Fixlet Site - PatchesforSUSELinuxEnterprise Current Version: 83 Published: Thu, 29 Nov 2007 03:04:58 GMT *************************************************************** Title: PATCH-11804 - Security update for apache2-mod_python - SLES9 Severity: Fixlet ID: 1180401 Fixlet Link: http://support.novell.com/techcenter/psdb/ae83e0f8a577fb44058210a131c1707f.html Fixlet Description: This update fixes a buffer overflow in apache2-mod_python that occurs while using python-based output-filter. This bug can be triggered remotely to read possibly confidential data from the process space of the web-server and in rare cases to execute arbitrary code. (CVE-2004-2680) Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-11953 - Security update for nagios plugins - SLES9 Severity: Fixlet ID: 1195301 Fixlet Link: http://support.novell.com/techcenter/psdb/f409f44777806894048f1a26c5422d30.html Fixlet Description: fix possible buffer overflow during HTTP Location header parsing in check_http (CVE-2007-5198) fix possible buffer overflow during snmpget parsing in check_snmp (CVE-2007-5623) Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-11956 - Security update for libpng - SLES9 Severity: Fixlet ID: 1195601 Fixlet Link: http://support.novell.com/techcenter/psdb/56605be2584d53da1a8232f1bf454759.html Fixlet Description: Specially crafted PNG files could crash applications while attempting to process the file by exploiting out-of-bounds read operations. This can be abused for local and remote denial of service attacks. The issue has been tracked by CVE-2007-5269. Everyone should install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-11962 - Security update for apache2 - SLES9 Severity: Fixlet ID: 1196201 Fixlet Link: http://support.novell.com/techcenter/psdb/a5b67777faf570a7e001c677784ac7c7.html Fixlet Description: Everyone using Apache httpd should install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-11993 - Security update for pcre - SLES9 Severity: Fixlet ID: 1199301 Fixlet Link: http://support.novell.com/techcenter/psdb/9992478cea3704f6f2c2f7741f3e12e2.html Fixlet Description: Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code (CVE-2007-1659, CVE-2006-7230). Everyone should install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B7111301 - Security update for kdegraphics3-pdf - SLED10/SLES10 Severity: Fixlet ID: 711130101 Fixlet Link: http://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.html Fixlet Description: A number of vulnerabilities have been found in the xpdf code used by kpdf which could be exploited, potentially remotely, by tricking the user to view a specially crafted PDF file. The vulnerabilities are in the source code file Stream. cc and may allow execution of arbitrary code with the privileges of the user viewing the PDF. Specifically, these are an array indexing error leading to memory corruption (CVE-2007-4352), a possible integer overflow causing to a buffer overflow (CVE-2007-5392) and a boundary check error that can also cause a buffer overflow (CVE-2007-5393). Everyone should install this security update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B7111501 - Security update for apache2 - SLES10 Severity: Fixlet ID: 711150101 Fixlet Link: http://support.novell.com/techcenter/psdb/37e6149ffa4539f63a70576decf83a8b.html Fixlet Description: Everyone using Apache httpd should install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B7111601 - Security update for java-1_5_0-ibm - SLED10 Severity: Fixlet ID: 711160101 Fixlet Link: http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html Fixlet Description: Everyone using the IBM Java JRE/SDK should install this patch. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B7111601 - Security update for java-1_5_0-ibm - SLES10 Severity: Fixlet ID: 711160102 Fixlet Link: http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html Fixlet Description: Everyone using the IBM Java JRE/SDK should install this patch. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B7112001 - Security update for ruby - SLED10 Severity: Fixlet ID: 711200101 Fixlet Link: http://support.novell.com/techcenter/psdb/cd830c1ea6d7a21918189d5fcf931c19.html Fixlet Description: Everyone should install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B7112602 - Security update for Samba - SLED10 Severity: Fixlet ID: 711260201 Fixlet Link: http://support.novell.com/techcenter/psdb/fbb935b5e53729bf34003933950a015a.html Fixlet Description: Everyone using Samba should install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B7112603 - Security update for pcre - SLED10/SLES10 Severity: Fixlet ID: 711260301 Fixlet Link: http://support.novell.com/techcenter/psdb/ed2f85edfa5f04634eda2d480d600b13.html Fixlet Description: Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code (CVE-2006-7230). Everyone should install this update. Please see patch page for more detailed information.