Fixlet Site - PatchesforSUSELinuxEnterprise Current Version: 183 Published: Tue, 18 Nov 2008 20:41:17 GMT New Fixlets: ============ *************************************************************** Title: PATCH-B8111201 - Security update for MySQL - SLED10 SP1 Severity: Fixlet ID: 811120103 Fixlet Link: http://download.novell.com/Download?buildid=Z8sWafWvNvM~ Fixlet Description: Empty bit-strings in a query could crash the MySQL server (CVE-2008-3963). Due to another flaw users could access tables of other users (CVE-2008-4097, CVE-2008-4098). Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8111201 - Security update for MySQL - SLES10 SP1 Severity: Fixlet ID: 811120105 Fixlet Link: http://download.novell.com/Download?buildid=6jo3Qm3ek3c~ Fixlet Description: Empty bit-strings in a query could crash the MySQL server (CVE-2008-3963). Due to another flaw users could access tables of other users (CVE-2008-4097, CVE-2008-4098). Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8111201 - Security update for MySQL - SLED10 SP2 Severity: Fixlet ID: 811120107 Fixlet Link: http://download.novell.com/Download?buildid=6MQe98mooGw~ Fixlet Description: Empty bit-strings in a query could crash the MySQL server (CVE-2008-3963). Due to another flaw users could access tables of other users (CVE-2008-4097, CVE-2008-4098). Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8111201 - Security update for MySQL - SLES10 SP2 Severity: Fixlet ID: 811120109 Fixlet Link: http://download.novell.com/Download?buildid=EaW5tHwwhLA~ Fixlet Description: Empty bit-strings in a query could crash the MySQL server (CVE-2008-3963). Due to another flaw users could access tables of other users (CVE-2008-4097, CVE-2008-4098). Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8111401 - Security update for Apache 2 - SLES10 SP1 Severity: Fixlet ID: 811140101 Fixlet Link: http://download.novell.com/Download?buildid=vIkKbHojWYU~ Fixlet Description: Missing sanity checks of FTP URLs allowed cross site scripting (XSS) attacks via the mod_prody_ftp module (CVE-2008-2939). Missing precautions allowed cross site request forgery (CSRF) via the mod_proxy_balancer interface (CVE-2007-6420) Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8111801 - Security update for libxml2 - SLED10 SP2 Severity: Fixlet ID: 811180101 Fixlet Link: http://download.novell.com/Download?buildid=LzqNHQkdUfo~ Fixlet Description: This update fixes an integer overflow in libxml2 that could lead to memory corruption and arbitrary code execution. (CVE-2008-4226) Thanks to: Drew Yao of Apple Product Security Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8111801 - Security update for libxml2 - SLES10 SP2 Severity: Fixlet ID: 811180102 Fixlet Link: http://download.novell.com/Download?buildid=9SPIUMprz5g~ Fixlet Description: This update fixes an integer overflow in libxml2 that could lead to memory corruption and arbitrary code execution. (CVE-2008-4226) Thanks to: Drew Yao of Apple Product Security Everyone should update. Please see patch page for more detailed information.