Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 72	Published: Wed, 24 Oct 2007 18:04:21  GMT
***************************************************************
Title: PATCH-11802 - Security update for KDE libraries - SLES9
Severity: <Unspecified>
Fixlet ID: 1180201
Fixlet Link: http://support.novell.com/techcenter/psdb/8218149bb971b488abdce21b4d34da2e.html

Fixlet Description: This update fixes a bug in konqueror that allowed JavaScript code to modify the URL in the address bar to make the currently displayed web site appear to have a different origin. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-11835 - Security update for Linux kernel - SLES9
Severity: <Unspecified>
Fixlet ID: 1183501
Fixlet Link: http://support.novell.com/techcenter/psdb/353a84ed7b2f4d437e90169112757674.html

Fixlet Description: This kernel update fixes the following security problems:    CVE-2007-2876: A NULL pointer dereference in SCTP connection tracking        could be caused by a remote attacker by sending specially crafted        packets.        Note that this requires SCTP set-up and active to be exploitable.        This bug was already fixed in openSUSE 10.2 and SLES10.    The handling of the usage counter for bond devices was fixed.    CVE-2007-3105: Stack-based buffer overflow in the random number        generator (RNG) implementation in the Linux kernel before 2.6.22        might allow local root users to cause a denial of service or gain        privileges by setting the default wake-up threshold to a value        greater than the output pool size, which triggers writing random        numbers to the stack by the pool transfer function involving "bound        check ordering".        Since this value can only be changed by a root user, exploitability        is low.        This was already fixed for SLES10.    CVE-2007-2525: A memory leak in the PPPoE driver can be abused by        local users to cause a denial-of-service condition.        This bug was already fixed for SLES10.    CVE-2007-3848: Local users are allowed to send arbitrary signals to        child processes running with different UID.        This bug was already fixed for SLES10    CVE-2007-4573: It was possible for local user to become root by        exploiting a bug in the IA32 system call emulation. This affects        x86_64 platforms with kernel 2.4. x and 2.6. x before 2.6.22.7 only.    CVE-2007-4571: An information disclosure vulnerability in the ALSA        driver can be exploited by local users to read sensitive data from the        kernel memory.  and the following non security bugs:     patches. fixes/ide-tape-no-device:         Prevent oops in ide-tape when opening a non-existent device  [#165539]     patches. fixes/oom-fix-spurious-kills:         go in sync with mainline to avoid spurious oom kills  [#202338]     patches. fixes/oom-fix-deadlocks:         fix lots of oom deadlock related bugs   [#202338]     patches. fixes/reiserfs-unsigned-less-than-zero-checks. diff:         reiserfs: do not check if unsigned &lt; 0  [#208950]     patches. fixes/sbp2_dma_boundary. patch:  [#243270]         set a conservative DMA limit for buffers to be transferred via sbp2     patches. drivers/mptspi-sequential-scan-hang:  [#243401]         Boot time hang during sequential scan of SCSI-2 target LUNs     patches. fixes/scsi-remove-host-procfs:         kernel Oops after rmmod lpfc   [#251257]     patches. fixes/fusion-nat-consumption-fix:         Handle a potential race in mptbase. This fixes a NaT consumption crash        [#257412]    patches. fixes/fix-hiddev-oops-2: Fix disconnect oops in hiddev        [#279318]    patches. fixes/nfs-osync-error-return:         Ensure proper error return from O_SYNC writes  [#280833]     patches. fixes/lockd-chroot-fix:         Allow lockd to work reliably with applications in a        chroot  [#288376] [#305480]     patches. fixes/make-swappiness-safer-to-use. patch:         Handle low swappiness more gracefully [#288799]     patches. arch/x86_64-dac-memleak:          Fix memory leak in pci_alloc_consistent  [#302094]     patches. fixes/reiserfs-transaction-overflow:         reiserfs: handle trans_id overflow  [#329645] Everyone using the Linux Kernel on x86 architecture should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-11835 - Dependencies Needed - SLES9
Severity: <Unspecified>
Fixlet ID: 1183502
Fixlet Link: http://support.novell.com/techcenter/psdb/353a84ed7b2f4d437e90169112757674.html

Fixlet Description: Updated packages for the Linux Kernel are now available. However, this update requires that the package "mkinitrd" be installed and at least version "1.2".

