Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 205	Published: Fri, 13 Mar 2009 00:17:10  GMT

New Fixlets:
============

***************************************************************
Title: PATCH-12356 - Security update for curl - SLES9
Severity: <Unspecified>
Fixlet ID: 1235601
Fixlet Link: http://download.novell.com/Download?buildid=lrbJE9OUpqM~

Fixlet Description: Arbitrary file access via HTTP-redirect has been fixed in curl. CVE-2009-0037 has been assigned to this issue. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12359 - Security update for libmikmod - SLES9
Severity: <Unspecified>
Fixlet ID: 1235901
Fixlet Link: http://download.novell.com/Download?buildid=cSeElpksysw~

Fixlet Description: Specially crafted XM files or playing mod files with varying number of channels could crash applications using libmikmod (CVE-2009-0179, CVE-2007-6720). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12360 - Security update for ViM - SLES9
Severity: <Unspecified>
Fixlet ID: 1236001
Fixlet Link: http://download.novell.com/Download?buildid=9jyfn6o0VK4~

Fixlet Description: The VI Improved editor (vim) received bugfixes for some code execution problems.   CVE-2008-2712: Arbitrary code execution in vim helper plugins filetype. vim, zipplugin, xpm. vim, gzip_vim, and netrw were fixed. CVE-2008-4101: Arbitrary code execution when pressing K, ctrl-] or g] depending on the text under the cursor. CVE-2008-4677: The netrw plugin sent credentials to all servers. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9030301 - Security update for curl - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 903030101
Fixlet Link: http://download.novell.com/Download?buildid=IOCfKHuGc0E~

Fixlet Description: Arbitrary file access via HTTP-redirect has been fixed in curl. CVE-2009-0037 has been assigned to this issue. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9030302 - Security update for libmikmod - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 903030201
Fixlet Link: http://download.novell.com/Download?buildid=XKXjB-TYiJY~

Fixlet Description: Specially crafted XM files or playing mod files with varying number of channels could crash applications using libmikmod (CVE-2009-0179, CVE-2007-6720). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9030601 - Security update for Apache 2 - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 903060103
Fixlet Link: http://download.novell.com/Download?buildid=QZxujJz01Dk~

Fixlet Description: A DoS condition in apache2's mod_proxy has been fixed. CVE-2008-2364 has been assigned to this issue. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9031001 - Security update for hal - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 903100101
Fixlet Link: http://download.novell.com/Download?buildid=KrCN-qa66sc~

Fixlet Description: The dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well. Additionally a bug in hal that allowed users to crash the hal daemon has been fixed. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9031002 - Security update for vim - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 903100201
Fixlet Link: http://download.novell.com/Download?buildid=8z36qqSLsCk~

Fixlet Description: The VI Improved editor (vim) received bugfixes for some code execution problems.     CVE-2008-2712: Arbitrary code execution in vim helper plugins filetype. vim,  zipplugin, xpm. vim, gzip_vim, and netrw were fixed.  CVE-2008-4101: Arbitrary code execution when pressing K, ctrl-] or g] depending on the text under the cursor. Install this update. Please see patch page for more detailed information.