[SUSE-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: PatchesforSUSELinuxEnterprise
Notification of New SUSE Fixlet Messages
suse-announcements at bigmail.bigfix.com
Fri Oct 30 02:10:09 PST 2009
Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 264 Published: Thu, 29 Oct 2009 19:02:41 GMT
New Fixlets:
============
***************************************************************
Title: PATCH-12520 - Security update for Cyrus IMAPD - SLES9
Severity: <Unspecified>
Fixlet ID: 1252001
Fixlet Link: http://download.novell.com/Download?buildid=o1NmKdE6As4~
Fixlet Description: This update fixes another buffer overflow in the Sieve code (CVE-2009-3235). This can be exploited by users allowed to use their own sieve scripts to execute arbitrary code remotely. Additionally the handling of long headers was improved. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9102801 - Security update for neon - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 910280101
Fixlet Link: http://download.novell.com/Download?buildid=0wX3stN_eTA~
Fixlet Description: The following bugs have been fixed: neon did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers (CVE-2009-2408). Specially crafted XML documents that contain a large number of nested entity references could cause neon to consume large amounts of CPU and memory (CVE-2009-2473). Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9102801 - Security update for neon - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 910280103
Fixlet Link: http://download.novell.com/Download?buildid=eAt5ek4wZZ8~
Fixlet Description: The following bugs have been fixed: neon did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers (CVE-2009-2408). Specially crafted XML documents that contain a large number of nested entity references could cause neon to consume large amounts of CPU and memory (CVE-2009-2473). Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B9102802 - Security update for Cyrus IMAPD - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 910280201
Fixlet Link: http://download.novell.com/Download?buildid=oq7bfHYhSZk~
Fixlet Description: This update fixes another buffer overflow in the Sieve code (CVE-2009-3235). This can be exploited by users allowed to use their own Sieve scripts to execute arbitrary code remotely. Additionally the handling of long headers was improved. Everyone should update. Please see patch page for more detailed information.
More information about the SUSE-Announcements
mailing list