Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 121	Published: Wed, 09 Apr 2008 23:10:25  GMT

New Fixlets:
============

***************************************************************
Title: PATCH-12071 - Security update for Tk - SLES9
Severity: <Unspecified>
Fixlet ID: 1207101
Fixlet Link: http://support.novell.com/techcenter/psdb/4546b749458249bfe384e07a8f465fe5.html

Fixlet Description: Specially crafted GIF images could cause a buffer overflow and crash tk. It seems unlikely but not entirely impossible that this overflow can be exploited to execute arbitrary code (CVE-2008-0553). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12071 - Security update for Tk - SLED10
Severity: <Unspecified>
Fixlet ID: 1207103

Fixlet Description: Specially crafted GIF images could cause a buffer overflow and crash tk. It seems unlikely but not entirely impossible that this overflow can be exploited to execute arbitrary code (CVE-2008-0553). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12071 - Security update for Tk - SLES10
Severity: <Unspecified>
Fixlet ID: 1207104

Fixlet Description: Specially crafted GIF images could cause a buffer overflow and crash tk. It seems unlikely but not entirely impossible that this overflow can be exploited to execute arbitrary code (CVE-2008-0553). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12117 - Security update for CUPS - SLES9
Severity: <Unspecified>
Fixlet ID: 1211701
Fixlet Link: http://support.novell.com/techcenter/psdb/b8c1c10ee3584bcc23b201ff91e9ce95.html

Fixlet Description: This update addresses multiple security issues in CUPS:   specially crafted GIF files could cause a buffer overflow in the printer filter for image files (CVE-2008-1373). specially crafted files could cause a buffer overflow in the HP-GL/2 printer filter (CVE-2008-0053). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12122 - Security update for OpenSSH - SLES9
Severity: <Unspecified>
Fixlet ID: 1212201
Fixlet Link: http://support.novell.com/techcenter/psdb/0a4d98ee282fa46b8ffaf141da879687.html

Fixlet Description: A flaw in the X forwarding code of openssh allowed malicious users to steal the X access credentials of other users (CVE-2008-1483). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12122 - Security update for OpenSSH - SLED10/SLES10
Severity: <Unspecified>
Fixlet ID: 1212203

Fixlet Description: A flaw in the X forwarding code of openssh allowed malicious users to steal the X access credentials of other users (CVE-2008-1483). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12124 - Security update for Apache 2 - SLES9
Severity: <Unspecified>
Fixlet ID: 1212401
Fixlet Link: http://support.novell.com/techcenter/psdb/2c87b234552522821a81df2a63d03f8c.html

Fixlet Description: This update fixes multiple bugs in apache:    cross site scripting problem in mod_imap        (CVE-2007-5000)            cross site scripting problem in mod_status        (CVE-2007-6388)            cross site scripting problem in the ftp proxy module        (CVE-2008-0005)            cross site scripting problem in the error page for status code 413        (CVE-2007-6203) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12125 - Security update for Apache - SLES9
Severity: <Unspecified>
Fixlet ID: 1212501
Fixlet Link: http://support.novell.com/techcenter/psdb/484f33da03a9e3e4632f40254c4a96a3.html

Fixlet Description: This update fixes multiple bugs in apache:    cross site scripting problem when processing the 'Expect' header        (CVE-2006-3918)            cross site scripting problem in mod_imap        (CVE-2007-5000)            cross site scripting problem in mod_status        (CVE-2007-6388)     cross site scripting problem in the ftp proxy module        (CVE-2008-0005) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12126 - Security update for Java2 - SLES9
Severity: <Unspecified>
Fixlet ID: 1212601
Fixlet Link: http://support.novell.com/techcenter/psdb/981c2591380984c2225999d768ea9e97.html

