SuSE Essential and Critical Security Patch Updates - Page 797

SuSE: 2007-017: clamav 0.90 Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The anti-virus scan engine ClamAV was updated to the version 0.90 to The anti-virus scan engine ClamAV was updated to the version 0.90 to fix various bugs including 2 security bugs: fix various bugs including 2 security bugs: CVE-2007-0897: A file descriptor leak in the handling of CAB files can lead to a denial of service attack against the clamd scanner daemon caused by remote attackers.

LinuxSecurity.com Team
Feb 23, 2007

SuSE: 2007-016: samba remote denial of service Security Update

The Samba daemon was affected by a security problem, where a The Samba daemon was affected by a security problem, where a logic error in the deferred open code can lead to an infinite loop logic error in the deferred open code can lead to an infinite loop (CVE-2007-0452). This problem could be used by remote authenticated attackers that have access to the samba daemon.

LinuxSecurity.com Team
Feb 15, 2007

SuSE: 2007-015: AppArmor Security Update

Two new language features have been added to improve the Two new language features have been added to improve the confinement provided to applications executing other applications will confinement provided to applications executing other applications will confined by AppArmor. - Two new execute modifiers: 'P' and 'U' are provided and are flavorsof the existing 'p' and 'u' modifiers but indicate t [More...]

LinuxSecurity.com Team
Feb 15, 2007

SuSE: 2007-014: bind remote denial of service Security Update

Two security problems were fixed in the ISC BIND nameserver Two security problems were fixed in the ISC BIND nameserver version 9.3.4, which are addressed by this advisory: version 9.3.4, which are addressed by this advisory: CVE-2007-0493: If recursion is enabled, a remote attacker can dereference a freed fetch context causing the daemon to abort / crash. CVE-2007-0494: By sending specific DNS [More...]

LinuxSecurity.com Team
Jan 30, 2007

SuSE: 2007-012: squid Security Update

This update fixes a remotely exploitable denial-of-service This update fixes a remotely exploitable denial-of-service bug in squid that can be triggered by using special ftp:// bug in squid that can be triggered by using special ftp:// URLs. (CVE-2007-0247) Additionally the 10.2 package needed a fix for another DoS bug (CVE-2007-0248) and for max_user_ip handling in ntlm_auth.

LinuxSecurity.com Team
Jan 23, 2007

SuSE: 2007-013: xine Security Update

This update fixes several format string bugs that can be exploited remotely This update fixes several format string bugs that can be exploited remotely with user-assistance to execute arbitrary code. with user-assistance to execute arbitrary code. Since SUSE Linux version 10.1 format string bugs are not exploitable anymore. (CVE-2007-0017)2) Solution or Work-Around

LinuxSecurity.com Team
Jan 23, 2007

SuSE: 2007-011: Acrobat Reader 7.0.9 Security Update

The Adobe Acrobat Reader has been updated to version 7.0.9. The Adobe Acrobat Reader has been updated to version 7.0.9. This update also includes following security fixes: CVE-2006-5857: A memory corruption problem was fixed in Adobe Acrobat Reader can potentially lead to code execution. CVE-2007-0044: Universal Cross Site Request Forgery (CSRF) problems

LinuxSecurity.com Team
Jan 22, 2007

SuSE: 2007-010: IBMJava Security Update

Various security problems and bugs have been fixed in the IBMJava Various security problems and bugs have been fixed in the IBMJava JRE and SDK. JRE and SDK. The IBM Java packages were updated to: - IBM Java 1.4.2 to Service Refresh 7. - IBM JAVA 1.3.10 to Service Refresh 10.

LinuxSecurity.com Team
Jan 18, 2007

SuSE: 2007-009: Opera 9.10 Security Update

This update brings the Opera Web browser to version 9.10, including This update brings the Opera Web browser to version 9.10, including fixes for the following 2 security problems: fixes for the following 2 security problems: - CVE-2007-0126: Opera processes a JPEG DHT marker incorrectly, whichcan potentially lead to remote code execution. - CVE-2007-0127: Opera is affected by a typecasting bug [More...]

LinuxSecurity.com Team
Jan 15, 2007

SuSE: 2007-008: XFree86/Xorg Security Update

This update fixes three memory corruptions within the X server which This update fixes three memory corruptions within the X server which could be used by local attackers with access to this display to crash could be used by local attackers with access to this display to crash the X server and potentially execute code. CVE-2006-6101: Integer overflow in the ProcRenderAddGlyphs function in the Ren [More...]

