Fixlet Site - PatchesforSUSELinuxEnterprise Current Version: 110 Published: Fri, 07 Mar 2008 21:46:58 GMT New Fixlets: ============ *************************************************************** Title: PATCH-12018 - Security update for gvim and vim - SLES9 Severity: Fixlet ID: 1201801 Fixlet Link: http://support.novell.com/techcenter/psdb/93553174629f5421c6cf8b6fd9eb12f9.html Fixlet Description: Vim allows to open content via external programs if the argument contains a "http:" sub-string. It insecurely invoked external web browsers to fetch the remote content. If you run vim in a multiuser environment, install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12018 - Security update for gvim and vim - SLES10 Severity: Fixlet ID: 1201803 Fixlet Description: Vim allows to open content via external programs if the argument contains a "http:" sub-string. It insecurely invoked external web browsers to fetch the remote content. If you run vim in a multiuser environment, install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12018 - Security update for gvim and vim - SLED10 Severity: Fixlet ID: 1201804 Fixlet Description: Vim allows to open content via external programs if the argument contains a "http:" sub-string. It insecurely invoked external web browsers to fetch the remote content. If you run vim in a multiuser environment, install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12074 - Security update for Ghostscript - SLES9 Severity: Fixlet ID: 1207401 Fixlet Link: http://support.novell.com/techcenter/psdb/9c324f30fcb2a47560860b00be29ea05.html Fixlet Description: A stackbased buffer overflow was fixed in the ghostscript interpreter, which potentially could be used to execute code or at least crash ghostscript. (CVE-2008-0411) Install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12074 - Security update for Ghostscript - SLES10 Severity: Fixlet ID: 1207403 Fixlet Description: A stackbased buffer overflow was fixed in the ghostscript interpreter, which potentially could be used to execute code or at least crash ghostscript. (CVE-2008-0411) Install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12074 - Security update for Ghostscript - SLED10 Severity: Fixlet ID: 1207404 Fixlet Description: A stackbased buffer overflow was fixed in the ghostscript interpreter, which potentially could be used to execute code or at least crash ghostscript. (CVE-2008-0411) Install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12078 - Security update for Tomcat - SLES9 Severity: Fixlet ID: 1207801 Fixlet Link: http://support.novell.com/techcenter/psdb/315ff7a101fca9aabbfab11879f31212.html Fixlet Description: Fixed various issues in tomcat: CVE-2007-1860: mod_jk directory traversal CVE-2007-3382: Handling of cookies containing a ' character CVE-2007-3385: Handling of \" in cookies CVE-2007-5641: tomcat path traversal / information leak CVE-2005-2090: tomcat HTTP Request Smuggling CVE-2008-0128: tomcat https information disclosure Everyone using tomcat should install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12078 - Dependencies Needed - SLES9 Severity: Fixlet ID: 1207803 Fixlet Link: http://support.novell.com/techcenter/psdb/315ff7a101fca9aabbfab11879f31212.html Fixlet Description: Fixed various issues in tomcat: CVE-2007-1860: mod_jk directory traversalCVE-2007-3382: Handling of cookies containing a ' characterCVE-2007-3385: Handling of \" in cookiesCVE-2007-5641: tomcat path traversal / information leakCVE-2005-2090: tomcat HTTP Request SmugglingCVE-2008-0128: tomcat https information disclosure However, this update requires that the package "java2-1.4.2" be installed. *************************************************************** Title: PATCH-12093 - Security update for perl-Tk - SLES9 Severity: Fixlet ID: 1209301 Fixlet Link: http://support.novell.com/techcenter/psdb/e7210de56ee03db74da657f036c64cc6.html Fixlet Description: Specially crafted GIF files could crash perl-Tk (CVE-2006-4484). Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12093 - Security update for perl-Tk - SLED10/SLES10 Severity: Fixlet ID: 1209303 Fixlet Description: Specially crafted GIF files could crash perl-Tk (CVE-2006-4484). Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12098 - Security update for ethereal - SLES9 Severity: Fixlet ID: 1209801 Fixlet Link: http://support.novell.com/techcenter/psdb/968678e668eda057d4bdaf20099beaf1.html Fixlet Description: This update fixes the following bugs: the SCTP dissector could crash the SNMP dissector could crash the TFTP dissector could crash Wireshark (maybe a bug in the Cairo library on specific platforms) Everyone using ethereal should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12098 - Security update for ethereal - SLED10 Severity: Fixlet ID: 1209803 Fixlet Description: This update fixes the following bugs: the SCTP dissector could crash the SNMP dissector could crash the TFTP dissector could crash Wireshark (maybe a bug in the Cairo library on specific platforms) Everyone using ethereal should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12098 - Security update for ethereal - SLES10 Severity: Fixlet ID: 1209804 Fixlet Description: This update fixes the following bugs: the SCTP dissector could crash the SNMP dissector could crash the TFTP dissector could crash Wireshark (maybe a bug in the Cairo library on specific platforms) Everyone using ethereal should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12099 - Security update for cups - SLES9 Severity: Fixlet ID: 1209901 Fixlet Link: http://support.novell.com/techcenter/psdb/1addc7e3aa69e266f0fba3fdfef8b6c7.html Fixlet Description: This update of cups fixes a denial-of-service bug (double-free) (CVE-2008-0882) and specially crafted IPP packets can make cups crash too (CVE-2008-0596, CVE-2008-0597). Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12099 - Security update for cups - SLED10/SLES10 Severity: Fixlet ID: 1209903 Fixlet Description: This update of cups fixes a denial-of-service bug (double-free) (CVE-2008-0882) and specially crafted IPP packets can make cups crash too (CVE-2008-0596, CVE-2008-0597). Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12099 - Dependencies Needed - SLED10/SLES10 Severity: Fixlet ID: 1209905 Fixlet Link: http://support.novell.com/techcenter/psdb/1addc7e3aa69e266f0fba3fdfef8b6c7.html Fixlet Description: This update of cups fixes a denial-of-service bug (double-free) (CVE-2008-0882) and specially crafted IPP packets can make cups crash too (CVE-2008-0596, CVE-2008-0597). However, this update requires that the package "libgcc-4.1" be installed and at least version "4.1.2_20070115-0.2". *************************************************************** Title: PATCH-B8022602 - Security update for acroread - SLED10 Severity: Fixlet ID: 802260201 Fixlet Link: http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html Fixlet Description: Adobe Acrobat Reader 8.1.2 contained a /tmp race in its "acroread" wrapper script in the SSL certificate handling. (CVE-2008-0883) Furthermore it contained several duplicated copies of system libraries, which have been removed for this update to make sure they are up-to-date security wise by using the system provided ones. Install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8030401 - Security update for libcdio - SLED10 Severity: Fixlet ID: 803040101 Fixlet Link: http://support.novell.com/techcenter/psdb/bf2817fbb22c3dd73213ecf11ff885a0.html Fixlet Description: Long file names in ISO file systems with Joliet extension could cause a buffer overflow in libcdio (CVE-2007-6613). Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8030401 - Security update for libcdio - SLES10 Severity: Fixlet ID: 803040102 Fixlet Description: Long file names in ISO file systems with Joliet extension could cause a buffer overflow in libcdio (CVE-2007-6613). Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8030402 - Security update for icu - SLES10 Severity: Fixlet ID: 803040201 Fixlet Link: http://support.novell.com/techcenter/psdb/63f0cbcad5785845545f06846015e667.html Fixlet Description: Certain regular expressions could crash the ICU library (CVE-2007-4770, CVE-2007-4771). Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8030402 - Security update for icu - SLED10 Severity: Fixlet ID: 803040202 Fixlet Description: Certain regular expressions could crash the ICU library (CVE-2007-4770, CVE-2007-4771). Everyone should update. Please see patch page for more detailed information.