SuSE Essential and Critical Security Patch Updates - Page 801

SuSE: 2006-011: heimdal Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Heimdal is a Kerberos 5 implementation from the Royal Institut of Techno- Heimdal is a Kerberos 5 implementation from the Royal Institut of Techno- logy in Stockholm. logy in Stockholm. This update fixes two bugs in heimdal. The first one occurs in the rsh daemon and allows an authenticated malicious user to gain ownership of files that belong to other users (CVE-2006-0582). The second bug affects [More...]

LinuxSecurity.com Team
Feb 24, 2006

SuSE: 2006-010: heimdal Security Update

LinuxSecurity.com Team
Feb 24, 2006

SuSE: 2006-010: CASA remote code execution Security Update

This update fixes a remotely exploitable stack buffer overflow in This update fixes a remotely exploitable stack buffer overflow in the pam_micasa authentication module. the pam_micasa authentication module. Since this module is added to /etc/pam.d/sshd automatically on installation of CASA it was possible for remote attackers to gain root access to any machine with CASA installed.

LinuxSecurity.com Team
Feb 22, 2006

SuSE: 2006-009: gpg,liby2util signature checking problems Security Update

With certain handcraftable signatures GPG was returning a 0 (valid With certain handcraftable signatures GPG was returning a 0 (valid signature) when used on command-line with option --verify. signature) when used on command-line with option --verify. This only affects GPG version 1.4.x, so it only affects SUSE Linux 9.3 and 10.0. Other SUSE Linux versions are not affected. This could make auto [More...]

LinuxSecurity.com Team
Feb 20, 2006

SuSE: 2006-008: openssh Security Update

A problem in the handling of scp in openssh could be used to execute A problem in the handling of scp in openssh could be used to execute commands on remote hosts even using a scp-only configuration. commands on remote hosts even using a scp-only configuration. This requires doing a remote-remote scp and a hostile server. (CVE-2006-0225) On SUSE Linux Enterprise Server 9 the xauth pollution prob [More...]

LinuxSecurity.com Team
Feb 14, 2006

SuSE: 2006-007: binutils,kdelibs3,kdegraphics3,koffice,dia,lyx Security Update

A SUSE specific patch to the GNU linker 'ld' removes redundant RPATH A SUSE specific patch to the GNU linker 'ld' removes redundant RPATH and RUNPATH components when linking binaries. and RUNPATH components when linking binaries. Due to a bug in this routine ld occasionally left empty RPATH components. When running a binary with empty RPATH components the dynamic linker tries to load shared libra [More...]

LinuxSecurity.com Team
Feb 10, 2006

SuSE: 2006-006: kernel remote denial of service Security Update

The Linux kernel on SUSE Linux 10.0 has been updated to The Linux kernel on SUSE Linux 10.0 has been updated to fix following security problems: fix following security problems: - CVE-2006-0454: An extra dst release when ip_options_echo failedwas fixed. This problem could be triggered by remote attackers and can

LinuxSecurity.com Team
Feb 09, 2006

SuSE: 2006-005: nfs-server/rpc.mountd remote code execution Security Update

An remotely exploitable problem exists in the rpc.mountd service in An remotely exploitable problem exists in the rpc.mountd service in the user space NFS server package "nfs-server". the user space NFS server package "nfs-server". Insufficient buffer space supplied to the realpath() function when processing mount requests can lead to a buffer overflow in the rpc.mountd and allows remote attacker [More...]

LinuxSecurity.com Team
Jan 26, 2006

SuSE: 2006-004: phpMyAdmin Security Update

Stefan Esser discovered a bug in in the register_globals emulation Stefan Esser discovered a bug in in the register_globals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code (CVE-2005-4079). Additionally several cross-site-scripting bugs were discovered (CVE- [More...]

LinuxSecurity.com Team
Jan 26, 2006

SuSE: 2006-003: kdelibs3 Security Update

Maksim Orlovich discovered a bug in the JavaScript interpreter used Maksim Orlovich discovered a bug in the JavaScript interpreter used by Konqueror. UTF-8 encoded URLs could lead to a buffer overflow by Konqueror. UTF-8 encoded URLs could lead to a buffer overflow that causes the browser to crash or execute arbitrary code. Attackers could trick users into visiting specially crafted web sites that [More...]

LinuxSecurity.com Team
Jan 20, 2006

SuSE: 2006-002: novell-nrm remote heap overflow Security Update

iDEFENSE reported a security problem with the Novell Remote Manager. iDEFENSE reported a security problem with the Novell Remote Manager. By passing a huge or negative size via a HTTP request header to httpstkd it was possible to corrupt heap memory and so potentially execute code. We have released updated packages for this problem.

