Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
100
security advisorysoftware updatethreatSUSE: 2011:010 moderate: Multiple Package Updates and Fixes
To avoid flooding mailing lists with SUSE Security Announcements for minor To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Secu [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2011:010 Date: Tue, 31 May 2011 08:00:00 +0000 Cross-References: CVE-2009-5024, CVE-2011-0411, CVE-2011-1098 CVE-2011-1154, CVE-2011-1155, CVE-2011-1168 CVE-2011-1407, CVE-2011-1521, CVE-2011-1575 CVE-2011-1588, CVE-2011-1595, CVE-2011-1720 CVE-2011-1750, CVE-2011-1751, CVE-2011-1929 Content of this advisory: 1) Solved Security Vulnerabilities: - postfix - libthunarx-2-0 - rdesktop - python - viewvc - kvm - exim - logrotate - dovecot12/dovecot20 - pure-ftpd - kdelibs4 2) Pending Vulnerabilities, Solutions, and Work-Arounds: none 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for thefollowing incidents are already available on our FTP server and via the YaST Online Update. - postfix Remote attackers could potentially exploit a memory corruption issue in postfix' SASL implementation to execute arbitrary code CVE-2011-0411: CVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N) postfix did not clear the receive buffer after the STARTTLS command. A man-in-the middle could therefore inject comma nds in the unencrypted stream that get interpreted in the encrypted phase after STARTTLS. CVE-2011-1720: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Affected Products: SLES9, SLE10-SP2, SLE10-SP3, SLE10-SP4, SLE11-SP1, openSUSE 11.2, 11.3, 11.4 - libthunarx-2-0 Due to a format string error thunar could crash when copy&pasting a file name with format characters. CVE-2011-1588: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Affected Products: openSUSE 11.4 - rdesktop A malicious server could access any file on clients connecting to it if the client shared some ressource (CVE-2011-1595). CVE-2011-1595: CVSS v2 Base Score: 4.3 (AV:A/AC:H/Au:N/C:P/I:P/A:P) Affected Products: SLE10-SP4, SLE11-SP1, openSUSE 11.3, 11.4 - python This update of python fixes a possible denial of service bug or information leakage vulnerability while using user-crafted ftp:// or file:// URLs with urllib(2). CVE-2011-1521: CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P) Affected Products: SLE10-SP3, SLE10-SP4, SLE11-SP1 - viewvc cvsdb.py in viewvc did not honor an admin defined row limit which could cause high load on the database server. Viewvc was updated to version 1.1.11 which fixes the issue. CVE-2009-5024: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Affected Products: openSUSE 11.3, 11.4 - kvm By causing a hot-unplug of the pci-isa bridge from within guests the qemu process could access already freedmemory. A privileged user inside the guest could exploit that to crash the guest instance or potentially execute arbitrary code on the host. CVE-2011-1751: CVSS v2 Base Score: 7.4 (AV:A/AC:M/Au:S/C:C/I:C/A:C) The virtio-blk driver did not properly validate read and write request. A privileged user inside the guest could exploit that to cause a heap corruption and crash the guest instance or potentially execute arbitrary code on the host. CVE-2011-1750: CVSS v2 Base Score: 7.4 (AV:A/AC:M/Au:S/C:C/I:C/A:C) Affected Products: SLE11-SP1, openSUSE 11.3, 11.4 - exim This update fixes a security issues: + exim remote code exection CVE-2011-1407: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) + also some safety improvements regarding STARTTLS. Affected Products: openSUSE 11.3, 11.4 - dovecot12/dovecot20 Dovecot crash when parsing mail headers that contain NUL characters. CVE-2011-1929: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Affected Products: openSUSE 11.3, 11.4 - logrotate This update for logrotate provides the following fixes: + Race condition in the createOutputFile function in logrotate allows local users to read log data by opening a file before the intended permissions are in place. CVE-2011-1098: CVSS v2 Base Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N) + The writeState function in logrotate might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. CVE-2011-1155: CVSS v2 Base Score: 1.9 (AV:L/AC:M/Au:N/C:N/I:N/A:P) + In addition, the missingok option has been improved Affected Products: SLE10-SP3, SLE10-SP4, SLE11-SP1, openSUSE 11.3, 11.4 - pure-ftpd Pure-ftpd is vulnerable to the STARTTLS commandinjection issue similar to CVE-2011-0411 of postfix. CVE-2011-1575: CVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N) Affected Products: SLE10-SP3, SLE10-SP4, SLE11-SP1, openSUSE 11.2, 11.3, 11.4 - kdelibs4 A XSS vulnerability in the way KHTML handles error pages has been fixed. CVE-2011-1168: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Affected Products: SLE11-SP1, openSUSE 11.2, 11.3, 11.4 ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds none ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that ithas not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from
