[SUSE-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Patches for SUSE Linux Enterprise'
Notification of New SUSE Fixlet Messages
suse-announcements at bigmail.bigfix.com
Wed May 5 03:10:34 PDT 2010
Fixlet Site - 'Patches for SUSE Linux Enterprise'
Current Version: 318 Published: Tue, 04 May 2010 23:23:22 GMT
New Fixlets:
============
***************************************************************
Title: PATCH-12596 - Security update for tar - SLES9
Severity: <Unspecified>
Fixlet ID: 1259601
Fixlet Link: http://download.novell.com/Download?buildid=Y7aI6OU1MdQ~
Fixlet Description: A malicious remote tape server could cause a buffer overflow in tar. In order to exploit that an attacker would have to trick the victim to extract a file that causes tar to open a connection to the rmt server (CVE-2010-0624). It's advisable to always use tar's --force-local local option to avoid such tricks. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-12603 - Security update for cpio - SLES9
Severity: <Unspecified>
Fixlet ID: 1260301
Fixlet Link: http://download.novell.com/Download?buildid=GAgyFbYiDPs~
Fixlet Description: This update fixes a heap-based buffer overflow flaw that can happen while expanding specially-crafted archive files (CVE-2010-0624). Every user should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-12610 - Security update for clamav - SLES9 SP0
Severity: <Unspecified>
Fixlet ID: 1261001
Fixlet Link: http://download.novell.com/Download?buildid=kcviiz1vbIg~
Fixlet Description: Specially crafted CAB archives could crash clamav (CVE-2010-1311) or bypass virus detection (CVE-2010-0098). clamav has been updated to version 0.96 which fixes those issues. Citing freshmeat. net: This Release introduces new malware detection mechanisms and other significant improvements to the scan engine. Key features include the bytecode interpreter, heuristic improvements, signature improvements, support for new archives, support for new executable file formats, support for UPX 3.0, performance improvements and memory optimizations. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-12613 - Security update for Apache 2 - SLES9
Severity: <Unspecified>
Fixlet ID: 1261301
Fixlet Link: http://download.novell.com/Download?buildid=CQqynyGEcCc~
Fixlet Description: A security update for Apache 2 is now available. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B10042101 - Security update for Acrobat Reader - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 1004210101
Fixlet Link: http://download.novell.com/Download?buildid=wR5g5Q_Whm0~
Fixlet Description: Specially crafted PDF documents could crash acroread or even lead to execution of arbitrary code (CVE-2010-0190, CVE-2010-0191, CVE-2010-0192, CVE-2010-0193 CVE-2010-0194, CVE-2010-0195, CVE-2010-0196, CVE-2010-0197 CVE-2010-0198, CVE-2010-0199, CVE-2010-0201, CVE-2010-0202 CVE-2010-0203, CVE-2010-0204, CVE-2010-1241). Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B10042102 - Security update for Acrobat Reader - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 1004210201
Fixlet Link: http://download.novell.com/Download?buildid=jN-mNTwHUCk~
Fixlet Description: Specially crafted PDF documents could crash acroread or even lead to execution of arbitrary code (CVE-2010-0190, CVE-2010-0191, CVE-2010-0192, CVE-2010-0193 CVE-2010-0194, CVE-2010-0195, CVE-2010-0196, CVE-2010-0197 CVE-2010-0198, CVE-2010-0199, CVE-2010-0201, CVE-2010-0202 CVE-2010-0203, CVE-2010-0204, CVE-2010-1241). Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B10042103 - Security update for acroread_ja - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 1004210301
Fixlet Link: http://download.novell.com/Download?buildid=0QUFp-pQP3g~
Fixlet Description: Specially crafted PDF documents could crash acroread or even lead to execution of arbitrary code (CVE-2010-0190, CVE-2010-0191, CVE-2010-0192, CVE-2010-0193 CVE-2010-0194, CVE-2010-0195, CVE-2010-0196, CVE-2010-0197 CVE-2010-0198, CVE-2010-0199, CVE-2010-0201, CVE-2010-0202 CVE-2010-0203, CVE-2010-0204, CVE-2010-1241). Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B10042301 - Security update for ClamAV - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 1004230101
Fixlet Link: http://download.novell.com/Download?buildid=taXgX-YbWQc~
Fixlet Description: Specially crafted CAB archives could crash clamav (CVE-2010-1311) or bypass virus detection (CVE-2010-0098). clamav has been updated to version 0.96 which fixes those issues. Citing freshmeat. net: This Release introduces new malware detection mechanisms and other significant improvements to the scan engine. Key features include the bytecode interpreter, heuristic improvements, signature improvements, support for new archives, support for new executable file formats, support for UPX 3.0, performance improvements and memory optimizations. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B10042301 - Security update for ClamAV - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 1004230103
Fixlet Link: http://download.novell.com/Download?buildid=chArZmcvD6Y~
Fixlet Description: Specially crafted CAB archives could crash clamav (CVE-2010-1311) or bypass virus detection (CVE-2010-0098). clamav has been updated to version 0.96 which fixes those issues. Citing freshmeat. net: This Release introduces new malware detection mechanisms and other significant improvements to the scan engine. Key features include the bytecode interpreter, heuristic improvements, signature improvements, support for new archives, support for new executable file formats, support for UPX 3.0, performance improvements and memory optimizations. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B10042601 - Security update for Apache 2 - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 1004260101
Fixlet Link: http://download.novell.com/Download?buildid=qOgvi8YQ8IY~
