SuSE Essential and Critical Security Patch Updates - Page 782

SuSE: 2005-059: RealPlayer format string problem Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The following security issue in RealPlayer was fixed: The following security issue in RealPlayer was fixed: - A format string bug in the RealPix (.rp) file format parser(CAN-2005-2710). This bug allowed remote attackers to execute arbitrary code by supplying a specially crafted file, e.g via Web page or E-Mail.

LinuxSecurity.com Team
Oct 10, 2005

SuSE: 2005-058: Mozilla,Mozilla Firefox remote code execution Security Update

The web browsers Mozilla and Mozilla Firefox have been updated to The web browsers Mozilla and Mozilla Firefox have been updated to contain fixes for the vulnerabilities fixed in: contain fixes for the vulnerabilities fixed in: - Mozilla browser suite version 1.7.12 - Mozilla Firefox version 1.0.7 The security problems with their corresponding Mitre CVE ID are:

LinuxSecurity.com Team
Sep 30, 2005

SuSE: 2005-057: opera remote script insertion Security Update

This update upgrades the Opera web browser to the 8.50 release. This update upgrades the Opera web browser to the 8.50 release. Besides the changes in 8.50 that are listed in https://help.opera.com/en/latest/ following security problems were fixed: 1. Attached files are opened without any warnings directly from the

LinuxSecurity.com Team
Sep 26, 2005

SuSE: 2005-056: XFree86-server,xorg-x11-server Security Update

The X server memory can be accessed my a malicious X client by exploiting The X server memory can be accessed my a malicious X client by exploiting a missing range check in the function XCreatePixmap(). This bug can probably a missing range check in the function XCreatePixmap(). This bug can probably be used to execute arbitrary code with the privileges of the X server (root). 2) Solution or Work [More...]

LinuxSecurity.com Team
Sep 26, 2005

SuSE: 2005-054: evolution Security Update

Several format string bugs allowed remote attackers to cause Several format string bugs allowed remote attackers to cause evolution to crash or even execute code via full vCard data, contact evolution to crash or even execute code via full vCard data, contact data from remote LDAP servers, task list data from remote servers (CAN-2005-2549) or calendar entries (CAN-2005-2550). 2) Solution or Work- [More...]

LinuxSecurity.com Team
Sep 16, 2005

SuSE: 2005-053: squid Security Update

This update of the Squid web-proxy fixes two remotely exploitable denial This update of the Squid web-proxy fixes two remotely exploitable denial of service vulnerabilities. of service vulnerabilities. One can be triggered by aborting a request (CAN-2005-2794) due to a faulty assertion. The other one occurs in sslConnectTimeout while handling malformated

LinuxSecurity.com Team
Sep 16, 2005

SuSE: 2005-052: apache2 Security Update

PLEASE NOTE: This advisory is a re-release of SUSE-SA:2005:051 with a PLEASE NOTE: This advisory is a re-release of SUSE-SA:2005:051 with a new SA ID because the ID SUSE-SA:2005:051 was already used. new SA ID because the ID SUSE-SA:2005:051 was already used. This update of apache2 fixes an integer overflow in the PCRE quantifier parsing which can be triggered by a local untrusted user by using [More...]

LinuxSecurity.com Team
Sep 16, 2005

SuSE: 2005-051: apache2 Security Update

This update of apache2 fixes an integer overflow in the PCRE quantifier This update of apache2 fixes an integer overflow in the PCRE quantifier parsing which can be triggered by a local untrusted user by using a carefully parsing which can be triggered by a local untrusted user by using a carefully crafted regex in a .htaccess file to execute arbitrary code. (CAN-2005-2491) A memory consumption b [More...]

LinuxSecurity.com Team
Sep 12, 2005

SuSE: 2005-051: php4, php5 remote code execution Security Update

This update fixes the following security issues in the PHP scripting This update fixes the following security issues in the PHP scripting language. language. - Bugs in the PEAR::XML_RPC library allowed remote attackers to passarbitrary PHP code to the eval() function (CAN-2005-1921,CAN-2005-2498).

LinuxSecurity.com Team
Sep 05, 2005

SuSE: 2005-050: kernel multiple security problems Security Update

The Linux kernel was updated to fix the following security issues: The Linux kernel was updated to fix the following security issues: - CAN-2005-2457: A problem in decompression of files on "zisofs" - CAN-2005-2457: A problem in decompression of files on "zisofs" filesystem was fixed. - CAN-2005-2458: A potential buffer overflow in the zlib decompressionhandling in the kernel was fixed.

