Clamav was updated to version 0.88.1 to fix the following security Clamav was updated to version 0.88.1 to fix the following security problems: problems: - An integer overflow in the PE header parser (CVE-2006-1614). - Format string bugs in the logging code could potentially beexploited to execute arbitrary code (CVE-2006-1615).
Insufficient input validation was being done in the EAP-MSCHAPv2 Insufficient input validation was being done in the EAP-MSCHAPv2 state machine of the FreeRADIUS authentication server. state machine of the FreeRADIUS authentication server. A malicious attacker could manipulate their EAP-MSCHAPv2 client state machine to potentially convince the server to bypass authentication checks. This bypassin [More...]
This update fixes the following security problems in Realplayer: This update fixes the following security problems in Realplayer: - Specially crafted SWF files could cause a buffer overflow andcrash RealPlayer (CVE-2006-0323). - Specially crafted web sites could cause heap overflow and lead toexecuting arbitrary code (CVE-2005-2922). This was already fixedwith the previously released 1.0.6 versi [More...]
The popular MTA sendmail is vulnerable to a race condition when handling The popular MTA sendmail is vulnerable to a race condition when handling signals. signals. Under certain circumstances this bug can be exploited by an attacker to execute commands remotely. Sendmail was the default MTA in SuSE Linux Enterprise Server 8. Later products use postfix as MTA.
A programming flaw in the X.Org X Server allows local attackers to A programming flaw in the X.Org X Server allows local attackers to gain root access when the server is setuid root, as is the default gain root access when the server is setuid root, as is the default in SUSE Linux 10.0. This flaw was spotted by the Coverity project. Only SUSE Linux 10.0 is affected, older products do not include [More...]
A critical security vulnerability has been identified in the Adobe A critical security vulnerability has been identified in the Adobe Macromedia Flash Player that allows an attacker who successfully Macromedia Flash Player that allows an attacker who successfully exploits these vulnerabilities to take control of the application running the flash player. A malicious SWF must be loaded in the Flash [More...]
The GNU Privacy Guard (GPG) allows crafting a message which could The GNU Privacy Guard (GPG) allows crafting a message which could check out correct using "--verify", but would extract a different, check out correct using "--verify", but would extract a different, potentially malicious content when using "-o --batch". The reason for this is that a .gpg or .asc file can contain multiple plain tex [More...]
This is a reissue of SUSE-SA:2006:009, after we found out that also This is a reissue of SUSE-SA:2006:009, after we found out that also gpg version < 1.4.x are affected by the signature checking problem gpg version < 1.4.x are affected by the signature checking problem of CVE-2006-0455. With certain handcraft-able signatures GPG was returning a 0 (valid signature) when used on command-line with o [More...]
The Linux kernel has been updated to fix various security problems. The Linux kernel has been updated to fix various security problems. All SUSE Linux versions and products are affected, the exact affected versions are listed per entry. A SUSE Linux 10.0 kernel update was released 2 weeks ago, also fixing the issues listed in here. (SUSE Linux Enterprise Server is abbreviated as SLES, Novell Linu [More...]
Heimdal is a Kerberos 5 implementation from the Royal Institut of Techno- Heimdal is a Kerberos 5 implementation from the Royal Institut of Techno- logy in Stockholm. logy in Stockholm. This update fixes two bugs in heimdal. The first one occurs in the rsh daemon and allows an authenticated malicious user to gain ownership of files that belong to other users (CVE-2006-0582). The second bug affects [More...]
Heimdal is a Kerberos 5 implementation from the Royal Institut of Techno- Heimdal is a Kerberos 5 implementation from the Royal Institut of Techno- logy in Stockholm. logy in Stockholm. This update fixes two bugs in heimdal. The first one occurs in the rsh daemon and allows an authenticated malicious user to gain ownership of files that belong to other users (CVE-2006-0582). The second bug affects [More...]
This update fixes a remotely exploitable stack buffer overflow in This update fixes a remotely exploitable stack buffer overflow in the pam_micasa authentication module. the pam_micasa authentication module. Since this module is added to /etc/pam.d/sshd automatically on installation of CASA it was possible for remote attackers to gain root access to any machine with CASA installed.
With certain handcraftable signatures GPG was returning a 0 (valid With certain handcraftable signatures GPG was returning a 0 (valid signature) when used on command-line with option --verify. signature) when used on command-line with option --verify. This only affects GPG version 1.4.x, so it only affects SUSE Linux 9.3 and 10.0. Other SUSE Linux versions are not affected. This could make auto [More...]
A problem in the handling of scp in openssh could be used to execute A problem in the handling of scp in openssh could be used to execute commands on remote hosts even using a scp-only configuration. commands on remote hosts even using a scp-only configuration. This requires doing a remote-remote scp and a hostile server. (CVE-2006-0225) On SUSE Linux Enterprise Server 9 the xauth pollution prob [More...]
A SUSE specific patch to the GNU linker 'ld' removes redundant RPATH A SUSE specific patch to the GNU linker 'ld' removes redundant RPATH and RUNPATH components when linking binaries. and RUNPATH components when linking binaries. Due to a bug in this routine ld occasionally left empty RPATH components. When running a binary with empty RPATH components the dynamic linker tries to load shared libra [More...]
The Linux kernel on SUSE Linux 10.0 has been updated to The Linux kernel on SUSE Linux 10.0 has been updated to fix following security problems: fix following security problems: - CVE-2006-0454: An extra dst release when ip_options_echo failedwas fixed. This problem could be triggered by remote attackers and can
An remotely exploitable problem exists in the rpc.mountd service in An remotely exploitable problem exists in the rpc.mountd service in the user space NFS server package "nfs-server". the user space NFS server package "nfs-server". Insufficient buffer space supplied to the realpath() function when processing mount requests can lead to a buffer overflow in the rpc.mountd and allows remote attacker [More...]
Stefan Esser discovered a bug in in the register_globals emulation Stefan Esser discovered a bug in in the register_globals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code (CVE-2005-4079). Additionally several cross-site-scripting bugs were discovered (CVE- [More...]
Maksim Orlovich discovered a bug in the JavaScript interpreter used Maksim Orlovich discovered a bug in the JavaScript interpreter used by Konqueror. UTF-8 encoded URLs could lead to a buffer overflow by Konqueror. UTF-8 encoded URLs could lead to a buffer overflow that causes the browser to crash or execute arbitrary code. Attackers could trick users into visiting specially crafted web sites that [More...]
iDEFENSE reported a security problem with the Novell Remote Manager. iDEFENSE reported a security problem with the Novell Remote Manager. By passing a huge or negative size via a HTTP request header to httpstkd it was possible to corrupt heap memory and so potentially execute code. We have released updated packages for this problem.
