Fixlet Site - PatchesforSUSELinuxEnterprise Current Version: 206 Published: Sat, 21 Mar 2009 01:09:14 GMT New Fixlets: ============ *************************************************************** Title: PATCH-B8060103 - Security update for knetworkmanager - SLES10 SP2 Severity: Fixlet ID: 806010301 Fixlet Link: http://download.novell.com/Download?buildid=B5-bSPeZu24~ Fixlet Description: A security update for knetworkmanager is now available. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B8060103 - Security update for knetworkmanager - SLES10 SP2 Severity: Fixlet ID: 806010303 Fixlet Link: http://download.novell.com/Download?buildid=Wqd6EOA0UE8~ Fixlet Description: A security update for knetworkmanager is now available. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B9031601 - Security update for NetworkManager - SLES10 SP2 Severity: Fixlet ID: 903160103 Fixlet Link: http://download.novell.com/Download?buildid=byELoZjfAcs~ Fixlet Description: The NetworkManager configuration was too permissive and allowed any user to read secrets (CVE-2009-0365) or manipulate the configuration of other users (CVE-2009-0578). Everyone using NetworkManager should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B9031601 - Dependency Needed - SLES10 SP2 Severity: Fixlet ID: 903160104 Fixlet Link: http://download.novell.com/Download?buildid=byELoZjfAcs~ Fixlet Description: Updated NetworkManager packages are now available for SuSE Linux Enterprise 10. However, these packages have a dependency that must be resolved. The following installed package less than the specified version must be removed: NetworkManager-gnome-0.6.6-0.14.i586.rpm *************************************************************** Title: PATCH-B9031801 - Security update for dbus - SLES10 SP2 Severity: Fixlet ID: 903180103 Fixlet Link: http://download.novell.com/Download?buildid=v2nCwau8ox8~ Fixlet Description: The dbus package used a too permissive configuration. Therefore intended access control for some services was not applied (CVE-2008-4311). The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well. Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B9031901 - Security update for multipath-tools - SLES10 SP2 Severity: Fixlet ID: 903190101 Fixlet Link: http://download.novell.com/Download?buildid=Hfey3GPyJDY~ Fixlet Description: The default permissions on the multipathd socket file were to generous and allowed any user to connect (CVE-2009-0115). This update also contains the following fixes: Error checking in VECTOR_XXX defines (bnc#469269) Correct definition of dbg_malloc() Double free() on path release Use noflush for kpartx (bnc#473352) multipathd dies immediately after start (bnc#473029) Fix multibus zero-path handling (bnc#476330) Use lists for uevent processing (bnc#478874) Set stack size of uevent handling thread (bnc#478874) Fix multipathd signal deadlock Stack overflow in uev_trigger (bnc#476540) Check for NULL argument in vector_foreach_slot() (bnc#479572) Invalid callout formatting for cciss (bnc#419123) 'no_partitons' feature doesn't work with aliases (bnc#465009) Everybody using multipath should update. Please see patch page for more detailed information.