Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 118	Published: Tue, 01 Apr 2008 23:52:54  GMT

New Fixlets:
============

***************************************************************
Title: PATCH-12116 - Security update for Tomcat - SLES9
Severity: <Unspecified>
Fixlet ID: 1211601
Fixlet Link: http://support.novell.com/techcenter/psdb/9ad93d9cf0cbff51419c9761a5fc4cdd.html

Fixlet Description: This update of Tomcat fixes cross-site-scripting bugs (CVE-2007-2449) as well as it improves the list of supported SSL ciphers (CVE-2007-1858). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8030601 - Security update for dbus-1 - SLES10
Severity: <Unspecified>
Fixlet ID: 803060107
Fixlet Link: http://support.novell.com/techcenter/psdb/0b3dce980b6c546905e7dab55b0509e0.html

Fixlet Description: This update of dbus-1 fixes a vulnerability caused by applying the policies incorrectly. (CVE-2008-0595) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8030601 - Security update for dbus-1 - SLED10
Severity: &lt;Unspecified&gt;
Fixlet ID: 803060108

Fixlet Description: This update of dbus-1 fixes a vulnerability caused by applying the policies incorrectly. (CVE-2008-0595) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8030602 - Security update for compat-openssl097g - SLED10/SLES10
Severity: <Unspecified>
Fixlet ID: 803060206
Fixlet Link: http://support.novell.com/techcenter/psdb/82e9a9e9161dee76b160f71a7f82982e.html

Fixlet Description: This update of openssl fixes a off-by-one buffer overflow in function SSL_get_shared_ciphers(). This vulnerability potentially allows remote code execution; depending on memory layout of the process. (CVE-2007-5135) We released updates for openssl already, but an update for the compat 0.9.7g openssl libraries was missing and is provided with this patch. Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8032601 - Security update for unzip - SLED10/SLES10
Severity: <Unspecified>
Fixlet ID: 803260101
Fixlet Link: http://support.novell.com/techcenter/psdb/9c5a74e01832478b2b39aa7d49f11c52.html

Fixlet Description: Specially crafted files could lead unzip into using uninitialized memory. Everyone should update. Please see patch page for more detailed information.