[SUSE-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: PatchesforSUSELinuxEnterprise
Notification of New SUSE Fixlet Messages
suse-announcements at bigmail.bigfix.com
Thu Dec 3 03:10:31 PST 2009
Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 280 Published: Wed, 02 Dec 2009 19:18:22 GMT
New Fixlets:
============
***************************************************************
Title: PATCH-12529 - Security update for expat - SLES9
Severity: <Unspecified>
Fixlet ID: 1252901
Fixlet Link: http://download.novell.com/Download?buildid=ay_5iXAwML8~
Fixlet Description: Specially crafted XML documents could make expat run into an enless loop, therefore locking up applications using expat (CVE-2009-3720). This has been fixed. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-12530 - Security update for ethereal
Severity: <Unspecified>
Fixlet ID: 1253001
Fixlet Link: http://download.novell.com/Download?buildid=I4C1t1NqxxQ~
Fixlet Description: This is an update of wireshark to fix multiple vulnerabilities: CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM) The Paltalk dissector could crash on alignment-sensitive processors. CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM) The DCERPC/NT dissector could crash. CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM) The SMB dissector could crash. CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM) The RADIUS dissector could crash. Please update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-12531 - Security update for IBM Java2 and SDK - SLES9
Severity: <Unspecified>
Fixlet ID: 1253101
Fixlet Link: http://download.novell.com/Download?buildid=VgiYfV3n7lo~
Fixlet Description: IBM Java 1.4.2 was updated to Service Refresh 13 Fixpack 2 At least following security issues are fixed by this update: CVE-2009-1100: A vulnerability in the Java Runtime Environment (JRE) with storing temporary font files might allow an untrusted applet or application to consume a disproportionate amount of disk space resulting in a denial-of-service condition. Install this update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-12550 - Security update for OpenSSL - SLES9
Severity: <Unspecified>
Fixlet ID: 1255001
Fixlet Link: http://download.novell.com/Download?buildid=r2pf_jDeNfY~
Fixlet Description: The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's mod_ssl was vulnerable to this kind of attack because it uses openssl. Please note that renegotiation will be disabled by this update and may cause problems in some cases. (CVE-2009-3555: CVSS v2 Base Score: 6.4) Please update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-12553 - Security update for mutt
Severity: <Unspecified>
Fixlet ID: 1255301
Fixlet Link: http://download.novell.com/Download?buildid=Xuld2dIjtFs~
Fixlet Description: This update improves the handling of SSL certificates and fixes a minor usability bug introduced with the last security update. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9111702 - Security update for OpenSSL - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 911170201
Fixlet Link: http://download.novell.com/Download?buildid=a4i8H1-qwqw~
Fixlet Description: The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's mod_ssl was vulnerable to this kind of attack because it uses openssl. Please note that renegotiation will be disabled by this update and may cause problems in some cases. (CVE-2009-3555: CVSS v2 Base Score: 6.4) Please update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9111702 - Security update for OpenSSL - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 911170203
Fixlet Link: http://download.novell.com/Download?buildid=iXTfKIqT-Bg~
Fixlet Description: The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's mod_ssl was vulnerable to this kind of attack because it uses openssl. Please note that renegotiation will be disabled by this update and may cause problems in some cases. (CVE-2009-3555: CVSS v2 Base Score: 6.4) Please update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9112001 - Security update for expat - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 911200101
Fixlet Link: http://download.novell.com/Download?buildid=Qzsuktw31tc~
Fixlet Description: Specially crafted XML documents could make expat run into an enless loop, therefore locking up applications using expat (CVE-2009-3720). This has been fixed. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9112001 - Security update for expat - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 911200103
Fixlet Link: http://download.novell.com/Download?buildid=PoXoIIufjN8~
Fixlet Description: Specially crafted XML documents could make expat run into an enless loop, therefore locking up applications using expat (CVE-2009-3720). This has been fixed. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9112002 - Security update for Mozilla Firefox - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 911200203
Fixlet Link: http://download.novell.com/Download?buildid=FKzSDBtUUug~
Fixlet Description: The Mozilla Firefox 3.5.5 release fixes some instability issues caused by the 3.5.4 security upgrade. Please install the update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9112002 - Dependencies Needed - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 911200204
Fixlet Link: http://download.novell.com/Download?buildid=FKzSDBtUUug~
Fixlet Description: Updated Mozilla Firefox packages are now available for SuSE Linux Enterprise 10. However, these packages have dependencies that must be resolved. The following package must be installed at the specified version or greater: MozillaFirefox-3.5.3-1.4.2.i586.rpm mozilla-nspr-4.8.2-1.5.1.i586.rpm
***************************************************************
Title: PATCH-B9112002 - Security update for Mozilla Firefox - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 911200205
Fixlet Link: http://download.novell.com/Download?buildid=FnntBSdZG7k~
Fixlet Description: The Mozilla Firefox 3.5.5 release fixes some instability issues caused by the 3.5.4 security upgrade. Please install the update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9112002 - Dependencies Needed - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 911200206
Fixlet Link: http://download.novell.com/Download?buildid=FKzSDBtUUug~
Fixlet Description: Updated Mozilla Firefox packages are now available for SuSE Linux Enterprise 10. However, these packages have dependencies that must be resolved. The following package must be installed at the specified version or greater: MozillaFirefox-3.5.3-1.4.2.i586.rpm mozilla-nspr-4.8.2-1.5.1.i586.rpm
***************************************************************
Title: PATCH-B9112003 - Security update for expat - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 911200301
Fixlet Link: http://download.novell.com/Download?buildid=uwmIUMpTyTE~
Fixlet Description: Specially crafted XML documents could make expat run into an enless loop, therefore locking up applications using expat (CVE-2009-3720). This has been fixed. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9112003 - Security update for expat - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 911200303
Fixlet Link: http://download.novell.com/Download?buildid=B7-95xahHrQ~
Fixlet Description: Specially crafted XML documents could make expat run into an enless loop, therefore locking up applications using expat (CVE-2009-3720). This has been fixed. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9112004 - Security update for Mozilla Firefox - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 911200403
Fixlet Link: http://download.novell.com/Download?buildid=B7MPHsCRNac~
Fixlet Description: The Mozilla Firefox 3.5.5 release fixes some instability issues caused by the 3.5.4 security upgrade. Please install the update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9112004 - Dependencies Needed - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 911200404
Fixlet Link: http://download.novell.com/Download?buildid=B7MPHsCRNac~
Fixlet Description: Updated Mozilla Firefox packages are now available for SuSE Linux Enterprise 10. However, these packages have dependencies that must be resolved. The following package must be installed at the specified version or greater: mozilla-nspr-4.8.2-1.5.1.i586.rpm
***************************************************************
Title: PATCH-B9112004 - Security update for Mozilla Firefox - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 911200405
Fixlet Link: http://download.novell.com/Download?buildid=7l25_xMyN2Q~
Fixlet Description: The Mozilla Firefox 3.5.5 release fixes some instability issues caused by the 3.5.4 security upgrade. Please install the update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9112004 - Dependencies Needed - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 911200406
Fixlet Link: http://download.novell.com/Download?buildid=7l25_xMyN2Q~
Fixlet Description: Updated Mozilla Firefox packages are now available for SuSE Linux Enterprise 10. However, these packages have dependencies that must be resolved. The following package must be installed at the specified version or greater: mozilla-nspr-4.8.2-1.5.1.i586.rpm
***************************************************************
Title: PATCH-B9112501 - Security update for IBM Java 1.4.2 - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 911250101
Fixlet Link: http://download.novell.com/Download?buildid=uqJ0eksezjk~
Fixlet Description: IBM Java 1.4.2 was updated to Service Refresh 13 Fixpack 2 The following security issues are fixed by this update: CVE-2009-1100: A vulnerability in the Java Runtime Environment (JRE) with storing temporary font files might allow an untrusted applet or application to consume a disproportionate amount of disk space resulting in a denial-of-service condition. Install this update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9112502 - Security update for IBM Java 1.4.2 - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 911250201
Fixlet Link: http://download.novell.com/Download?buildid=Il62BOJglmo~
Fixlet Description: IBM Java 1.4.2 was updated to Service Refresh 13 Fixpack 2 At least following security issues are fixed by this update: CVE-2009-1100: A vulnerability in the Java Runtime Environment (JRE) with storing temporary font files might allow an untrusted applet or application to consume a disproportionate amount of disk space resulting in a denial-of-service condition. Install this update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9112502 - Dependency Conflict - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 911250202
Fixlet Link: http://download.novell.com/Download?buildid=Il62BOJglmo~
Fixlet Description: Updated java-ibm packages that addresses a security vulnerability are now available. However, the listed computers have the package "java-1_4_2-ibm-plugin" installed, less than version "1.4.2_sr13.2-0.4.1" which conflicts with this security update. You must uninstall or upgrade this package in order for this security update to become relevant.
