[SUSE-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Patches for SUSE Linux Enterprise'

Notification of New SUSE Fixlet Messages suse-announcements at bigmail.bigfix.com
Wed Jan 6 03:11:36 PST 2010 

Fixlet Site - 'Patches for SUSE Linux Enterprise'
Current Version: 290	Published: Tue, 05 Jan 2010 19:49:23  GMT

New Fixlets:
============

***************************************************************
Title: PATCH-B9123002 - Security update for poppler - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 912300203
Fixlet Link: http://download.novell.com/Download?buildid=NgcE6w9ZUIY~

Fixlet Description: This update of poppler fixes two security issues:   CVE-2009-3608: Integer overflow in the ObjectStream::ObjectStream function in XRef. cc in Xpdf 3. x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. CVE-2009-4035: A indexing error in FoFiType1::parse() was fixed that could be used by attackers to corrupt memory and potentially execute code. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10010401 - Security update for libtool - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 1001040101
Fixlet Link: http://download.novell.com/Download?buildid=paA5C1ha3Gk~

Fixlet Description: libltdl of libtool  may load modules from the current working directory. CVE-2009-3736 has been assigned to this issue. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10010401 - Security update for libtool - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 1001040103
Fixlet Link: http://download.novell.com/Download?buildid=5UjOuqmedUE~

Fixlet Description: libltdl of libtool  may load modules from the current working directory. CVE-2009-3736 has been assigned to this issue. Everyone should update. Please see patch page for more detailed information.

More information about the SUSE-Announcements mailing list