SuSE Essential and Critical Security Patch Updates - Page 766
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
This update fixes a remotely exploitable denial-of-service This update fixes a remotely exploitable denial-of-service bug in squid that can be triggered by using special ftp:// bug in squid that can be triggered by using special ftp:// URLs. (CVE-2007-0247) Additionally the 10.2 package needed a fix for another DoS bug (CVE-2007-0248) and for max_user_ip handling in ntlm_auth.
This update fixes several format string bugs that can be exploited remotely This update fixes several format string bugs that can be exploited remotely with user-assistance to execute arbitrary code. with user-assistance to execute arbitrary code. Since SUSE Linux version 10.1 format string bugs are not exploitable anymore. (CVE-2007-0017)2) Solution or Work-Around
The Adobe Acrobat Reader has been updated to version 7.0.9. The Adobe Acrobat Reader has been updated to version 7.0.9. This update also includes following security fixes: CVE-2006-5857: A memory corruption problem was fixed in Adobe Acrobat Reader can potentially lead to code execution. CVE-2007-0044: Universal Cross Site Request Forgery (CSRF) problems
Various security problems and bugs have been fixed in the IBMJava Various security problems and bugs have been fixed in the IBMJava JRE and SDK. JRE and SDK. The IBM Java packages were updated to: - IBM Java 1.4.2 to Service Refresh 7. - IBM JAVA 1.3.10 to Service Refresh 10.
This update brings the Opera Web browser to version 9.10, including This update brings the Opera Web browser to version 9.10, including fixes for the following 2 security problems: fixes for the following 2 security problems: - CVE-2007-0126: Opera processes a JPEG DHT marker incorrectly, whichcan potentially lead to remote code execution. - CVE-2007-0127: Opera is affected by a typecasting bug [More...]
This update fixes three memory corruptions within the X server which This update fixes three memory corruptions within the X server which could be used by local attackers with access to this display to crash could be used by local attackers with access to this display to crash the X server and potentially execute code. CVE-2006-6101: Integer overflow in the ProcRenderAddGlyphs function in the Ren [More...]
A command injection in cmd.php in cacti was fixed, which might have A command injection in cmd.php in cacti was fixed, which might have allowed remote attackers to inject commands and so execute code. allowed remote attackers to inject commands and so execute code. This issue is tracked by the Mitre CVE ID CVE-2006-6799. 2) Solution or Work-Around
A number of security issues have been fixed in the Mozilla browser A number of security issues have been fixed in the Mozilla browser suite, which could be used by remote attackers to gain privileges, suite, which could be used by remote attackers to gain privileges, access to confidential information or cause denial of service attacks. Since the Mozilla Suite 1.7 branch is no longer maintained t [More...]
A format string problem in w3m -dump / -backend mode could be used A format string problem in w3m -dump / -backend mode could be used by a malicious server to crash w3m or execute code. by a malicious server to crash w3m or execute code. In SUSE Linux 10.1, openSUSE 10.2 and SUSE Linux Enterprise Server and Desktop 10 this problem was not exploitable to execute code due to use of the FORTIFY SOUR [More...]
Various bugs in the Kerberos5 libraries and tools were fixed which Various bugs in the Kerberos5 libraries and tools were fixed which could be used by remote attackers to crash and potentially execute could be used by remote attackers to crash and potentially execute code in kadmind. - CVE-2006-6144 / MITKRB5-SA-2006-002: the RPC library could call anuninitialized function pointer, which created [More...]
The SUN Java packages have been upgraded to fix security problems. The SUN Java packages have been upgraded to fix security problems. SUN Java was upgraded on all affected distributions: - The Java 1.3 version to 1.3.1_19 for SUSE Linux Enterprise Server 8. - The Java 1.4 version (also known as Java 2) to 1.4.2_13 for SUSELinux Enterprise Desktop 1, SUSE Linux Enterprise Server 9, SUSE
A security problem was found and fixed in the Mono / C# web server A security problem was found and fixed in the Mono / C# web server implementation. implementation. By appending spaces to URLs attackers could download the source code of ASP.net scripts that would normally get executed by the web server. This issue is tracked by the Mitre CVE ID CVE-2006-6104 and only
Security problems were fixed in the WMF and Enhanced WMF handling Security problems were fixed in the WMF and Enhanced WMF handling in OpenOffice_org These could potentially be used to execute code in OpenOffice_org These could potentially be used to execute code or crash OpenOffice when a user could be convinced to open specially crafted document (for instance a document sent by E-mail). This is [More...]
This security update brings the current set of Mozilla security updates, with This security update brings the current set of Mozilla security updates, with following versions: following versions: - Mozilla Firefox to version 1.5.0.9 for Novell Linux Desktop 9,SUSE Linux Enterprise 10 and SUSE Linux 9.3 up to 10.1. - Mozilla Firefox to version 2.0.0.1 for openSUSE 10.2.
The Linux 2.6 kernel has been updated to fix various security issues. The Linux 2.6 kernel has been updated to fix various security issues. On SUSE Linux Enterprise Server 9 and SUSE Linux Enterprise 10 and their derived products this update also contains various bugfixes. - CVE-2006-4145: A bug within the UDF filesystem that caused machinehangs when truncating files on the filesystemwas fixed.
The anti virus scan engine ClamAV has been updated to version 0.88.7 The anti virus scan engine ClamAV has been updated to version 0.88.7 to fix various security problems: to fix various security problems: CVE-2006-5874: Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference.
This security update brings the Adobe Flash Player to version 7.0.69. This security update brings the Adobe Flash Player to version 7.0.69. The update fixes the following security problem: The update fixes the following security problem: CVE-2006-5330: CRLF injection vulnerabilities in Adobe Flash Player allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Sp [More...]
The libgsf library is used by various GNOME programs to handle for The libgsf library is used by various GNOME programs to handle for instance OLE2 data streams. instance OLE2 data streams. Specially crafted OLE documents enabled attackers to use a heap buffer overflow for potentially executing code. This issue is tracked by the Mitre CVE ID CVE-2006-4514.
Two security problems were fixed in the GNU Privacy Guard (GPG). Two security problems were fixed in the GNU Privacy Guard (GPG). - Specially crafted files could overflow a buffer when gpg was usedin interactive mode (CVE-2006-6169). - Specially crafted files could modify a function pointer andcould potentially execute code this way. (CVE-2006-6235).
The madwifi-ng Atheros Wireless LAN card driver is subject to The madwifi-ng Atheros Wireless LAN card driver is subject to a remotely exploitable stack buffer overflow, which either code a remotely exploitable stack buffer overflow, which either code execution possibility or at least a denial of service (kernel crash). A physical local attacker (within WLAN range) has to provide an malicious acc [More...]