[SUSE-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Patches for SUSE Linux Enterprise'

[Notification of New SUSE Fixlet Messages]

Fixlet Site - 'Patches for SUSE Linux Enterprise'
Current Version: 298	Published: Wed, 03 Feb 2010 20:15:50  GMT

New Fixlets:
============

***************************************************************
Title: PATCH-B10020101 - Security update for Mozilla XULrunner - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 1002010101
Fixlet Link: http://download.novell.com/Download?buildid=ISBcpphD6kA~

Fixlet Description: Mozilla XULrunner was upgraded to 1.9.0.17 fixing some bugs and regressions. The following security bug has been fixed:     CVE-2010-0220: The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList. cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array. Please install the update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10020101 - Dependencies Needed - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 1002010102
Fixlet Link: http://download.novell.com/Download?buildid=ISBcpphD6kA~

Fixlet Description: Updated Mozilla XULRunner packages are now available for SuSE Linux Enterprise 10. However, these packages have dependencies that must be resolved. The following packages must be installed at the specified version or greater :  mozilla-nspr-4.8.2-1.5.1.i586.rpm mozilla-nss-3.12.3.1-1.4.2.i586.rpm

***************************************************************
Title: PATCH-B10020101 - Dependency Conflict - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 1002010104
Fixlet Link: http://download.novell.com/Download?buildid=ISBcpphD6kA~

Fixlet Description: Updated Mozilla XULRunner that addresses a security vulnerability are now available. However, the listed computers have the package "mozilla-xulrunner190-devel" installed, less than version "1.9.0.17-0.4.1" which conflicts with this security update. You must uninstall or upgrade this package in order for this security update to become relevant.

***************************************************************
Title: PATCH-B10020101 - Security update for Mozilla XULrunner - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 1002010105
Fixlet Link: http://download.novell.com/Download?buildid=y-b_QT1qzOU~

Fixlet Description: Mozilla XULrunner was upgraded to 1.9.0.17 fixing some bugs and regressions. The following security bug has been fixed:     CVE-2010-0220: The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList. cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array. Please install the update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10020101 - Dependencies Needed - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 1002010106
Fixlet Link: http://download.novell.com/Download?buildid=y-b_QT1qzOU~

Fixlet Description: Updated Mozilla XULRunner packages are now available for SuSE Linux Enterprise 10. However, these packages have dependencies that must be resolved. The following packages must be installed at the specified version or greater :  mozilla-nspr-4.8.2-1.5.1.i586.rpm mozilla-nss-3.12.3.1-1.4.2.i586.rpm

***************************************************************
Title: PATCH-B10020101 - Dependency Conflict - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 1002010108
Fixlet Link: http://download.novell.com/Download?buildid=y-b_QT1qzOU~

Fixlet Description: Updated Mozilla XULRunner that addresses a security vulnerability are now available. However, the listed computers have the package "mozilla-xulrunner190-devel" installed, less than version "1.9.0.17-0.4.1" which conflicts with this security update. You must uninstall or upgrade this package in order for this security update to become relevant.

***************************************************************
Title: PATCH-B10020102 - Security update for acroread - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 1002010201
Fixlet Link: http://download.novell.com/Download?buildid=V_qGwr0q97s~

Fixlet Description: Specially crafted PDF files could crash acroread. Attackers could exploit that to potentially execute arbitrary code (CVE-2009-3953, CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957, CVE-2009-3958, CVE-2009-3959, CVE-2009-4324). Acrobat reader was updated to version 9.3 to fix those security issues. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10020103 - Security update for avahi - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 1002010301
Fixlet Link: http://download.novell.com/Download?buildid=EFyB4r4phFA~

Fixlet Description: The avahi-daemon reflector could cause packet storms when reflecting legacy unicast mDNS traffic (CVE-2009-0758). This has been fixed. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10020104 - Security update for acroread_ja - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 1002010401
Fixlet Link: http://download.novell.com/Download?buildid=5GuX4GWZR2w~

Fixlet Description: Specially crafted PDF files could crash acroread. Attackers could exploit that to potentially execute arbitrary code (CVE-2009-3953, CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957, CVE-2009-3958, CVE-2009-3959, CVE-2009-4324). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10020105 - Security update for Mozilla Firefox - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 1002010503
Fixlet Link: http://download.novell.com/Download?buildid=iF-msRM9bbI~

Fixlet Description: Mozilla Firefox was upgraded to 3.5.7 fixing some bugs and regressions. The following security bug has been fixed:     CVE-2010-0220: The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList. cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array. Please install the update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10020105 - Dependencies Needed - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 1002010504
Fixlet Link: http://download.novell.com/Download?buildid=iF-msRM9bbI~

Fixlet Description: Updated Mozilla Firefox packages are now available for SuSE Linux Enterprise 10. However, these packages have dependencies that must be resolved. The following package must be installed at the specified version or greater:  MozillaFirefox-3.5.3-1.4.2.i586.rpm mozilla-nspr-4.8.2-1.5.1.i586.rpm

***************************************************************
Title: PATCH-B10020105 - Security update for Mozilla Firefox - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 1002010505
Fixlet Link: http://download.novell.com/Download?buildid=5748oi_7QOU~

Fixlet Description: Mozilla Firefox was upgraded to 3.5.7 fixing some bugs and regressions. The following security bug has been fixed:     CVE-2010-0220: The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList. cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array. Please install the update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10020105 - Dependencies Needed - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 1002010506
Fixlet Link: http://download.novell.com/Download?buildid=5748oi_7QOU~

Fixlet Description: Updated Mozilla Firefox packages are now available for SuSE Linux Enterprise 10. However, these packages have dependencies that must be resolved. The following package must be installed at the specified version or greater:  MozillaFirefox-3.5.3-1.4.2.i586.rpm mozilla-nspr-4.8.2-1.5.1.i586.rpm

***************************************************************
Title: PATCH-B10020105 - Dependency Conflict - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 1002010508
Fixlet Link: http://download.novell.com/Download?buildid=iF-msRM9bbI~

Fixlet Description: Updated Mozilla Firefox packages that addresses a security vulnerability are now available. However, the listed computers have the package "mozilla-xulrunner191-devel" installed, less than version "1.9.1.7-1.4.1" which conflicts with this security update. You must uninstall or upgrade this package in order for this security update to become relevant.

