Fixlet Site - PatchesforSUSELinuxEnterprise Current Version: 197 Published: Wed, 28 Jan 2009 22:37:25 GMT New Fixlets: ============ *************************************************************** Title: PATCH-12341 - Security update for openssl - SLES9 Severity: Fixlet ID: 1234101 Fixlet Link: http://download.novell.com/Download?buildid=NEX4r6XMSls~ Fixlet Description: This update improves the verification of return values. Prior to this udpate it was possible to bypass the certification chain checks of openssl. (CVE-2008-5077) Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12342 - Security update for audiofile - SLES9 Severity: Fixlet ID: 1234201 Fixlet Link: http://download.novell.com/Download?buildid=VK0xXp1RKUg~ Fixlet Description: A heap-overflow in libaudiofile was fixed. The overflow existed in the WAV processing code and can be exploited to execute arbitrary code. (CVE-2008-5824) Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-12344 - Security update for XFree86 - SLES9 Severity: Fixlet ID: 1234401 Fixlet Link: http://download.novell.com/Download?buildid=068hyQQ9kI0~ Fixlet Description: XTerm evaluated various ANSI Escape sequences so that command execution was possible if an attacker could pipe raw data to an xterm. (CVE-2008-2383) (It is usually not recommended to display raw data on an xterm. ) Support for Matrox G200EV/G200WB cards was added. Install this update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B9012301 - Security update for net-snmp - SLED10 SP1 Severity: Fixlet ID: 901230101 Fixlet Link: http://download.novell.com/Download?buildid=whb4nyJrj3E~ Fixlet Description: Remote attackers could crash net-snmp via GETBULK-Request (CVE-2008-4309). In addition the following non-security issues have been fixed: typo in error message (bnc#439857) fix duplicate registration warnings on startup (bnc#326957) container insert errors reproducable with shared ip setups (bnc#396773) typo in the snmpd init script to really load all agents (bnc#415127) logrotate config to restart the snmptrapd aswell (bnc#378069) Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B9012301 - Security update for net-snmp - SLES10 SP1 Severity: Fixlet ID: 901230103 Fixlet Link: http://download.novell.com/Download?buildid=Fzfrx5wLBAg~ Fixlet Description: Remote attackers could crash net-snmp via GETBULK-Request (CVE-2008-4309). In addition the following non-security issues have been fixed: typo in error message (bnc#439857) fix duplicate registration warnings on startup (bnc#326957) container insert errors reproducable with shared ip setups (bnc#396773) typo in the snmpd init script to really load all agents (bnc#415127) logrotate config to restart the snmptrapd aswell (bnc#378069) Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B9012301 - Security update for net-snmp - SLED10 SP2 Severity: Fixlet ID: 901230105 Fixlet Link: http://download.novell.com/Download?buildid=Td718yv9ISQ~ Fixlet Description: Remote attackers could crash net-snmp via GETBULK-Request (CVE-2008-4309). In addition the following non-security issues have been fixed: typo in error message (bnc#439857) fix duplicate registration warnings on startup (bnc#326957) container insert errors reproducable with shared ip setups (bnc#396773) typo in the snmpd init script to really load all agents (bnc#415127) logrotate config to restart the snmptrapd aswell (bnc#378069) Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B9012301 - Security update for net-snmp - SLES10 SP2 Severity: Fixlet ID: 901230107 Fixlet Link: http://download.novell.com/Download?buildid=BMzkO6k352I~ Fixlet Description: Remote attackers could crash net-snmp via GETBULK-Request (CVE-2008-4309). In addition the following non-security issues have been fixed: typo in error message (bnc#439857) fix duplicate registration warnings on startup (bnc#326957) container insert errors reproducable with shared ip setups (bnc#396773) typo in the snmpd init script to really load all agents (bnc#415127) logrotate config to restart the snmptrapd aswell (bnc#378069) Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B9012302 - Security update for openssl - SLES10 SP2 Severity: Fixlet ID: 901230201 Fixlet Link: http://download.novell.com/Download?buildid=NCybd14OnX0~ Fixlet Description: This update improves the verification of return values. Prior to this udpate it was possible to bypass the certification chain checks of openssl. (CVE-2008-5077) Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B9012302 - Security update for openssl - SLED10 SP2 Severity: Fixlet ID: 901230203 Fixlet Link: http://download.novell.com/Download?buildid=oQAM69Mtfio~ Fixlet Description: This update improves the verification of return values. Prior to this udpate it was possible to bypass the certification chain checks of openssl. (CVE-2008-5077) Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B9012701 - Security update for compat-openssl097g - SLED10 SP2 Severity: Fixlet ID: 901270101 Fixlet Link: http://download.novell.com/Download?buildid=5jL1GUomWAU~ Fixlet Description: This update improves the verification of return values. Prior to this update it was possible to bypass the certification chain checks of openssl. (CVE-2008-5077) Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B9012701 - Security update for compat-openssl097g - SLES10 SP2 Severity: Fixlet ID: 901270103 Fixlet Link: http://download.novell.com/Download?buildid=YfTIGKzGJJ4~ Fixlet Description: This update improves the verification of return values. Prior to this update it was possible to bypass the certification chain checks of openssl. (CVE-2008-5077) Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B9012702 - Security update for audiofile - SLED10 SP2 Severity: Fixlet ID: 901270201 Fixlet Link: http://download.novell.com/Download?buildid=MTmom6nhjEg~ Fixlet Description: A heap-overflow in libaudiofile was fixed. The overflow existed in the WAV processing code and can be exploited to execute arbitrary code. (CVE-2008-5824) Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B9012702 - Security update for audiofile - SLES10 SP2 Severity: Fixlet ID: 901270203 Fixlet Link: http://download.novell.com/Download?buildid=tMkyI9Dj5Js~ Fixlet Description: A heap-overflow in libaudiofile was fixed. The overflow existed in the WAV processing code and can be exploited to execute arbitrary code. (CVE-2008-5824) Everyone should update. Please see patch page for more detailed information.