Fixlet Site - PatchesforSUSELinuxEnterprise Current Version: 102 Published: Mon, 04 Feb 2008 20:06:32 GMT *************************************************************** Title: PATCH-12032 - Security update for libxml2 - SLES9 Severity: Fixlet ID: 1203201 Fixlet Link: http://support.novell.com/techcenter/psdb/f9364893382df399b6831f0d5db6e063.html Fixlet Description: libxml2 contained a DoS condition in xmlCurrentChar()'s UTF-8 processing. CVE-2007-6284 has been assigned to this problem. Everyone using libxml2 should install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12032 - Security update for libxml2 - SLED10/SLES10 Severity: <Unspecified> Fixlet ID: 1203203 Fixlet Description: libxml2 contained a DoS condition in xmlCurrentChar()'s UTF-8 processing. CVE-2007-6284 has been assigned to this problem. Everyone using libxml2 should install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12040 - Security update for XFree86-libs - SLES9 Severity: Fixlet ID: 1204001 Fixlet Link: http://support.novell.com/techcenter/psdb/56240f6955337ddf455d2aa23797006a.html Fixlet Description: This update fixes various Xserver security issues. File existence disclosure vulnerability (CVE-2007-5958). XInput Extension Memory Corruption Vulnerability [IDEF2888 CVE-2007-6427]. TOG-CUP Extension Memory Corruption Vulnerability [IDEF2901 CVE-2007-6428]. EVI Extension Integer Overflow Vulnerability [IDEF2902 CVE-2007-6429]. MIT-SHM Extension Integer Overflow Vulnerability [IDEF2904 CVE-2007-6429]. XFree86-MISC Extension Invalid Array Index Vulnerability [IDEF2903 CVE-2007-5760]. PCF font parser vulnerability. Install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12043 - Security update for XFree86-Xnest - SLES9 Severity: Fixlet ID: 1204301 Fixlet Link: http://support.novell.com/techcenter/psdb/686ed843d1dc7672badd026d1d0712c1.html Fixlet Description: This update fixes various Xserver security issues. File existence disclosure vulnerability (CVE-2007-5958). XInput Extension Memory Corruption Vulnerability [IDEF2888 CVE-2007-6427]. TOG-CUP Extension Memory Corruption Vulnerability [IDEF2901 CVE-2007-6428]. EVI Extension Integer Overflow Vulnerability [IDEF2902 CVE-2007-6429]. MIT-SHM Extension Integer Overflow Vulnerability [IDEF2904 CVE-2007-6429]. XFree86-MISC Extension Invalid Array Index Vulnerability [IDEF2903 CVE-2007-5760]. PCF font parser vulnerability. Install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12045 - Security update for libexif - SLES9 Severity: Fixlet ID: 1204501 Fixlet Link: http://support.novell.com/techcenter/psdb/23b2b9b4c711d113313d3391e1ccaf7b.html Fixlet Description: Two bugs in libexif were identified by a Google Security Audit done by Meder Kydyraliev. CVE-2007-6351: Loading EXIF data could be used to cause a infinite recursion and crash CVE-2007-6352: Integer overflows in the thumbnail handler could be used to overflow buffers and potentially execute code or crash a program using libexif. Install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12045 - Security update for libexif - SLED10/SLES10 Severity: <Unspecified> Fixlet ID: 1204503 Fixlet Description: Two bugs in libexif were identified by a Google Security Audit done by Meder Kydyraliev. CVE-2007-6351: Loading EXIF data could be used to cause a infinite recursion and crash CVE-2007-6352: Integer overflows in the thumbnail handler could be used to overflow buffers and potentially execute code or crash a program using libexif. Install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12053 - Security update for KDE3 FlashPlayer support - SLES9 Severity: Fixlet ID: 1205301 Fixlet Link: http://support.novell.com/techcenter/psdb/ce44d06573855ae9f49fd86522fe7ded.html Fixlet Description: This update is necessary to support the new FlashPlayer version, which required XEmbed support. Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12056 - Security update for KDE3 FlashPlayer support - SLES9 Severity: Fixlet ID: 1205601 Fixlet Link: http://support.novell.com/techcenter/psdb/f6328c885b939f4da8d58c816abf61e6.html Fixlet Description: This update is necessary to support the new FlashPlayer version, which required XEmbed support. Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12057 - Security update for xine - SLED10 Severity: Fixlet ID: 1205701 Fixlet Link: http://support.novell.com/techcenter/psdb/8af3aedc81f892a1e5fbccb8c5c45e7d.html Fixlet Description: Specially crafted rtsp-Streams could cause a buffer overflow in xine. Attackers could potentially exploit that to execute arbitrary code (CVE-2008-0225). Additionally a security update of xorg-x11 revealed a bug in xine-ui. The xine user interface didn't display properly due to that. Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12058 - Security update for XFree86-server - SLES9 Severity: Fixlet ID: 1205801 Fixlet Link: http://support.novell.com/techcenter/psdb/6013a975e7a8110a94cdc526ed47c968.html Fixlet Description: The previous XFree86 security update contained a flaw. Due to this some applications using the shared memory extension did not work properly anymore. Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12061 - Security update for XFree86-Xvnc - SLES9 Severity: Fixlet ID: 1206101 Fixlet Link: http://support.novell.com/techcenter/psdb/78ad989cf62cd7cb8278841e0584c0b0.html Fixlet Description: The previous XFree86 security update contained a flaw. Due to this some applications using the shared memory extension did not work properly anymore. Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8011601 - Security update for Kerberos - SLED10 Severity: Fixlet ID: 801160105 Fixlet Link: http://support.novell.com/techcenter/psdb/18a482377a2281609cbc81bdea795fbe.html Fixlet Description: This update fixes multiple vulnerabilties in krb5. It's unlikely that those vulnerabilties can actually be exploited. (CVE-2007-5894, CVE-2007-5902, CVE-2007-5971, CVE-2007-5972) Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8011601 - Security update for Kerberos - SLES10 Severity: <Unspecified> Fixlet ID: 801160106 Fixlet Description: This update fixes multiple vulnerabilties in krb5. It's unlikely that those vulnerabilties can actually be exploited. (CVE-2007-5894, CVE-2007-5902, CVE-2007-5971, CVE-2007-5972) Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8012301 - Security update for xorg-x11-Xnest - SLED10/SLES10 Severity: Fixlet ID: 801230101 Fixlet Link: http://support.novell.com/techcenter/psdb/18a56e9d8d46b54d240bd74f97e7a881.html Fixlet Description: This update fixes various Xserver security issues. File existence disclosure vulnerability (CVE-2007-5958). XInput Extension Memory Corruption Vulnerability [IDEF2888 CVE-2007-6427]. TOG-CUP Extension Memory Corruption Vulnerability [IDEF2901 CVE-2007-6428]. EVI Extension Integer Overflow Vulnerability [IDEF2902 CVE-2007-6429]. MIT-SHM Extension Integer Overflow Vulnerability [IDEF2904 CVE-2007-6429]. XFree86-MISC Extension Invalid Array Index Vulnerability [IDEF2903 CVE-2007-5760]. PCF font parser vulnerability. Install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8012402 - Security update for X11 libs and server - SLED10/SLES10 Severity: Fixlet ID: 801240201 Fixlet Link: http://support.novell.com/techcenter/psdb/e4b2229c714a9c6fb576185356d86fc8.html Fixlet Description: This update fixes various Xserver security issues. File existence disclosure vulnerability (CVE-2007-5958). XInput Extension Memory Corruption Vulnerability [IDEF2888 CVE-2007-6427]. TOG-CUP Extension Memory Corruption Vulnerability [IDEF2901 CVE-2007-6428]. EVI Extension Integer Overflow Vulnerability [IDEF2902 CVE-2007-6429]. MIT-SHM Extension Integer Overflow Vulnerability [IDEF2904 CVE-2007-6429]. XFree86-MISC Extension Invalid Array Index Vulnerability [IDEF2903 CVE-2007-5760]. PCF font parser vulnerability. Install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8012403 - Security update for X.org X11 - SLED10/SLES10 Severity: Fixlet ID: 801240301 Fixlet Link: http://support.novell.com/techcenter/psdb/9c2968b7b007cb67627809c24a34ef19.html Fixlet Description: The previous xorg-x11 security update contained a flaw. Due to this some applications using the shared memory extension did not work properly anymore. Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8012404 - Security update for kdelibs3 - SLED10/SLES10 Severity: Fixlet ID: 801240401 Fixlet Link: http://support.novell.com/techcenter/psdb/7eda3e0865c98f7196ab5ab1db3d813a.html Fixlet Description: This update is necessary to support the new FlashPlayer version, which required XEmbed support. Install this update if you need flash player support. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8012801 - Security update for xorg-x11-Xvnc - SLED10/SLES10 Severity: Fixlet ID: 801280101 Fixlet Link: http://support.novell.com/techcenter/psdb/ad3c9631850f5f1c52e7b42a1392616d.html Fixlet Description: The previous xorg-x11 security update contained a flaw. Due to this some applications using the shared memory extension did not work properly anymore. Everyone should update. Please see patch page for more detailed information.