SuSE Essential and Critical Security Patch Updates - Page 772

SuSE: 2005-071: perl integer overflows Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Integer overflows in the format string functionality in Perl allows Integer overflows in the format string functionality in Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap. This requires the attacker to be able [More...]

LinuxSecurity.com Team
Dec 20, 2005

SuSE: 2005-070: openswan,freeswan,ipsec-tools denial of service Security Update

Openswan, Freeswan and raccoon (ipsec-tools) have been updated to fix Openswan, Freeswan and raccoon (ipsec-tools) have been updated to fix crashes in aggressive mode. An attacker might send specially crafted crashes in aggressive mode. An attacker might send specially crafted packets that can crash racoon or Pluto. The ipsec-tools / racoon crashes are tracked by the Mitre CVE ID CVE-2005-3732.

LinuxSecurity.com Team
Dec 20, 2005

SuSE: 2005-069: php4, php5 Security Update

Updated PHP packages fix the following security issues: Updated PHP packages fix the following security issues: - Stefan Esser found out that a bug in parse_str() could lead toactivation of register_globals (CVE-2005-3389) and additionallythat file uploads could overwrite $GLOBALS (CVE-2005-3390) - Bugs in the exif code could lead to a crash (CVE-2005-3353)

LinuxSecurity.com Team
Dec 14, 2005

SuSE: 2005-068: kernel various security and bugfixes Security Update

The Linux kernel was updated to fix several security problems and The Linux kernel was updated to fix several security problems and several bugs, listed below: several bugs, listed below: Security fixes: - CVE-2005-3783: A check in ptrace(2) handling that finds out ifa process is attaching to itself was incorrect and could be usedby a local attacker to crash the machine. (All)

LinuxSecurity.com Team
Dec 14, 2005

SuSE: 2005-067: kernel various security and bugfixes Security Update

This kernel update for SUSE Linux 10.0 contains fixes for XEN, various This kernel update for SUSE Linux 10.0 contains fixes for XEN, various security fixes and bug fixes. security fixes and bug fixes. CVE-200n-nnnn numbers refer to Mitre CVE IDs (http://cve.mitre.org/). This update includes a more recent snapshot of the upcoming XEN 3.0. Many bugs have been fixed. Stability for x86_64 has been [More...]

LinuxSecurity.com Team
Dec 06, 2005

SuSE: 2005-066: phpMyAdmin remote code execution Security Update

The MySQL configuration frontend phpMyAdmin was updated to fix The MySQL configuration frontend phpMyAdmin was updated to fix the following security problems which can be remotely exploited: the following security problems which can be remotely exploited: - Multiple cross-site scripting (XSS) bugs (CVE-2005-3301,CVE-2005-2869, PMASA-2005-5). - Multiple file inclusion vulnerabilities that allowed [More...]

LinuxSecurity.com Team
Nov 18, 2005

SuSE: 2005-065: gdk-pixbuf, gtk2 Security Update

The image loading library of the gdk-pixbug/gtk2 package is vulnerable The image loading library of the gdk-pixbug/gtk2 package is vulnerable to several security-related bugs. This makes every application (mostly to several security-related bugs. This makes every application (mostly GNOME applications) which is linked against this library vulnerable too. A carefully crafted XPM file can be used t [More...]

LinuxSecurity.com Team
Nov 16, 2005

SuSE: 2005-064: pwdutils, shadow Security Update

Thomas Gerisch found that the setuid 'chfn' program contained in the Thomas Gerisch found that the setuid 'chfn' program contained in the pwdutils suite insufficiently checks it's arguments when changing pwdutils suite insufficiently checks it's arguments when changing the GECOS field. This bug leads to a trivially exploitable local privilege escalation that allows users to gain root access. We l [More...]

LinuxSecurity.com Team
Nov 04, 2005

SuSE: wget/curl overflow in NTLM authentication Security Update

This update fixes a stack-based buffer overflow in the NTLM This update fixes a stack-based buffer overflow in the NTLM authentication code used by the file download tools/libraries curl authentication code used by the file download tools/libraries curl and wget that can be triggered by using a long user or domain name (also works with HTTP redirects). By exploiting this bug by using a malicious [More...]

LinuxSecurity.com Team
Oct 24, 2005

SuSE: 2005-062: permissions Security Update

SUSE LINUX ships with three pre defined sets of permissions, 'easy', SUSE LINUX ships with three pre defined sets of permissions, 'easy', 'secure' and 'paranoid'. The chkstat program contained in the 'secure' and 'paranoid'. The chkstat program contained in the permissions package is used to set those permissions to the chosen level. Level 'easy' which is the default allows some world writeable di [More...]

