scripting This update fixes the following security issues in the PHP scripting language, both version 4 and 5: language, both version 4 and 5: - Invalid characters in session names were not blocked. - CVE-2006-2657: A bug in zend_hash_del() allowed attackers to preventunsetting of some variables
Two character set encoding related security problems were fixed in the Two character set encoding related security problems were fixed in the PostgreSQL database server: PostgreSQL database server: CVE-2006-2313: Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data. If a client application processed untrusted input without respecting its e [More...]
RedCarpet allows the remote administration of systems by running the rc RedCarpet allows the remote administration of systems by running the rc daemon (rcd) on the server side to accept SSL encrypted commands from the daemon (rcd) on the server side to accept SSL encrypted commands from the client. The tool rug is such a client application that can be run from command-line. The client does not ver [More...]
The Linux kernel has been updated to fix various security problems, The Linux kernel has been updated to fix various security problems, listed below. listed below. Note that some of the updates have already been released end of last week. - AppArmor in SUSE Linux 10.0 and SUSE Linux Enterprise Server 9 SP3