May 31, 2011
SuSE
100
security advisorybuffer overflowpatchSUSE 2010:018 Moderate: Buffer Overflow and Integer Overflow Issues
To avoid flooding mailing lists with SUSE Security Announcements for minor To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Secu [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2010:018 Date: Wed, 06 Oct 2010 15:00:00 +0000 Cross-References: CVE-2010-0405, CVE-2010-1526, CVE-2010-1781 CVE-2010-1782, CVE-2010-1784, CVE-2010-1785 CVE-2010-1786, CVE-2010-1787, CVE-2010-1788 CVE-2010-1790, CVE-2010-1792, CVE-2010-1793 CVE-2010-1860, CVE-2010-1862, CVE-2010-1864 CVE-2010-1914, CVE-2010-1915, CVE-2010-1917 CVE-2010-2093, CVE-2010-2094, CVE-2010-2097 CVE-2010-2100, CVE-2010-2101, CVE-2010-2190 CVE-2010-2191, CVE-2010-2225, CVE-2010-2484 CVE-2010-2531, CVE-2010-2575, CVE-2010-2648 CVE-2010-3062, CVE-2010-3063, CVE-2010-3064 CVE-2010-3065, CVE-2010-3069 Content of this advisory: 1) Solved Security Vulnerabilities: - samba - libgdiplus0 - libwebkit - bzip2 - php5 - okular 2) Pending Vulnerabilities, Solutions, and Work-Arounds: none 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) SolvedSecurity Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - samba A buffer overflow in the sid_parse() function of samba could potentially be exploited by remote attackers to execute arbitrary code (CVE-2010-3069). Affected Products: SLES9, SLE10-SP3, SLE11, SLE11-SP1, openSUSE 11.1, 11.2, 11.3 - libgdiplus0 Specially crafted tiff, jpeg and bmp images could cause integer overflows in ligdiplus0 (CVE-2010-1526). - libwebkit The browser engine libwebkit was updated to version 1.2.4 to fix several security bugs. (CVE-2010-1781, CVE-2010-1782, CVE-2010-1784, CVE-2010-1785 CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1790 CVE-2010-1792, CVE-2010-1793, CVE-2010-2648) Affected Products: openSUSE 11.3 - bzip2 Specially crafted bz2 archives could cause a denial of service or potentially even cause execution of arbitrary code in applications that try to unpack such archives (CVE-2010-0405). Affected Products: SLES9, SLE10-SP3, SLE11, SLE11-SP1, openSUSE 11.1, 11.2, 11.3 - php5 PHP was updated to version 5.2.14 to fix several security issues (CVE-2010-1860, CVE-2010-1862, CVE-2010-1864, CVE-2010-1914, CVE-2010-1915, CVE-2010-1917, CVE-2010-2093, CVE-2010-2094, CVE-2010-2097, CVE-2010-2100, CVE-2010-2101, CVE-2010-2190, CVE-2010-2191, CVE-2010-2225, CVE-2010-2484, CVE-2010-2531, CVE-2010-3062, CVE-2010-3063, CVE-2010-3064, CVE-2010-3065). Affected Products: openSUSE 11.1 - okular Specially crafted PDF files could cause a heapoverflow in okular (CVE-2010-2575). Affected Products: SLE11, SLE11-SP1, openSUSE 11.1, 11.2, 11.3 ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds none ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signaturefrom
Oct 06, 2010
SuSE
100
security advisoryvulnerabilitySUSESUSE: 2010:016 Minor Security Fixes and Issues Overview
To avoid flooding mailing lists with SUSE Security Announcements for minor To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Secu [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2010:016 Date: Thu, 26 Aug 2010 11:00:00 +0000 Cross-References: CVE-2010-0211, CVE-2010-0212, CVE-2010-1168 CVE-2010-1447, CVE-2010-1507, CVE-2010-1797 CVE-2010-2497, CVE-2010-2498, CVE-2010-2499 CVE-2010-2500, CVE-2010-2519, CVE-2010-2520 CVE-2010-2527, CVE-2010-2541, CVE-2010-2548 CVE-2010-2576, CVE-2010-2783, CVE-2010-2805 CVE-2010-2806, CVE-2010-2807, CVE-2010-2808 CVE-2010-3019, CVE-2010-3020, CVE-2010-3021 Content of this advisory: 1) Solved Security Vulnerabilities: - yast2-webclient-patch_updates - perl - openldap2 - opera - freetype2/libfreetype6 - java-1_6_0-openjdk 2) Pending Vulnerabilities, Solutions, and Work-Arounds: none 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports donot list or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - yast2-webclient-patch_updates Applying maintenance updates and security fixes can potentially take a long time as all packages are downloaded and installed. This