[SUSE-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: PatchesforSUSELinuxEnterprise
Notification of New SUSE Fixlet Messages
suse-announcements at bigmail.bigfix.com
Tue Oct 27 02:10:08 PST 2009
Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 263 Published: Mon, 26 Oct 2009 23:20:55 GMT
New Fixlets:
============
***************************************************************
Title: PATCH-12526 - Security update for Apache 2 - SLES9
Severity: <Unspecified>
Fixlet ID: 1252601
Fixlet Link: http://download.novell.com/Download?buildid=OGSLwKFctto~
Fixlet Description: This update of the Apache webserver fixes various security issues: mod_proxy could run into an infinite loop when used as reverse proxy (CVE-2009-1890) mod_deflate continued to compress large files even after a network connection was closed, causing mod_deflate to consume large amounts of CPU (CVE-2009-1891) The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp. c in the mod_proxy_ftp module allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. (CVE-2009-3094) access restriction bypass in mod_proxy_ftp module (CVE-2009-3095) Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9102203 - Security update for Samba - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 910220301
Fixlet Link: http://download.novell.com/Download?buildid=g4ZkBfqeKjo~
Fixlet Description: Samba's make_connection_snum() handles certain input incorrectly, which may lead to disclosure of the root directory. CVE-2009-2813 has been assigned to this issue. Additionally an information disclosure vulnerability in mount. cifs has been fixed (CVE-2009-2948) as well as a DoS condition (CVE-2009-2906). Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9102203 - Security update for Samba - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 910220303
Fixlet Link: http://download.novell.com/Download?buildid=2Gmcb98hdrc~
Fixlet Description: Samba's make_connection_snum() handles certain input incorrectly, which may lead to disclosure of the root directory. CVE-2009-2813 has been assigned to this issue. Additionally an information disclosure vulnerability in mount. cifs has been fixed (CVE-2009-2948) as well as a DoS condition (CVE-2009-2906). Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9102301 - Security update for acroread_ja - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 910230101
Fixlet Link: http://download.novell.com/Download?buildid=nxwGqol9e4Y~
Fixlet Description: Adobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim's system via specially crafted PDF files. (CVE-2007-0048, CVE-2007-0045, CVE-2009-2564,CVE-2009-2979, CVE-2009-2980, CVE-2009-2981, CVE-2009-2982, CVE-2009-2983, CVE-2009-2985, CVE-2009-2986, CVE-2009-2988, CVE-2009-2990, CVE-2009-2991, CVE-2009-2992, CVE-2009-2993, CVE-2009-2994, CVE-2009-2996, CVE-2009-2997, CVE-2009-2998, CVE-2009-3431, CVE-2009-3458, CVE-2009-3459, CVE-2009-3462) Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9102302 - Security update for Acrobat Reader - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 910230201
Fixlet Link: http://download.novell.com/Download?buildid=pCrEVqeHgJY~
Fixlet Description: Adobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim's system via specially crafted PDF files. (CVE-2007-0048, CVE-2007-0045, CVE-2009-2564,CVE-2009-2979, CVE-2009-2980, CVE-2009-2981, CVE-2009-2982, CVE-2009-2983, CVE-2009-2985, CVE-2009-2986, CVE-2009-2988, CVE-2009-2990, CVE-2009-2991, CVE-2009-2992, CVE-2009-2993, CVE-2009-2994, CVE-2009-2996, CVE-2009-2997, CVE-2009-2998, CVE-2009-3431, CVE-2009-3458, CVE-2009-3459, CVE-2009-3462) Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9102303 - Security update for Acrobat Reader - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 910230301
Fixlet Link: http://download.novell.com/Download?buildid=gNqx0H5GAYg~
Fixlet Description: Adobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim's system via specially crafted PDF files. (CVE-2007-0048, CVE-2007-0045, CVE-2009-2564,CVE-2009-2979, CVE-2009-2980, CVE-2009-2981, CVE-2009-2982, CVE-2009-2983, CVE-2009-2985, CVE-2009-2986, CVE-2009-2988, CVE-2009-2990, CVE-2009-2991, CVE-2009-2992, CVE-2009-2993, CVE-2009-2994, CVE-2009-2996, CVE-2009-2997, CVE-2009-2998, CVE-2009-3431, CVE-2009-3458, CVE-2009-3459, CVE-2009-3462) Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9102304 - Security update for acroread_ja - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 910230401
Fixlet Link: http://download.novell.com/Download?buildid=5L42jz6kZrc~
Fixlet Description: Adobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim's system via specially crafted PDF files. (CVE-2007-0048, CVE-2007-0045, CVE-2009-2564,CVE-2009-2979, CVE-2009-2980, CVE-2009-2981, CVE-2009-2982, CVE-2009-2983, CVE-2009-2985, CVE-2009-2986, CVE-2009-2988, CVE-2009-2990, CVE-2009-2991, CVE-2009-2992, CVE-2009-2993, CVE-2009-2994, CVE-2009-2996, CVE-2009-2997, CVE-2009-2998, CVE-2009-3431, CVE-2009-3458, CVE-2009-3459, CVE-2009-3462) Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9102305 - Security update for Apache 2 - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 910230503
Fixlet Link: http://download.novell.com/Download?buildid=Fs77mEl-2JA~
Fixlet Description: This update of the Apache webserver fixes various security issues: the option IncludesNOEXEC could be bypassed via. htaccess (CVE-2009-1195) mod_proxy could run into an infinite loop when used as reverse proxy (CVE-2009-1890) mod_deflate continued to compress large files even after a network connection was closed, causing mod_deflate to consume large amounts of CPU (CVE-2009-1891) The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp. c in the mod_proxy_ftp module allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. (CVE-2009-3094) access restriction bypass in mod_proxy_ftp module (CVE-2009-3095) Also a incompatibility between mod_cache and mod_rewrite was fixed. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9102306 - Security update for Apache 2 - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 910230601
Fixlet Link: http://download.novell.com/Download?buildid=pAku3NWwycw~
Fixlet Description: This update of the Apache webserver fixes various security issues: the option IncludesNOEXEC could be bypassed via. htaccess (CVE-2009-1195) mod_proxy could run into an infinite loop when used as reverse proxy (CVE-2009-1890) mod_deflate continued to compress large files even after a network connection was closed, causing mod_deflate to consume large amounts of CPU (CVE-2009-1891) The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp. c in the mod_proxy_ftp module allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. (CVE-2009-3094) access restriction bypass in mod_proxy_ftp module (CVE-2009-3095) Also a incompatibility between mod_cache and mod_rewrite was fixed. Everyone should update. Please see patch page for more detailed information.
More information about the SUSE-Announcements
mailing list