Fixlet Site - PatchesforSUSELinuxEnterprise Current Version: 103 Published: Thu, 07 Feb 2008 23:57:49 GMT New Fixlets: ============ *************************************************************** Title: PATCH-12003 - Security update for nss_ldap - SLES9 Severity: Fixlet ID: 1200301 Fixlet Link: http://support.novell.com/techcenter/psdb/5a8d0489cebefa2727391109050a24c8.html Fixlet Description: nss_ldap returned incorrect data under certain circumstances to the calling process. Some applications could therefore work with wrong user data (CVE-2007-5794). Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12003 - Security update for nss_ldap - SLED10/SLES10 Severity: <Unspecified> Fixlet ID: 1200303 Fixlet Description: nss_ldap returned incorrect data under certain circumstances to the calling process. Some applications could therefore work with wrong user data (CVE-2007-5794). Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12044 - Security update for MySQL - SLES9 Severity: Fixlet ID: 1204401 Fixlet Link: http://support.novell.com/techcenter/psdb/7cb80eb2033195041bfb93aa6b99a517.html Fixlet Description: This update fixes several security vulnerabilities (note: not all versions are affected by every bug): CVE-2007-2583 CVE-2007-2691 CVE-2007-2692 CVE-2007-5925 CVE-2007-5969 CVE-2007-6303 CVE-2007-6304 Everyone using MySQL should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12044 - Security update for MySQL - SLES10 Severity: <Unspecified> Fixlet ID: 1204403 Fixlet Description: This update fixes several security vulnerabilities (note: not all versions are affected by every bug): CVE-2007-2583 CVE-2007-2691 CVE-2007-2692 CVE-2007-5925 CVE-2007-5969 CVE-2007-6303 CVE-2007-6304 Everyone using MySQL should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12044 - Security update for MySQL - SLED10 Severity: &lt;Unspecified&gt; Fixlet ID: 1204404 Fixlet Description: This update fixes several security vulnerabilities (note: not all versions are affected by every bug): CVE-2007-2583 CVE-2007-2691 CVE-2007-2692 CVE-2007-5925 CVE-2007-5969 CVE-2007-6303 CVE-2007-6304 Everyone using MySQL should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12046 - Security update for Python - SLES9 Severity: Fixlet ID: 1204601 Fixlet Link: http://support.novell.com/techcenter/psdb/369e3467aeea8b4a9ba9a6578e9a3e7c.html Fixlet Description: Specially crafted images could trigger an integer overflow in the imageop module (CVE-2007-4965). Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12046 - Security update for Python - SLES10 Severity: <Unspecified> Fixlet ID: 1204603 Fixlet Description: Specially crafted images could trigger an integer overflow in the imageop module (CVE-2007-4965). Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12046 - Security update for Python - SLED10 Severity: &lt;Unspecified&gt; Fixlet ID: 1204604 Fixlet Description: Specially crafted images could trigger an integer overflow in the imageop module (CVE-2007-4965). Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12063 - Security update for IBMJava5-JRE,IBMJava5-SDK - SLES9 Severity: Fixlet ID: 1206301 Fixlet Link: http://support.novell.com/techcenter/psdb/9a5ab06f4b454def4dc88e7b2a5b241b.html Fixlet Description: The IBM Java JRE/SDK has been brought to release 1.5.0 SR6, containing several bugfixes, including the following security fixes: CVE-2007-5232: A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.CVE-2007-5274: A vulnerability in the Java Runtime Environment (JRE) may allow malicious Javascript code that is downloaded by a browser from a malicious website to make network connections, through Java APIs, to network services on machines other than the one that the Javascript code was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.CVE-2007-5273: A second vulnerability in the JRE may allow an untrusted applet that is downloaded from a malicious website through a web proxy to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.CVE-2007-5236: An untrusted Java Web Start application may write arbitrary files with the privileges of the user running the application.CVE-2007-5238: Three separate vulnerabilities may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache.CVE-2007-5239: An untrusted Java Web Start application or Java applet may move or copy arbitrary files by requesting the user of the application or applet to drag and drop a file from the Java Web Start application or Java applet window.CVE-2007-5240: An untrusted applet may display an over-sized window so that the applet warning banner is not visible to the user running the untrusted applet. CVE-2007-4381: A vulnerability in the font parsing code in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.CVE-2007-3698: The Java Secure Socket Extension (JSSE) that is included in various releases of the Java Runtime Environment does not correctly process SSL/TLS handshake requests. This vulnerability may be exploited to create a Denial of Service (DoS) condition to the system as a whole on a server that listens for SSL/TLS connections using JSSE for SSL/TLS support.For more information see: http://www-128.ibm.com/developerworks/java/jdk/alerts/ Also, the timezone data was fixed for the last Argentinia updates. Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12065 - Security update for postgresql - SLES9 Severity: Fixlet ID: 1206501 Fixlet Link: http://support.novell.com/techcenter/psdb/b923c74e6ff969e6dca94231c2d4e667.html Fixlet Description: This version update to 8.1.11 fixes among other things, several security issues: Index Functions Privilege Escalation: CVE-2007-6600Regular Expression Denial-of-Service: CVE-2007-4772, CVE-2007-6067, CVE-2007-4769DBLink Privilege Escalation: CVE-2007-6601 Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8020502 - Security update for PostgreSQL - SLED10 Severity: Fixlet ID: 802050201 Fixlet Link: http://support.novell.com/techcenter/psdb/ffe18637db4f850c8f7a496168b1e74a.html Fixlet Description: This version update to 7.4.19 fixes among other things several security issues: Index Functions Privilege Escalation: CVE-2007-6600 Regular Expression Denial-of-Service: CVE-2007-4772, CVE-2007-6067, CVE-2007-4769 DBLink Privilege Escalation: CVE-2007-6601 Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8020502 - Security update for PostgreSQL - SLES10 Severity: <Unspecified> Fixlet ID: 802050202 Fixlet Description: This version update to 7.4.19 fixes among other things several security issues: Index Functions Privilege Escalation: CVE-2007-6600 Regular Expression Denial-of-Service: CVE-2007-4772, CVE-2007-6067, CVE-2007-4769 DBLink Privilege Escalation: CVE-2007-6601 Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8020503 - Security update for cairo - SLED10/SLES10 Severity: Fixlet ID: 802050301 Fixlet Link: http://support.novell.com/techcenter/psdb/d3c3fe596d357aa5518e0b8765c783ca.html Fixlet Description: This update of cairo fixes several integer overflows while decoding PNG images. This can be exploited remotely with user-assistance to execute arbitrary code. (CVE-2007-5503) Everyone should update. Please see patch page for more detailed information.