***************************************************************
Title: PATCH-11915 - Security update for Sun Java 2 - SLES9
Severity: <Unspecified>
Fixlet ID: 1191501
Fixlet Link: http://support.novell.com/techcenter/psdb/9d8cb03291c8cdf9cfec381e38bd6b88.html

Fixlet Description: The Sun JAVA JDK 1.4.2 was upgraded to release 16 and the Sun JAVA JDK 1.3.1 was upgraded to release 20 to fix various bugs, including the following security bugs:            http://sunsolve. sun. com/search/document. do?assetkey=1-26-103079-1                                CVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6        Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and        JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when        applet caching is enabled, allows remote attackers to violate the        security model for an applet's outbound connections via a DNS rebinding        attack.                     http://sunsolve. sun. com/search/document. do?assetkey=1-26-103073-1                         CVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12               and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows               does not properly enforce access restrictions for untrusted               applications, which allows user-assisted remote attackers to               read local files via an untrusted application.                                          CVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and               earlier does not properly enforce access restrictions for               untrusted applications, which allows user-assisted remote               attackers to read and modify local files via an untrusted               application, aka "two vulnerabilities".                                          CVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and               earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE               1.4.2_15 and earlier does not properly enforce access               restrictions for untrusted applications, which allows               user-assisted remote attackers to obtain sensitive information               (the Java Web Start cache location) via an untrusted               application, aka "three vulnerabilities. "                                         http://sunsolve. sun. com/search/document. do?assetkey=1-26-103072-1                         CVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and        earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15        and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly        enforce access restrictions for untrusted (1) applications and (2)        applets, which allows user-assisted remote attackers to copy or rename        arbitrary files when local users perform drag-and-drop operations from        the untrusted application or applet window onto certain types of        desktop applications.                     http://sunsolve. sun. com/search/document. do?assetkey=1-26-103071-1                                CVE-2007-5240: Visual truncation vulnerability in the Java Runtime        Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0        Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and        JRE 1.3.1_20 and earlier allows remote attackers to circumvent display        of the untrusted-code warning banner by creating a window larger than        the workstation screen.                    http://sunsolve. sun. com/search/document. do?assetkey=1-26-103078-1                         CVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE               6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier,               SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and               earlier, when an HTTP proxy server is used, allows remote               attackers to violate the security model for an applet's outbound               connections via a multi-pin DNS rebinding attack in which the               applet download relies on DNS resolution on the proxy server,               but the applet's socket operations rely on DNS resolution on the               local machine, a different issue than CVE-2007-5274.                                         CVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE               6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier,               SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and               earlier, when Firefox or Opera is used, allows remote attackers               to violate the security model for JavaScript outbound               connections via a multi-pin DNS rebinding attack dependent on               the LiveConnect API, in which JavaScript download relies on DNS               resolution by the browser, but JavaScript socket operations rely               on separate DNS resolution by a Java Virtual Machine (JVM), a               different issue than CVE-2007-5273. Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-11918 - Security update for IBM Java2 JRE and SDK - SLES9
Severity: <Unspecified>
Fixlet ID: 1191801
Fixlet Link: http://support.novell.com/techcenter/psdb/1d3d4cc05bdfc425f875a1d8a7ef9b7e.html

Fixlet Description: The IBM Java JRE/SDK has been brought to release 1.4.2 SR9 and 1.3.1 SR11, containing several bugfixes, including the following security fixes:            CVE-2007-2788,CVE-2007-2789,CVE-2007-3004,CVE-2007-3005:        A buffer overflow vulnerability in the image parsing code in the        Java(TM) Runtime Environment may allow an untrusted applet or        application to elevate its privileges. For example, an applet may        grant itself permissions to read and write local files or execute        local applications that are accessible to the user running the        untrusted applet.                                A second vulnerability may allow an untrusted applet or application        to cause the Java Virtual Machine to hang.                    CVE-2007-3655: A buffer overflow vulnerability in the Java Web Start        URL parsing code may allow an untrusted application to elevate its        privileges. For example, an application may grant itself permissions        to read and write local files or execute local applications with the        privileges of the user running the Java Web Start application.                    CVE-2007-3922: A security vulnerability in the Java Runtime Environment        Applet Class Loader may allow an untrusted applet that is loaded from        a remote system to circumvent network access restrictions and establish        socket connections to certain services running on the local host, as if        it were loaded from the system that the applet is running on. This may        allow the untrusted remote applet the ability to exploit any security        vulnerabilities existing in the services it has connected to.                        For more information see:        http://www-128. ibm. com/developerworks/java/jdk/alerts/ Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B7101701 - Security update for Sun Java 1.4.2 - SLES10
Severity: <Unspecified>
Fixlet ID: 710170101
Fixlet Link: http://support.novell.com/techcenter/psdb/9846044890f44374e747f617724ca6c9.html

Fixlet Description: The Sun JAVA JDK 1.4.2 was upgraded to release 16 to fix various bugs, including the following security bugs:            http://sunsolve. sun. com/search/document. do?assetkey=1-26-103079-1                                CVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6        Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and        JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when        applet caching is enabled, allows remote attackers to violate the        security model for an applet's outbound connections via a DNS rebinding        attack.                     http://sunsolve. sun. com/search/document. do?assetkey=1-26-103073-1	   	      CVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 	      and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows 	      does not properly enforce access restrictions for untrusted 	      applications, which allows user-assisted remote attackers to 	      read local files via an untrusted application. 	        	   	      CVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and 	      earlier does not properly enforce access restrictions for 	      untrusted applications, which allows user-assisted remote 	      attackers to read and modify local files via an untrusted 	      application, aka "two vulnerabilities". 	        	   	      CVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and 	      earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 	      1.4.2_15 and earlier does not properly enforce access 	      restrictions for untrusted applications, which allows 	      user-assisted remote attackers to obtain sensitive information 	      (the Java Web Start cache location) via an untrusted 	      application, aka "three vulnerabilities. " 	                                http://sunsolve. sun. com/search/document. do?assetkey=1-26-103072-1                         CVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and        earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15        and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly        enforce access restrictions for untrusted (1) applications and (2)        applets, which allows user-assisted remote attackers to copy or rename        arbitrary files when local users perform drag-and-drop operations from        the untrusted application or applet window onto certain types of        desktop applications.                     http://sunsolve. sun. com/search/document. do?assetkey=1-26-103071-1                                CVE-2007-5240: Visual truncation vulnerability in the Java Runtime        Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0        Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and        JRE 1.3.1_20 and earlier allows remote attackers to circumvent display        of the untrusted-code warning banner by creating a window larger than        the workstation screen.                    http://sunsolve. sun. com/search/document. do?assetkey=1-26-103078-1	   	      CVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 	      6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, 	      SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and 	      earlier, when an HTTP proxy server is used, allows remote 	      attackers to violate the security model for an applet's outbound 	      connections via a multi-pin DNS rebinding attack in which the 	      applet download relies on DNS resolution on the proxy server, 	      but the applet's socket operations rely on DNS resolution on the 	      local machine, a different issue than CVE-2007-5274. 	       	   	      CVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 	      6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, 	      SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and 	      earlier, when Firefox or Opera is used, allows remote attackers 	      to violate the security model for JavaScript outbound 	      connections via a multi-pin DNS rebinding attack dependent on 	      the LiveConnect API, in which JavaScript download relies on DNS 	      resolution by the browser, but JavaScript socket operations rely 	      on separate DNS resolution by a Java Virtual Machine (JVM), a 	      different issue than CVE-2007-5273. Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B7101701 - Security update for Sun Java 1.4.2 - SLED10
Severity: <Unspecified>
Fixlet ID: 710170102
Fixlet Link: http://support.novell.com/techcenter/psdb/9846044890f44374e747f617724ca6c9.html

Fixlet Description: The Sun JAVA JDK 1.4.2 was upgraded to release 16 to fix various bugs, including the following security bugs:            http://sunsolve. sun. com/search/document. do?assetkey=1-26-103079-1                                CVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6        Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and        JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when        applet caching is enabled, allows remote attackers to violate the        security model for an applet's outbound connections via a DNS rebinding        attack.                     http://sunsolve. sun. com/search/document. do?assetkey=1-26-103073-1	   	      CVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 	      and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows 	      does not properly enforce access restrictions for untrusted 	      applications, which allows user-assisted remote attackers to 	      read local files via an untrusted application. 	        	   	      CVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and 	      earlier does not properly enforce access restrictions for 	      untrusted applications, which allows user-assisted remote 	      attackers to read and modify local files via an untrusted 	      application, aka "two vulnerabilities". 	        	   	      CVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and 	      earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 	      1.4.2_15 and earlier does not properly enforce access 	      restrictions for untrusted applications, which allows 	      user-assisted remote attackers to obtain sensitive information 	      (the Java Web Start cache location) via an untrusted 	      application, aka "three vulnerabilities. " 	                                http://sunsolve. sun. com/search/document. do?assetkey=1-26-103072-1                         CVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and        earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15        and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly        enforce access restrictions for untrusted (1) applications and (2)        applets, which allows user-assisted remote attackers to copy or rename        arbitrary files when local users perform drag-and-drop operations from        the untrusted application or applet window onto certain types of        desktop applications.                     http://sunsolve. sun. com/search/document. do?assetkey=1-26-103071-1                                CVE-2007-5240: Visual truncation vulnerability in the Java Runtime        Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0        Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and        JRE 1.3.1_20 and earlier allows remote attackers to circumvent display        of the untrusted-code warning banner by creating a window larger than        the workstation screen.                    http://sunsolve. sun. com/search/document. do?assetkey=1-26-103078-1	   	      CVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 	      6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, 	      SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and 	      earlier, when an HTTP proxy server is used, allows remote 	      attackers to violate the security model for an applet's outbound 	      connections via a multi-pin DNS rebinding attack in which the 	      applet download relies on DNS resolution on the proxy server, 	      but the applet's socket operations rely on DNS resolution on the 	      local machine, a different issue than CVE-2007-5274. 	       	   	      CVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 	      6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, 	      SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and 	      earlier, when Firefox or Opera is used, allows remote attackers 	      to violate the security model for JavaScript outbound 	      connections via a multi-pin DNS rebinding attack dependent on 	      the LiveConnect API, in which JavaScript download relies on DNS 	      resolution by the browser, but JavaScript socket operations rely 	      on separate DNS resolution by a Java Virtual Machine (JVM), a 	      different issue than CVE-2007-5273. Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B7101801 - Security update for IBM Java 1.5.0 - SLED10
Severity: <Unspecified>
Fixlet ID: 710180101
Fixlet Link: http://support.novell.com/techcenter/psdb/5544d25cb52fbadcc4de5bfd2d3654a1.html

Fixlet Description: The IBM Java JRE/SDK has been brought to release 1.5.0 SR5a, containing several bugfixes, including the following security fixes:            CVE-2007-2788,CVE-2007-2789,CVE-2007-3004,CVE-2007-3005:        A buffer overflow vulnerability in the image parsing code in the        Java(TM) Runtime Environment may allow an untrusted applet or        application to elevate its privileges. For example, an applet may        grant itself permissions to read and write local files or execute        local applications that are accessible to the user running the        untrusted applet.                                A second vulnerability may allow an untrusted applet or application        to cause the Java Virtual Machine to hang.                    CVE-2007-3655: A buffer overflow vulnerability in the Java Web Start        URL parsing code may allow an untrusted application to elevate its        privileges. For example, an application may grant itself permissions        to read and write local files or execute local applications with the        privileges of the user running the Java Web Start application.                    CVE-2007-3922: A security vulnerability in the Java Runtime Environment        Applet Class Loader may allow an untrusted applet that is loaded from        a remote system to circumvent network access restrictions and establish        socket connections to certain services running on the local host, as if        it were loaded from the system that the applet is running on. This may        allow the untrusted remote applet the ability to exploit any security        vulnerabilities existing in the services it has connected to.                        For more information see:        http://www-128. ibm. com/developerworks/java/jdk/alerts/ Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B7101801 - Security update for IBM Java 1.5.0 - SLES10
Severity: <Unspecified>
Fixlet ID: 710180102
Fixlet Link: http://support.novell.com/techcenter/psdb/5544d25cb52fbadcc4de5bfd2d3654a1.html

