SuSE Essential and Critical Security Patch Updates - Page 803

SuSE: 2005-041: php/pear XML RPC remote code execution Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A bug in the PEAR::XML_RPC library allowed remote attackers to A bug in the PEAR::XML_RPC library allowed remote attackers to pass arbitrary PHP code to the eval() function. pass arbitrary PHP code to the eval() function. The updated php packages fix the XML::RPC bug, however several third party PHP packages include a copy of the problematic XML::RPC code itself and might be still vulnerable afte [More...]

LinuxSecurity.com Team
Jul 08, 2005

SuSE: 2005-040: heimdal telnetd remote buffer overflow Security Update

A remote buffer overflow has been fixed in the heimdal / kerberos A remote buffer overflow has been fixed in the heimdal / kerberos telnetd daemon which could lead to a remote user executing code as telnetd daemon which could lead to a remote user executing code as root by overflowing a buffer. This attack requires the use of the kerberized telnetd of the heimdal suite, which is not used by defau [More...]

LinuxSecurity.com Team
Jul 06, 2005

SuSE: 2005-039: zlib denial of service attack Security Update

A denial of service condition was fixed in the zlib library. A denial of service condition was fixed in the zlib library. Any program using zlib to decompress data can be crashed by a specially handcrafted invalid data stream. This includes web browsers or email programs able to view PNG images (which are compressed by zlib), allowing remote attackers to crash browser sessions or potentially anti [More...]

LinuxSecurity.com Team
Jul 06, 2005

SuSE: 2005-038: clamav: multiple security and other bugfixes Security Update

This security update upgrades the Clamav virus scan engine to This security update upgrades the Clamav virus scan engine to the version 0.68.1. the version 0.68.1. Among other bugfixes and improvements, this update fixes a bug in the Quantum decompressor routines that can be used for a remote denial of service attack against clamd.

LinuxSecurity.com Team
Jun 29, 2005

SuSE: 2005-037: RealPlayer remote buffer overflow Security Update

Various security problems were found in RealPlayer that allow a remote Various security problems were found in RealPlayer that allow a remote attacker to execute code in the local player by providing handcrafted attacker to execute code in the local player by providing handcrafted files. See https://www.real.com/ too. The following security bugs are listed:

LinuxSecurity.com Team
Jun 27, 2005

SuSE: 2005-036: sudo Security Update

Sudo(8) allows the execution of commands as another user and gives the Sudo(8) allows the execution of commands as another user and gives the administrator more flexibility than su(1). administrator more flexibility than su(1). A race condition in the pathname handling of sudo may allow a local user to execute arbitrary commands. To exploit this bug some conditions need to be fulfilled. The attack [More...]

LinuxSecurity.com Team
Jun 24, 2005

SuSE: 2005-035: razor-agents denial of service attack Security Update

Several bugs were fixed in Vipuls Razor spam detection framework. Several bugs were fixed in Vipuls Razor spam detection framework. These bugs could lead to remote denial-of-service conditions due to processing malformed messages and possible stepping into infinite loops. 2) Solution or Work-Around

LinuxSecurity.com Team
Jun 23, 2005

SuSE: 2005-034: opera various problems Security Update

The web browser Opera has been updated to version 8.01 to fix various The web browser Opera has been updated to version 8.01 to fix various security-related bugs. security-related bugs. * Fixed XMLHttpRequest redirect vulnerability reported in Secunia Advisory 15008. * Fixed cross-site scripting vulnerability reported in Secunia Advisory 15411.

LinuxSecurity.com Team
Jun 22, 2005

SuSE: 2005-033: spamassassin remote denial of service Security Update

The anti spam tool SpamAssassin was prone to a denial-of-service The anti spam tool SpamAssassin was prone to a denial-of-service attack. A remote attacker could craft a MIME E-Mail message that attack. A remote attacker could craft a MIME E-Mail message that would waste a lot of CPU cycles parsing the Content-Type header. This is tracked by the Mitre CVE ID CAN-2005-1266. Only SUSE Linux 9.2 an [More...]

LinuxSecurity.com Team
Jun 22, 2005

SuSE: 2005-032: SUN Java security problems Security Update

Two security bugs in the SUN Java implementation have been fixed. Two security bugs in the SUN Java implementation have been fixed. Java Web Start can be exploited remotely due to an error in input validation of tags in JNLP files, so an attacker can pass arbitrary command-line options to the virtual machine to disable the sandbox and get access to files. This is tracked by the Mitre CVE ID CAN- [More...]