***************************************************************
Title: PATCH-B10020105 - Dependency Conflict - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 1002010510
Fixlet Link: http://download.novell.com/Download?buildid=5748oi_7QOU~

Fixlet Description: Updated Mozilla Firefox packages that addresses a security vulnerability are now available. However, the listed computers have the package "mozilla-xulrunner191-devel" installed, less than version "1.9.1.7-1.4.1" which conflicts with this security update. You must uninstall or upgrade this package in order for this security update to become relevant.

***************************************************************
Title: PATCH-B10020106 - Security update for avahi - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 1002010601
Fixlet Link: http://download.novell.com/Download?buildid=6ypRCS8ZIb0~

Fixlet Description: The avahi-daemon reflector could cause packet storms when reflecting legacy unicast mDNS traffic (CVE-2009-0758). This has been fixed. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10020106 - Security update for avahi - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 1002010603
Fixlet Link: http://download.novell.com/Download?buildid=899VGDHEVLI~

Fixlet Description: The avahi-daemon reflector could cause packet storms when reflecting legacy unicast mDNS traffic (CVE-2009-0758). This has been fixed. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10020107 - Security update for acroread - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 1002010701
Fixlet Link: http://download.novell.com/Download?buildid=EWADmIFngMg~

Fixlet Description: Specially crafted PDF files could crash acroread. Attackers could exploit that to potentially execute arbitrary code (CVE-2009-3953, CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957, CVE-2009-3958, CVE-2009-3959, CVE-2009-4324). Acrobat reader was updated to version 9.3 to fix those security issues. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10020108 - Security update for acroread_ja - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 1002010801
Fixlet Link: http://download.novell.com/Download?buildid=QaAO13ehj1g~

Fixlet Description: Specially crafted PDF files could crash acroread. Attackers could exploit that to potentially execute arbitrary code (CVE-2009-3953, CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957, CVE-2009-3958, CVE-2009-3959, CVE-2009-4324). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10020109 - Security update for Mozilla XULrunner - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 1002010901
Fixlet Link: http://download.novell.com/Download?buildid=u-N8S0g8WCU~

Fixlet Description: Mozilla XULrunner was upgraded to 1.9.0.17 fixing some bugs and regressions. The following security bug has been fixed:      CVE-2010-0220: The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList. cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array. Please install the update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10020109 - Dependencies Needed - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 1002010902
Fixlet Link: http://download.novell.com/Download?buildid=u-N8S0g8WCU~

Fixlet Description: Updated Mozilla XULRunner packages are now available for SuSE Linux Enterprise 10. However, these packages have dependencies that must be resolved. The following packages must be installed at the specified version or greater :  mozilla-nspr-4.8.2-1.5.1.i586.rpm

***************************************************************
Title: PATCH-B10020109 - Security update for Mozilla XULrunner - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 1002010903
Fixlet Link: http://download.novell.com/Download?buildid=Yl67I27cask~

Fixlet Description: Mozilla XULrunner was upgraded to 1.9.0.17 fixing some bugs and regressions. The following security bug has been fixed:      CVE-2010-0220: The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList. cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array. Please install the update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10020109 - Dependencies Needed - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 1002010904
Fixlet Link: http://download.novell.com/Download?buildid=Yl67I27cask~

Fixlet Description: Updated Mozilla XULRunner packages are now available for SuSE Linux Enterprise 10. However, these packages have dependencies that must be resolved. The following packages must be installed at the specified version or greater :  mozilla-nspr-4.8.2-1.5.1.i586.rpm

***************************************************************
Title: PATCH-B10020110 - Security update for Mozilla Firefox - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 1002011003
Fixlet Link: http://download.novell.com/Download?buildid=tHkMVVRbrqE~

Fixlet Description: Mozilla Firefox was upgraded to 3.5.7 fixing some bugs and regressions. The following security bug has been fixed:     CVE-2010-0220: The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList. cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array. Please install the update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10020110 - Dependencies Needed - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 1002011004
Fixlet Link: http://download.novell.com/Download?buildid=tHkMVVRbrqE~

Fixlet Description: Updated Mozilla Firefox packages are now available for SuSE Linux Enterprise 10. However, these packages have dependencies that must be resolved. The following package must be installed at the specified version or greater:  mozilla-nspr-4.8.2-1.5.1.i586.rpm

***************************************************************
Title: PATCH-B10020110 - Security update for Mozilla Firefox - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 1002011005
Fixlet Link: http://download.novell.com/Download?buildid=SoNwAh8RBwQ~

Fixlet Description: Mozilla Firefox was upgraded to 3.5.7 fixing some bugs and regressions. The following security bug has been fixed:     CVE-2010-0220: The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList. cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array. Please install the update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10020110 - Dependencies Needed - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 1002011006
Fixlet Link: http://download.novell.com/Download?buildid=SoNwAh8RBwQ~

Fixlet Description: Updated Mozilla Firefox packages are now available for SuSE Linux Enterprise 10. However, these packages have dependencies that must be resolved. The following package must be installed at the specified version or greater:  mozilla-nspr-4.8.2-1.5.1.i586.rpm