Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 198	Published: Tue, 03 Feb 2009 02:10:40  GMT

New Fixlets:
============

***************************************************************
Title: PATCH-12336 - Security update for IBM Java5 JRE and SDK - SLES9
Severity: <Unspecified>
Fixlet ID: 1233601
Fixlet Link: http://download.novell.com/Download?buildid=31qIqXFiVvU~

Fixlet Description: This update brings IBM Java 5 to Service Release 9. It fixes the following security problems:   CVE-2008-5350: A security vulnerability in the Java Runtime Environment (JRE) may allow an untrusted applet or application to list the contents of the home directory of the user running the applet or application. CVE-2008-5346: A security vulnerability in the Java Runtime Environment (JRE) with parsing zip files may allow an untrusted applet or application to read arbitrary memory locations in the process that the applet or application is running in. CVE-2008-5343: A vulnerability in Java Web Start and Java Plug-in may allow hidden code on a host to make network connections to that host and to hijack HTTP sessions using cookies stored in the browser. CVE-2008-5344: A vulnerability in the Java Runtime Environment (JRE) with applet classloading may allow an untrusted applet to read arbitrary files on a system that the applet runs on and make network connections to hosts other than the host it was loaded from. CVE-2008-5359: A buffer overflow vulnerability in the Java Runtime Environment (JRE) image processing code may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2008-5341: A vulnerability in the Java Runtime Environment may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache and the username of the user running the Java Web Start application. CVE-2008-5339: A vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java Web Start application to make network connections to hosts other than the host that the application is downloaded from. CVE-2008-5340: A vulnerability in the Java Runtime Environment with launching Java Web Start applications may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. CVE-2008-5348: A security vulnerability in the Java Runtime Environment (JRE) with authenticating users through Kerberos may lead to a Denial of Service (DoS) to the system as a whole, due to excessive consumption of operating system resources. CVE-2008-2086: A vulnerability in Java Web Start may allow certain trusted operations to be performed, such as modifying system properties. CVE-2008-5345: The Java Runtime Environment (JRE) allows code loaded from the local filesystem to access localhost. This may allow code that is maliciously placed on the local filesystem and then subsequently run, to have network access to localhost that would not otherwise be allowed if the code were loaded from a remote host. This may be leveraged to steal cookies and hijack sessions (for domains that map a name to the localhost). CVE-2008-5351: The UTF-8 (Unicode Transformation Format-8) decoder in the Java Runtime Environment (JRE) accepts encodings that are longer than the "shortest" form. This behavior is not a vulnerability in Java SE. However, it may be leveraged to exploit systems running software that relies on the JRE UTF-8 decoder to reject non-shortest form sequences. For example, non-shortest form sequences may be decoded into illegal URIs, which may then allow files that are not otherwise accessible to be read, if the URIs are not checked following UTF-8 decoding. CVE-2008-5360: The Java Runtime Environment creates temporary files with insufficiently random names. This may be leveraged to write JAR files which may then be loaded as untrusted applets and Java Web Start applications to access and provide services from localhost and hence steal cookies. CVE-2008-5353: A security vulnerability in the Java Runtime Environment (JRE) related to deserializing calendar objects may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2008-5356: A buffer vulnerability in the Java Runtime Environment (JRE) with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2008-5354: A buffer overflow vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java application that is launched through the command line to escalate privileges. For example, the untrusted Java application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted Java application. This vulnerability cannot be exploited by an applet or Java Web Start application.  CVE-2008-5357: A buffer vulnerability in the Java Runtime Environment (JRE) with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2008-5352: A buffer overflow vulnerability in the Java Runtime Environment (JRE) with unpacking applets and Java Web Start applications using the "unpack200" JAR unpacking utility may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2008-5342: A security vulnerability in the the Java Web Start BasicService allows untrusted applications that are downloaded from another system to request local files to be displayed by the browser of the user running the untrusted application. References can be found on: http://www-128. ibm. com/developerworks/java/jdk/alerts/ Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12339 - Security update for libpng, libpng-devel - SLES9
Severity: <Unspecified>
Fixlet ID: 1233901
Fixlet Link: http://download.novell.com/Download?buildid=rgytNDfL3a4~

Fixlet Description: This update of libpng fixes the function png_check_keyword() that allowed setting arbitrary bytes in the process memory to 0. (CVE-2008-5907) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9012801 - Security update for amarok - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 901280101
Fixlet Link: http://download.novell.com/Download?buildid=82r6tHbeeqI~

Fixlet Description: This update of amarok fixes several integer overflows and unchecked memory allocations that can be exploited by malformed Audible digital audio files. These bugs could be used in a user-assisted attack scenario to execute arbitrary code remotely.  (CVE-2009-0135, CVE-2009-0136) Everyone should udpate. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9012802 - Security update for libpng - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 901280201
Fixlet Link: http://download.novell.com/Download?buildid=LHRR2IpLJEk~

Fixlet Description: This update of libpng fixes the function png_check_keyword() that allowed setting arbitrary bytes in the process memory to 0. (CVE-2008-5907) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9012802 - Security update for libpng - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 901280203
Fixlet Link: http://download.novell.com/Download?buildid=-6NIoEFuZWE~

Fixlet Description: This update of libpng fixes the function png_check_keyword() that allowed setting arbitrary bytes in the process memory to 0. (CVE-2008-5907) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9012902 - Security update for Linux kernel - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 901290201
Fixlet Link: http://download.novell.com/Download?buildid=yy5pwDs3ClU~

Fixlet Description: The SUSE Linux Enterprise 10 Service Pack 2 kernel was updated to fix some security issues and various bugs. The following security problems have been fixed:     CVE-2008-5079: net/atm/svc. c in the ATM subsystem allowed local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/ *vc file, related to corruption of the vcc table.   CVE-2008-5029: The __scm_destroy function in net/core/scm. c makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors.   CVE-2008-4933: Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog. c allowed attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function.   CVE-2008-5025: Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog. c allowed attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933.   CVE-2008-5182: The inotify functionality might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. A lot of other bugs were fixed, a detailed list can be found in the RPM changelog. Everyone using the Linux Kernel on x86 architecture should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9012902 - Security update for Linux kernel - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 901290203
Fixlet Link: http://download.novell.com/Download?buildid=nrEbHGyZ2pQ~

Fixlet Description: The SUSE Linux Enterprise 10 Service Pack 2 kernel was updated to fix some security issues and various bugs. The following security problems have been fixed:     CVE-2008-5079: net/atm/svc. c in the ATM subsystem allowed local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/ *vc file, related to corruption of the vcc table.   CVE-2008-5029: The __scm_destroy function in net/core/scm. c makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors.   CVE-2008-4933: Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog. c allowed attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function.   CVE-2008-5025: Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog. c allowed attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933.   CVE-2008-5182: The inotify functionality might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. A lot of other bugs were fixed, a detailed list can be found in the RPM changelog. Everyone using the Linux Kernel on x86 architecture should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9012904 - Security update for avahi - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 901290401
Fixlet Link: http://download.novell.com/Download?buildid=zTBPY9BeqYU~

Fixlet Description: Specially crafted mDNS packets could crash the Avahi daemon (CVE-2008-5081). Everyone should update. Please see patch page for more detailed information.