SuSE Essential and Critical Security Patch Updates - Page 798

SuSE: 2006-074: Madwifi remote root exploit Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The madwifi-ng Atheros Wireless LAN card driver is subject to The madwifi-ng Atheros Wireless LAN card driver is subject to a remotely exploitable stack buffer overflow, which either code a remotely exploitable stack buffer overflow, which either code execution possibility or at least a denial of service (kernel crash). A physical local attacker (within WLAN range) has to provide an malicious acc [More...]

LinuxSecurity.com Team
Dec 11, 2006

SuSE: 2006-073: mono Security Update

Sebastian Krahmer of SUSE Security found that the Mono Sebastian Krahmer of SUSE Security found that the Mono System.Xml.Serialization class contained a /tmp race which potentially System.Xml.Serialization class contained a /tmp race which potentially allows local attackers to execute code as the user using the Serialization method. This is tracked by the Mitre CVE ID CVE-2006-5072.

LinuxSecurity.com Team
Dec 01, 2006

SuSE: 2006-072: openldap2-client Security Update

OpenLDAP libldap's strval2strlen() function contained a bug when OpenLDAP libldap's strval2strlen() function contained a bug when processing the authcid string of certain Bind Requests, which could processing the authcid string of certain Bind Requests, which could allow attackers to cause an affected application (especially the OpenLDAP Server) to crash. This is tracked by the Mitre CVE ID CVE- [More...]

LinuxSecurity.com Team
Nov 24, 2006

SuSE: 2006-071: phpMyAdmin Security Update

The phpMyAdmin package was upgraded to version 2.9.1.1. The phpMyAdmin package was upgraded to version 2.9.1.1. While we usually do not do version upgrades, fixing the occurring security problems of phpMyAdmin got too difficult so we decided to go with the current upstream version. This release includes fixes for the previously not fixed security problems tracked by the Mitre CVE IDs CVE-2006-33 [More...]

LinuxSecurity.com Team
Nov 24, 2006

SuSE: 2006-070: powerdns denial of service Security Update

Two security problems that have been found in PowerDNS are fixed by this update: Two security problems that have been found in PowerDNS are fixed by this update: CVE-2006-4251: The PowerDNS Recursor can be made to crash by sending malformed questions to it over TCP potentially executing code. CVE-2006-4252: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space and crash.

LinuxSecurity.com Team
Nov 16, 2006

SuSE: 2006-069: asterisk Security Update

Two security problem have been found and fixed in the PBX software Two security problem have been found and fixed in the PBX software Asterisk. Asterisk. CVE-2006-5444: Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) as used by Cisco SCCP phones, allows remote attackers to potentially execute arbitrary code via a certain dlen value that passes a signed inte [More...]

LinuxSecurity.com Team
Nov 16, 2006

SuSE: 2006-068: Mozilla Firefox, Thunderbird, SeaMonkey Security Update

MozillaFirefox has been updated to the security update release MozillaFirefox has been updated to the security update release 1.5.0.8, MozillaThunderbird has been updated to 1.5.0.8, and the 1.5.0.8, MozillaThunderbird has been updated to 1.5.0.8, and the Mozilla Seamonkey suite has been updated to 1.0.6 to fix the following security issues. Full details of the security problems can be found on: [More...]

LinuxSecurity.com Team
Nov 16, 2006

SuSE: 2006-067: php4,php5 Security Update

This update fixes the following security problems in the PHP scripting language: This update fixes the following security problems in the PHP scripting language: - CVE-2006-5465: Various buffer overflows in htmlentities /htmlspecialchars internal routines could be used to crash thePHP interpreter or potentially execute code, depending on the PHPapplication used. 2) Solution or Work-Around

LinuxSecurity.com Team
Nov 15, 2006

SuSE: 2006-066: ImageMagick Security Update

Two security problems were found in the GraphicsMagick tool set which Two security problems were found in the GraphicsMagick tool set which are also present in ImageMagick. are also present in ImageMagick. CVE-2006-5456: Multiple buffer overflows in ImageMagick allowed user-assisted attackers to cause a denial of service and possibly execute execute arbitrary code via (1) a DCM image that is not [More...]

LinuxSecurity.com Team
Nov 14, 2006

SuSE: 2006-065: ethereal Security Update

Various problems have been fixed in the network analyzer Ethereal (now called Various problems have been fixed in the network analyzer Ethereal (now called Wireshark), most of them leading to crashes of the ethereal program. Wireshark), most of them leading to crashes of the ethereal program. CVE-2006-5740: An unspecified vulnerability in the LDAP dissector could be used to crash Ethereal. CVE-2 [More...]