LinuxSecurity.com Team
Jun 22, 2005

SuSE: 2005-031: Opera various problems Security Update

The commercial web browser Opera has been updated to the 8.0 version, The commercial web browser Opera has been updated to the 8.0 version, fixing all currently known security problems, including: fixing all currently known security problems, including: - CAN-2005-0235: IDN cloaking / homograph attack allows easy spoofing of domain names. - CAN-2005-0456: Opera did not validate base64 encoded bi [More...]

LinuxSecurity.com Team
Jun 15, 2005

SuSE: 2005-030: Mozilla Firefox various problems Security Update

This update upgrades Mozilla Firefox to version 1.0.4, fixing the This update upgrades Mozilla Firefox to version 1.0.4, fixing the following security problems: following security problems: MFSA 2005-42: A problem in the install confirmation dialog together with a bad fix for MFSA 2005-41 allowed a remote attacker to execute arbitrary code with the help of a cross site scripting problem on the Mo [More...]

LinuxSecurity.com Team
Jun 09, 2005

SuSE: 2005-029: several kernel security problems Security Update

The Linux kernel is the core component of the Linux system. The Linux kernel is the core component of the Linux system. This update fixes various security as well as non-security problems discovered since the last round of kernel updates. Not all kernels are affected by all the problems, each of the problems has an affected note attached to it.

LinuxSecurity.com Team
Jun 09, 2005

SuSE: 2005-028: Mozilla Firefox, Mozilla various security problems Security Update

Several problems have been fixed with the security update releases Several problems have been fixed with the security update releases of the Mozilla Firefox 1.0.3 web browser and the Mozilla Suite 1.7.7. of the Mozilla Firefox 1.0.3 web browser and the Mozilla Suite 1.7.7. This security update contains those security fixes. The Firefox packages have been directly upgraded to the version 1.0 [More...]

LinuxSecurity.com Team
Apr 27, 2005

SuSE: PostgreSQL buffer overflow problems (SUSE-SA-2005:027) Security Update

Several problems were identified and fixed in the PostgreSQL Several problems were identified and fixed in the PostgreSQL database server. database server. Multiple buffer overflows in the low level parsing routines may allow attackers to execute arbitrary code via:(1) a large number of variables in a SQL statement being handled by

LinuxSecurity.com Team
Apr 20, 2005

SuSE: 2005-026: RealPlayer buffer overflow in RAM file handling Security Update

This update fixes a security issue within the RealPlayer media player. This update fixes a security issue within the RealPlayer media player. A remote attacker could craft a special .RAM (Real Audio Media) file which would cause a buffer overflow when played within RealPlayer.This is the Real Player Update as referenced on this page:https://www.real.com/

LinuxSecurity.com Team
Apr 20, 2005

SuSE: 2005-025: OpenOffice heap overflow problem Security Update

This security update fixes a buffer overflow in OpenOffice_org This security update fixes a buffer overflow in OpenOffice_org Microsoft Word document reader which could allow a remote attacker Microsoft Word document reader which could allow a remote attacker sending a handcrafted .doc file to execute code as the user opening the document in OpenOffice.This is tracked by the Mitre CVE ID CAN [More...]

LinuxSecurity.com Team
Apr 19, 2005

SuSE: 2005-024: cvs Security Update

The Concurrent Versions System (CVS) offers tools which allow developers The Concurrent Versions System (CVS) offers tools which allow developers to share and maintain large software projects. to share and maintain large software projects. The current maintainer of CVS reported various problems within CVS such as a buffer overflow and memory access problems which have been fixed within the a [More...]

LinuxSecurity.com Team
Apr 18, 2005

SuSE: 2005-023: php remote denial of service Security Update

This update fixes the following security issues in the PHP scripting This update fixes the following security issues in the PHP scripting language: language: - A bug in getimagesize() EXIF handling which could lead to a denial of service attack. This is tracked by the Mitre CVE IDs CAN-2005-0524 and CAN-2005-0525.

LinuxSecurity.com Team
Apr 15, 2005

SuSE: 2005-022: various KDE security problems Security Update

Several vulnerabilities have been identified and fixed in the KDE Several vulnerabilities have been identified and fixed in the KDE desktop environment. desktop environment. - A buffer overflow via specially crafted PCX pictures was fixed. This could lead to a remote attacker being able to execute code as the user opening or viewing a PCX images. This PCX image could

LinuxSecurity.com Team
Apr 11, 2005