Advisory: SuSE Essential and Critical Security Patch Updates

Find the information you need for your favorite open source distribution .

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-055: openssl,mozilla-nss RSA signature evasion Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

If an RSA key with exponent 3 is used it may be possible to forge a If an RSA key with exponent 3 is used it may be possible to forge a PKCS verify the certificate if they are not checking for excess data PKCS verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature. This problems affects various SSL implementations. This advisory covers th [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-054: Mozilla Firefox,Thunderbird, Seamonkey Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Security updates have been released that bring Mozilla Firefox to Security updates have been released that bring Mozilla Firefox to version 1.5.0.7, Mozilla Thunderbird to version 1.5.0.7 and Mozilla version 1.5.0.7, Mozilla Thunderbird to version 1.5.0.7 and Mozilla Seamonkey to 1.0.5. Seamonkey and Thunderbird were released early this week, Firefox was released today.

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-053: flash-player Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Multiple input validation errors have been identified in the Macromedia Multiple input validation errors have been identified in the Macromedia Flash Player that could lead to the potential execution of arbitrary Flash Player that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user's web bro [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-052: php4,php5 Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Various security problems have been fixed in the PHP script Various security problems have been fixed in the PHP script language engine and its modules, versions 4 and 5. language engine and its modules, versions 4 and 5. The PHP4 updated packages were released on September 12, the PHP5 update packages were released on September 20. The following security problems were fixed, with respective Mit [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-051: Apache2 security problems Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The web server Apache2 has been updated to fix several security issues: The web server Apache2 has been updated to fix several security issues: The security fix for CVE-2005-3357 (denial of service) broke the earlier security fix for SSL verification (CVE-2005-2700). This problem has been corrected. Additionally a cross site scripting bug with the "Expect" header error reporting was fixed (CVE-2 [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-050: ImageMagick Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Several security problems have been fixed in ImageMagick: Several security problems have been fixed in ImageMagick: - CVE-2006-3744: Several heap buffer overflows were found in the SunBitmap decoder of ImageMagick during an audit by the Google SecurityTeam. This problem could be exploited by an attacker to execute code. - CVE-2006-3743: Multiple buffer overflows were found by the GoogleSecurity [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-049: kernel Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The SUSE Linux Enterprise 10 kernel was updated to fix the following The SUSE Linux Enterprise 10 kernel was updated to fix the following security problems: security problems: - CVE-2006-3626: A race condition allows local users to gain root privilegesby changing the file mode of /proc/self/ filesin a way that causes those files (for instance/proc/self/environ) to become setuid root.

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-048: MozillaFirefox, MozillaThunderbird, Seamonkey Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

To fix various security problems we released update packages that To fix various security problems we released update packages that bring Mozilla Firefox to version 1.5.0.6, MozillaThunderdbird to bring Mozilla Firefox to version 1.5.0.6, MozillaThunderdbird to version 1.5.0.5 and the Seamonkey Suite to version 1.0.3. Note that on Novell Linux Desktop 9 and SUSE Linux 9.2 up to 10.0 this is a maj [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-047: kernel security problems Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Linux kernel of the SUSE Linux Enterprise 9 products has been The Linux kernel of the SUSE Linux Enterprise 9 products has been updated to fix the security problems list below. updated to fix the security problems list below. This update has already been released for the SUSE Linux Retail products, the Enterprise kernels got delayed due to QA problems. Since SUSE Linux Enterprise Server 8 is [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-046: clamav Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Damian Put discovered a bug in the UPX decoder used for scanning UPX Damian Put discovered a bug in the UPX decoder used for scanning UPX compressed Windows executables. The bug allows for a heap buffer compressed Windows executables. The bug allows for a heap buffer overflow and may potentially be exploitable to execute arbitrary code. ClamAV has been version updated to version 0.88.4 in order to [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-045: freetype2 Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This security update fixes crashes in the PCF handling of freetype2 This security update fixes crashes in the PCF handling of freetype2 which might be used to crash freetype2 using applications or even which might be used to crash freetype2 using applications or even to execude code in them. 2) Solution or Work-Around

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-044: libtiff Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This update of libtiff is the result of a source-code audit done by This update of libtiff is the result of a source-code audit done by Tavis Ormandy, Google Security Team. It fixes various bugs that can Tavis Ormandy, Google Security Team. It fixes various bugs that can lead to denial-of-service conditions as well as to remote code execution while parsing a tiff image provided by an attacker. 2) [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-043: apache,apache2 mod_rewrite problem Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The following security problem was fixed in the Apache and Apache 2 The following security problem was fixed in the Apache and Apache 2 web servers: web servers: mod_rewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. Depending on stack alignment this could be used to potentially execute code.

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-042: kernel security problems Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Linux kernel has been updated to fix several security issues. The Linux kernel has been updated to fix several security issues. This advisory refers to kernel updates for SUSE Linux 9.1 - 10.1. For the SUSE Linux Enterprise 9 and 10, Novell Linux Desktop 9, Open Enterprise Server products the kernel update is still in testing and will be released within the next week.

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-041: acroread remote code execution Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Various unspecified security problems have been fixed in Acrobat Various unspecified security problems have been fixed in Acrobat Reader version 7.0.8. Reader version 7.0.8. Adobe does not provide detailed information about the nature of the security problems. Therefore, it is necessary to assume that remote code execution is possible.

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-040: OpenOffice_org remote code execution Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Following security problems were found and fixed in OpenOffice_org: Following security problems were found and fixed in OpenOffice_org: - CVE-2006-2198: A security vulnerability in OpenOffice.org may make it possible toinject basic code into documents which is executed upon loadingof the document. The user will not be asked or notified and themacro will have full access to system resources with c [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-039: kdebase3-kdm information disclosure Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The KDE Display Manager KDM stores the type of the previously used The KDE Display Manager KDM stores the type of the previously used session in the user's home directory. session in the user's home directory. By using a symlink a local attacker could trick kdm into also storing content of files that are normally not accessible by users, like for instance /etc/shadow.

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-038: Opera 9.0 security upgrade Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The web browser Opera has been upgraded to version 9.0 to add lots of The web browser Opera has been upgraded to version 9.0 to add lots of new features, and to fix the following security problem: new features, and to fix the following security problem: - CVE-2006-3198: An integer overflow vulnerability exists in the OperaWeb Browser due to the improper handling of JPEG files. If excessively larg [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-037: freetype2 Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The freetype2 library renders TrueType fonts for open source projects. The freetype2 library renders TrueType fonts for open source projects. More than 900 packages on SUSE Linux use this library. Therefore the More than 900 packages on SUSE Linux use this library. Therefore the integer overflows in this code found by Josh Bressers and Chris Evans might have a high impact on the security of a desk [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2006-036: mysql remote code execution Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The database server MySQL was updated to fix the following security problems: The database server MySQL was updated to fix the following security problems: - Attackers could read portions of memory by using a user name withtrailing null byte or via COM_TABLE_DUMP command (CVE-2006-1516,CVE-2006-1517). - Attackers could potentially execute arbitrary code by causing abuffer overflow via specially [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved