SuSE Essential and Critical Security Patch Updates - Page 773

SuSE: 2005-051: php4, php5 remote code execution Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update fixes the following security issues in the PHP scripting This update fixes the following security issues in the PHP scripting language. language. - Bugs in the PEAR::XML_RPC library allowed remote attackers to passarbitrary PHP code to the eval() function (CAN-2005-1921,CAN-2005-2498).

LinuxSecurity.com Team
Sep 05, 2005

SuSE: 2005-050: kernel multiple security problems Security Update

The Linux kernel was updated to fix the following security issues: The Linux kernel was updated to fix the following security issues: - CAN-2005-2457: A problem in decompression of files on "zisofs" - CAN-2005-2457: A problem in decompression of files on "zisofs" filesystem was fixed. - CAN-2005-2458: A potential buffer overflow in the zlib decompressionhandling in the kernel was fixed.

LinuxSecurity.com Team
Sep 01, 2005

SuSE: 2005-049: php4/php5 Pear::XML_RPC code injection and PCRE integer overflow problems Security Update

LinuxSecurity.com Team
Aug 30, 2005

SuSE: 2005-048: pcre integer overflows Security Update

A vulnerability was found in the PCRE regular expression handling A vulnerability was found in the PCRE regular expression handling library which allows an attacker to crash or overflow a buffer in the library which allows an attacker to crash or overflow a buffer in the program by specifying a special regular expression. Since this library is used in a large number of packages, including apache2 [More...]

LinuxSecurity.com Team
Aug 30, 2005

SuSE: 2005-047: Adobe Reader Plugin buffer overflow Security Update

A buffer overflow was found in the core application plug-in for the A buffer overflow was found in the core application plug-in for the Adobe Reader, that allows attackers to cause a denial of service Adobe Reader, that allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. This is tracked by the Mitre CVE ID CAN-2005-2470. Note that for SU [More...]

LinuxSecurity.com Team
Aug 22, 2005

SuSE: 2005-046: apache, apache2 request smuggling problem Security Update

A security flaw was found in the Apache and Apache2 web servers which A security flaw was found in the Apache and Apache2 web servers which allows remote attacker to "smuggle" requests past filters by providing allows remote attacker to "smuggle" requests past filters by providing handcrafted header entries. Fixed Apache 2 server packages were released on July 26th, fixed Apache 1 server packages [More...]

LinuxSecurity.com Team
Aug 16, 2005

SuSE: 2005-045: Mozilla various security problems Security Update

Various security vulnerabilities in the mozilla browser suite and Various security vulnerabilities in the mozilla browser suite and the Mozilla Firefox browser have been reported and fixed upstream. the Mozilla Firefox browser have been reported and fixed upstream. The Mozilla suite browser has been updated to a security fix level of Mozilla 1.7.11, the Mozilla Firefox browser has been updated t [More...]

LinuxSecurity.com Team
Aug 11, 2005

SuSE: 2005-044: several kernel security problems Security Update

The Linux kernel is the core component of the Linux system. The Linux kernel is the core component of the Linux system. This update fixes various security as well as non-security problems discovered since the last round of kernel updates. Not all kernels are affected by all the problems, each of the problems has an affected note attached to it.

LinuxSecurity.com Team
Aug 04, 2005

SuSE: 2005-043: zlib denial of service Security Update

The previous zlib update for CAN-2005-2096 fixed a flaw in zlib that The previous zlib update for CAN-2005-2096 fixed a flaw in zlib that could allow a carefully crafted compressed stream to crash an could allow a carefully crafted compressed stream to crash an application. While the original patch corrected the reported overflow, Markus Oberhumer discovered additional ways a stream could trigger [More...]

LinuxSecurity.com Team
Jul 28, 2005

SuSE: 2005-042: Acrobat Reader 5 buffer overflow Security Update

This update fixes a buffer overflow in Acrobat Reader versions 5, This update fixes a buffer overflow in Acrobat Reader versions 5, where an attacker could execute code by providing a handcrafted PDF where an attacker could execute code by providing a handcrafted PDF to the viewer. The Acrobat Reader 5 versions of SUSE Linux 9.0 up to 9.2, SUSE Linux Enterprise Server 9 and Novell Linux Desktop 9 [More...]

LinuxSecurity.com Team
Jul 14, 2005

SuSE: 2005-041: php/pear XML RPC remote code execution Security Update

A bug in the PEAR::XML_RPC library allowed remote attackers to A bug in the PEAR::XML_RPC library allowed remote attackers to pass arbitrary PHP code to the eval() function. pass arbitrary PHP code to the eval() function. The updated php packages fix the XML::RPC bug, however several third party PHP packages include a copy of the problematic XML::RPC code itself and might be still vulnerable afte [More...]

LinuxSecurity.com Team
Jul 08, 2005

SuSE: 2005-040: heimdal telnetd remote buffer overflow Security Update

A remote buffer overflow has been fixed in the heimdal / kerberos A remote buffer overflow has been fixed in the heimdal / kerberos telnetd daemon which could lead to a remote user executing code as telnetd daemon which could lead to a remote user executing code as root by overflowing a buffer. This attack requires the use of the kerberized telnetd of the heimdal suite, which is not used by defau [More...]

LinuxSecurity.com Team
Jul 06, 2005

SuSE: 2005-039: zlib denial of service attack Security Update

A denial of service condition was fixed in the zlib library. A denial of service condition was fixed in the zlib library. Any program using zlib to decompress data can be crashed by a specially handcrafted invalid data stream. This includes web browsers or email programs able to view PNG images (which are compressed by zlib), allowing remote attackers to crash browser sessions or potentially anti [More...]

LinuxSecurity.com Team
Jul 06, 2005

SuSE: 2005-038: clamav: multiple security and other bugfixes Security Update

This security update upgrades the Clamav virus scan engine to This security update upgrades the Clamav virus scan engine to the version 0.68.1. the version 0.68.1. Among other bugfixes and improvements, this update fixes a bug in the Quantum decompressor routines that can be used for a remote denial of service attack against clamd.

LinuxSecurity.com Team
Jun 29, 2005

SuSE: 2005-037: RealPlayer remote buffer overflow Security Update

Various security problems were found in RealPlayer that allow a remote Various security problems were found in RealPlayer that allow a remote attacker to execute code in the local player by providing handcrafted attacker to execute code in the local player by providing handcrafted files. See https://www.real.com/ too. The following security bugs are listed:

LinuxSecurity.com Team
Jun 27, 2005

SuSE: 2005-036: sudo Security Update

Sudo(8) allows the execution of commands as another user and gives the Sudo(8) allows the execution of commands as another user and gives the administrator more flexibility than su(1). administrator more flexibility than su(1). A race condition in the pathname handling of sudo may allow a local user to execute arbitrary commands. To exploit this bug some conditions need to be fulfilled. The attack [More...]

LinuxSecurity.com Team
Jun 24, 2005

SuSE: 2005-035: razor-agents denial of service attack Security Update

Several bugs were fixed in Vipuls Razor spam detection framework. Several bugs were fixed in Vipuls Razor spam detection framework. These bugs could lead to remote denial-of-service conditions due to processing malformed messages and possible stepping into infinite loops. 2) Solution or Work-Around

LinuxSecurity.com Team
Jun 23, 2005

SuSE: 2005-034: opera various problems Security Update

The web browser Opera has been updated to version 8.01 to fix various The web browser Opera has been updated to version 8.01 to fix various security-related bugs. security-related bugs. * Fixed XMLHttpRequest redirect vulnerability reported in Secunia Advisory 15008. * Fixed cross-site scripting vulnerability reported in Secunia Advisory 15411.

LinuxSecurity.com Team
Jun 22, 2005

SuSE: 2005-033: spamassassin remote denial of service Security Update

The anti spam tool SpamAssassin was prone to a denial-of-service The anti spam tool SpamAssassin was prone to a denial-of-service attack. A remote attacker could craft a MIME E-Mail message that attack. A remote attacker could craft a MIME E-Mail message that would waste a lot of CPU cycles parsing the Content-Type header. This is tracked by the Mitre CVE ID CAN-2005-1266. Only SUSE Linux 9.2 an [More...]

LinuxSecurity.com Team
Jun 22, 2005

SuSE: 2005-032: SUN Java security problems Security Update

Two security bugs in the SUN Java implementation have been fixed. Two security bugs in the SUN Java implementation have been fixed. Java Web Start can be exploited remotely due to an error in input validation of tags in JNLP files, so an attacker can pass arbitrary command-line options to the virtual machine to disable the sandbox and get access to files. This is tracked by the Mitre CVE ID CAN- [More...]

LinuxSecurity.com Team
Jun 22, 2005