update improves the WebYaST user interface to show a descriptive timeout error message with information on how to proceed in those cases. In addition, the following reports were fixed: - 616742: PackageKit errors are ignored when applying updates - 591345: WebYaST generates installation specific secret key during RPM installation (CVE-2010-1507) Affected Products: SLE11 - perl perl Safe.pm module was affected by two problems where attackers could break out of such a safed execution. (CVE-2010-1447, CVE-2010-1168) Additionally the following non-security bugs were addressed too: - fix tell cornercase [bnc#596167] - fix regex memory leak [bnc#557636] - also run h2ph on /usr/include/linux [bnc#603840] Affected Products: SLES9, SLE10-SP3, SLE11, openSUSE 11.1, 11.2 - openldap2/libldap Several issues have been fixed in OpenLDAP: - specially crafted MODRDN operations can crash the OpenLDAP server (CVE-2010-0211 and CVE-2010-0212) - syncrepl might loose deletes in refreshAndPersist mode - replicating from a SLES11 master to a SLES10 slave can cause inconsistencies - libldap hangs with 100% CPU when referral chasing is enabled Affected Products: SLES9, SLE10-SP3, SLE11, openSUSE 11.0, 11.1, 11.2 - opera This update of opera fixes the following vulnerabilities: - CVE-2010-2576: CVSS v2 Base Score: 6.8 (CWE-94): unexpected changes in tab focus could be used to run programs from the Internet, as reported by Jakob Balle and Sven Krewitt of Secunia - CVE-2010-3019: CVSS v2 Base Score: 9.3 (CWE-119): heap buffer overflow in HTML5 canvas could be used to execute arbitrary code, as reported by Kuzzcc - CVE-2010-3020: CVSS v2 Base Score: 5.0 (CWE-264): news feed preview could subscribe to feeds without interaction, as reported by Alexios Fakos - CVE-2010-3021: CVSS v2 Base Score: 4.3 (CWE-399): remote attackers could trigger a remote denial of service (CPU consumption and application hang) via an animated PNG image Affected Products: openSUSE 11.1, 11.2, 11.3 - freetype2/libfreetype6 This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges: - CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes - CVE-2010-2497: integer underflow - CVE-2010-2498: invalid free - CVE-2010-2499: buffer overflow - CVE-2010-2500: integer overflow - CVE-2010-2519: heap buffer overflow - CVE-2010-2520: heap buffer overflow - CVE-2010-2527: buffer overflows in the freetype demo - CVE-2010-2541: buffer overflow in ftmulti demo program - CVE-2010-2805: improper bounds checking - CVE-2010-2806: improper bounds checking - CVE-2010-2807: improper type comparisons - CVE-2010-2808: memory corruption flaw by processing certain LWFN fonts Affected Products: SLES9, SLE10-SP3, SLE11, openSUSE 11.1, 11.2, 11.3 - java-1_6_0-openjdk icedtea included in java-1_6_0-openjdk was updated to version 1.8.1 which fixes two security issues: - CVE-2010-2783: IcedTea 'Extended JNLP Services' arbitrary file access - CVE-2010-2548: IcedTea Incomplete property access check for unsigned applications The new version also fixes many non-security bugs. For details please see Affected Products: openSUSE 11.1, 11.2, 11.3 ______________________________________________________________________________ 2)Pending Vulnerabilities, Solutions, and Work-Arounds none ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from
Aug 26, 2010
•Informational
SuSE
100
security advisoryvulnerabilitysoftware updatesSUSE: 2009:020 Low Profile Updates and Fixes with Moderate Severity
To avoid flooding mailing lists with SUSE Security Announcements for minor To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Secu [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2009:020 Date: Tue, 12 Jan 2010 10:00:00 +0000 Cross-References: CVE-2008-4360, CVE-2008-5519, CVE-2009-0668 CVE-2009-0669, CVE-2009-0689, CVE-2009-0791 CVE-2009-2560, CVE-2009-2820, CVE-2009-3025 CVE-2009-3026, CVE-2009-3050, CVE-2009-3083 CVE-2009-3084, CVE-2009-3085, CVE-2009-3549 CVE-2009-3550, CVE-2009-3551, CVE-2009-3553 CVE-2009-3560, CVE-2009-3563, CVE-2009-3607 CVE-2009-3608, CVE-2009-3615, CVE-2009-3627 CVE-2009-3720, CVE-2009-3829, CVE-2009-3938 CVE-2009-3979, CVE-2009-3981, CVE-2009-3983 CVE-2009-3984, CVE-2009-3985, CVE-2009-3986 CVE-2009-3987, CVE-2009-4032, CVE-2009-4035 CVE-2009-4112, MFSA 2009-65, MFSA 2009-68 MFSA 2009-69, MFSA 2009-70, MFSA 2009-71 Content of this advisory: 1) Solved Security Vulnerabilities: - apache2-mod_jk - cacti - cups - expat - finch/pidgin - htmldoc - kdelibs3/kdelibs4 - libpoppler/poppler - lighttpd - opera - perl-HTML-Parser - pyxml - seamonkey - wireshark/ethereal - xntp - zope/zope3 2) Pending Vulnerabilities, Solutions, and Work-Arounds: none 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - apache2-mod_jk Certain HTTP request could confuse the JK connector in Apache Tomcat which could result in a user seeing responses destined for other users (CVE-2008-5519). Affected products: SLE11 - cacti The package cacti was updated to fix four cross-site-scripting vulnerabilities (CVE-2009-4032: CVSS v2 Base Score: 4.9) and one privilege escalation bug (CVE-2009-4112). Affected products: openSUSE 11.0 - cups The cups web interface was prone to Cross-Site Scripting (XSS) problems (CVE-2009-2820). A use-after-free problem in cupsd allowed remote attackers to crash the cups server (CVE-2009-3553). Affected products: SLES9, SLE10-SP2, SLE10-SP3, OES, NLD, openSUSE 11.0-11.2 - expat Specially crafted XML documents could make expat run into an enless loop, therefore locking up applications using expat (CVE-2009-3720: CVSS v2 Base Score: 5.0). Affected products: SLES9, NLD, OES, SLE10-SP2, SLE10-SP3, SLE11, openSUSE 11.0-11.2 Note: This update may cause regressions in the XML parser which will be solved by following update packages. - finch/pidgin This update of pidgin fixes the following issues: - CVE-2009-3026: CVSS v2 Base Score: 5.0 Allowed to send confidential data unencrypted even if SSL was chosen by user. - CVE-2009-3025: CVSS v2 Base Score: 4.3 Remote denial of service in yahoo IM plug-in. - CVE-2009-3083: CVSS v2 Base Score: 5.0 Remote denial of service in MSN plug-in. - CVE-2009-3084: CVSS v2 Base Score: 5.0 Remote denial of service in MSN plug-in. - CVE-2009-3085: CVSS v2 Base Score: 5.0 Remote denial of service in XMPP plug-in. - CVE-2009-3615: CVSS v2 Base Score: 5.0 Remote denial of service in ICQ plug-in. Affected products: SLE10-SP2, SLE10-SP3, SLE11, openSUSE 11.0-11.2 - htmldoc Specially crafted files could cause a buffer overflow in htmldoc (CVE-2009-3050). Affected products: SLES9, SLE10-SP2, SLE10-SP3, SLE11, openSUSE 11.0-11.2 - kdelibs3/kdelibs4 KDE KDELibs Remote Array Overrun (Arbitrary code execution), CVE-2009-0689 Affected products: SLES9, NLD, OES, SLE10-SP2, SLE10-SP3, SLE11, openSUSE 11.0-11.2 - libpoppler/poppler This update of poppler fixes several security issues: - CVE-2009-0791: Fix multiple integer overflows in "pdftops" filter that could be used by attackers to execute code. - CVE-2009-3607: Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. - CVE-2009-3608: Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPSpdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. - CVE-2009-3938: Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as used by the Abiword pdftoabw utility, allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PDF file. - CVE-2009-4035: A indexing error in FoFiType1::parse() was fixed that could be used by attackers to corrupt memory and potentially execute code. Affected products: SLE10-SP3, SLE11, openSUSE 11.0-11.2 - lighttpd This update fixes a regression caused by the last security update for CVE-2008-4360. Affected products: SLE11, openSUSE 11.0-11.1 - opera Opera was upgraded to version 10.10 to fix the following security bugs: - CVE-2009-0689: CVSS v2 Base Score: 6.8 A heap buffer overflow in string to number conversion. - Error messages could leak information. - Another, yet unspecified, vulnerability reported by Chris Evans. Affected products: openSUSE 11.0-11.2 - perl-HTML-Parser Specially crafted HTML documents could cause perl-HTML-Parser to run into an endless loop (CVE-2009-3627). Affected products: SLE10-SP2, SLE10-SP3, SLE11, openSUSE 11.0-11.1 - pyxml Specially crafted XML documents could make pyxml run into an enless loop, therefore locking up applications using pyxml (CVE-2009-3720, CVE-2009-3560). Affected products: SLE10-SP2, SLE10-SP3, SLE11, openSUSE 11.0-11.2 - seamonkey The Mozilla Seamonkey browser suite was updated to version 2.0.1, fixing lots of bugs and various security issues. The following issues were fixed: - MFSA 2009-65/CVE-2009-3979/CVE-2009-3981 Crashes with evidence of memory corruption(1.9.0.16) - MFSA 2009-68/CVE-2009-3983 (bmo#487872) NTLM reflection vulnerability - MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities - MFSA 2009-70/CVE-2009-3986 (bmo#522430) Privilege escalation via chrome window.opener - MFSA 2009-71/CVE-2009-3987: COM object enumeration only affects Windows operating systems. Affected products: openSUSE 11.2 - wireshark/ethereal Version upgrade of wireshark fix multiple