Advisory: SuSE Essential and Critical Security Patch Updates

Find the information you need for your favorite open source distribution .

LS Hmepg 337x500 34 Esm H200

SuSE: 2004-043: cyrus-imapd Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Stefan Esser reported various bugs within the Cyrus IMAP Server. Stefan Esser reported various bugs within the Cyrus IMAP Server. These include buffer overflows and out-of-bounds memory access These include buffer overflows and out-of-bounds memory access which could allow remote attackers to execute arbitrary commands as root. The bugs occur in the pre-authentication phase, therefore an up [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2004-042: various kernel problems Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Linux kernel is the base of the SUSE Linux system. The Linux kernel is the base of the SUSE Linux system. Several security problems have been found and addressed by the SUSE Security Team. The following issues are present in all SUSE Linux based products.- Several remote denial of service conditions have been found in the smbfs file system, reported by Stefan Esser.

LS Hmepg 337x500 34 Esm H200

SuSE: 2004-041: xshared, XFree86-libs, xorg-x11-libs Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The XPM library which is part of the XFree86/XOrg project is used by The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. several GUI applications to process XPM image files. A source code review done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. The bug types are: - integer overflows [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2004-040: samba Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

There is a problem in the Samba file sharing service daemon, which There is a problem in the Samba file sharing service daemon, which allows a remote user to have the service consume lots of computing allows a remote user to have the service consume lots of computing power and potentially crash the service by querying special wildcarded filenames.This attack can be successful if the Samba da [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2004-039: xpdf, gpdf, kpdf, pdftohtml, cups Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Xpdf is a widely used fast PDF file viewer. Various other PDF viewer Xpdf is a widely used fast PDF file viewer. Various other PDF viewer and PDF conversion tools use xpdf code to accomplish their tasks. and PDF conversion tools use xpdf code to accomplish their tasks. Chris Evans found several integer overflows and arithmetic errors. Additionally Sebastian Krahmer from the SuSE Security-Tea [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2004-038: libtiff Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

libtiff is used by image viewers and web browser to view "TIFF" images. libtiff is used by image viewers and web browser to view "TIFF" images. These usually open and display those images without querying the user, These usually open and display those images without querying the user, making a normal system by default vulnerable to exploits of image library bugs. Chris Evans found several securit [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2004-037: kernel Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

An integer underflow problem in the iptables firewall logging rules An integer underflow problem in the iptables firewall logging rules can allow a remote attacker to crash the machine by using a handcrafted can allow a remote attacker to crash the machine by using a handcrafted IP packet. This attack is only possible with firewalling enabled. We would like to thank Richard Hart for reporting the [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2004-036: mozilla Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

During the last months a number of security problems have been fixed During the last months a number of security problems have been fixed in Mozilla and Mozilla based brwosers. These include: in Mozilla and Mozilla based brwosers. These include: - CAN-2004-0718: content in unrelated windows could be modified- CAN-2004-0722: integer overflow in the SOAPParameter object constructor- CAN-2004-075 [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2004-035: samba Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Samba server, which allows to share files and resources via The Samba server, which allows to share files and resources via the SMB/CIFS protocol, contains a bug in the sanitation code of path the SMB/CIFS protocol, contains a bug in the sanitation code of path names which allows remote attackers to access files outside of the defined share. In order to access these files, they must be r [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2004-034: XFree86-libs, xshared Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Chris Evans reported three vulnerabilities in libXpm which can Chris Evans reported three vulnerabilities in libXpm which can be exploited remotely by providing malformed XPM image files. be exploited remotely by providing malformed XPM image files. The function xpmParseColors() is vulnerable to an integer overflow and a stack-based buffer overflow. The functions ParseAndPutPixels() as well [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2004-033: gtk2, gdk-pixbuf Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

gdk-pixbuf is an image loading and rendering library mostly used gdk-pixbuf is an image loading and rendering library mostly used by GTK and GNOME applications. It is distributed as a separate by GTK and GNOME applications. It is distributed as a separate package for gtk1 and integrated into the gtk2 package. Chris Evans has discovered a heap based, a stack based and an integer overflow in [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2004-032: apache2 Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Apache daemon is running on most of the web-servers used in the The Apache daemon is running on most of the web-servers used in the Internet today. Internet today. The Red Hat ASF Security-Team and the Swedish IT Incident Center within the National Post and Telecom Agency (SITIC) have found a bug in apache2 each. The first vulnerability appears in the apr_uri_parse() function while ha [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2004-031: cups Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Common Unix Printing System (CUPS) enables local and remote users to The Common Unix Printing System (CUPS) enables local and remote users to obtain printing functionallity via the Internet Printing Protocol (IPP). obtain printing functionallity via the Internet Printing Protocol (IPP). Alvaro Martinez Echevarria has found a remote Denial of Service condition within CUPS which allows remote [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2004-030: apache2 Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The mod_ssl apache module, as part of our apache2 package, enables The mod_ssl apache module, as part of our apache2 package, enables the apache webserver to handle the HTTPS protocol. the apache webserver to handle the HTTPS protocol. Within the mod_ssl module, two Denial of Service conditions in the input filter have been found. The CVE project assigned the identifiers CAN-2004-0748 and CA [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2004-029: zlib Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

zlib is a widely used data compression library. Programs linked against it zlib is a widely used data compression library. Programs linked against it include most desktop applications as well as servers such as Apache and include most desktop applications as well as servers such as Apache and OpenSSH. The 'inflate' function of zlib handles certain input data incorrectly which could lead to a deni [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2004-028: kernel Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Various signedness issues and integer overflows have been fixed within Various signedness issues and integer overflows have been fixed within kNFSd and the XDR decode functions of kernel 2.6. kNFSd and the XDR decode functions of kernel 2.6. These bugs can be triggered remotely by sending a package with a trusted source IP address and a write request with a size greater then 2^31. The resul [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2004-027: qt3 Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The QT-library is an environment for GUI-programming and is used in The QT-library is an environment for GUI-programming and is used in various well-known projects, like KDE. various well-known projects, like KDE. Chris Evans found a heap overflow in the BMP image format parser (CAN-2004-0691) which can probably be abused by remote attackers to execute arbitrary code with the privileges of [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2004-026: rsync Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The rsync-team released an advisory about a security problem in rsync. The rsync-team released an advisory about a security problem in rsync. If rsync is running in daemon-mode and without a chroot environment it If rsync is running in daemon-mode and without a chroot environment it is possible for a remote attacker to trick rsyncd into creating an absolute pathname while sanitizing it. As [More...]

LS Hmepg 337x500 34 Esm H200

SuSE: 2004-025: gaim Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Gaim is an instant messaging client which supports a wide range of Gaim is an instant messaging client which supports a wide range of protocols. protocols. Sebastian Krahmer of the SuSE Security Team discovered various remotely exploitable buffer overflows in the MSN-protocol parsing functions during a code review of the MSN protocol handling code.

LS Hmepg 337x500 34 Esm H200

SuSE: 2004-024: kernel Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Paul Starzetz from iSEC informed us about a race condition in the 64bit Paul Starzetz from iSEC informed us about a race condition in the 64bit file offset handling code of the kernel. file offset handling code of the kernel. The file offset pointer (f_pos) is changed during reading, writing, and seeking through a file to point to the current position in a file. The Linux kernel offers a 3 [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved