SuSE Essential and Critical Security Patch Updates - Page 804

SuSE: 2005-023: php remote denial of service Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update fixes the following security issues in the PHP scripting This update fixes the following security issues in the PHP scripting language: language: - A bug in getimagesize() EXIF handling which could lead to a denial of service attack. This is tracked by the Mitre CVE IDs CAN-2005-0524 and CAN-2005-0525.

LinuxSecurity.com Team
Apr 15, 2005

SuSE: 2005-022: various KDE security problems Security Update

Several vulnerabilities have been identified and fixed in the KDE Several vulnerabilities have been identified and fixed in the KDE desktop environment. desktop environment. - A buffer overflow via specially crafted PCX pictures was fixed. This could lead to a remote attacker being able to execute code as the user opening or viewing a PCX images. This PCX image could

LinuxSecurity.com Team
Apr 11, 2005

SuSE: 2005-021: kernel local privilege escalation Security Update

This Linux kernel security update fixes a problem within the Bluetooth This Linux kernel security update fixes a problem within the Bluetooth kernel stack which can be used by a local attacker to gain root access or kernel stack which can be used by a local attacker to gain root access or crash the machine.To exploit this problem, the Bluetooth modules do not need to be loaded since they are [More...]

LinuxSecurity.com Team
Apr 04, 2005

SuSE: 2005-020: ipsec-tools remote denial of service Security Update

Racoon is a ISAKMP key management daemon used in IPsec setups. Racoon is a ISAKMP key management daemon used in IPsec setups. Sebastian Krahmer of the SUSE Security Team audited the daemon and found that it handles certain ISAKMP messages in a slightly wrong way, so that remote attackers can crash it via malformed ISAKMP packages.This update fixes this problem.

LinuxSecurity.com Team
Mar 31, 2005

SuSE: 2005-019: MySQL vulnerabilities Security Update

MySQL is an Open Source database server, commonly used together with MySQL is an Open Source database server, commonly used together with web services provided by PHP scripts or similar. web services provided by PHP scripts or similar. This security update fixes a broken mysqlhotcopy script as well as several security related bugs:- CAN-2005-0709: MySQL allowed remote authenticated users wi [More...]

LinuxSecurity.com Team
Mar 24, 2005

SuSE: 2005-018: several kernel security problems Security Update

The Linux kernel is the core component of the Linux system. The Linux kernel is the core component of the Linux system. Several vulnerabilities were reported in the last few weeks which are fixed by this update.Not all kernels are affected by all the problems, each of the problems has an affected note attached to it.

LinuxSecurity.com Team
Mar 24, 2005

SuSE: 2005-017: ImageMagick problems Security Update

This update fixes several security issues in the ImageMagick program suite: This update fixes several security issues in the ImageMagick program suite: - A format string vulnerability was found in the display program which could lead to a remote attacker being to able to execute code as the user running display by providing handcrafted filenames of images. This is tracked by the Mitre CVE ID C [More...]

LinuxSecurity.com Team
Mar 23, 2005

SuSE: 2005-016: multiple Mozilla Firefox vulnerabilities Security Update

This security update for Mozilla Firefox fixes following problems: This security update for Mozilla Firefox fixes following problems: - CAN-2005-0231: "Fire tabbing" The javascript security manager usually prevents that a javascript: URL from one host is opened in a window displaying content from another host. But when the link is dropped to a tab, the security manager does not kick in.

LinuxSecurity.com Team
Mar 16, 2005

SuSE: 2005-015: openslp Security Update

The SUSE Security Team reviewed critical parts of the OpenSLP package, The SUSE Security Team reviewed critical parts of the OpenSLP package, an open source implementation of the Service Location Protocol (SLP). an open source implementation of the Service Location Protocol (SLP). SLP is used by Desktops to locate certain services such as printers and by servers to announce their services. [More...]

LinuxSecurity.com Team
Mar 14, 2005

SuSE: 2005-014: RealPlayer remote buffer overflow Security Update

Two security problems were found in the media player RealPlayer: Two security problems were found in the media player RealPlayer: - CAN-2005-0455: A buffer overflow in the handling of .smil files. - CAN-2005-0611: A buffer overflow in the handling of .wav files. Both buffer overflows can be exploited remotely by providing URLs opened by RealPlayer.

LinuxSecurity.com Team
Mar 09, 2005

SuSE: 2005-013: cyrus-sasl remote code execution Security Update

cyrus-sasl is a library providing authentication services. cyrus-sasl is a library providing authentication services. A buffer overflow in the digestmda5 code was identified that could lead to a remote attacker executing code in the context of the service using sasl authentication.This is tracked by the Mitre CVE ID CAN-2005-0373.

LinuxSecurity.com Team
Mar 03, 2005

SuSE: 2005-012: uw-imap authentication bypass Security Update

The University of Washington imap daemon can be used to access mails The University of Washington imap daemon can be used to access mails remotely using the IMAP protocol. remotely using the IMAP protocol. This update fixes a logical error in the challenge response authentication mechanism CRAM-MD5 used by UW IMAP. Due to this mistake a remote attacker can gain access to the IMAP server as [More...]

LinuxSecurity.com Team
Mar 01, 2005

SuSE: 2005-011: curl buffer overflow in NTLM authentication Security Update

This email address is being protected from spambots. You need JavaScript enabled to view it. reported a vulnerability in libcurl, the This email address is being protected from spambots. You need JavaScript enabled to view it. reported a vulnerability in libcurl, the HTTP/FTP retrieval library. This library is used by lots of programs, HTTP/FTP retrieval library. This library is used by lots of programs, including YaST2 and PHP4.The NTLM authorization in curl had a buffer overflow in the base64 decoding which allows a remote a [More...]

LinuxSecurity.com Team
Feb 28, 2005

SuSE: 2005-010: kernel / nvidia bugfix update Security Update

The previous kernel security update for the SUSE Linux 9.1 The previous kernel security update for the SUSE Linux 9.1 and the SUSE Linux Enterprise Server 9 based products caused and the SUSE Linux Enterprise Server 9 based products caused problems with the NVidia driver for users with NVidia graphics cards. Stricter checking in the memory management functions in the kernel caused the kerne [More...]

LinuxSecurity.com Team
Feb 25, 2005

SuSE: 2005-009: cyrus-imapd buffer overflows Security Update

This update fixes one-byte buffer overruns in the cyrus-imapd IMAP This update fixes one-byte buffer overruns in the cyrus-imapd IMAP server package. server package. Several overruns were fixed in the IMAP annote extension as well as in cached header handling which can be run by an authenticated user.Additionally bounds checking in fetchnews was improved to avoid

LinuxSecurity.com Team
Feb 24, 2005

SuSE: 2005-008: squid remote denial of service Security Update

Squid is an Open Source web proxy. Squid is an Open Source web proxy. A remote attacker was potentially able to crash the Squid web proxy if the log_fqdn option was set to "on" and the DNS replies were manipulated.This is tracked by the Mitre CVE ID CAN-2005-0446.

LinuxSecurity.com Team
Feb 22, 2005

SuSE: 2005-006: mailman remote file disclosure Security Update

Mailman is a flexible mailing list management tool. It provides Mailman is a flexible mailing list management tool. It provides mail controlled subscription front ends and also includes CGI scripts mail controlled subscription front ends and also includes CGI scripts to handle subscription, moderation and archive retrieval and other options.Due to incomplete input validation the "private" CG [More...]

LinuxSecurity.com Team
Feb 14, 2005

SuSE: 2005-006: squid Security Update

Squid is a feature-rich web-proxy with support for various web-related Squid is a feature-rich web-proxy with support for various web-related protocols. protocols. The last two squid updates from February the 1st and 10th fix several vulnerabilities. The impact of them range from remote denial-of-service over cache poisoning to possible remote command execution. Due to the hugh amount of b [More...]

LinuxSecurity.com Team
Feb 10, 2005

SuSE: 2005-005: kernel bugfixes and SP1 merge Security Update

The linux kernel is the core of the SUSE Linux based products. The linux kernel is the core of the SUSE Linux based products. Two weeks ago we released the Service Pack 1 for our SUSE Linux Enterprise Server 9 product. Due to the strict code freeze we were not able to merge all the security fixes from the last kernel update on Jan23rd (SUSE-SA:2005:003) into this kernel.This update merges t [More...]

LinuxSecurity.com Team
Feb 04, 2005

SuSE: 2005-004: Realplayer 8 Security Update

RealPlayer is a combined audio and video player for RealMedia formatted RealPlayer is a combined audio and video player for RealMedia formatted streaming data. These formats are very common throughout the Internet. eEye Security in October 2004 discovered a flaw in the .rm RealMovie stream handling routines which allows a remote attacker to exploit an integer overflow vulnerability using a speci [More...]

LinuxSecurity.com Team
Jan 24, 2005