Fixlet Site - PatchesforSUSELinuxEnterprise Current Version: 87 Published: Wed, 05 Dec 2007 02:44:41 GMT *************************************************************** Title: PATCH-11995 - Security update for Emacs - SLES9 Severity: Fixlet ID: 1199501 Fixlet Link: http://support.novell.com/techcenter/psdb/7dcf095c223a892d3b0140eaa9312402.html Fixlet Description: This update fixes a buffer overflow in Emacs that can be triggered over the command-line. Everyone using Emacs should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-11996 - Security update for Samba - SLES9 Severity: Fixlet ID: 1199601 Fixlet Link: http://support.novell.com/techcenter/psdb/a8a615405c62005f443b3e34d922d381.html Fixlet Description: This update fixes two buffer overflows in nmbd (CVE-2007-4572, CVE-2007-5398). Remote attackers could potentially exploit them to execute arbitrary code. The updated packages additionally contain fixes for numerous other defects. Please refer to the package changelog for details. Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-11998 - Security update for pcre - SLES9 Severity: Fixlet ID: 1199801 Fixlet Link: http://support.novell.com/techcenter/psdb/73795549f9a608bace82f0cf345b3a42.html Fixlet Description: Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code (CVE-2007-1659, CVE-2006-7230). Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B7112801 - Security update for pcre - SLED10/SLES10 Severity: Fixlet ID: 711280101 Fixlet Link: http://support.novell.com/techcenter/psdb/791c4bfe6b7ff0e7295a908e8e6376c7.html Fixlet Description: Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code (CVE-2006-7230). Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B7112902 - Security update for MozillaFirefox - SLED10/SLES10 Severity: Fixlet ID: 711290201 Fixlet Link: http://support.novell.com/techcenter/psdb/a1909a9a9f705e973cf0feed1743484e.html Fixlet Description: This update brings Mozilla Firefox to security update version 2.0.0.10 Following security problems were fixed: MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. MFSA 2007-38 / CVE-2007-5959: The Firefox 2.0.0.10 update contains fixes for three bugs that improve the stability of the product. These crashes showed some evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2007-39 / CVE-2007-5960: Gregory Fleischer demonstrated that it was possible to generate a fake HTTP Referer header by exploiting a timing condition when setting the window. location property. This could be used to conduct a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header as protection against such attacks. Install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B7112902 - Dependencies Needed - SLED10/SLES10 Severity: Fixlet ID: 711290202 Fixlet Link: http://support.novell.com/techcenter/psdb/a1909a9a9f705e973cf0feed1743484e.html Fixlet Description: Updated packages for Mozilla Firefox are now available. However, this update requires that the package "mozilla-nspr" be installed and at least version "4.6.4".