Fixlet Description: The IBM Java JRE/SDK has been brought to release 1.5.0 SR5a, containing several bugfixes, including the following security fixes:            CVE-2007-2788,CVE-2007-2789,CVE-2007-3004,CVE-2007-3005:        A buffer overflow vulnerability in the image parsing code in the        Java(TM) Runtime Environment may allow an untrusted applet or        application to elevate its privileges. For example, an applet may        grant itself permissions to read and write local files or execute        local applications that are accessible to the user running the        untrusted applet.                                A second vulnerability may allow an untrusted applet or application        to cause the Java Virtual Machine to hang.                    CVE-2007-3655: A buffer overflow vulnerability in the Java Web Start        URL parsing code may allow an untrusted application to elevate its        privileges. For example, an application may grant itself permissions        to read and write local files or execute local applications with the        privileges of the user running the Java Web Start application.                    CVE-2007-3922: A security vulnerability in the Java Runtime Environment        Applet Class Loader may allow an untrusted applet that is loaded from        a remote system to circumvent network access restrictions and establish        socket connections to certain services running on the local host, as if        it were loaded from the system that the applet is running on. This may        allow the untrusted remote applet the ability to exploit any security        vulnerabilities existing in the services it has connected to.                        For more information see:        http://www-128. ibm. com/developerworks/java/jdk/alerts/ Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B7101802 - Security update for IBM Java 1.4.2 - SLES10
Severity: <Unspecified>
Fixlet ID: 710180201
Fixlet Link: http://support.novell.com/techcenter/psdb/51fd7d03020fe413e43cda8f60442612.html

Fixlet Description: The IBM Java JRE/SDK has been brought to release 1.4.2 SR9, containing several bugfixes, including the following security fixes:            CVE-2007-2788,CVE-2007-2789,CVE-2007-3004,CVE-2007-3005:        A buffer overflow vulnerability in the image parsing code in the        Java(TM) Runtime Environment may allow an untrusted applet or        application to elevate its privileges. For example, an applet may        grant itself permissions to read and write local files or execute        local applications that are accessible to the user running the        untrusted applet.                                A second vulnerability may allow an untrusted applet or application        to cause the Java Virtual Machine to hang.                    CVE-2007-3655: A buffer overflow vulnerability in the Java Web Start        URL parsing code may allow an untrusted application to elevate its        privileges. For example, an application may grant itself permissions        to read and write local files or execute local applications with the        privileges of the user running the Java Web Start application.                    CVE-2007-3922: A security vulnerability in the Java Runtime Environment        Applet Class Loader may allow an untrusted applet that is loaded from        a remote system to circumvent network access restrictions and establish        socket connections to certain services running on the local host, as if        it were loaded from the system that the applet is running on. This may        allow the untrusted remote applet the ability to exploit any security        vulnerabilities existing in the services it has connected to.                        For more information see:        http://www-128. ibm. com/developerworks/java/jdk/alerts/ Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B7101902 - Security update for festival - SLED10/SLES10
Severity: <Unspecified>
Fixlet ID: 710190201
Fixlet Link: http://support.novell.com/techcenter/psdb/9a129111a99cd5f50e99140fa2df1180.html

Fixlet Description: The festival daemon runs as root. The default config doesn't have a password set. A local attacker could therefore connect to the daemon to have commands executed as root. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B7101903 - Security update for Mozilla Firefox - SLED10/SLES10
Severity: <Unspecified>
Fixlet ID: 710190301
Fixlet Link: http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

