The Linux kernel is the core component of the Linux system. The Linux kernel is the core component of the Linux system. Several vulnerabilities were reported in the last few weeks which are fixed by this update.Not all kernels are affected by all the problems, each of the problems has an affected note attached to it.
This update fixes several security issues in the ImageMagick program suite: This update fixes several security issues in the ImageMagick program suite: - A format string vulnerability was found in the display program which could lead to a remote attacker being to able to execute code as the user running display by providing handcrafted filenames of images. This is tracked by the Mitre CVE ID C [More...]
This security update for Mozilla Firefox fixes following problems: This security update for Mozilla Firefox fixes following problems: - CAN-2005-0231: "Fire tabbing" The javascript security manager usually prevents that a javascript: URL from one host is opened in a window displaying content from another host. But when the link is dropped to a tab, the security manager does not kick in.
The SUSE Security Team reviewed critical parts of the OpenSLP package, The SUSE Security Team reviewed critical parts of the OpenSLP package, an open source implementation of the Service Location Protocol (SLP). an open source implementation of the Service Location Protocol (SLP). SLP is used by Desktops to locate certain services such as printers and by servers to announce their services. [More...]
Two security problems were found in the media player RealPlayer: Two security problems were found in the media player RealPlayer: - CAN-2005-0455: A buffer overflow in the handling of .smil files. - CAN-2005-0611: A buffer overflow in the handling of .wav files. Both buffer overflows can be exploited remotely by providing URLs opened by RealPlayer.
cyrus-sasl is a library providing authentication services. cyrus-sasl is a library providing authentication services. A buffer overflow in the digestmda5 code was identified that could lead to a remote attacker executing code in the context of the service using sasl authentication.This is tracked by the Mitre CVE ID CAN-2005-0373.
The University of Washington imap daemon can be used to access mails The University of Washington imap daemon can be used to access mails remotely using the IMAP protocol. remotely using the IMAP protocol. This update fixes a logical error in the challenge response authentication mechanism CRAM-MD5 used by UW IMAP. Due to this mistake a remote attacker can gain access to the IMAP server as [More...]
This email address is being protected from spambots. You need JavaScript enabled to view it. reported a vulnerability in libcurl, the This email address is being protected from spambots. You need JavaScript enabled to view it. reported a vulnerability in libcurl, the HTTP/FTP retrieval library. This library is used by lots of programs, HTTP/FTP retrieval library. This library is used by lots of programs, including YaST2 and PHP4.The NTLM authorization in curl had a buffer overflow in the base64 decoding which allows a remote a [More...]
The previous kernel security update for the SUSE Linux 9.1 The previous kernel security update for the SUSE Linux 9.1 and the SUSE Linux Enterprise Server 9 based products caused and the SUSE Linux Enterprise Server 9 based products caused problems with the NVidia driver for users with NVidia graphics cards. Stricter checking in the memory management functions in the kernel caused the kerne [More...]
This update fixes one-byte buffer overruns in the cyrus-imapd IMAP This update fixes one-byte buffer overruns in the cyrus-imapd IMAP server package. server package. Several overruns were fixed in the IMAP annote extension as well as in cached header handling which can be run by an authenticated user.Additionally bounds checking in fetchnews was improved to avoid
Squid is an Open Source web proxy. Squid is an Open Source web proxy. A remote attacker was potentially able to crash the Squid web proxy if the log_fqdn option was set to "on" and the DNS replies were manipulated.This is tracked by the Mitre CVE ID CAN-2005-0446.
Mailman is a flexible mailing list management tool. It provides Mailman is a flexible mailing list management tool. It provides mail controlled subscription front ends and also includes CGI scripts mail controlled subscription front ends and also includes CGI scripts to handle subscription, moderation and archive retrieval and other options.Due to incomplete input validation the "private" CG [More...]
Squid is a feature-rich web-proxy with support for various web-related Squid is a feature-rich web-proxy with support for various web-related protocols. protocols. The last two squid updates from February the 1st and 10th fix several vulnerabilities. The impact of them range from remote denial-of-service over cache poisoning to possible remote command execution. Due to the hugh amount of b [More...]
The linux kernel is the core of the SUSE Linux based products. The linux kernel is the core of the SUSE Linux based products. Two weeks ago we released the Service Pack 1 for our SUSE Linux Enterprise Server 9 product. Due to the strict code freeze we were not able to merge all the security fixes from the last kernel update on Jan23rd (SUSE-SA:2005:003) into this kernel.This update merges t [More...]
RealPlayer is a combined audio and video player for RealMedia formatted RealPlayer is a combined audio and video player for RealMedia formatted streaming data. These formats are very common throughout the Internet. eEye Security in October 2004 discovered a flaw in the .rm RealMovie stream handling routines which allows a remote attacker to exploit an integer overflow vulnerability using a speci [More...]
Several exploitable security problems were identified and fixed in Several exploitable security problems were identified and fixed in the Linux kernel, the core of every SUSE Linux product. - Due to missing locking in the sys_uselib system call a local attacker can gain root access. This was found by Paul Starzetz and is tracked by the Mitre CVE ID CAN-2004-1235.
PHP is a well known, widely-used scripting language often used within web PHP is a well known, widely-used scripting language often used within web server setups. server setups. Stefan Esser and Marcus Boerger found several buffer overflow problems in the unserializer functions of PHP (CAN-2004-1019) and Ilia Alshanetsky (CAN-2004-1065) found one in the exif parser. Any of them could allow [More...]
Libtiff supports reading, writing, and manipulating of TIFF image files. Libtiff supports reading, writing, and manipulating of TIFF image files. iDEFENSE reported an integer overflow in libtiff that can be exploited by iDEFENSE reported an integer overflow in libtiff that can be exploited by specific TIFF images to trigger a heap-based buffer overflow afterwards.This bug can be used by exter [More...]
The Samba developers informed us about several potential integer overflow The Samba developers informed us about several potential integer overflow issues in the Samba 2 and Samba 3 code. issues in the Samba 2 and Samba 3 code. This update adds constraints to the Samba server code which protects it from using values from untrusted sources as operands in arithmetic operations to determine he [More...]
Linux kernel Linux kernel Several vulnerabilities have been found and fixed in the Linuxkernel. Paul Starzetz reported that the missing serialization inunix_dgram_recvmsg() which was added to kernel 2.4.28 can