LinuxSecurity.com Team
Jan 13, 2006

SuSE: 2006-001: xpdf,kpdf,gpdf,kword Security Update

"infamous41md", Chris Evans and Dirk Mueller discovered multiple "infamous41md", Chris Evans and Dirk Mueller discovered multiple places in xpdf code where integer variables are insufficiently places in xpdf code where integer variables are insufficiently checked for range or overflow. Specially crafted PDF files could lead to executing arbitrary code. Copies of xpdf code are also contained in cu [More...]

LinuxSecurity.com Team
Jan 11, 2006

SuSE: 2005-071: perl integer overflows Security Update

Integer overflows in the format string functionality in Perl allows Integer overflows in the format string functionality in Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap. This requires the attacker to be able [More...]

LinuxSecurity.com Team
Dec 20, 2005

SuSE: 2005-070: openswan,freeswan,ipsec-tools denial of service Security Update

Openswan, Freeswan and raccoon (ipsec-tools) have been updated to fix Openswan, Freeswan and raccoon (ipsec-tools) have been updated to fix crashes in aggressive mode. An attacker might send specially crafted crashes in aggressive mode. An attacker might send specially crafted packets that can crash racoon or Pluto. The ipsec-tools / racoon crashes are tracked by the Mitre CVE ID CVE-2005-3732.

LinuxSecurity.com Team
Dec 20, 2005

SuSE: 2005-069: php4, php5 Security Update

Updated PHP packages fix the following security issues: Updated PHP packages fix the following security issues: - Stefan Esser found out that a bug in parse_str() could lead toactivation of register_globals (CVE-2005-3389) and additionallythat file uploads could overwrite $GLOBALS (CVE-2005-3390) - Bugs in the exif code could lead to a crash (CVE-2005-3353)

LinuxSecurity.com Team
Dec 14, 2005

SuSE: 2005-068: kernel various security and bugfixes Security Update

The Linux kernel was updated to fix several security problems and The Linux kernel was updated to fix several security problems and several bugs, listed below: several bugs, listed below: Security fixes: - CVE-2005-3783: A check in ptrace(2) handling that finds out ifa process is attaching to itself was incorrect and could be usedby a local attacker to crash the machine. (All)

LinuxSecurity.com Team
Dec 14, 2005

SuSE: 2005-067: kernel various security and bugfixes Security Update

This kernel update for SUSE Linux 10.0 contains fixes for XEN, various This kernel update for SUSE Linux 10.0 contains fixes for XEN, various security fixes and bug fixes. security fixes and bug fixes. CVE-200n-nnnn numbers refer to Mitre CVE IDs (http://cve.mitre.org/). This update includes a more recent snapshot of the upcoming XEN 3.0. Many bugs have been fixed. Stability for x86_64 has been [More...]

LinuxSecurity.com Team
Dec 06, 2005

SuSE: 2005-066: phpMyAdmin remote code execution Security Update

The MySQL configuration frontend phpMyAdmin was updated to fix The MySQL configuration frontend phpMyAdmin was updated to fix the following security problems which can be remotely exploited: the following security problems which can be remotely exploited: - Multiple cross-site scripting (XSS) bugs (CVE-2005-3301,CVE-2005-2869, PMASA-2005-5). - Multiple file inclusion vulnerabilities that allowed [More...]

LinuxSecurity.com Team
Nov 18, 2005

SuSE: 2005-065: gdk-pixbuf, gtk2 Security Update

The image loading library of the gdk-pixbug/gtk2 package is vulnerable The image loading library of the gdk-pixbug/gtk2 package is vulnerable to several security-related bugs. This makes every application (mostly to several security-related bugs. This makes every application (mostly GNOME applications) which is linked against this library vulnerable too. A carefully crafted XPM file can be used t [More...]

LinuxSecurity.com Team
Nov 16, 2005

SuSE: 2005-064: pwdutils, shadow Security Update

Thomas Gerisch found that the setuid 'chfn' program contained in the Thomas Gerisch found that the setuid 'chfn' program contained in the pwdutils suite insufficiently checks it's arguments when changing pwdutils suite insufficiently checks it's arguments when changing the GECOS field. This bug leads to a trivially exploitable local privilege escalation that allows users to gain root access. We l [More...]

LinuxSecurity.com Team
Nov 04, 2005