SuSE Essential and Critical Security Patch Updates - Page 776

SuSE: 2005-004: Realplayer 8 Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

RealPlayer is a combined audio and video player for RealMedia formatted RealPlayer is a combined audio and video player for RealMedia formatted streaming data. These formats are very common throughout the Internet. eEye Security in October 2004 discovered a flaw in the .rm RealMovie stream handling routines which allows a remote attacker to exploit an integer overflow vulnerability using a speci [More...]

LinuxSecurity.com Team
Jan 24, 2005

SuSE: 2005-003: kernel local privilege escalation Security Update

Several exploitable security problems were identified and fixed in Several exploitable security problems were identified and fixed in the Linux kernel, the core of every SUSE Linux product. - Due to missing locking in the sys_uselib system call a local attacker can gain root access. This was found by Paul Starzetz and is tracked by the Mitre CVE ID CAN-2004-1235.

LinuxSecurity.com Team
Jan 21, 2005

SuSE: 2005-002: php4/mod_php4 Security Update

PHP is a well known, widely-used scripting language often used within web PHP is a well known, widely-used scripting language often used within web server setups. server setups. Stefan Esser and Marcus Boerger found several buffer overflow problems in the unserializer functions of PHP (CAN-2004-1019) and Ilia Alshanetsky (CAN-2004-1065) found one in the exif parser. Any of them could allow [More...]

LinuxSecurity.com Team
Jan 17, 2005

SuSE: 2005-001: libtiff/tiff Security Update

Libtiff supports reading, writing, and manipulating of TIFF image files. Libtiff supports reading, writing, and manipulating of TIFF image files. iDEFENSE reported an integer overflow in libtiff that can be exploited by iDEFENSE reported an integer overflow in libtiff that can be exploited by specific TIFF images to trigger a heap-based buffer overflow afterwards.This bug can be used by exter [More...]

LinuxSecurity.com Team
Jan 10, 2005

SuSE: 2004-045: samba Security Update

The Samba developers informed us about several potential integer overflow The Samba developers informed us about several potential integer overflow issues in the Samba 2 and Samba 3 code. issues in the Samba 2 and Samba 3 code. This update adds constraints to the Samba server code which protects it from using values from untrusted sources as operands in arithmetic operations to determine he [More...]

LinuxSecurity.com Team
Dec 22, 2004

SuSE: 2004-044: various kernel problems Security Update

Linux kernel Linux kernel Several vulnerabilities have been found and fixed in the Linuxkernel. Paul Starzetz reported that the missing serialization inunix_dgram_recvmsg() which was added to kernel 2.4.28 can

LinuxSecurity.com Team
Dec 21, 2004

SuSE: 2004-043: cyrus-imapd Security Update

Stefan Esser reported various bugs within the Cyrus IMAP Server. Stefan Esser reported various bugs within the Cyrus IMAP Server. These include buffer overflows and out-of-bounds memory access These include buffer overflows and out-of-bounds memory access which could allow remote attackers to execute arbitrary commands as root. The bugs occur in the pre-authentication phase, therefore an up [More...]

LinuxSecurity.com Team
Dec 03, 2004

SuSE: 2004-042: various kernel problems Security Update

The Linux kernel is the base of the SUSE Linux system. The Linux kernel is the base of the SUSE Linux system. Several security problems have been found and addressed by the SUSE Security Team. The following issues are present in all SUSE Linux based products.- Several remote denial of service conditions have been found in the smbfs file system, reported by Stefan Esser.

LinuxSecurity.com Team
Dec 01, 2004

SuSE: 2004-041: xshared, XFree86-libs, xorg-x11-libs Security Update

The XPM library which is part of the XFree86/XOrg project is used by The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. several GUI applications to process XPM image files. A source code review done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. The bug types are: - integer overflows [More...]

LinuxSecurity.com Team
Nov 17, 2004

SuSE: 2004-040: samba Security Update

There is a problem in the Samba file sharing service daemon, which There is a problem in the Samba file sharing service daemon, which allows a remote user to have the service consume lots of computing allows a remote user to have the service consume lots of computing power and potentially crash the service by querying special wildcarded filenames.This attack can be successful if the Samba da [More...]

