[SUSE-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Patches for SUSE Linux Enterprise'
Notification of New SUSE Fixlet Messages
suse-announcements at bigmail.bigfix.com
Thu Sep 9 03:10:14 PDT 2010
Fixlet Site - 'Patches for SUSE Linux Enterprise'
Current Version: 349 Published: Thu, 09 Sep 2010 00:44:01 GMT
New Fixlets:
============
***************************************************************
Title: PATCH-12150 - Security update for cups - SLES9
Severity: <Unspecified>
Fixlet ID: 1215005
Fixlet Link: http://download.novell.com/Download?buildid=Xan94qCN-Fs~
Fixlet Description: A security update for cups is now available. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-12188 - Security update for freetype2 - SLES9
Severity: <Unspecified>
Fixlet ID: 1218802
Fixlet Link: http://download.novell.com/Download?buildid=SijLEC77-IE~
Fixlet Description: This update of freetype2 fixes several potential vulnerabilities reported by iDefense. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-12259 - Security update for ipsec-tools - SLES9
Severity: <Unspecified>
Fixlet ID: 1225902
Fixlet Link: http://download.novell.com/Download?buildid=LeG76a26kWM~
Fixlet Description: Remote attackers could exploit memory leaks in the 'racoon' daemon to crash it (CVE-2008-3651, CVE-2008-3652) Everyone using the racoon daemon should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-12318 - Security update for ClamAV - SLES9
Severity: <Unspecified>
Fixlet ID: 1231802
Fixlet Link: http://download.novell.com/Download?buildid=PXdv6Yrcpao~
Fixlet Description: Specially crafted jpg files could crash the clamd daemon of clamav. (CVE-2008-5314) Install this update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-12380 - Security update for Linux kernel - SLES9
Severity: <Unspecified>
Fixlet ID: 1238003
Fixlet Link: http://download.novell.com/Download?buildid=LigNXNC_GVs~
Fixlet Description: The SUSE Linux Enterprise 9 kernel has been updated to fix lots of bugs and several security issues. Following security issues were fixed: CVE-2009-0028: The clone system call in the Linux kernel allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. CVE-2009-0675: The skfp_ioctl function in drivers/net/skfp/skfddi. c in the Linux kernel permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue. CVE-2009-0676: The sock_getsockopt function in net/core/sock. c in the Linux kernel does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. CVE-2009-0322: drivers/firmware/dell_rbu. c in the Linux kernel allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/. CVE-2009-0065: Buffer overflow in net/sctp/sm_statefuns. c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID. Everyone using the Linux Kernel should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-12388 - Security update for ClamAV - SLES9
Severity: <Unspecified>
Fixlet ID: 1238802
Fixlet Link: http://download.novell.com/Download?buildid=8q2QJpZjcAQ~
Fixlet Description: ClamAV update to version 0.95. This also fix some potential security bugs. (CVE-2009-1241) Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B8060901 - Security update for cups - SLED10 SP1
Severity: <Unspecified>
Fixlet ID: 806090101
Fixlet Link: http://download.novell.com/Download?buildid=KI_uJimStGM~
Fixlet Description: A security update for cups is now available. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B8060901 - Security update for cups - SLES10 SP1
Severity: <Unspecified>
Fixlet ID: 806090102
Fixlet Link: http://download.novell.com/Download?buildid=ideUPO6NVAQ~
Fixlet Description: A security update for cups is now available. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B8062701 - Security update for clamav - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 806270101
Fixlet Link: http://download.novell.com/Download?buildid=ua1VpEtoq3s~
Fixlet Description: Clamav was updated to version 0.93.1. It fixes various bugs and one security issue: CVE-2008-2713: libclamav/petite. c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read. Install this update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B8070401 - Security update for freetype2 - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 807040101
Fixlet Link: http://download.novell.com/Download?buildid=Z4ByYMSY3jE~
Fixlet Description: This update of freetype2 fixes several potential vulnerabilities reported by iDefense. Everyone should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B8070402 - Security update for Linux kernel - SLED10 SP1
Severity: <Unspecified>
Fixlet ID: 807040204
Fixlet Link: http://download.novell.com/Download?buildid=m09mrdWRZpM~
Fixlet Description: This kernel update fixes quite a number of security problems: CVE-2007-6282: A remote attacker could crash the IPSec/IPv6 stack by sending a bad ESP packet. This requires the host to be able to receive such packets (default filtered by the firewall). CVE-2008-2136: A problem in SIT IPv6 tunnel handling could be used by remote attackers to immediately crash the machine. CVE-2008-1615: On x86_64 a denial of service attack could be used by local attackers to immediately panic / crash the machine. CVE-2007-6206: An information leakage during coredumping of root processes was fixed. CVE-2008-1669: Fixed a SMP ordering problem in fcntl_setlk could potentially allow local attackers to execute code by timing file locking. CVE-2008-1375: Fixed a dnotify race condition, which could be used by local attackers to potentially execute code. CVE-2007-5500: A ptrace bug could be used by local attackers to hang their own processes indefinitely. CVE-2008-1367: Clear the "direction" flag before calling signal handlers. For specific not yet identified programs under specific timing conditions this could potentially have caused memory corruption or code execution. CVE-2007-6151: The isdn_ioctl function in isdn_common. c allowed local users to cause a denial of service via a crafted ioctl struct in which ioctls is not null terminated, which triggers a buffer overflow. Non security related changes: OCFS2 was updated to version v1.2.9-1-r3100. Also a huge number of bugs were fixed. Please refer to the RPM changelog for a detailed list. Everyone using the Linux Kernel on x86 architecture should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B8070402 - Dependency Needed - SLED10 SP1
Severity: <Unspecified>
Fixlet ID: 807040206
Fixlet Link: http://download.novell.com/Download?buildid=m09mrdWRZpM~
Fixlet Description: Updated Linux kernel packages are now available for SuSE Linux Enterprise 10. However, these packages have a dependency that must be resolved. the package "perl-Bootloader" must be ov version 0.4.16 or greater.
***************************************************************
Title: PATCH-B8071001 - Security update for MozillaFirefox - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 807100102
Fixlet Link: http://download.novell.com/Download?buildid=E4jtdJoGlDQ~
Fixlet Description: Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs including following security bugs: CVE-2008-2798 CVE-2008-2799 MFSA-2008-21: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. CVE-2008-2800 MFSA-2008-22: Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities which allow scripts from one document to be executed in the context of a different document. These vulnerabilities could be used by an attacker to violate the same-origin policy and perform an XSS attack. CVE-2008-2801 MFSA-2008-23: Security researcher Collin Jackson reported a series of vulnerabilities which allow JavaScript to be injected into signed JARs and executed under the context of the JAR's signer. This could allow an attacker to run JavaScript in a victim's browser with the privileges of a different website, provided the attacker possesses a JAR signed by the other website. CVE-2008-2802 MFSA-2008-24: Mozilla contributor moz_bug_r_a4 reported a vulnerability that allowed non-priviliged XUL documents to load chrome scripts from the fastload file. This could allow an attacker to run arbitrary JavaScript code with chrome privileges. CVE-2008-2803 MFSA-2008-25: Mozilla contributor moz_bug_r_a4 reported a vulnerability which allows arbitrary JavaScript to be executed with chrome privileges. The privilege escalation was possible because JavaScript loaded via mozIJSSubScriptLoader. loadSubScript() was not using XPCNativeWrappers when accessing content. This could allow an attacker to overwrite trusted objects with arbitrary code which would be executed with chrome privileges when the trusted objects were called by the browser. CVE-2008-2805 MFSA-2008-27: Opera developer Claudio Santambrogio reported a vulnerability which allows malicious content to force the browser into uploading local files to the remote server. This could be used by an attacker to steal arbitrary files from a victim's computer. CVE-2008-2806 MFSA-2008-28: Security researcher Gregory Fleischer reported a vulnerability in the way Mozilla indicates the origin of a document to the Java plugin. This vulnerability could allow a malicious Java applet to bypass the same-origin policy and create arbitrary socket connections to other domains. CVE-2008-2807 MFSA-2008-29: Mozilla developer Daniel Glazman demonstrated that an improperly encoded. properties file in an add-on can result in uninitialized memory being used. This could potentially result in small chunks of data from other programs being exposed in the browser. CVE-2008-2808 MFSA-2008-30: Mozilla contributor Masahiro Yamada reported that file URLs in directory listings were not being HTML escaped properly when the filenames contained particular characters. This resulted in files from directory listings being opened in unintended ways or files not being able to be opened by the browser altogether. CVE-2008-2809 MFSA-2008-31: Mozilla developer John G. Myers reported a weakness in the trust model used by Mozilla regarding alternate names on self-signed certificates. A user could be prompted to accept a self-signed certificate from a website which includes alt-name