[SUSE-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: PatchesforSUSELinuxEnterprise

Notification of New SUSE Fixlet Messages suse-announcements at bigmail.bigfix.com
Sat Oct 31 02:10:06 PST 2009 

Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 265	Published: Fri, 30 Oct 2009 19:03:29  GMT

New Fixlets:
============

***************************************************************
Title: PATCH-B9102901 - Security update for neon - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 910290101
Fixlet Link: http://download.novell.com/Download?buildid=CtfioMCKeuc~

Fixlet Description: The following bugs have been fixed:     neon did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers (CVE-2009-2408).   Specially crafted XML documents that contain a large number of nested entity references could cause neon to consume large amounts of CPU and memory (CVE-2009-2473). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9102901 - Security update for neon - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 910290103
Fixlet Link: http://download.novell.com/Download?buildid=Cb-tneWAuXM~

Fixlet Description: The following bugs have been fixed:     neon did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers (CVE-2009-2408).   Specially crafted XML documents that contain a large number of nested entity references could cause neon to consume large amounts of CPU and memory (CVE-2009-2473). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9102902 - Security update for Cyrus IMAPD - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 910290201
Fixlet Link: http://download.novell.com/Download?buildid=r4TsSF-RzqE~

Fixlet Description: This update fixes another buffer overflow in the Sieve code (CVE-2009-3235). This can be exploited by users allowed to use their own sieve scripts to execute arbitrary code remotely. Additionally the handling of long headers was improved. Everyone should update. Please see patch page for more detailed information.

More information about the SUSE-Announcements mailing list