Fixlet Description: The following bugs have been fixed: When using a multithreaded MPM apache could leak memory of requests handled by a different thread when processing subrequests (CVE-2010-0434). Specially crafted requests could crash mod_proxy_ajp (CVE-2010-0408). Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B10042602 - Security update for Apache 2 - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 1004260201
Fixlet Link: http://download.novell.com/Download?buildid=IAPun4mluXY~
Fixlet Description: The following bugs have been fixed: When using a multithreaded MPM apache could leak memory of requests handled by a different thread when processing subrequests (CVE-2010-0434). Specially crafted requests could crash mod_proxy_ajp (CVE-2010-0408). Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B10042702 - Security update for clamav - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 1004270201
Fixlet Link: http://download.novell.com/Download?buildid=OEpidOet6Eo~
Fixlet Description: Specially crafted CAB archives could crash clamav (CVE-2010-1311) or bypass virus detection (CVE-2010-0098). clamav has been updated to version 0.96 which fixes those issues. Citing freshmeat. net: This Release introduces new malware detection mechanisms and other significant improvements to the scan engine. Key features include the bytecode interpreter, heuristic improvements, signature improvements, support for new archives, support for new executable file formats, support for UPX 3.0, performance improvements and memory optimizations. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B10042702 - Security update for clamav - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 1004270203
Fixlet Link: http://download.novell.com/Download?buildid=YmGPGYwtRqQ~
Fixlet Description: Specially crafted CAB archives could crash clamav (CVE-2010-1311) or bypass virus detection (CVE-2010-0098). clamav has been updated to version 0.96 which fixes those issues. Citing freshmeat. net: This Release introduces new malware detection mechanisms and other significant improvements to the scan engine. Key features include the bytecode interpreter, heuristic improvements, signature improvements, support for new archives, support for new executable file formats, support for UPX 3.0, performance improvements and memory optimizations. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B10043001 - Security update for tar - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 1004300101
Fixlet Link: http://download.novell.com/Download?buildid=cJ4wRGFq8Lo~
Fixlet Description: A malicious remote tape server could cause a buffer overflow in tar. In order to exploit that an attacker would have to trick the victim to extract a file that causes tar to open a connection to the rmt server (CVE-2010-0624). It's advisable to always use tar's --force-local local option to avoid such tricks. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B10043001 - Security update for tar - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 1004300103
Fixlet Link: http://download.novell.com/Download?buildid=o_QhvDjENTo~
Fixlet Description: A malicious remote tape server could cause a buffer overflow in tar. In order to exploit that an attacker would have to trick the victim to extract a file that causes tar to open a connection to the rmt server (CVE-2010-0624). It's advisable to always use tar's --force-local local option to avoid such tricks. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B10043002 - Security update for fuse - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 1004300201
Fixlet Link: http://download.novell.com/Download?buildid=Hm8EntCR9t8~
Fixlet Description: A race condition in fusermount allows non-privileged users to umount any file system (CVE-2010-0789). Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B10043003 - Security update for fuse - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 1004300301
Fixlet Link: http://download.novell.com/Download?buildid=XVpjvFrWnyM~
Fixlet Description: A race condition in fusermount allows non-privileged users to umount any file system (CVE-2010-0789). Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B10050301 - Security update for cpio - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 1005030101
Fixlet Link: http://download.novell.com/Download?buildid=fGS1wss38Xo~
Fixlet Description: This update fixes a heap-based buffer overflow flaw that can happen while expanding specially-crafted archive files (CVE-2010-0624). It also contains changes for: fixed Dat160 Tape Drive density information (bnc#415166) fixed cpio issues with file sizes >= 2^32 fixed handling eof and eod marks (bnc#371077) Every user should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B10050301 - Security update for cpio - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 1005030103
Fixlet Link: http://download.novell.com/Download?buildid=U7KIAeGLZn8~
Fixlet Description: This update fixes a heap-based buffer overflow flaw that can happen while expanding specially-crafted archive files (CVE-2010-0624). It also contains changes for: fixed Dat160 Tape Drive density information (bnc#415166) fixed cpio issues with file sizes >= 2^32 fixed handling eof and eod marks (bnc#371077) Every user should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B10050401 - Security update for libmikmod - SLES10 SP3
Severity: <Unspecified>
Fixlet ID: 1005040101
Fixlet Link: http://download.novell.com/Download?buildid=Qa83d8k-qG8~
Fixlet Description: A security update for libmikmod is now available. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B10050401 - Security update for libmikmod - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 1005040103
Fixlet Link: http://download.novell.com/Download?buildid=tAIcCpgRAKU~
Fixlet Description: A security update for libmikmod is now available. Everyone should update. Please see patch page for more detailed information.
More information about the SUSE-Announcements
mailing list