***************************************************************
Title: PATCH-B9113001 - Security update for ethereal - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 911300101
Fixlet Link: http://download.novell.com/Download?buildid=dJ1mfW82hT8~
Fixlet Description: This is an update of wireshark to fix multiple vulnerabilities: CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM) The Paltalk dissector could crash on alignment-sensitive processors. CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM) The DCERPC/NT dissector could crash. CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM) The SMB dissector could crash. CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM) The RADIUS dissector could crash. Please update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9113001 - Security update for ethereal - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 911300103
Fixlet Link: http://download.novell.com/Download?buildid=0_xO1gM8cig~
Fixlet Description: This is an update of wireshark to fix multiple vulnerabilities: CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM) The Paltalk dissector could crash on alignment-sensitive processors. CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM) The DCERPC/NT dissector could crash. CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM) The SMB dissector could crash. CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM) The RADIUS dissector could crash. Please update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9113002 - Security update for ethereal - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 911300201
Fixlet Link: http://download.novell.com/Download?buildid=JR25Q6Q_zgI~
Fixlet Description: This is an update of wireshark to fix multiple vulnerabilities: CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM) The Paltalk dissector could crash on alignment-sensitive processors. CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM) The DCERPC/NT dissector could crash. CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM) The SMB dissector could crash. CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM) The RADIUS dissector could crash. Please update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9113002 - Security update for ethereal - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 911300203
Fixlet Link: http://download.novell.com/Download?buildid=uBdGwaWmNSg~
Fixlet Description: This is an update of wireshark to fix multiple vulnerabilities: CVE-2009-3549: CVSS v2 Base Score: 5.0 (MEDIUM) The Paltalk dissector could crash on alignment-sensitive processors. CVE-2009-3550: CVSS v2 Base Score: 4.3 (MEDIUM) The DCERPC/NT dissector could crash. CVE-2009-3551: CVSS v2 Base Score: 5.0 (MEDIUM) The SMB dissector could crash. CVE-2009-2560: CVSS v2 Base Score: 5.0 (MEDIUM) The RADIUS dissector could crash. Please update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9120101 - Security update for mutt - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 912010101
Fixlet Link: http://download.novell.com/Download?buildid=_qa7pXTbN3Y~
Fixlet Description: This update improves the handling of SSL certificates and fixes a minor usability bug introduced with the last security update. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9120101 - Security update for mutt - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 912010103
Fixlet Link: http://download.novell.com/Download?buildid=BXjQ3xfdoPI~
Fixlet Description: This update improves the handling of SSL certificates and fixes a minor usability bug introduced with the last security update. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9120102 - Security update for mutt - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 912010201
Fixlet Link: http://download.novell.com/Download?buildid=XyflVFAcoL4~
Fixlet Description: This update improves the handling of SSL certificates and fixes a minor usability bug introduced with the last security update. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9120102 - Security update for mutt - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 912010203
Fixlet Link: http://download.novell.com/Download?buildid=R7X8swtH3LA~
Fixlet Description: This update improves the handling of SSL certificates and fixes a minor usability bug introduced with the last security update. Everyone should update. Please see patch page for more detailed information.
More information about the SUSE-Announcements
mailing list