LinuxSecurity.com Team
Nov 15, 2004

SuSE: 2004-039: xpdf, gpdf, kpdf, pdftohtml, cups Security Update

Xpdf is a widely used fast PDF file viewer. Various other PDF viewer Xpdf is a widely used fast PDF file viewer. Various other PDF viewer and PDF conversion tools use xpdf code to accomplish their tasks. and PDF conversion tools use xpdf code to accomplish their tasks. Chris Evans found several integer overflows and arithmetic errors. Additionally Sebastian Krahmer from the SuSE Security-Tea [More...]

LinuxSecurity.com Team
Oct 26, 2004

SuSE: 2004-038: libtiff Security Update

libtiff is used by image viewers and web browser to view "TIFF" images. libtiff is used by image viewers and web browser to view "TIFF" images. These usually open and display those images without querying the user, These usually open and display those images without querying the user, making a normal system by default vulnerable to exploits of image library bugs. Chris Evans found several securit [More...]

LinuxSecurity.com Team
Oct 22, 2004

SuSE: 2004-037: kernel Security Update

An integer underflow problem in the iptables firewall logging rules An integer underflow problem in the iptables firewall logging rules can allow a remote attacker to crash the machine by using a handcrafted can allow a remote attacker to crash the machine by using a handcrafted IP packet. This attack is only possible with firewalling enabled. We would like to thank Richard Hart for reporting the [More...]

LinuxSecurity.com Team
Oct 21, 2004

SuSE: 2004-036: mozilla Security Update

During the last months a number of security problems have been fixed During the last months a number of security problems have been fixed in Mozilla and Mozilla based brwosers. These include: in Mozilla and Mozilla based brwosers. These include: - CAN-2004-0718: content in unrelated windows could be modified- CAN-2004-0722: integer overflow in the SOAPParameter object constructor- CAN-2004-075 [More...]

LinuxSecurity.com Team
Oct 06, 2004

SuSE: 2004-035: samba Security Update

The Samba server, which allows to share files and resources via The Samba server, which allows to share files and resources via the SMB/CIFS protocol, contains a bug in the sanitation code of path the SMB/CIFS protocol, contains a bug in the sanitation code of path names which allows remote attackers to access files outside of the defined share. In order to access these files, they must be r [More...]

LinuxSecurity.com Team
Oct 05, 2004

SuSE: 2004-034: XFree86-libs, xshared Security Update

Chris Evans reported three vulnerabilities in libXpm which can Chris Evans reported three vulnerabilities in libXpm which can be exploited remotely by providing malformed XPM image files. be exploited remotely by providing malformed XPM image files. The function xpmParseColors() is vulnerable to an integer overflow and a stack-based buffer overflow. The functions ParseAndPutPixels() as well [More...]

LinuxSecurity.com Team
Sep 17, 2004

SuSE: 2004-033: gtk2, gdk-pixbuf Security Update

gdk-pixbuf is an image loading and rendering library mostly used gdk-pixbuf is an image loading and rendering library mostly used by GTK and GNOME applications. It is distributed as a separate by GTK and GNOME applications. It is distributed as a separate package for gtk1 and integrated into the gtk2 package. Chris Evans has discovered a heap based, a stack based and an integer overflow in [More...]

LinuxSecurity.com Team
Sep 17, 2004

SuSE: 2004-032: apache2 Security Update

The Apache daemon is running on most of the web-servers used in the The Apache daemon is running on most of the web-servers used in the Internet today. Internet today. The Red Hat ASF Security-Team and the Swedish IT Incident Center within the National Post and Telecom Agency (SITIC) have found a bug in apache2 each. The first vulnerability appears in the apr_uri_parse() function while ha [More...]

LinuxSecurity.com Team
Sep 15, 2004

SuSE: 2004-031: cups Security Update

The Common Unix Printing System (CUPS) enables local and remote users to The Common Unix Printing System (CUPS) enables local and remote users to obtain printing functionallity via the Internet Printing Protocol (IPP). obtain printing functionallity via the Internet Printing Protocol (IPP). Alvaro Martinez Echevarria has found a remote Denial of Service condition within CUPS which allows remote [More...]

LinuxSecurity.com Team
Sep 15, 2004

SuSE: 2004-030: apache2 Security Update

The mod_ssl apache module, as part of our apache2 package, enables The mod_ssl apache module, as part of our apache2 package, enables the apache webserver to handle the HTTPS protocol. the apache webserver to handle the HTTPS protocol. Within the mod_ssl module, two Denial of Service conditions in the input filter have been found. The CVE project assigned the identifiers CAN-2004-0748 and CA [More...]

LinuxSecurity.com Team
Sep 06, 2004