SuSE Essential and Critical Security Patch Updates - Page 765

SuSE: 2008-041: openwsman Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The openwsman project provides an implementation of the Web Service The openwsman project provides an implementation of the Web Service Management specification. Management specification. The SuSE Security-Team has found two critical issues in the code: - two remote buffer overflows while decoding the HTTP basic authenticationheader (CVE-2008-2234) - a possible SSL session replay attack affectin [More...]

LinuxSecurity.com Team
Aug 14, 2008

SuSE: 2008-040: postfix Security Update

Postfix is a well known MTA. Postfix is a well known MTA. During a source code audit the SuSE Security-Team discovered a local During a source code audit the SuSE Security-Team discovered a local privilege escalation bug (CVE-2008-2936) as well as a mailbox ownership problem (CVE-2008-2937) in postfix. The first bug allowed local users to execute arbitrary commands as root while the second one al [More...]

LinuxSecurity.com Team
Aug 14, 2008

SuSE: Weekly Summary 2008:016

To avoid flooding mailing lists with SUSE Security Announcements for minor To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Secu [More...]

LinuxSecurity.com Team
Aug 08, 2008

SuSE: 2008-039: net-snmp Security Update

The net-snmp daemon implements the "simple network management protocol". The net-snmp daemon implements the "simple network management protocol". The version 3 of SNMP as implemented in net-snmp uses the length of the The version 3 of SNMP as implemented in net-snmp uses the length of the HMAC in a packet to verify against a local HMAC for authentication. An attacker can therefore send a SNMPv3 pa [More...]

LinuxSecurity.com Team
Aug 01, 2008

SuSE: 2008-033: bind Security Update

The bind daemon is responsible for resolving hostnames in IP addresses and The bind daemon is responsible for resolving hostnames in IP addresses and vice versa. vice versa. The new version of bind uses a random transaction-ID (TRXID) and a random UDP source-port for DNS queries to address DNS cache poisoning attacks possible because of the "birthday paradox" and an attack discovered by Dan Kamins [More...]

LinuxSecurity.com Team
Jul 11, 2008

SuSE: 2008-023: OpenOffice_org Security Update

This update of OpenOffice fixes various critical security vulnerabilities This update of OpenOffice fixes various critical security vulnerabilities - heap-overflow when parsing PPT files (CVE-2008-0320) - heap-overflow when parsing PPT files (CVE-2008-0320) - various buffer-overflows while parsing QPRO files (CVE-2007-5745,CVE-2007-5747) (NLD9 not affected) - integer overflow while parsing EM [More...]

LinuxSecurity.com Team
Apr 18, 2008

SuSE: 2008-016: krb5 Security Update

The krb5 package is the implementation of the Kerberos protocol suite The krb5 package is the implementation of the Kerberos protocol suite from MIT. from MIT. This update fixes three vulnerabilities, two of them are only possible if krb4 support is enabled: - CVE-2008-0062:null/dangling pointer (krb4) - CVE-2008-0063:operations on uninitialized buffer content, possible information leak (krb4)

LinuxSecurity.com Team
Mar 19, 2008

SuSE: 2008-014: evolution Security Update

Evolution is a personal information manager (PIM) and workgroup information Evolution is a personal information manager (PIM) and workgroup information management software. management software. The function emf_multipart_encrypted() that is used to process encrypted messages is vulnerable to format-string bugs. This bug can be abused by a remote attacker to execute arbitrary code by sending a cra [More...]

LinuxSecurity.com Team
Mar 14, 2008

SuSE: 2008-012: cups Security Update

CUPS is the default printer system on SUSE Linux. CUPS is the default printer system on SUSE Linux. The current security update of cups fixes a double-free bug in the function process_browse_data() that can lead to a remote denial-of-service by crash- ing cupsd or possibly to a remote code execution (CVE-2008-0882). The bug can only be exploited if cupsd listens to 631/udp by crafted UDP Browse p [More...]

LinuxSecurity.com Team
Mar 06, 2008

SuSE: 2008-003: Xorg and XFree Security Update

The X windows system is vulnerable to several kind of vulner- The X windows system is vulnerable to several kind of vulner- abilities that are caused due to insufficient input validation. abilities that are caused due to insufficient input validation. The bugs range from crashing the X server to executing arbitrary code with the privilges of the X server process. For a successful attack the oppo [More...]

LinuxSecurity.com Team
Jan 17, 2008

SuSE: 2007-068: samba Security Update

The Samba suite is an open-source implementatin of the SMB protocol. The Samba suite is an open-source implementatin of the SMB protocol. This update of samba fixes a buffer overflow in function send_mailslot() This update of samba fixes a buffer overflow in function send_mailslot() that allows remote attackers to overwrite the stack with 0 (via memset(3)) by sending specially crafted SAMLOGON pac [More...]

LinuxSecurity.com Team
Dec 12, 2007

SuSE: 2007-065: samba Security Update

The samba-suite is an open-source implementation of the SMB protocol. The samba-suite is an open-source implementation of the SMB protocol. CVE-2007-5398: Secunia Research has reported a bug in function reply_netbios_packet() that allowed remote attackers to execute arbitrary code by sending specially crafted WINS "Name Registration" requests followed by a WINS "Name Query" request packet.

LinuxSecurity.com Team
Dec 05, 2007

SuSE: 2007-060: xpdf and more Security Update

Secunia Research reported three security bugs in xpdf. Secunia Research reported three security bugs in xpdf. The first problem occurs while indexing an array in DCTStream:: The first problem occurs while indexing an array in DCTStream:: readProgressiveDataUnit() and is tracked by CVE-2007-4352. Another method in the same class named reset() is vulnerable to an integer overflow which leads to an o [More...]

LinuxSecurity.com Team
Nov 14, 2007

SuSE: 2007-050: Opera Security Update

The Opera web-browser allows an attacker to execute arbitrary code by The Opera web-browser allows an attacker to execute arbitrary code by providing an invalid pointer to a virtual function in JavaScript. providing an invalid pointer to a virtual function in JavaScript. This bug can be exploited automatically when a user visits a web-site that contains the attacker's JavaScript code. 2) Solution [More...]

LinuxSecurity.com Team
Aug 30, 2007

SuSE: 2007-036: Mozilla Firefox, Thunderbird, Seamonkey Security Update

Various Mozilla family browsers have been updated to their current Various Mozilla family browsers have been updated to their current security release versions. security release versions. The Mozilla Seamonkey suite was brought to security update version 1.0.9. The Mozilla Firefox browser was brought to security update version

LinuxSecurity.com Team
Jun 27, 2007

SuSE: 2007-035: Linux kernel Security Update

This kernel update fixes the following security problems in our SUSE This kernel update fixes the following security problems in our SUSE Linux Enterprise Server 9, Novell Linux Desktop 9 and Open Enterprise Linux Enterprise Server 9, Novell Linux Desktop 9 and Open Enterprise Server kernels. - CVE-2006-2936: The ftdi_sio driver allowed local users to cause adenial of service (memory consumption) [More...]

LinuxSecurity.com Team
Jun 14, 2007

SuSE: 2007-034: asterisk Security Update

The Open Source PBX software Asterisk was updated The Open Source PBX software Asterisk was updated to fix several security related bugs that allowed attackers to remotely to fix several security related bugs that allowed attackers to remotely crash asterisk or cause information leaks: - CVE-2007-1306: Asterisk allowed remote attackers to cause a denialof service (crash) by sending a Session Init [More...]

LinuxSecurity.com Team
Jun 06, 2007

SuSE: 2007-033: clamav 0.90.3 Security Update

The anti-virus scan engine ClamAV was upgraded to version 0.90.3 to The anti-virus scan engine ClamAV was upgraded to version 0.90.3 to fix several security bugs: fix several security bugs: - Wrong calculation of buffer-end (CVE-2007-3023) - Use strict permissions for temporary files (CVE-2007-3024) - Heap corruption causing denial-of-service with corrupted rar archive(no CVE assigned at this tim [More...]

LinuxSecurity.com Team
Jun 06, 2007

SuSE: 2007-032: php4,php5 security problems Security Update

Numerous numerous vulnerabilities have been fixed in PHP. Numerous numerous vulnerabilities have been fixed in PHP. Most of them were made public during the "Month of PHP Bugs" project by Stefan Esser and we thank Stefan for his reports. The vulnerabilities potentially lead to crashes, information leaks or even execution of malicious code.

LinuxSecurity.com Team
May 23, 2007

SuSE: 2007-031: samba security problems Security Update

The Samba server was affected by several security problems which have The Samba server was affected by several security problems which have been fixed. been fixed. Following security problems were fixed: CVE-2007-2446: Specially crafted MS-RPC packets could overwrite heap memory and therefore could potentially be exploited to execute code.

LinuxSecurity.com Team
May 22, 2007