LinuxSecurity.com Team
Nov 14, 2006

SuSE: 2006-064: kernel Security Update

The Linux kernel in our old Linux 2.4 kernel based distributions have The Linux kernel in our old Linux 2.4 kernel based distributions have been updated to fix various security issues and bugs. been updated to fix various security issues and bugs. The bugs tracked by CVE-2006-3468, CVE-2006-2935, and CVE-2006-2444 were already fixed for all other products and announced in SUSE-SA:2006:057 and SUS [More...]

LinuxSecurity.com Team
Nov 10, 2006

SuSE: 2006-063: Qt image handling problems Security Update

Multiple integer overflows have been found in image processing Multiple integer overflows have been found in image processing functions within the Qt class library, used for instance by the web functions within the Qt class library, used for instance by the web browser "konqueror" and its rendering engine "khtml". These problems could potentially lead to heap overflows and code execution or just [More...]

LinuxSecurity.com Team
Oct 25, 2006

SuSE: 2006-062: openssh Security Update

Several security problems were fixed in OpenSSH 4.4 and the bug fixes were Several security problems were fixed in OpenSSH 4.4 and the bug fixes were back ported to the openssh versions in our products. back ported to the openssh versions in our products. - CVE-2006-4924: A denial of service problem has been fixed in OpenSSH which couldbe used to cause lots of CPU consumption on a remote openssh [More...]

LinuxSecurity.com Team
Oct 20, 2006

SuSE: 2006-061: opera Security Update

The web browser Opera has been updated to fix 2 security problems. The web browser Opera has been updated to fix 2 security problems. CVE-2006-4339: Opera was affected by the RSA signature checking problem found in openssl, since it is statically linked against openssl. CVE-2006-4819: A URL tag parsing heap overflow in Opera could be used to potentially execute code. 2) Solution or Work-Around

LinuxSecurity.com Team
Oct 19, 2006

SuSE: 2006-060: clamav security problems Security Update

Two security problems have been found and fixed in the anti virus Two security problems have been found and fixed in the anti virus scan engine "clamav", which could be used by remote attackers scan engine "clamav", which could be used by remote attackers sending prepared E-Mails containing special crafted infected files to potentially execute code. CVE-2006-4182: A problem in dealing with PE (Po [More...]

LinuxSecurity.com Team
Oct 18, 2006

SuSE: 2006-059: php4,php5 Security Update

The ini_restore() method could be exploited to reset options such as The ini_restore() method could be exploited to reset options such as open_basedir when set via the web server config file to their default open_basedir when set via the web server config file to their default value set in php.ini (CVE-2006-4625). Additionally php5 on all products as well as php4 on SLES8 were vulnerable to an in [More...]

LinuxSecurity.com Team
Oct 09, 2006

SuSE: 2006-058: openssl security problems Security Update

Several security problems were found and fixed in the OpenSSL Several security problems were found and fixed in the OpenSSL cryptographic library. cryptographic library. CVE-2006-3738/VU#547300: A Google security audit found a buffer overflow condition within the SSL_get_shared_ciphers() function which has been fixed.

LinuxSecurity.com Team
Sep 28, 2006

SuSE: 2006-057: kernel security problems Security Update

Various security problems were found and fixed in the Linux kernel. Various security problems were found and fixed in the Linux kernel. We have released updates for following distributions: - SUSE Linux Enterprise Server 9 (on September 21st) - SUSE Linux Enterprise 10 (on September 26th) - SUSE Linux 9.2 up to 10.1 (on September 14th) The SUSE Linux Enterprise Server 10 kernel for the S/390 pla [More...]

LinuxSecurity.com Team
Sep 28, 2006

SuSE: 2006-056: gzip Security Update

The gzip tool does not handle some specific values correctly when unpacking The gzip tool does not handle some specific values correctly when unpacking archives. This leads to vulnerabilities like buffer overflows or infinite archives. This leads to vulnerabilities like buffer overflows or infinite loops. Various different programs like mail clients, file explorer, etc. use gzip and if a user can [More...]

LinuxSecurity.com Team
Sep 26, 2006

SuSE: 2006-055: openssl,mozilla-nss RSA signature evasion Security Update

If an RSA key with exponent 3 is used it may be possible to forge a If an RSA key with exponent 3 is used it may be possible to forge a PKCS verify the certificate if they are not checking for excess data PKCS verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature. This problems affects various SSL implementations. This advisory covers th [More...]

LinuxSecurity.com Team
Sep 22, 2006