Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 209	Published: Thu, 09 Apr 2009 00:21:05  GMT

New Fixlets:
============

***************************************************************
Title: PATCH-B9040101 - Security update for PHP5 - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 904010101
Fixlet Link: http://download.novell.com/Download?buildid=p8USjXmynEY~

Fixlet Description: The following bugs have been fixed:     Missing bounds checks of an error in the imageRotate function of the gd extension potentially allowed attackers to read portions of memory (CVE-2008-5498).   The mbstring. func_overload in. htaccess was applied to other virtual hosts on th same machine (CVE-2009-0754). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9040201 - Security update for libsndfile - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 904020101
Fixlet Link: http://download.novell.com/Download?buildid=5J1m7MqWGOg~

Fixlet Description: Specially crafted CAF files could cause an integer overflow in libsndfile (CVE-2009-0186). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9040301 - Security update for Linux kernel - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 904030103
Fixlet Link: http://download.novell.com/Download?buildid=3JQXBegE5pM~

Fixlet Description: This Linux kernel update for SUSE Linux Enterprise 10 Service Pack 2 fixes various bugs and several security issues. Following security issues were fixed:     CVE-2009-0675: The skfp_ioctl function in drivers/net/skfp/skfddi. c in the Linux kernel permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue.   CVE-2009-0676: The sock_getsockopt function in net/core/sock. c in the Linux kernel does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.   CVE-2009-0028: The clone system call in the Linux kernel allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit.   CVE-2008-1294: The Linux kernel does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.   CVE-2009-0065: Buffer overflow in net/sctp/sm_statefuns. c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.   CVE-2009-1046: The console selection feature in the Linux kernel when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an an off-by-two memory error. It is is not clear if this can be exploited at all. Also a huge number of regular bugs were fixed, please see the RPM changelog for full details. Everyone using the Linux Kernel on x86 architecture should update. Please see patch page for more detailed information.