Fixlet Site - PatchesforSUSELinuxEnterprise Current Version: 181 Published: Mon, 10 Nov 2008 22:43:23 GMT New Fixlets: ============ *************************************************************** Title: PATCH-12258 - Security update for Apache 2 - SLES9 Severity: Fixlet ID: 1225801 Fixlet Link: http://download.novell.com/Download?buildid=oGtQ7BhDFrg~ Fixlet Description: Missing sanity checks of FTP URLs allowed cross site scripting (XSS) attacks via the mod_prody_ftp module (CVE-2008-2939). Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12275 - Security update for enscript - SLES9 Severity: Fixlet ID: 1227501 Fixlet Link: http://download.novell.com/Download?buildid=Pk5WpXAO2AA~ Fixlet Description: This update of enscript fixes buffer overflows in the setfilename (CVE-2008-3863), process_file and read_special_escape function that can be exploited during file processing. Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8110501 - Security update for Apache 2 - SLES10 SP1 Severity: Fixlet ID: 811050102 Fixlet Link: http://download.novell.com/Download?buildid=aQicNb_8VQQ~ Fixlet Description: Missing sanity checks of FTP URLs allowed cross site scripting (XSS) attacks via the mod_prody_ftp module (CVE-2008-2939). Missing precautions allowed cross site request forgery (CSRF) via the mod_proxy_balancer interface (CVE-2007-6420) Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8110501 - Security update for Apache 2 - SLES10 SP2 Severity: Fixlet ID: 811050103 Fixlet Description: Missing sanity checks of FTP URLs allowed cross site scripting (XSS) attacks via the mod_prody_ftp module (CVE-2008-2939). Missing precautions allowed cross site request forgery (CSRF) via the mod_proxy_balancer interface (CVE-2007-6420) Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8110601 - Security update for enscript - SLED10 SP2 Severity: Fixlet ID: 811060105 Fixlet Link: http://download.novell.com/Download?buildid=njJumcidJaY~ Fixlet Description: This update of enscript fixes buffer overflows in the setfilename (CVE-2008-3863), process_file and read_special_escape function that can be exploited during file processing. Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8110601 - Security update for enscript - SLES10 SP2 Severity: Fixlet ID: 811060107 Fixlet Link: http://download.novell.com/Download?buildid=C9LUprSiVAs~ Fixlet Description: This update of enscript fixes buffer overflows in the setfilename (CVE-2008-3863), process_file and read_special_escape function that can be exploited during file processing. Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8110601 - Security update for enscript - SLES10 SP1 Severity: Fixlet ID: 811060109 Fixlet Link: http://download.novell.com/Download?buildid=48dZIMBCAuI~ Fixlet Description: This update of enscript fixes buffer overflows in the setfilename (CVE-2008-3863), process_file and read_special_escape function that can be exploited during file processing. Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8110601 - Security update for enscript - SLED10 SP1 Severity: Fixlet ID: 811060111 Fixlet Link: http://download.novell.com/Download?buildid=HXu8LSsmO44~ Fixlet Description: This update of enscript fixes buffer overflows in the setfilename (CVE-2008-3863), process_file and read_special_escape function that can be exploited during file processing. Everyone should update. Please see patch page for more detailed information.