vulnerabilities: - CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM) The Paltalk dissector could crash on alignment-sensitive processors. - CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM) The DCERPC/NT dissector could crash. - CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM) The SMB dissector could crash. - CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM) The RADIUS dissector could crash. - CVE-2009-3829 CVSS v2 Base Score: 9.3 (HIGH) Fix for an integer overflow in wiretap/erf.c that allowed remote attackers to execute arbitrary code via a crafted ERF file. This does not affect SLE products (wireshark only). Affected products: SLES9, OES, SLE10-SP2, SLE10-SP3, SLE11, openSUSE 11.0-11.2 - xntp By sending specially crafted NTP packets attackers could make ntpd flood it's log file with error messages or even run into an endless loop (CVE-2009-3563). Affected products: SLES9, NLD, OES, SLE10-SP3 - zope/zope3 Zope's implementation of the ZEO network protocol allowed authentication bypass (CVE-2009-0669) as well as executing arbitrary python code remotely (CVE-2009-0668). Affected products: SLES9, SLE10-SP2, SLE10-SP3 ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds none ______________________________________________________________________________ 3) Authenticity Verification andAdditional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from
Jan 12, 2010
SuSE
100
security advisorydenial of servicebuffer overflowSUSE: 2009:016 Moderate: Low Profile Vulnerability Issues Resolved
To avoid flooding mailing lists with SUSE Security Announcements for minor To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Secu [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2009:016 Date: Tue, 13 Oct 2009 14:00:00 +0000 Cross-References: CVE-2008-5349, CVE-2008-7159, CVE-2008-7160 CVE-2009-1297, CVE-2009-2408, CVE-2009-2475 CVE-2009-2476, CVE-2009-2625, CVE-2009-2632 CVE-2009-2661, CVE-2009-2670, CVE-2009-2671 CVE-2009-2672, CVE-2009-2673, CVE-2009-2674 CVE-2009-2675, CVE-2009-2689, CVE-2009-2690 CVE-2009-3051, CVE-2009-3111, CVE-2009-3229 CVE-2009-3230, CVE-2009-3231, CVE-2009-3235 CVE-2009-3241 Content of this advisory: 1) Solved Security Vulnerabilities: - silc-toolkit - open-iscsi - strongswan,freeswan,openswan - mutt - openldap2 - cyrus-imapd - java-1_6_0-openjdk - postgresql - IBMJava2-JRE/java-1_4_2-ibm - wireshark - freeradius - dovecot 2) Pending Vulnerabilities, Solutions, and Work-Arounds: none 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoidflooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - silc-toolkit An update of slic-toolkit fixes a stack-based overflow that could be triggered by encoding an ASN.1 OID (CVE-2008-7159) and several format string bugs (CVE-2009-3051, CVE-2008-7160). Affected Products: SLE11, openSUSE 10.3-11.1 - open-iscsi The iscsi_discovery tool created predictable temporary files which potentially allowed attackers to overwrite system files (CVE-2009-1297). Also some non-security bugs have been fixed: - synchronize startup settings - fix daemon segfault with CHAP Affected Products: SLE11, SLE10-SP2, openSUSE 10.3-11.1 - strongswan,freeswan,openswan A previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked (CVE-2009-2661). This could lead to crashes of the pluto IKE daemon. Affected Products: SLES9, SLE10-SP2, SLE11, openSUSE 10.3-11.1 - mutt mutt did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers (CVE-2009-2408). Affected Products: SLES9, SLE10-SP2, SLE11, openSUSE 10.3-11.1 - openldap2 openldap did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers (CVE-2009-2408). Affected Products: SLES9, SLE10-SP2, SLE11, openSUSE 10.3-11.1 - cyrus-imapd This update of cyrus-imapd fixes a buffer overflow that occurs in snprintf() due to incorrectlycalculating the size of the destination buffer. (CVE-2009-2632) Affected Products: SLES9, SLE10-SP2, SLE11, openSUSE 10.3-11.1 - java-1_6_0-openjdk This update of java-1_6_0-openjdk fixes the following issues: - CVE-2009-2670: OpenJDK Untrusted applet System properties access - CVE-2009-2671,CVE-2009-2672: OpenJDK Proxy mechanism information leaks - CVE-2009-2673: OpenJDK proxy mechanism allows non-authorized socket connections - CVE-2009-2674: Java Web Start Buffer JPEG processing integer overflow - CVE-2009-2675: Java Web Start Buffer unpack200 processing integer overflow - CVE-2009-2625: OpenJDK XML parsing Denial-Of-Service - CVE-2009-2475: OpenJDK information leaks in mutable variables - CVE-2009-2476: OpenJDK OpenType checks can be bypassed - CVE-2009-2689: OpenJDK JDK13Services grants unnecessary privileges - CVE-2009-2690: OpenJDK private variable information disclosure Affected Products: openSUSE 11.0 and 11.1 - postgresql Multiple security vulnerabilities have been fixed in PostgrSQL - CVE-2009-3229: allows remote authenticated users to cause a denial of service - CVE-2009-3230: allows remote authenticated users to gain higher privileges - CVE-2009-3231: when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password Affected Products: SLES9, SLE10-SP2, SLE11, openSUSE 10.3-11.1 - IBMJava2-JRE/java-1_4_2-ibm IBM Java 1.4.2 was updated to SR13 FP1 to fix the following security issues: CVE-2009-2625: A vulnerability in the Java Runtime Environment (JRE) with parsing XML data might allow a remote client to create a denial-of-service condition on the system that the JRE runs on. CVE-2008-5349: A vulnerability in how the Java Runtime Environment (JRE) handles certain RSA public keys might cause the JRE to consume an excessive amount of CPUresources. This might lead to a Denial of Service (DoS) condition on affected systems. Such keys could be provided by a remote client of an application. This issue affects the following security providers: IBMJCE, IBMPKCS11Impl and IBMJCEFIPS. Affected Products: SLE10-SP2, SLES9, SLE11 - wireshark Specially crafted packets could crash the OPC UA dissector in Wireshark (CVE-2009-3241) Affected Products: openSUSE 10.3-11.1 - freeradius This update of freeradius fixes a remote denial-of-service bug in function rad_decode() which can be triggered by zero-length Tunnel-Password attributes to make radiusd crash (CVE-2009-3111). Affected Products: openSUSE 10.3, SLE10-SP2, SLES9 - dovecot An update of dovecot fixes two buffer overflows in the sieve plug-in (CVE-2009-2632, CVE-2009-3235) Affected Products: openSUSE 10.3-11.1 ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds none ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your keyring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from
Oct 13, 2009
SuSE
100
security advisorybuffer overflowXSSSUSE: 2009:014 Critical: Low Profile Vulnerability Fixes
To avoid flooding mailing lists with SUSE Security Announcements for minor To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Secu [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2009:014 Date: Tue, 01 Sep 2009 07:00:00 +0000 Cross-References: CVE-2008-4456, CVE-2009-0153, CVE-2009-0198 CVE-2009-0509, CVE-2009-0510, CVE-2009-0511 CVE-2009-0512, CVE-2009-0791, CVE-2009-1381 CVE-2009-1720, CVE-2009-1721, CVE-2009-1855 CVE-2009-1856, CVE-2009-1857, CVE-2009-1858 CVE-2009-1859, CVE-2009-1861, CVE-2009-1885 CVE-2009-2347, CVE-2009-2417, CVE-2009-2446 CVE-2009-2562, CVE-2009-2625, CVE-2009-2688 Content of this advisory: 1) Solved Security Vulnerabilities: - dnsmasq - icu - libcurl3/libcurl2/curl/compat-curl2 - Xerces-c/xerces-j2 - tiff/libtiff - acroread_ja - xpdf - xemacs - mysql - squirrelmail - OpenEXR - wireshark 2) Pending Vulnerabilities, Solutions, and Work-Arounds: none 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - dnsmasq New packages fix a buffer overflow and a NULL dereference in the TFTP server code of dnsmasq. Please note that the TFTP server is disabled by default. (CVE-2009-2957, CVE-2009-2958) Released for product: openSUSE 10.3-11.1, SLE11 - icu icu did not properly handle invalid byte sequences during Unicode con- version. Remote attackers could potentially exploit that to conduct cross-site scripting (XSS) attacks (CVE-2009-0153). Released for product: openSUSE 10.3-11.1, SLE10, SLE11 - libcurl3/libcurl2/curl/compat-curl2 An update of curl fixes the 0-character handling in the subject name of a SSL certificate. This bug could be used to execute an undetected man- in-the-middle-attack. (CVE-2009-2417) Released for product: openSUSE 10.3-11.1, SLES9, SLE10, SLE11, OES, NLD - Xerces-c/xerces-j2 The Xerces-c package was vulnerable to various bugs while parsing XML. (CVE-2009-1885) Released for product: openSUSE 10.3-11.1, SLES9, SLE10, SLE11 - tiff/libtiff This update of the tiff package fixes various integer overflows in the contained tools. (CVE-2009-2347) Released for product: openSUSE 10.3-11.1, SLES9, SLE10, SLE11, OES, NLD - acroread_ja This update of acroread fixes the following vulnerabilities: + CVE-2009-1855: stack overflow that could lead to code execution + CVE-2009-1856: integer overflow with potential to lead to arbitrary code execution + CVE-2009-1857: memory corruption with potential to lead to arbitrary code execution + CVE-2009-1858: memorycorruption with potential to lead to arbitrary code execution + CVE-2009-1859: memory corruption with potential to lead to arbitrary code execution + CVE-2009-0198: memory corruption with potential to lead to arbitrary code execution + CVE-2009-0509 CVE-2009-0510 CVE-2009-0511 CVE-2009-0512: various heap overflows that could lead to code exe- cution + CVE-2009-1861: heap overflow that could lead to code execution Released for product: SLE10, SLE11 - xpdf Specially crafted PDF documents could crash xpdf or potentially even allow execution of arbitrary code (CVE-2009-0791). Released for product: openSUSE 10.3-11.1, SLES9, SLE10, SLE11 - xemacs Specially crafted tiff, png and jpeg images could cause integer overflows in xemacs and possible system compromise. (CVE-2009-2688) Released for product: openSUSE 10.3-11.1, SLES9, SLE10, SLE11 - mysql The following vulnerabilities were fixed: + the COM_CREATE_DB and COM_DROP_DB suffered from format string vulnerabilities (CVE-2009-2446) + the command line client was prone to cross-site scripting (XSS) attacks (CVE-2008-4456) Released for product: openSUSE 10.3-11.1, SLES9, SLE10, SLE11, OES, NLD - squirrelmail/squirrelmail-plugins The previous fix for a vulnerability that allowed an attacker to run arbitrary commands on the server was incomplete (CVE-2009-1381). Released for product: openSUSE 10.3 - OpenEXR This update of OpenEXR fixes several integer overflows (CVE-2009-1720) and a denial-of-service (probably execution of arbitrary code) bug (CVE-2009-1721). Released for product: openSUSE 10.3-11.1, SLE10, SLE11 - wireshark Flaws in the AFS dissector allowed attackers to crash wireshark via specially crafted network traffic (CVE-2009-2562). Released for product: openSUSE 10.3-11.1, SLES9, SLE10, SLE11,OES, NLD ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds none ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from
Sep 01, 2009
•Critical
SuSE
100
security advisorymoderateDoSSUSE: 2009:005 Moderate: Resolved Multiple Issues for Security
To avoid flooding mailing lists with SUSE Security Announcements for minor To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Secu [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2009:005 Date: Mon, 02 Mar 2009 13:00:00 +0000 Cross-References: CVE-2007-0062, CVE-2008-5078, CVE-2008-5138 CVE-2009-0021, CVE-2009-0040, CVE-2009-0049 CVE-2009-0386, CVE-2009-0387, CVE-2009-0397 CVE-2009-0478, CVE-2009-0599, CVE-2009-0600 CVE-2009-0601 Content of this advisory: 1) Solved Security Vulnerabilities: - dhcp - ntp/xntp - squid - wireshark - libpng - pam_mount - enscript - eID-belgium - gstreamer-0_10-plugins-good 2) Pending Vulnerabilities, Solutions, and Work-Arounds: none 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP serverand via the YaST Online Update. - dhcp By sending requests with a large value for 'dhcp-max-message-size' dhcp-clients could crash dhcpd if dhcpd was configured with a large amount of DHCP options (CVE-2007-0062). Affected Products: SLES9, SLES10, openSUSE 10.3-11.0 - ntp/xntp ntp didn't properly check the return value of the openssl function EVP_VerifyFinal (CVE-2009-0021). Affected Products: SLES9, openSUSE 10.3-11.1 Packages for SLES10 got delayed due a fix for another problem and will follow soon - squid A denial of service condition in HTTP-request processing was fixed in squid (CVE-2009-0478). Affected Products: openSUSE 11.1 - wireshark wireshark could crash while reading capture files containing NetScreen data (CVE-2009-0599), while reading Tektronix K12 capture files (CVE-2009-0600) or if the HOME environment variable contained format string specifiers (CVE-2009-0601). Affected Products: openSUSE 10.3-11.1 - libpng Specially crafted png files could crash applications using libpng or potentially execute arbitrary code by causing free of an uninitialized pointer (CVE-2009-0040). Affected Products: SLES9, SLES10, openSUSE 10.3-11.1 - pam_mount Temporary file handling of the passwdehd script was prone to symlink attacks (CVE-2008-5138). In 11.0 and 11.1 the script was removed as it doesn't work on those distributions anyways. Affected Products: SLES9, SLES10, openSUSE 10.3-11.1 - enscript long path names could overflow a buffer in enscript (CVE-2008-5078). Affected Products: SLES9 - eID-belgium eID-belgium didn't properly check the return value of the openssl function EVP_VerifyFinal (CVE-2009-0049). Affected Products: SLES10, openSUSE 10.3-11.1 - gstreamer-0_10-plugins-good Specially crafted QuickTime media files could cause heap based buffer overflows ingstreamer. Attackers could potentially exploit that to execute arbitrary code (CVE-2009-0386, CVE-2009-0387, CVE-2009-0397). Affected Products: SLES9, openSUSE 10.3-11.1 ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds none ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM packagedownloaded. The package is unmodified if it contains a valid signature from