LinuxSecurity.com Team
Jan 12, 2007

SuSE: 2007-007: cacti cmd injection Security Update

A command injection in cmd.php in cacti was fixed, which might have A command injection in cmd.php in cacti was fixed, which might have allowed remote attackers to inject commands and so execute code. allowed remote attackers to inject commands and so execute code. This issue is tracked by the Mitre CVE ID CVE-2006-6799. 2) Solution or Work-Around

LinuxSecurity.com Team
Jan 12, 2007

SuSE: 2007-006: mozilla Security Update

A number of security issues have been fixed in the Mozilla browser A number of security issues have been fixed in the Mozilla browser suite, which could be used by remote attackers to gain privileges, suite, which could be used by remote attackers to gain privileges, access to confidential information or cause denial of service attacks. Since the Mozilla Suite 1.7 branch is no longer maintained t [More...]

LinuxSecurity.com Team
Jan 12, 2007

SuSE: 2007-005: w3m Security Update

A format string problem in w3m -dump / -backend mode could be used A format string problem in w3m -dump / -backend mode could be used by a malicious server to crash w3m or execute code. by a malicious server to crash w3m or execute code. In SUSE Linux 10.1, openSUSE 10.2 and SUSE Linux Enterprise Server and Desktop 10 this problem was not exploitable to execute code due to use of the FORTIFY SOUR [More...]

LinuxSecurity.com Team
Jan 10, 2007

SuSE: 2007-004: krb5 security problems Security Update

Various bugs in the Kerberos5 libraries and tools were fixed which Various bugs in the Kerberos5 libraries and tools were fixed which could be used by remote attackers to crash and potentially execute could be used by remote attackers to crash and potentially execute code in kadmind. - CVE-2006-6144 / MITKRB5-SA-2006-002: the RPC library could call anuninitialized function pointer, which created [More...]

LinuxSecurity.com Team
Jan 10, 2007

SuSE: 2007-003: Sun Java security update Security Update

The SUN Java packages have been upgraded to fix security problems. The SUN Java packages have been upgraded to fix security problems. SUN Java was upgraded on all affected distributions: - The Java 1.3 version to 1.3.1_19 for SUSE Linux Enterprise Server 8. - The Java 1.4 version (also known as Java 2) to 1.4.2_13 for SUSELinux Enterprise Desktop 1, SUSE Linux Enterprise Server 9, SUSE

LinuxSecurity.com Team
Jan 09, 2007

SuSE: 2007-002: mono-web ASP.net sourcecode disclosure Security Update

A security problem was found and fixed in the Mono / C# web server A security problem was found and fixed in the Mono / C# web server implementation. implementation. By appending spaces to URLs attackers could download the source code of ASP.net scripts that would normally get executed by the web server. This issue is tracked by the Mitre CVE ID CVE-2006-6104 and only

LinuxSecurity.com Team
Jan 04, 2007

SuSE: 2007-001: OpenOffice_org WMF buffer overflows Security Update

Security problems were fixed in the WMF and Enhanced WMF handling Security problems were fixed in the WMF and Enhanced WMF handling in OpenOffice_org These could potentially be used to execute code in OpenOffice_org These could potentially be used to execute code or crash OpenOffice when a user could be convinced to open specially crafted document (for instance a document sent by E-mail). This is [More...]

LinuxSecurity.com Team
Jan 04, 2007

SuSE: 2006-080: Mozilla Firefox, Thunderbird Security Update

This security update brings the current set of Mozilla security updates, with This security update brings the current set of Mozilla security updates, with following versions: following versions: - Mozilla Firefox to version 1.5.0.9 for Novell Linux Desktop 9,SUSE Linux Enterprise 10 and SUSE Linux 9.3 up to 10.1. - Mozilla Firefox to version 2.0.0.1 for openSUSE 10.2.

LinuxSecurity.com Team
Dec 29, 2006

SuSE: 2006-079: Linux kernel Security Update

The Linux 2.6 kernel has been updated to fix various security issues. The Linux 2.6 kernel has been updated to fix various security issues. On SUSE Linux Enterprise Server 9 and SUSE Linux Enterprise 10 and their derived products this update also contains various bugfixes. - CVE-2006-4145: A bug within the UDF filesystem that caused machinehangs when truncating files on the filesystemwas fixed.

LinuxSecurity.com Team
Dec 21, 2006

SuSE: 2006-078: clamav 0.88.7 Security Update

The anti virus scan engine ClamAV has been updated to version 0.88.7 The anti virus scan engine ClamAV has been updated to version 0.88.7 to fix various security problems: to fix various security problems: CVE-2006-5874: Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference.

LinuxSecurity.com Team
Dec 18, 2006