LinuxSecurity.com Team
Sep 01, 2005

SuSE: 2005-049: php4/php5 Pear::XML_RPC code injection and PCRE integer overflow problems Security Update

LinuxSecurity.com Team
Aug 30, 2005

SuSE: 2005-048: pcre integer overflows Security Update

A vulnerability was found in the PCRE regular expression handling A vulnerability was found in the PCRE regular expression handling library which allows an attacker to crash or overflow a buffer in the library which allows an attacker to crash or overflow a buffer in the program by specifying a special regular expression. Since this library is used in a large number of packages, including apache2 [More...]

LinuxSecurity.com Team
Aug 30, 2005

SuSE: 2005-047: Adobe Reader Plugin buffer overflow Security Update

A buffer overflow was found in the core application plug-in for the A buffer overflow was found in the core application plug-in for the Adobe Reader, that allows attackers to cause a denial of service Adobe Reader, that allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. This is tracked by the Mitre CVE ID CAN-2005-2470. Note that for SU [More...]

LinuxSecurity.com Team
Aug 22, 2005

SuSE: 2005-046: apache, apache2 request smuggling problem Security Update

A security flaw was found in the Apache and Apache2 web servers which A security flaw was found in the Apache and Apache2 web servers which allows remote attacker to "smuggle" requests past filters by providing allows remote attacker to "smuggle" requests past filters by providing handcrafted header entries. Fixed Apache 2 server packages were released on July 26th, fixed Apache 1 server packages [More...]

LinuxSecurity.com Team
Aug 16, 2005

SuSE: 2005-045: Mozilla various security problems Security Update

Various security vulnerabilities in the mozilla browser suite and Various security vulnerabilities in the mozilla browser suite and the Mozilla Firefox browser have been reported and fixed upstream. the Mozilla Firefox browser have been reported and fixed upstream. The Mozilla suite browser has been updated to a security fix level of Mozilla 1.7.11, the Mozilla Firefox browser has been updated t [More...]

LinuxSecurity.com Team
Aug 11, 2005

SuSE: 2005-044: several kernel security problems Security Update

The Linux kernel is the core component of the Linux system. The Linux kernel is the core component of the Linux system. This update fixes various security as well as non-security problems discovered since the last round of kernel updates. Not all kernels are affected by all the problems, each of the problems has an affected note attached to it.

LinuxSecurity.com Team
Aug 04, 2005

SuSE: 2005-043: zlib denial of service Security Update

The previous zlib update for CAN-2005-2096 fixed a flaw in zlib that The previous zlib update for CAN-2005-2096 fixed a flaw in zlib that could allow a carefully crafted compressed stream to crash an could allow a carefully crafted compressed stream to crash an application. While the original patch corrected the reported overflow, Markus Oberhumer discovered additional ways a stream could trigger [More...]

LinuxSecurity.com Team
Jul 28, 2005

SuSE: 2005-042: Acrobat Reader 5 buffer overflow Security Update

This update fixes a buffer overflow in Acrobat Reader versions 5, This update fixes a buffer overflow in Acrobat Reader versions 5, where an attacker could execute code by providing a handcrafted PDF where an attacker could execute code by providing a handcrafted PDF to the viewer. The Acrobat Reader 5 versions of SUSE Linux 9.0 up to 9.2, SUSE Linux Enterprise Server 9 and Novell Linux Desktop 9 [More...]

LinuxSecurity.com Team
Jul 14, 2005

SuSE: 2005-041: php/pear XML RPC remote code execution Security Update

A bug in the PEAR::XML_RPC library allowed remote attackers to A bug in the PEAR::XML_RPC library allowed remote attackers to pass arbitrary PHP code to the eval() function. pass arbitrary PHP code to the eval() function. The updated php packages fix the XML::RPC bug, however several third party PHP packages include a copy of the problematic XML::RPC code itself and might be still vulnerable afte [More...]

LinuxSecurity.com Team
Jul 08, 2005

SuSE: 2005-040: heimdal telnetd remote buffer overflow Security Update

A remote buffer overflow has been fixed in the heimdal / kerberos A remote buffer overflow has been fixed in the heimdal / kerberos telnetd daemon which could lead to a remote user executing code as telnetd daemon which could lead to a remote user executing code as root by overflowing a buffer. This attack requires the use of the kerberized telnetd of the heimdal suite, which is not used by defau [More...]

LinuxSecurity.com Team
Jul 06, 2005