Mar 02, 2009
SuSE
100
security advisorymoderatebuffer overflowopenSUSE 2009:003 Moderate: Multiple Low Profile Security Issues
To avoid flooding mailing lists with SUSE Security Announcements for minor To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Secu [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2009:003 Date: Mon, 02 Feb 2009 16:30:00 +0000 Cross-References: CVE-2008-1149, CVE-2008-1567, CVE-2008-1924 CVE-2008-2383, CVE-2008-2960, CVE-2008-3197 CVE-2008-4096, CVE-2008-4309, CVE-2008-4326 CVE-2008-5081, CVE-2008-5432, CVE-2008-5621 CVE-2008-5622, CVE-2008-5824, CVE-2008-5902 CVE-2008-5903, CVE-2008-5904, CVE-2008-5907 CVE-2009-0125, CVE-2009-0126, CVE-2009-0135 CVE-2009-0136 Content of this advisory: 1) Solved Security Vulnerabilities: - boinc-client - xrdp - phpMyAdmin - libnasl - moodle - xrdp - net-snmp - audiofile - XFree86/xterm - amarok - libpng - sudo - avahi 2) Pending Vulnerabilities, Solutions, and Work-Arounds: none 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summaryreports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - boinc-client The boinc-client was missing return value checks for openssl function calls. (CVE-2009-0126) Affected products: openSUSE 11.1 - xrdp This update fixes multiple buffer overflows that can be exploited remotely to execute arbitrary code. (CVE-2008-5902, CVE-2008-5903, CVE-2008-5904) Additionally xrdp does not register remote session as local anymore. Affected products: openSUSE 11.1 - phpMyAdmin A version upgrade to phpMyAdmin 2.11.9.4 to fix various security bugs. (CVE-2008-2960, CVE-2008-3197, CVE-2008-1149, CVE-2008-1567, CVE-2008-1924, CVE-2008-4096, CVE-2008-4326, CVE-2008-5621, CVE-2008-5622) Affected products: openSUSE 10.3-11.0 - libnasl This update of libnasl adds missing return value checks for openssl function calls. (CVE-2009-0125) Affected products: openSUSE 10.3-11.0 - moodle Insufficient quoting of wiki page titles allowed attackers to conduct cross site scripting (XSS) attacks. (CVE-2008-5432) Affected products: openSUSE 10.3-11.0 - net-snmp Remote attackers could crash net-snmp via GETBULK-Request (CVE-2008-4309). In addition the following non-security issues have been fixed: - typo in error message - make OIDs longer than 256 chars work - typo in the snmpd init script to really load all agents - logrotate config to restart the snmptrapd as well Affected products: SLES9, NLD9, SLES10, SLED 10 - audiofile A heap-overflow in libaudiofile was fixed. The overflow existsed in the WAV processing code and can be exploited to execute arbi- trary code. (CVE-2008-5824) Affected products:openSUSE 10.3-11.1, OES, SLES9, NLD9, SLES 10, SLED10 - XFree86/xterm XTerm evaluated various ANSI Escape sequences so that command execution was possible if an attacker could pipe raw data to an xterm. (CVE-2008-2383) (It is usually not recommended to display raw data on an xterm.) Support for Matrox G200EV/G200WB cards was added. Affected products: OES, SLES9, NLD9 - amarok This update of amarok fixes several integer overflows and unchecked memory allocations that can be exploited by malformed Audible digital audio files. These bugs could be used in a user-assisted attack sce- nario to execute arbitrary code remotely. (CVE-2009-0135, CVE-2009- 0136) Affected products: openSUSE 10.3-11.1, SLES10, SLED10 - libpng This update of libpng fixes the function png_check_keyword() that allowed setting arbitrary bytes in the process memory to 0. (CVE-2008-5907) Affected products: openSUSE 10.3-11.1, OES, SLES9, NLD9, SLES 10, SLED10 - sudo This update of sudo fixes a bug that allowed - depending on the sudoers rules - a sudo-user to execute arbitrary shell commands as root. (CVE-2009-0034) Affected products: openSUSE 10.3-11.1 - avahi Specially crafted mDNS packets could crash the Avahi daemon (CVE-2008-5081). Affected products: openSUSE 10.3-11.1, SLED10 ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds none ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verifythe signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from
Feb 02, 2009
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!