SuSE Essential and Critical Security Patch Updates - Page 760

SuSE: 2010-008: acoread Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Specially crafted PDF files could crash acroread. Attackers could Specially crafted PDF files could crash acroread. Attackers could potentially exploit that to execute arbitrary code (CVE-2009-3953, potentially exploit that to execute arbitrary code (CVE-2009-3953, CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957, CVE-2009-3958, CVE-2009-3959, CVE-2009-4324). Acrobat reader was updated [More...]

LinuxSecurity.com Team
Jan 26, 2010

SuSE: 2010-007: Linux kernel Security Update

This update fixes various bugs and some security issues in the SUSE Linux This update fixes various bugs and some security issues in the SUSE Linux Enterprise 10 SP 3 kernel. Enterprise 10 SP 3 kernel. Following security issues were fixed: CVE-2009-4536: drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel handles Ethernet frames that exceed the MTU by processing certain trailin [More...]

LinuxSecurity.com Team
Jan 22, 2010

SuSE: Weekly Summary 2010:001

To avoid flooding mailing lists with SUSE Security Announcements for minor To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Secu [More...]

LinuxSecurity.com Team
Jan 19, 2010

SuSE: 2010-006: krb5 Security Update

Specially crafted AES and RC4 packets could allow unauthenticated Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer underflow that leads to heap memory remote attackers to trigger an integer underflow that leads to heap memory corruption (CVE-2009-4212). Remote attackers could potentially exploit that to execute arbitrary code. openSUSE 11.2 [More...]

LinuxSecurity.com Team
Jan 19, 2010

SuSE: 2010-005: Linux kernel Security Update

The SUSE Linux Enterprise 11 and openSUSE 11.1 Kernel was updated to The SUSE Linux Enterprise 11 and openSUSE 11.1 Kernel was updated to 2.6.27.42 fixing various bugs and security issues. 2.6.27.42 fixing various bugs and security issues. Following security issues were fixed: CVE-2009-4536: A underflow in the e1000 jumbo Ethernet frame handling could be use by link-local remote attackers to cras [More...]

LinuxSecurity.com Team
Jan 15, 2010

SuSE: 2010-004: IBM Java 6 security update Security Update

IBM Java 6 was updated to Service Refresh 7. IBM Java 6 was updated to Service Refresh 7. The following security issues were fixed: CVE-2009-3876 CVE-2009-3877: A vulnerability in the Java Runtime Environment with decoding DER encoded data might allow a remote client to cause the JRE to crash, resulting in a denial of service condition.

LinuxSecurity.com Team
Jan 12, 2010

SuSE: 2010-003: IBM Java 1.4.2 Security Update

IBM Java 1.4.2 was updated to 13 FP3. IBM Java 1.4.2 was updated to 13 FP3. The following security issues were fixed: CVE-2009-3867: A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run l [More...]

LinuxSecurity.com Team
Jan 12, 2010

SuSE: Weekly Summary 2009:020

LinuxSecurity.com Team
Jan 12, 2010

SuSE: 2010-002: IBM Java 5 Security Update

IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs and security issues. and security issues. This included a timezone update to 1.6.9s (with the latest Fiji change). CVE-2009-3876 / CVE-2009-3877: A vulnerability in the Java Runtime Environment with decoding DER encoded data might allow a remote client

LinuxSecurity.com Team
Jan 12, 2010

SuSE: 2010-001: Linux kernel Security Update

The Linux kernel for openSUSE 11.2 was updated to 2.6.31.8 fixing lots of The Linux kernel for openSUSE 11.2 was updated to 2.6.31.8 fixing lots of bugs and several security issues. bugs and several security issues. Following security issues were fixed: CVE-2009-4131: A file overwrite issue on the ext4 filesystem could be used by local attackers that have write access to a filesystem to change/ov [More...]