Fixlet Description: This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed:            MFSA 2007-26 / CVE-2007-3844: Privilege escalation through        chrome-loaded about:blank windows                         Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced        by the fix for MFSA 2007-20 that could enable privilege escalation        attacks against addons that create "about:blank" windows and populate        them in certain ways (including implicit "about:blank" document creation        through data: or javascript: URLs in a new window).                            MFSA 2007-29: Crashes with evidence of memory corruption               As part of the Firefox 2.0.0.8 update releases Mozilla developers fixed        many bugs to improve the stability of the product. Some of these        crashes showed evidence of memory corruption under certain        circumstances and we presume that with enough effort at least some of        these could be exploited to run arbitrary code.        	  CVE-2007-5339 Browser crashes 	  CVE-2007-5340 JavaScript engine crashes                   MFSA 2007-30 / CVE-2007-1095: onUnload Tailgating                         Michal Zalewski demonstrated that onUnload event handlers had access to        the address of the new page about to be loaded, even if the navigation        was triggered from outside the page content such as by using a        bookmark, pressing the back button, or typing an address into the        location bar. If the bookmark contained sensitive information in the        URL the attacking page might be able to take advantage of it. An        attacking page would also be able to redirect the user, perhaps to a        phishing page that looked like the site the user thought they were        about to visit.             MFSA 2007-31 / CVE-2007-2292: Digest authentication request splitting                         Security researcher Stefano Di Paola reported that Firefox did not        properly validate the user ID when making an HTTP request using Digest        Authentication to log into a web site. A malicious page could abuse        this to inject arbitrary HTTP headers by including a newline character        in the user ID followed by the injected header data. If the user were        connecting through a proxy the attacker could inject headers that a        proxy would interpret as two separate requests for different hosts.                     MFSA 2007-32 / CVE-2007-3511 / CVE-2006-2894: File input focus stealing        vulnerability                         A user on the Sla. ckers. org forums named hong reported that a file        upload control could be filled programmatically by switching page focus        to the label before a file upload form control for selected keyboard        events. An attacker could use this trick to steal files from the users'        computer if the attacker knew the full pathnames to the desired fileis        and could create a pretext that would convince the user to type long        enough to produce all the necessary characters.                     MFSA 2007-33 / CVE-2007-5334: XUL pages can hide the window titlebar                         Mozilla developer Eli Friedman discovered that web pages written in the        XUL markup language (rather than the usual HTML) can hide their        window's titlebar.        It may have been possible to abuse this ablity to create more        convincing spoof and phishing pages.                     MFSA 2007-34 / CVE-2007-5337: Possible file stealing through sftp        protocol                         On Linux machines with gnome-vfs support the smb: and sftp: URI schemes        are available in Firefox. Georgi Guninski showed that if an attacker        can store the attack page in a mutually accessible location on the        target server (/tmp perhaps) and lure the victim into loading it, the        attacker could potentially read any file owned by the victim from known        locations on that server.                     MFSA 2007-35 / CVE-2007-5338: XPCNativeWraper pollution using Script        object                         Mozilla security researcher moz_bug_r_a4 reported that it was possible        to use the Script object to modify XPCNativeWrappers in such a way that        subsequent access by the browser chrome--such as by right-clicking to        open a context menu--can cause attacker-supplied javascript to run with        the same privileges as the user. This is similar to MFSA 2007-25 fixed        in Firefox 2.0.0.5          Only Windows is affected by:            MFSA 2007-27 / CVE-2007-3845: Unescaped URIs passed to external programs                        This problem affects Windows only due to their handling of URI        launchers.                     MFSA 2007-28 / CVE-2006-4965: Code execution via QuickTime Media-link        files                        Linux does not have. lnk files, nor Quicktime. Not affected.                     MFSA 2007-36 / CVE-2007-4841 URIs with invalid %-encoding mishandled by        Windows                         This problem does not affect Linux. Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B7101903 - Dependencies Needed - SLED10/SLES10
Severity: <Unspecified>
Fixlet ID: 710190303
Fixlet Link: http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

Fixlet Description: Updated packages for Mozilla Firefox are now available. However, this update requires that the package "mozilla-nspr" be installed and at least version "4.6.4".

***************************************************************
Title: PATCH-B7101904 - Security update for OpenSSL - SLES10
Severity: <Unspecified>
Fixlet ID: 710190401
Fixlet Link: http://support.novell.com/techcenter/psdb/bb4d50979b40ddf6c0478e068db090de.html

Fixlet Description: A buffer overflow in the DTLS implementation of openssl could be exploited by attackers to potentially execute arbitrary code. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B7101904 - Security update for OpenSSL - SLED10
Severity: <Unspecified>
Fixlet ID: 710190402
Fixlet Link: http://support.novell.com/techcenter/psdb/bb4d50979b40ddf6c0478e068db090de.html

Fixlet Description: A buffer overflow in the DTLS implementation of openssl could be exploited by attackers to potentially execute arbitrary code. Everyone should update. Please see patch page for more detailed information.