[SUSE-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: PatchesforSUSELinuxEnterprise
Notification of New SUSE Fixlet Messages
suse-announcements at bigmail.bigfix.com
Thu Oct 8 03:10:08 PDT 2009
Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 255 Published: Thu, 08 Oct 2009 01:21:24 GMT
New Fixlets:
============
***************************************************************
Title: PATCH-12383 - Security update for PostgreSQL - SLES9
Severity: <Unspecified>
Fixlet ID: 1238301
Fixlet Link: http://download.novell.com/Download?buildid=I-nLpxKQJKY~
Fixlet Description: Remote authenticated users could crash the postgresql server by requesting a conversion with an inappropriate encoding (CVE-2009-0922). Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-12460 - Security update for Tomcat - SLES9
Severity: <Unspecified>
Fixlet ID: 1246001
Fixlet Link: http://download.novell.com/Download?buildid=vOqv-IKw6is~
Fixlet Description: This update of tomcat fixes several vulnerabilities: CVE-2008-5515: RequestDispatcher usage can lead to information leakage CVE-2009-0033: denial of service via AJP connection CVE-2009-0580: some authentication classes allow user enumeration CVE-2009-0781: XSS bug in example application cal2. jsp CVE-2009-0783: replacing XML parser leads to information leakage Additionally, non-security bugs were fixed. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-12507 - Security update for freeradius - SLES9
Severity: <Unspecified>
Fixlet ID: 1250701
Fixlet Link: http://download.novell.com/Download?buildid=hOQvUJi43uU~
Fixlet Description: This update of freeradius fixes a remote denial-of-service bug in function rad_decode() which can be triggered by zero-length Tunnel-Password attributes to make radiusd crash. (CVE-2009-3111) Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-12511 - Security update for IBM Java2 JRE and SDK - SLES9
Severity: <Unspecified>
Fixlet ID: 1251101
Fixlet Link: http://download.novell.com/Download?buildid=0LAH_U9yTTc~
Fixlet Description: IBM Java 1.4.2 was updated to SR13 FP1. It fixes following two security issues: CVE-2009-2625: A vulnerability in the Java Runtime Environment (JRE) with parsing XML data might allow a remote client to create a denial-of-service condition on the system that the JRE runs on. CVE-2008-5349: A vulnerability in how the Java Runtime Environment (JRE) handles certain RSA public keys might cause the JRE to consume an excessive amount of CPU resources. This might lead to a Denial of Service (DoS) condition on affected systems. Such keys could be provided by a remote client of an application. This issue affects the following security providers: IBMJCE, IBMPKCS11Impl and IBMJCEFIPS. Install this update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-12519 - Security update for epiphany - SLES9
Severity: <Unspecified>
Fixlet ID: 1251901
Fixlet Link: http://download.novell.com/Download?buildid=V5iZA8PjJ7M~
Fixlet Description: This update brings the Mozilla Seamonkey Suite packages to the current stable release 1.1.17. Due to the major version update some incompatibilities might appear. It fixes all currently published security issues, including but not limited to: cp 1 MFSA 2009-17/CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme MFSA 2009-21/CVE-2009-1311:POST data sent to wrong site when saving web page with embedded frame MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11) MFSA 2009-26/CVE-2009-1835: Arbitrary domain cookie access by local file: resources MFSA 2009-27/CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests MFSA 2009-29/CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null MFSA 2009-32/CVE-2009-1841: JavaScript chrome privilege escalation MFSA 2009-33/CVE-2009-2210: Crash viewing multipart/alternative message with text/enhanced part Install this update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9100101 - Security update for freeradius - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 910010103
Fixlet Link: http://download.novell.com/Download?buildid=0QKgejEztDk~
Fixlet Description: This update of freeradius fixes a remote denial-of-service bug in function rad_decode() which can be triggered by zero-length Tunnel-Password attributes to make radiusd crash. (CVE-2009-3111) Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9100102 - Security update for IBM Java 1.4.2 - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 910010201
Fixlet Link: http://download.novell.com/Download?buildid=ILaEYLO8DcI~
Fixlet Description: IBM Java 1.4.2 was updated to SR13 FP1. It fixes following two security issues: CVE-2009-2625: A vulnerability in the Java Runtime Environment (JRE) with parsing XML data might allow a remote client to create a denial-of-service condition on the system that the JRE runs on. CVE-2008-5349: A vulnerability in how the Java Runtime Environment (JRE) handles certain RSA public keys might cause the JRE to consume an excessive amount of CPU resources. This might lead to a Denial of Service (DoS) condition on affected systems. Such keys could be provided by a remote client of an application. This issue affects the following security providers: IBMJCE, IBMPKCS11Impl and IBMJCEFIPS. Install this update. Please see patch page for more detailed information.
More information about the SUSE-Announcements
mailing list