LinuxSecurity.com Team
Jan 07, 2010

SuSE: 2009-064: Linux kernel Security Update

This update fixes a several security issues and various bugs in the This update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel. SUSE Linux Enterprise 10 SP 2 kernel. Following security issues were fixed: CVE-2009-3939: A sysctl variable of the megaraid_sas driver was world writable, allowing local users to cause a denial of service or potential code e [More...]

LinuxSecurity.com Team
Dec 22, 2009

SuSE: 2009-063: Mozilla Firefox Security Update

The Mozilla Firefox browsers and XUL engines were updated to the The Mozilla Firefox browsers and XUL engines were updated to the current stable releases fixing lots of bugs and various security current stable releases fixing lots of bugs and various security issues. SUSE Linux Enterprise 10 SP2, SP3, SUSE Linux Enterprise 11 and openSUSE 11.2 were updated to Firefox 3.5.6. openSUSE 11.0 and 11.1 [More...]

LinuxSecurity.com Team
Dec 22, 2009

SuSE: 2009-062: Flash Player Security Update

A security update was released for the Adobe Flash Player 10. A security update was released for the Adobe Flash Player 10. Specially crafted Flash (SWF) files can cause overflows in flash-player. Attackers could potentially exploit that to execute arbitrary code. Fixed packages for Adobe Flash Player 9 (the version found in SUSE Linux Enterprise 10, Novell Linux Desktop 9 and openSUSE 11.0) wil [More...]

LinuxSecurity.com Team
Dec 22, 2009

SuSE: 2009-061: Linux kernel Security Update

This update fixes various bugs and some security issues in the SUSE This update fixes various bugs and some security issues in the SUSE Linux Enterprise 10 SP 3 kernel. Linux Enterprise 10 SP 3 kernel. Following security issues were fixed: CVE-2009-3939: A sysctl variable of the megaraid_sas driver was world writable, allowing local users to cause a denial of service or potential code execution.

LinuxSecurity.com Team
Dec 14, 2009

SuSE: 2009-060: Linux Kernel Security Update

The SUSE Linux Enterprise 11 and openSUSE 11.1 Kernel was updated to The SUSE Linux Enterprise 11 and openSUSE 11.1 Kernel was updated to 2.6.27.39 fixing various bugs and security issues. 2.6.27.39 fixing various bugs and security issues. Following security issues have been fixed: CVE-2009-3547: A race condition during pipe open could be used by local attackers to cause a denial of service. (Due [More...]

LinuxSecurity.com Team
Dec 02, 2009

SuSE: 2009-059: bind Security Update

The bind DNS server was updated to close a possible cache poisoning The bind DNS server was updated to close a possible cache poisoning vulnerability which allowed to bypass DNSSEC. vulnerability which allowed to bypass DNSSEC. This problem can only happen after the other spoofing/poisoning mechanisms have been bypassed already (the port and transaction id randomization). Also this can only happe [More...]

LinuxSecurity.com Team
Dec 02, 2009

SuSE: Weekly Summary 2009:019

LinuxSecurity.com Team
Nov 24, 2009

SuSE: 2009-058: Sun Java 6 Security Update

The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues: various security issues: CVE-2009-3866:The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute a [More...]

LinuxSecurity.com Team
Nov 19, 2009

SuSE: 2009-057: openssl Security Update

The TLS/SSLv3 protocol as implemented in openssl prior to this update The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate already sent data to a renegotiated connection. was not able to associate already sent data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For e [More...]

LinuxSecurity.com Team
Nov 18, 2009

SuSE: 2009-056: Linux kernel Security Update

Several security issues and some bugs were fixed in the SUSE Linux Several security issues and some bugs were fixed in the SUSE Linux Enterprise 9 kernel. Enterprise 9 kernel. Following security bugs were fixed: CVE-2009-3547: A race condition in the pipe(2) system call could be used by local attackers to execute code and escalate privileges.

LinuxSecurity.com Team
Nov 16, 2009