LinuxSecurity.com Team
Oct 24, 2005

SuSE: 2005-061: openSSL protocol downgrade attack Security Update

The openssl cryptographic libraries have been updated to fix The openssl cryptographic libraries have been updated to fix a protocol downgrading attack which allows a man-in-the-middle a protocol downgrading attack which allows a man-in-the-middle attacker to force the usage of SSLv2. This happens due to the work-around code of SSL_OP_MSIE_SSLV2_RSA_PADDING which is included in SSL_OP_ALL (which i [More...]

LinuxSecurity.com Team
Oct 19, 2005

SuSE: 2005-060: OpenWBEM Security Update

The SUSE Security Team performed a security review of important The SUSE Security Team performed a security review of important parts of the OpenWBEM system. During the audit, several integer parts of the OpenWBEM system. During the audit, several integer wrap arounds and buffer overflows have been discovered and fixed. If exploited, they allow remote attackers to execute arbitrary code with root [More...]

LinuxSecurity.com Team
Oct 17, 2005

SuSE: 2005-059: RealPlayer format string problem Security Update

The following security issue in RealPlayer was fixed: The following security issue in RealPlayer was fixed: - A format string bug in the RealPix (.rp) file format parser(CAN-2005-2710). This bug allowed remote attackers to execute arbitrary code by supplying a specially crafted file, e.g via Web page or E-Mail.

LinuxSecurity.com Team
Oct 10, 2005

SuSE: 2005-058: Mozilla,Mozilla Firefox remote code execution Security Update

The web browsers Mozilla and Mozilla Firefox have been updated to The web browsers Mozilla and Mozilla Firefox have been updated to contain fixes for the vulnerabilities fixed in: contain fixes for the vulnerabilities fixed in: - Mozilla browser suite version 1.7.12 - Mozilla Firefox version 1.0.7 The security problems with their corresponding Mitre CVE ID are:

LinuxSecurity.com Team
Sep 30, 2005

SuSE: 2005-057: opera remote script insertion Security Update

This update upgrades the Opera web browser to the 8.50 release. This update upgrades the Opera web browser to the 8.50 release. Besides the changes in 8.50 that are listed in https://help.opera.com/en/latest/ following security problems were fixed: 1. Attached files are opened without any warnings directly from the

LinuxSecurity.com Team
Sep 26, 2005

SuSE: 2005-056: XFree86-server,xorg-x11-server Security Update

The X server memory can be accessed my a malicious X client by exploiting The X server memory can be accessed my a malicious X client by exploiting a missing range check in the function XCreatePixmap(). This bug can probably a missing range check in the function XCreatePixmap(). This bug can probably be used to execute arbitrary code with the privileges of the X server (root). 2) Solution or Work [More...]

LinuxSecurity.com Team
Sep 26, 2005

SuSE: 2005-054: evolution Security Update

Several format string bugs allowed remote attackers to cause Several format string bugs allowed remote attackers to cause evolution to crash or even execute code via full vCard data, contact evolution to crash or even execute code via full vCard data, contact data from remote LDAP servers, task list data from remote servers (CAN-2005-2549) or calendar entries (CAN-2005-2550). 2) Solution or Work- [More...]

LinuxSecurity.com Team
Sep 16, 2005

SuSE: 2005-053: squid Security Update

This update of the Squid web-proxy fixes two remotely exploitable denial This update of the Squid web-proxy fixes two remotely exploitable denial of service vulnerabilities. of service vulnerabilities. One can be triggered by aborting a request (CAN-2005-2794) due to a faulty assertion. The other one occurs in sslConnectTimeout while handling malformated

LinuxSecurity.com Team
Sep 16, 2005

SuSE: 2005-052: apache2 Security Update

PLEASE NOTE: This advisory is a re-release of SUSE-SA:2005:051 with a PLEASE NOTE: This advisory is a re-release of SUSE-SA:2005:051 with a new SA ID because the ID SUSE-SA:2005:051 was already used. new SA ID because the ID SUSE-SA:2005:051 was already used. This update of apache2 fixes an integer overflow in the PCRE quantifier parsing which can be triggered by a local untrusted user by using [More...]

LinuxSecurity.com Team
Sep 16, 2005

SuSE: 2005-051: apache2 Security Update

This update of apache2 fixes an integer overflow in the PCRE quantifier This update of apache2 fixes an integer overflow in the PCRE quantifier parsing which can be triggered by a local untrusted user by using a carefully parsing which can be triggered by a local untrusted user by using a carefully crafted regex in a .htaccess file to execute arbitrary code. (CAN-2005-2491) A memory consumption b [More...]

LinuxSecurity.com Team
Sep 12, 2005