Fixlet Description: Sun Java was updated to 1.4.2u17 to fix following security vulnerabilities:    CVE-2008-1158: Unspecified vulnerability in the Virtual Machine for        Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0        Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote        attackers should gain privileges via an untrusted application or applet, a        different issue than CVE-2008-1186.    CVE-2008-1186: Unspecified vulnerability in the Virtual Machine for        Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier,        and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain        privileges via an untrusted application or applet, a different issue        than CVE-2008-1185.    CVE-2008-1187: Unspecified vulnerability in Sun Java Runtime        Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and        earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to        cause a denial of service (JRE crash) and possibly execute arbitrary        code via unknown vectors related to XSLT transforms.    CVE-2008-1189: Buffer overflow in Java Web Start in Sun JDK and JRE        6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE        1.4.2_16 and earlier allows remote attackers to execute arbitrary code        via unknown vectors, a different issue than CVE-2008-1188.    CVE-2008-1190: Unspecified vulnerability in Java Web Start in Sun        JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and        SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain        privileges via an untrusted application, a different issue than        CVE-2008-1191.    CVE-2008-1192: Unspecified vulnerability in the Java Plug-in for Sun        JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and        SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows        remote attackers to bypass the same origin policy and "execute local        applications" via unknown vectors.    CVE-2008-1195: Unspecified vulnerability in Sun JDK and Java Runtime        Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and        earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers        to access arbitrary network services on the local host via unspecified        vectors related to JavaScript and Java APIs.    CVE-2008-1196: Stack-based buffer overflow in Java Web Start        (javaws. exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update        14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote        attackers to execute arbitrary code via a crafted JNLP file. Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12128 - Security update for xine - SLED10
Severity: <Unspecified>
Fixlet ID: 1212801
Fixlet Link: http://support.novell.com/techcenter/psdb/c306f60e38b7ce6d70968bf8f88568d1.html

Fixlet Description: Specially crafted files could cause integer overflows in the xine library. Attackers could potentially exploit that to execute arbitrary code with the privileges of the user who opened such a file (CVE-2008-1482). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8040101 - Security update for MozillaFirefox,MozillaFirefox-translations - SLED10/SLES10
Severity: <Unspecified>
Fixlet ID: 804010101
Fixlet Link: http://support.novell.com/techcenter/psdb/582b39035a906e2902717de1327b2cf2.html

Fixlet Description: This update brings Mozilla Firefox to security update version 2.0.0.13. Following security problems were fixed:    MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant        (cross-tab popups)    MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket        connection to any local port via LiveConnect    MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client        Authentication    MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with        malformed URLs    MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with        evidence of memory corruption (rv:1.8.1.13)    MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235:        JavaScript privilege escalation and arbitrary code execution. Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8040101 - Dependencies Needed - SLED10/SLES10
Severity: <Unspecified>
Fixlet ID: 804010103
Fixlet Link: http://support.novell.com/techcenter/psdb/582b39035a906e2902717de1327b2cf2.html

Fixlet Description: This update brings Mozilla Firefox to security update version 2.0.0.13. However, this update requires that the package "mozilla-nspr" be installed and at least version "4.6.4".

***************************************************************
Title: PATCH-B8040201 - Security update for CUPS - SLED10/SLES10
Severity: <Unspecified>
Fixlet ID: 804020101
Fixlet Link: http://support.novell.com/techcenter/psdb/e7d36fe2fd0d8b1a9db8e847bc095dd6.html

Fixlet Description: This update addresses multiple security issues in CUPS:  specially crafted GIF files could cause a buffer overflow in the printer filter for image files (CVE-2008-1373). specially crafted files could cause a buffer overflow in the HP-GL/2 printer filter (CVE-2008-0053). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8040201 - Dependencies Needed - SLED10/SLES10
Severity: <Unspecified>
Fixlet ID: 804020103
Fixlet Link: http://support.novell.com/techcenter/psdb/e7d36fe2fd0d8b1a9db8e847bc095dd6.html

Fixlet Description: Updated cups packages are now available. However, this update requires that the package "libgcc" be installed and at least version "4.1.2".

