Advisory: SuSE Essential and Critical Security Patch Updates

Find the information you need for your favorite open source distribution .

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-045: freetype2 Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This security update fixes crashes in the PCF handling of freetype2 This security update fixes crashes in the PCF handling of freetype2 which might be used to crash freetype2 using applications or even which might be used to crash freetype2 using applications or even to execude code in them. 2) Solution or Work-Around

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-044: libtiff Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update of libtiff is the result of a source-code audit done by This update of libtiff is the result of a source-code audit done by Tavis Ormandy, Google Security Team. It fixes various bugs that can Tavis Ormandy, Google Security Team. It fixes various bugs that can lead to denial-of-service conditions as well as to remote code execution while parsing a tiff image provided by an attacker. 2) [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-043: apache,apache2 mod_rewrite problem Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The following security problem was fixed in the Apache and Apache 2 The following security problem was fixed in the Apache and Apache 2 web servers: web servers: mod_rewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. Depending on stack alignment this could be used to potentially execute code.

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-042: kernel security problems Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Linux kernel has been updated to fix several security issues. The Linux kernel has been updated to fix several security issues. This advisory refers to kernel updates for SUSE Linux 9.1 - 10.1. For the SUSE Linux Enterprise 9 and 10, Novell Linux Desktop 9, Open Enterprise Server products the kernel update is still in testing and will be released within the next week.

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-041: acroread remote code execution Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Various unspecified security problems have been fixed in Acrobat Various unspecified security problems have been fixed in Acrobat Reader version 7.0.8. Reader version 7.0.8. Adobe does not provide detailed information about the nature of the security problems. Therefore, it is necessary to assume that remote code execution is possible.

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-040: OpenOffice_org remote code execution Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Following security problems were found and fixed in OpenOffice_org: Following security problems were found and fixed in OpenOffice_org: - CVE-2006-2198: A security vulnerability in OpenOffice.org may make it possible toinject basic code into documents which is executed upon loadingof the document. The user will not be asked or notified and themacro will have full access to system resources with c [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-039: kdebase3-kdm information disclosure Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The KDE Display Manager KDM stores the type of the previously used The KDE Display Manager KDM stores the type of the previously used session in the user's home directory. session in the user's home directory. By using a symlink a local attacker could trick kdm into also storing content of files that are normally not accessible by users, like for instance /etc/shadow.

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-038: Opera 9.0 security upgrade Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The web browser Opera has been upgraded to version 9.0 to add lots of The web browser Opera has been upgraded to version 9.0 to add lots of new features, and to fix the following security problem: new features, and to fix the following security problem: - CVE-2006-3198: An integer overflow vulnerability exists in the OperaWeb Browser due to the improper handling of JPEG files. If excessively larg [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-037: freetype2 Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The freetype2 library renders TrueType fonts for open source projects. The freetype2 library renders TrueType fonts for open source projects. More than 900 packages on SUSE Linux use this library. Therefore the More than 900 packages on SUSE Linux use this library. Therefore the integer overflows in this code found by Josh Bressers and Chris Evans might have a high impact on the security of a desk [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-036: mysql remote code execution Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The database server MySQL was updated to fix the following security problems: The database server MySQL was updated to fix the following security problems: - Attackers could read portions of memory by using a user name withtrailing null byte or via COM_TABLE_DUMP command (CVE-2006-1516,CVE-2006-1517). - Attackers could potentially execute arbitrary code by causing abuffer overflow via specially [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-035: various Mozilla browser security problems Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update fixes several security problems in the Mozilla Firefox This update fixes several security problems in the Mozilla Firefox 1.5 browser, Thunderbird 1.5 mail reader and Seamonkey Suite. 1.5 browser, Thunderbird 1.5 mail reader and Seamonkey Suite. It also brings Mozilla Firefox and Thunderbird up to version 1.5.0.4 bugfix level and the Seamonkey Suite to version 1.0.2.

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-034: php4 bugfix update Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In SUSE-SA:2006:031 we announced bugfixes for PHP4. In SUSE-SA:2006:031 we announced bugfixes for PHP4. Unfortunately the patches to fix CVE-2006-2657 contained a bug which made arrays work unreliable or not all and so broke several PHP applications. We have released fixed packages for this problem, as listed below.

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-033: awstats remote code execution Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update fixes remote code execution vulnerabilities in the WWW This update fixes remote code execution vulnerabilities in the WWW statistical analyzer awstats. statistical analyzer awstats. Since back porting awstats fixes is error prone we have upgraded it to upstream version 6.6 which also includes new features. Following security issues were fixed:

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-031: php4,php5 problems Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update fixes the following security issues in the PHP scripting This update fixes the following security issues in the PHP scripting language, both version 4 and 5: language, both version 4 and 5: - Invalid characters in session names were not blocked. - CVE-2006-2657: A bug in zend_hash_del() allowed attackers to preventunsetting of some variables

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-030: PostgreSQL SQL injection attacks Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Two character set encoding related security problems were fixed in the Two character set encoding related security problems were fixed in the PostgreSQL database server: PostgreSQL database server: CVE-2006-2313: Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data. If a client application processed untrusted input without respecting its e [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-029: rug Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

RedCarpet allows the remote administration of systems by running the rc RedCarpet allows the remote administration of systems by running the rc daemon (rcd) on the server side to accept SSL encrypted commands from the daemon (rcd) on the server side to accept SSL encrypted commands from the client. The tool rug is such a client application that can be run from command-line. The client does not ver [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-028: kernel Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Linux kernel has been updated to fix various security problems, The Linux kernel has been updated to fix various security problems, listed below. listed below. Note that some of the updates have already been released end of last week. - AppArmor in SUSE Linux 10.0 and SUSE Linux Enterprise Server 9 SP3

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-027: cron local privilege escalation Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Vixie Cron is the default CRON daemon in all SUSE Linux based Vixie Cron is the default CRON daemon in all SUSE Linux based distributions. distributions. The code in do_command.c in Vixie cron does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-026: foomatic-filters shellcode injection Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A bug in cupsomatic/foomatic-filters that allowed remote printer A bug in cupsomatic/foomatic-filters that allowed remote printer users to execute arbitrary commands with the UID of the printer users to execute arbitrary commands with the UID of the printer daemon has been fixed (CVE-2004-0801). While the same problem was fixed in earlier products, the fix got lost during package upgrade of fooma [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved