Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 165	Published: Sat, 06 Sep 2008 00:31:53  GMT

New Fixlets:
============

***************************************************************
Title: PATCH-12192 - Security update for vsftpd - SLES9
Severity: <Unspecified>
Fixlet ID: 1219201
Fixlet Link: http://download.novell.com/Download?buildid=uYxw41PL700~

Fixlet Description: This update of vsftpd fixes a memory leak that can occur during authentication. (CVE-2008-2375) Additionally non-security bugs for SLES10 were fixed. There were some issues with simultaneous FTP PUT of the same file name that lead to a corrupted file on the server. Everyone using vsftpd should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12216 - Security update for opensc - SLES9
Severity: <Unspecified>
Fixlet ID: 1221601
Fixlet Link: http://download.novell.com/Download?buildid=_LfShxbmQl4~

Fixlet Description: This update fix a security issues with opensc that occurs during initializing blank smart cards with Siemens CardOS M4. It allows to set the PIN of the smart card without authorization. (CVE-2008-2235) Everyone using opensc with Siemens CardOS M4 should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12226 - Security update for Security update PHP4 - SLES9
Severity: <Unspecified>
Fixlet ID: 1222601
Fixlet Link: http://download.novell.com/Download?buildid=v355GkBUMM0~

Fixlet Description: This update of PHP4 fixes multiple buffer overflows. See http://www. php. net/archive/2008. php#id2008-08-07-1 Everyone using PHP4 should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12233 - Security update for IBM Java5 JRE and IBMJava5 SDK - SLES9
Severity: <Unspecified>
Fixlet ID: 1223301
Fixlet Link: http://download.novell.com/Download?buildid=EGD2h0f2sAQ~

Fixlet Description: IBM Java 5 was updated to SR8 to fix various security issues:   CVE-2008-3104: Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. CVE-2008-3106: A vulnerability in the XML processing API was found. A remote attacker who caused malicious XML to be processed by an untrusted applet or application was able to elevate permissions to access URLs on a remote host. CVE-2008-3108: A buffer overflow vulnerability was found in the font processing code. This allowed remote attackers to extend the permissions of an untrusted applet or application, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. CVE-2008-3111: Several buffer overflow vulnerabilities in Java Web Start were reported. These vulnerabilities allowed an untrusted Java Web Start application to elevate its privileges, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. CVE-2008-3112, CVE-2008-3113: Two file processing vulnerabilities in Java Web Start were found. A remote attacker, by means of an untrusted Java Web Start application, was able to create or delete arbitrary files with the permissions of the user running the untrusted application. CVE-2008-3114: A vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8082202 - Security update for Perl - SLED10 SP1
Severity: <Unspecified>
Fixlet ID: 808220205
Fixlet Link: http://download.novell.com/Download?buildid=X6GvpbcWWMo~

Fixlet Description: Specially crafted regular expressions could crash perl (CVE-2008-1927). Additionally problem in the CGI module was fixed that could result in an endless loop if uploads were cancelled. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8090202 - Security update for vsftpd - SLES10 SP1
Severity: <Unspecified>
Fixlet ID: 809020205

Fixlet Description: This update of vsftpd fixes a memory leak that can occur during authentication. (CVE-2008-2375) Additionally non-security bugs for SLES10 were fixed. There were some issues with simultaneous FTP PUT of the same file name that lead to a corrupted file on the server. Everyone using vsftpd should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8090202 - Security update for vsftpd - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 809020207

Fixlet Description: This update of vsftpd fixes a memory leak that can occur during authentication. (CVE-2008-2375) Additionally non-security bugs for SLES10 were fixed. There were some issues with simultaneous FTP PUT of the same file name that lead to a corrupted file on the server. Everyone using vsftpd should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8090301 - Security update for opensc - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 809030101
Fixlet Link: http://download.novell.com/Download?buildid=iSiln39DEaE~

Fixlet Description: This update fix a security issues with opensc that occurs during initializing blank smart cards with Siemens CardOS M4. It allows to set the PIN of the smart card without authorization.  (CVE-2008-2235) Everyone using opensc with Siemens CardOS M4 should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8090301 - Security update for opensc - SLES10 SP1
Severity: <Unspecified>
Fixlet ID: 809030103

Fixlet Description: This update fix a security issues with opensc that occurs during initializing blank smart cards with Siemens CardOS M4. It allows to set the PIN of the smart card without authorization.  (CVE-2008-2235) Everyone using opensc with Siemens CardOS M4 should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8090303 - Security update for IBM Java 1.5.0 - SLES10 SP1
Severity: <Unspecified>
Fixlet ID: 809030305

Fixlet Description: IBM Java 5 was updated to SR8 to fix various security issues:     CVE-2008-3104: Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet.   CVE-2008-3106: A vulnerability in the XML processing API was found. A remote attacker who caused malicious XML to be processed by an untrusted applet or application was able to elevate permissions to access URLs on a remote host.   CVE-2008-3108: A buffer overflow vulnerability was found in the font processing code. This allowed remote attackers to extend the permissions of an untrusted applet or application, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application.   CVE-2008-3111: Several buffer overflow vulnerabilities in Java Web Start were reported.  These vulnerabilities allowed an untrusted Java Web Start application to elevate its privileges, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application.   CVE-2008-3112, CVE-2008-3113: Two file processing vulnerabilities in Java Web Start were found. A remote attacker, by means of an untrusted Java Web Start application, was able to create or delete arbitrary files with the permissions of the user running the untrusted application.   CVE-2008-3114: A vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8090303 - Security update for IBM Java 1.5.0 - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 809030307

Fixlet Description: IBM Java 5 was updated to SR8 to fix various security issues:     CVE-2008-3104: Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet.   CVE-2008-3106: A vulnerability in the XML processing API was found. A remote attacker who caused malicious XML to be processed by an untrusted applet or application was able to elevate permissions to access URLs on a remote host.   CVE-2008-3108: A buffer overflow vulnerability was found in the font processing code. This allowed remote attackers to extend the permissions of an untrusted applet or application, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application.   CVE-2008-3111: Several buffer overflow vulnerabilities in Java Web Start were reported.  These vulnerabilities allowed an untrusted Java Web Start application to elevate its privileges, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application.   CVE-2008-3112, CVE-2008-3113: Two file processing vulnerabilities in Java Web Start were found. A remote attacker, by means of an untrusted Java Web Start application, was able to create or delete arbitrary files with the permissions of the user running the untrusted application.   CVE-2008-3114: A vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. Install this update. Please see patch page for more detailed information.