***************************************************************
Title: PATCH-B8040203 - Security update for Sun Java - SLED10
Severity: <Unspecified>
Fixlet ID: 804020303
Fixlet Link: http://support.novell.com/techcenter/psdb/574223d1ffcde352dd063081d2f81f3e.html

Fixlet Description: Sun Java was updated to 1.4.2u17 to fix following security vulnerabilities:    CVE-2008-1158: Unspecified vulnerability in the Virtual Machine for        Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0        Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote         attackers should gain privileges via an untrusted application or applet, a        different issue than CVE-2008-1186.    CVE-2008-1186: Unspecified vulnerability in the Virtual Machine for        Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier,        and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain        privileges via an untrusted application or applet, a different issue        than CVE-2008-1185.    CVE-2008-1187: Unspecified vulnerability in Sun Java Runtime        Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and        earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to        cause a denial of service (JRE crash) and possibly execute arbitrary        code via unknown vectors related to XSLT transforms.    CVE-2008-1189: Buffer overflow in Java Web Start in Sun JDK and JRE        6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE        1.4.2_16 and earlier allows remote attackers to execute arbitrary code        via unknown vectors, a different issue than CVE-2008-1188.    CVE-2008-1190: Unspecified vulnerability in Java Web Start in Sun        JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and        SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain        privileges via an untrusted application, a different issue than        CVE-2008-1191.    CVE-2008-1192: Unspecified vulnerability in the Java Plug-in for Sun        JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and        SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows        remote attackers to bypass the same origin policy and "execute local        applications" via unknown vectors.    CVE-2008-1195: Unspecified vulnerability in Sun JDK and Java Runtime        Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and        earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers        to access arbitrary network services on the local host via unspecified        vectors related to JavaScript and Java APIs.    CVE-2008-1196: Stack-based buffer overflow in Java Web Start        (javaws. exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update        14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote        attackers to execute arbitrary code via a crafted JNLP file. Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8040203 - Security update for Sun Java - SLES10
Severity: <Unspecified>
Fixlet ID: 804020304

Fixlet Description: Sun Java was updated to 1.4.2u17 to fix following security vulnerabilities:    CVE-2008-1158: Unspecified vulnerability in the Virtual Machine for        Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0        Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote         attackers should gain privileges via an untrusted application or applet, a        different issue than CVE-2008-1186.    CVE-2008-1186: Unspecified vulnerability in the Virtual Machine for        Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier,        and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain        privileges via an untrusted application or applet, a different issue        than CVE-2008-1185.    CVE-2008-1187: Unspecified vulnerability in Sun Java Runtime        Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and        earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to        cause a denial of service (JRE crash) and possibly execute arbitrary        code via unknown vectors related to XSLT transforms.    CVE-2008-1189: Buffer overflow in Java Web Start in Sun JDK and JRE        6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE        1.4.2_16 and earlier allows remote attackers to execute arbitrary code        via unknown vectors, a different issue than CVE-2008-1188.    CVE-2008-1190: Unspecified vulnerability in Java Web Start in Sun        JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and        SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain        privileges via an untrusted application, a different issue than        CVE-2008-1191.    CVE-2008-1192: Unspecified vulnerability in the Java Plug-in for Sun        JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and        SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows        remote attackers to bypass the same origin policy and "execute local        applications" via unknown vectors.    CVE-2008-1195: Unspecified vulnerability in Sun JDK and Java Runtime        Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and        earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers        to access arbitrary network services on the local host via unspecified        vectors related to JavaScript and Java APIs.    CVE-2008-1196: Stack-based buffer overflow in Java Web Start        (javaws. exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update        14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote        attackers to execute arbitrary code via a crafted JNLP file. Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8040204 - Security update for Xgl - SLED10
Severity: <Unspecified>
Fixlet ID: 804020401
Fixlet Link: http://support.novell.com/techcenter/psdb/73bcec1d4109828f3a57fa3ddd541cd1.html

Fixlet Description: This update fixes several integer overflows in Xgl (CVE-2007-6429, CVE-2007-1003, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8040301 - Security update for Apache 2 - SLES10
Severity: <Unspecified>
Fixlet ID: 804030101
Fixlet Link: http://support.novell.com/techcenter/psdb/652745fced1c4af0216a2f3d8430a472.html

Fixlet Description: This update fixes multiple bugs in apache:    cross site scripting problem in mod_imap        (CVE-2007-5000)            cross site scripting problem in mod_status        (CVE-2007-6388)            cross site scripting problem in the ftp proxy module        (CVE-2008-0005)            cross site scripting problem in the error page for status code 413        (CVE-2007-6203)            cross site scripting problem in mod_proxy_balancer        (CVE-2007-6421)            A flaw in mod_proxy_balancer allowed attackers to crash apache        (CVE-2007-6422) Everyone should update. Please see patch page for more detailed information.