Fixlet Site - PatchesforSUSELinuxEnterprise Current Version: 80 Published: Wed, 28 Nov 2007 00:46:29 GMT *************************************************************** Title: PATCH-11952 - Security update for YaST2 - SLES9 Severity: Fixlet ID: 1195201 Fixlet Link: http://support.novell.com/techcenter/psdb/b2b5779b3105842f8b7ea5b6992883ad.html Fixlet Description: Everyone should install this security update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-11952 - Security update for YaST2 - SLED10 Severity: Fixlet ID: 1195203 Fixlet Link: http://support.novell.com/techcenter/psdb/b2b5779b3105842f8b7ea5b6992883ad.html Fixlet Description: Everyone should install this security update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-11952 - Security update for YaST2 - SLES10 Severity: Fixlet ID: 1195204 Fixlet Link: http://support.novell.com/techcenter/psdb/b2b5779b3105842f8b7ea5b6992883ad.html Fixlet Description: Everyone should install this security update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-11964 - Security update for perl - SLES9 Severity: Fixlet ID: 1196401 Fixlet Link: http://support.novell.com/techcenter/psdb/ac1366b509057e23230d33e9bad84f43.html Fixlet Description: Specially crafted regular expressions could lead to a buffer overflow in perl's regular expressions engine. Scripts processing data from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. Depending on the purpose of the scripts, the vulnerability can be exploited remotely or locally. The vulnerability has been tracked by CVE-2007-5116. Everyone should install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-11964 - Security update for perl - SLED10/SLES10 Severity: Fixlet ID: 1196403 Fixlet Link: http://support.novell.com/techcenter/psdb/ac1366b509057e23230d33e9bad84f43.html Fixlet Description: Specially crafted regular expressions could lead to a buffer overflow in perl's regular expressions engine. Scripts processing data from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. Depending on the purpose of the scripts, the vulnerability can be exploited remotely or locally. The vulnerability has been tracked by CVE-2007-5116. Everyone should install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-11965 - Security update for Cups - SLES9 Severity: Fixlet ID: 1196501 Fixlet Link: http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.html Fixlet Description: A number of vulnerabilities have been found in the xpdf code used by cups which could be exploited, potentially remotely, by tricking the user to print a specially crafted PDF file. The vulnerabilities are in the source code file Stream. cc and may allow execution of arbitrary code with the privileges of the user viewing the PDF. Specifically, these are an array indexing error leading to memory corruption (CVE-2007-4352), a possible integer overflow causing to a buffer overflow (CVE-2007-5392) and a boundary check error that can also cause a buffer overflow (CVE-2007-5393). Everyone should install this security update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-11965 - Security update for Cups - SLED10/SLES10 Severity: Fixlet ID: 1196503 Fixlet Link: http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.html Fixlet Description: A number of vulnerabilities have been found in the xpdf code used by cups which could be exploited, potentially remotely, by tricking the user to print a specially crafted PDF file. The vulnerabilities are in the source code file Stream. cc and may allow execution of arbitrary code with the privileges of the user viewing the PDF. Specifically, these are an array indexing error leading to memory corruption (CVE-2007-4352), a possible integer overflow causing to a buffer overflow (CVE-2007-5392) and a boundary check error that can also cause a buffer overflow (CVE-2007-5393). Everyone should install this security update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-11990 - Security update for pcre - SLES9 Severity: Fixlet ID: 1199001 Fixlet Link: http://support.novell.com/techcenter/psdb/02ba535f3b526c99b9b5525f2fcfac3d.html Fixlet Description: Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. Depending on the application linked to libpcre, the vulnerability can be exploited remotely or locally. The vulnerability has been tracked by CVE-2006-7224, CVE-2006-7225, CVE-2006-7226, CVE-2007-1659 and CVE-2007-1660. Everyone should install this maintenance update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B7111602 - Security update for pcre - SLED10/SLES10 Severity: Fixlet ID: 711160201 Fixlet Link: http://support.novell.com/techcenter/psdb/b130f9b7411bf790c7468310e091ddad.html Fixlet Description: Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. Depending on the application linked to libpcre, the vulnerability can be exploited remotely or locally. The vulnerability has been tracked by CVE-2006-7224, CVE-2006-7225, CVE-2006-7226, CVE-2007-1659 and CVE-2007-1660. Everyone should install this maintenance update. Please see patch page for more detailed information.