[SUSE-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Patches for SUSE Linux Enterprise'

[Notification of New SUSE Fixlet Messages]

Fixlet Site - 'Patches for SUSE Linux Enterprise'
Current Version: 295	Published: Fri, 22 Jan 2010 00:53:26  GMT

New Fixlets:
============

***************************************************************
Title: PATCH-12571 - Security update for PostgreSQL - SLES9
Severity: <Unspecified>
Fixlet ID: 1257101
Fixlet Link: http://download.novell.com/Download?buildid=0lJ8dxMTG6I~

Fixlet Description: The following bugs have been fixed:   An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions (CVE-2009-4136). Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks (CVE-2009-4034). PostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10011801 - Security update for PostgreSQL - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 1001180101
Fixlet Link: http://download.novell.com/Download?buildid=sM13-nxepy4~

Fixlet Description: The following bugs have been fixed:     An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions (CVE-2009-4136).   Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks (CVE-2009-4034). PostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10011801 - Security update for PostgreSQL - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 1001180103
Fixlet Link: http://download.novell.com/Download?buildid=TKiFMNy6YM4~

Fixlet Description: The following bugs have been fixed:     An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions (CVE-2009-4136).   Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks (CVE-2009-4034). PostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10011802 - Security update for PostgreSQL - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 1001180201
Fixlet Link: http://download.novell.com/Download?buildid=AC8PmpHMUgc~

Fixlet Description: The following bugs have been fixed:     An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions (CVE-2009-4136).   Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks (CVE-2009-4034). PostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10011802 - Security update for PostgreSQL - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 1001180205
Fixlet Link: http://download.novell.com/Download?buildid=X5uDCag578k~

Fixlet Description: The following bugs have been fixed:     An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions (CVE-2009-4136).   Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks (CVE-2009-4034). PostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10011901 - Security update for Kerberos 5 - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 1001190111
Fixlet Link: http://download.novell.com/Download?buildid=LkQxWLlIO1c~

Fixlet Description: Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer overflow leads to heap memory corruption (CVE-2009-4212). This has been fixed. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10011902 - Security update for Kerberos 5 - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 1001190203
Fixlet Link: http://download.novell.com/Download?buildid=SbasKrzby2Y~

Fixlet Description: Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer overflow leads to heap memory corruption (CVE-2009-4212). This has been fixed. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B10011902 - Security update for Kerberos 5 - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 1001190209
Fixlet Link: http://download.novell.com/Download?buildid=S409bcMZhWs~

Fixlet Description: Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer overflow leads to heap memory corruption (CVE-2009-4212). This has been fixed. Everyone should update. Please see patch page for more detailed information.