entries. If the user accepted the certificate, they would also extend trust to any alternate domains listed in the certificate, despite not being prompted about the additional domains. This technique could be used by an attacker to impersonate another server. CVE-2008-2810 MFSA-2008-32: Mozilla community member Geoff reported a vulnerability in the way Mozilla opens URL files sent directly to the browser. He demonstrated that such files were opened with local file privileges, giving the remote content access to read from the local filesystem. If a user opened a bookmark to a malicious page in this manner, the page could potentially read from other local files on the user's computer. CVE-2008-2811 MFSA 2008-33: Security research firm Astabis, via the iSIGHT Partners GVP Program, reported a vulnerability in Mozilla's block reflow code. This vulnerablitity could be used by an attacker to crash the browser and run arbitrary code on the victim's computer. Install this update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B8071001 - Security update for MozillaFirefox - SLED10 SP1
Severity: <Unspecified>
Fixlet ID: 807100104
Fixlet Link: http://download.novell.com/Download?buildid=RSBMUOv_HPM~
Fixlet Description: Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs including following security bugs: CVE-2008-2798 CVE-2008-2799 MFSA-2008-21: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. CVE-2008-2800 MFSA-2008-22: Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities which allow scripts from one document to be executed in the context of a different document. These vulnerabilities could be used by an attacker to violate the same-origin policy and perform an XSS attack. CVE-2008-2801 MFSA-2008-23: Security researcher Collin Jackson reported a series of vulnerabilities which allow JavaScript to be injected into signed JARs and executed under the context of the JAR's signer. This could allow an attacker to run JavaScript in a victim's browser with the privileges of a different website, provided the attacker possesses a JAR signed by the other website. CVE-2008-2802 MFSA-2008-24: Mozilla contributor moz_bug_r_a4 reported a vulnerability that allowed non-priviliged XUL documents to load chrome scripts from the fastload file. This could allow an attacker to run arbitrary JavaScript code with chrome privileges. CVE-2008-2803 MFSA-2008-25: Mozilla contributor moz_bug_r_a4 reported a vulnerability which allows arbitrary JavaScript to be executed with chrome privileges. The privilege escalation was possible because JavaScript loaded via mozIJSSubScriptLoader. loadSubScript() was not using XPCNativeWrappers when accessing content. This could allow an attacker to overwrite trusted objects with arbitrary code which would be executed with chrome privileges when the trusted objects were called by the browser. CVE-2008-2805 MFSA-2008-27: Opera developer Claudio Santambrogio reported a vulnerability which allows malicious content to force the browser into uploading local files to the remote server. This could be used by an attacker to steal arbitrary files from a victim's computer. CVE-2008-2806 MFSA-2008-28: Security researcher Gregory Fleischer reported a vulnerability in the way Mozilla indicates the origin of a document to the Java plugin. This vulnerability could allow a malicious Java applet to bypass the same-origin policy and create arbitrary socket connections to other domains. CVE-2008-2807 MFSA-2008-29: Mozilla developer Daniel Glazman demonstrated that an improperly encoded. properties file in an add-on can result in uninitialized memory being used. This could potentially result in small chunks of data from other programs being exposed in the browser. CVE-2008-2808 MFSA-2008-30: Mozilla contributor Masahiro Yamada reported that file URLs in directory listings were not being HTML escaped properly when the filenames contained particular characters. This resulted in files from directory listings being opened in unintended ways or files not being able to be opened by the browser altogether. CVE-2008-2809 MFSA-2008-31: Mozilla developer John G. Myers reported a weakness in the trust model used by Mozilla regarding alternate names on self-signed certificates. A user could be prompted to accept a self-signed certificate from a website which includes alt-name entries. If the user accepted the certificate, they would also extend trust to any alternate domains listed in the certificate, despite not being prompted about the additional domains. This technique could be used by an attacker to impersonate another server. CVE-2008-2810 MFSA-2008-32: Mozilla community member Geoff reported a vulnerability in the way Mozilla opens URL files sent directly to the browser. He demonstrated that such files were opened with local file privileges, giving the remote content access to read from the local filesystem. If a user opened a bookmark to a malicious page in this manner, the page could potentially read from other local files on the user's computer. CVE-2008-2811 MFSA 2008-33: Security research firm Astabis, via the iSIGHT Partners GVP Program, reported a vulnerability in Mozilla's block reflow code. This vulnerablitity could be used by an attacker to crash the browser and run arbitrary code on the victim's computer. Install this update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B8072801 - Security update for MozillaFirefox - SLED10 SP1
