Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 208	Published: Wed, 01 Apr 2009 01:25:14  GMT

New Fixlets:
============

***************************************************************
Title: PATCH-12377 - Security update for multipath-tools - SLES9
Severity: <Unspecified>
Fixlet ID: 1237701
Fixlet Link: http://download.novell.com/Download?buildid=e1kFKUYJKYw~

Fixlet Description: The default permissions on the multipathd socket file were to generous and allowed any user to connect (CVE-2009-0115). This update also contains the following fixes:  multipathd is not started for single paths (bnc#473841) Backport max_fds parameter (bnc#457632) Rename NetApp prio callout to 'ontap' (bnc#446661) Increase udev settle timeout (bnc#408369) Everybody should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12377 - Dependencies Needed - SLES9
Severity: <Unspecified>
Fixlet ID: 1237702
Fixlet Link: http://download.novell.com/Download?buildid=e1kFKUYJKYw~

Fixlet Description: Updated multipath-tools packages are now available for SuSE Linux Enterprise 9. However, these packages have a dependency that must be resolved. The following package must be installed at the specified version or greater:  device-mapper-1.01.01-1.2.i586.rpm

***************************************************************
Title: PATCH-12380 - Security update for Linux kernel - SLES9
Severity: <Unspecified>
Fixlet ID: 1238001
Fixlet Link: http://download.novell.com/Download?buildid=LigNXNC_GVs~

Fixlet Description: The SUSE Linux Enterprise 9 kernel has been updated to fix lots of bugs and several security issues. Following security issues were fixed:   CVE-2009-0028: The clone system call in the Linux kernel allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. CVE-2009-0675: The skfp_ioctl function in drivers/net/skfp/skfddi. c in the Linux kernel permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue. CVE-2009-0676: The sock_getsockopt function in net/core/sock. c in the Linux kernel does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. CVE-2009-0322: drivers/firmware/dell_rbu. c in the Linux kernel allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/. CVE-2009-0065: Buffer overflow in net/sctp/sm_statefuns. c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID. Everyone using the Linux Kernel should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12380 - Dependencies Needed - SLES9
Severity: <Unspecified>
Fixlet ID: 1238002
Fixlet Link: http://download.novell.com/Download?buildid=LigNXNC_GVs~

Fixlet Description: Updated Linux kernel packages are now available for SuSE Linux Enterprise 9. However, these packages have a dependency that must be resolved. The following package must be installed at the specified version or greater:  mkinitrd-1.2-27.9.i586.rpm

***************************************************************
Title: PATCH-12382 - Security update for PHP4 - SLES9
Severity: <Unspecified>
Fixlet ID: 1238201
Fixlet Link: http://download.novell.com/Download?buildid=eYuJ2bnF4zo~

Fixlet Description: Specially crafted strings could trigger a heap based buffer overflow in the php mbstring extension. Attackers could potenially exploit that to execute arbitrary code (CVE-2008-5557). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9032701 - Security update for xntp - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 903270101
Fixlet Link: http://download.novell.com/Download?buildid=7AkRfxd6ijY~

Fixlet Description: ntp didn't properly check the return value of the openssl function EVP_VerifyFinal (CVE-2009-0021). Additionally, a problem where ntpd refused to use keys from /etc/ntp. keys has been fixed. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9033001 - Security update for Java Struts - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 903300101
Fixlet Link: http://download.novell.com/Download?buildid=x9GiiHT2Qjc~

Fixlet Description: Insufficient quoting of parameters allowed attackers to conduct cross site scripting (XSS) attacks. Everyone should update. Please see patch page for more detailed information.