Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 189	Published: Sat, 06 Dec 2008 02:51:25  GMT

New Fixlets:
============

***************************************************************
Title: PATCH-12308 - Security update for Linux kernel - SLES9
Severity: <Unspecified>
Fixlet ID: 1230801
Fixlet Link: http://download.novell.com/Download?buildid=28IrmLwtf8E~

Fixlet Description: This update of the Linux kernel for SUSE Linux Enterprise Server 9 SP4 contains various bugfixes and some security fixes. The following security bugs have been fixed:   CVE-2008-4210: fs/open. c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O. CVE-2008-3528: The ext[234] filesystem code fails to properly handle corrupted data structures. With a mounted filesystem image or partition that have corrupted dir-&gt;i_size and dir-&gt;i_blocks, a user performing either a read or write operation on the mounted image or partition can lead to a possible denial of service by spamming the logfile. CVE-2008-5029: The __scm_destroy function in net/core/scm. c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors. An update for the drbd kernel module is also included. Please also install the drbd user-space maintenance update. For the normal bugfixes please review the RPM changelog. Everyone using the Linux Kernel should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12308 - Dependencies Needed - SLES9
Severity: <Unspecified>
Fixlet ID: 1230802
Fixlet Link: http://download.novell.com/Download?buildid=28IrmLwtf8E~

Fixlet Description: Updated Linux kernel packages are now available for SuSE Linux Enterprise 9. However, these packages have a dependency that must be resolved. The following package must be installed at the specified version or greater:  mkinitrd-1.2-106.81.i586.rpm

***************************************************************
Title: PATCH-12315 - Security update for ndiswrapper - SLES9
Severity: <Unspecified>
Fixlet ID: 1231501
Fixlet Link: http://download.novell.com/Download?buildid=THi-eP6MsUk~

Fixlet Description: The ndiswrapper was updated to fix multiple buffer overflows that can be exploited over a connected WLAN by using long ESSID stings. (CVE-2008-4395) Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8120302 - Security update for dbus - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 812030213
Fixlet Link: http://download.novell.com/Download?buildid=sq1t--tp2I4~

Fixlet Description: This update fixes a denial of service bug in dbus. (CVE-2008-3834) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8120302 - Security update for dbus - SLES10 SP1
Severity: <Unspecified>
Fixlet ID: 812030215
Fixlet Link: http://download.novell.com/Download?buildid=QzNv7Za_4Pk~

Fixlet Description: This update fixes a denial of service bug in dbus. (CVE-2008-3834) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8120302 - Security update for dbus - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 812030219
Fixlet Link: http://download.novell.com/Download?buildid=P-qQMioQEFM~

Fixlet Description: This update fixes a denial of service bug in dbus. (CVE-2008-3834) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8120302 - Security update for dbus - SLED10 SP1
Severity: <Unspecified>
Fixlet ID: 812030221
Fixlet Link: http://download.novell.com/Download?buildid=ysQWonaTsFs~

Fixlet Description: This update fixes a denial of service bug in dbus. (CVE-2008-3834) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8120401 - Security update for ndiswrapper - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 812040101
Fixlet Link: http://download.novell.com/Download?buildid=Gdbzj4f0M70~

Fixlet Description: The ndiswrapper was updated to fix multiple buffer overflows that can be exploited over a connected WLAN by using long ESSID stings. (CVE-2008-4395) Install this update. Please see patch page for more detailed information.