Severity: <Unspecified>
Fixlet ID: 807280102
Fixlet Link: http://download.novell.com/Download?buildid=ItR6c_9W5oY~
Fixlet Description: MozillaFirefox was updated to version 2.0.0.16, which fixes various bugs and following security issues: MFSA 2008-34 CVE-2008-2785: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla CSS reference counting code. The vulnerability was caused by an insufficiently sized variable being used as a reference counter for CSS objects. By creating a very large number of references to a common CSS object, this counter could be overflowed which could cause a crash when the browser attempts to free the CSS object while still in use. An attacker could use this crash to run arbitrary code on the victim's computer. MFSA 2008-35 CVE-2008-2933: Security researcher Billy Rios reported that if Firefox is not already running, passing it a command-line URI with pipe symbols will open multiple tabs. This URI splitting could be used to launch privileged chrome: URIs from the command-line, a partial bypass of the fix for MFSA 2005-53 which blocks external applications from loading such URIs. This vulnerability could also be used by an attacker to launch a file: URI from the command line opening a malicious local file which could exfiltrate data from the local filesystem. Combined with a vulnerability which allows an attacker to inject code into a chrome document, the above issue could be used to run arbitrary code on a victim's computer. Such a chrome injection vulnerability was reported by Mozilla developers Ben Turner and Dan Veditz who showed that a XUL based SSL error page was not properly sanitizing inputs and could be used to run arbitrary code with chrome privileges. Install this update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B8072901 - Security update for Linux kernel - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 807290102
Fixlet Link: http://download.novell.com/Download?buildid=wcQ8rYR8zss~
Fixlet Description: This is a respin of the previous kernel update, which got retracted due to an IDE-CDROM regression, where any IDE CDROM access would hang or crash the system. Only this problem was fixed additionally. This kernel update fixes the following security problems: CVE-2008-1615: On x86_64 a denial of service attack could be used by local attackers to immediately panic / crash the machine. CVE-2008-1669: Fixed a SMP ordering problem in fcntl_setlk could potentially allow local attackers to execute code by timing file locking. CVE-2008-2372: Fixed a resource starvation problem in the handling of ZERO mmap pages. CVE-2008-1673: The asn1 implementation in (a) the Linux kernel, as used in the cifs and ip_nat_snmp_basic modules does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding. CVE-2008-2812: Various tty / serial devices did not check functionpointers for NULL before calling them, leading to potential crashes or code execution. The devices affected are usually only accessible by the root user though. CVE-2008-2931: A missing permission check in mount changing was added which could have been used by local attackers to change the mountdirectory. Additionally a very large number of bugs was fixed. Details can be found in the RPM changelog of the included packages. OCFS2 has been upgraded to the 1.4.1 release: Endian fixes Use slab caches for DLM objects Export DLM state info to debugfs Avoid ENOSPC in rare conditions when free inodes are reserved by other nodes Error handling fix in ocfs2_start_walk_page_trans() Cleanup lockres printing Allow merging of extents Fix to allow changing permissions of symlinks Merged local fixes upstream (no code change) Everyone using the Linux Kernel on x86 architecture should update. Please see patch page for more detailed information.
***************************************************************
Title: PATCH-B10050505 - Security update for libxmlrpc - SLED10 SP3
Severity: <Unspecified>
Fixlet ID: 1005050501
Fixlet Link: http://download.novell.com/Download?buildid=dXkgkvXGjCU~
Fixlet Description: This update of libxmlrpc is not vulnerable anymore to denial of service bugs that can occur while processing malformed XML input. CVE-2009-2625: CVSS v2 Base Score: 5.0 (moderate) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Permissions, Privileges, and Access Control (CWE-264) CVE-2009-3720: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Insufficient Information (CWE-noinfo) CVE-2009-3560: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) Everyone should update. Please see patch page for more detailed information.
More information about the SUSE-Announcements
mailing list