Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 224	Published: Wed, 27 May 2009 22:36:37  GMT

New Fixlets:
============

***************************************************************
Title: PATCH-12422 - Security update for IBM Java 5 JRE and IBM Java 5 SDK - SLES9
Severity: <Unspecified>
Fixlet ID: 1242201
Fixlet Link: http://download.novell.com/Download?buildid=7t75xGTQbnw~

Fixlet Description: The update brings IBM Java 5 to SR9-SSU. It fixes a lot of security issues:   CVE-2009-1100: A vulnerability in the Java Runtime Environment (JRE) with storing temporary font files may allow an untrusted applet or application to consume a disproportionate amount of disk space resulting in a denial-of-service condition. CVE-2009-1100: A vulnerability in the Java Runtime Environment (JRE) with processing temporary font files may allow an untrusted applet or application to retain temporary files resulting in a denial-of-service condition. CVE-2009-1103: A vulnerability in the Java Plug-in with deserializing applets may allow an untrusted applet to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2009-1104: The Java Plug-in allows Javascript code that is loaded from the localhost to connect to any port on the system. This may be leveraged together with XSS vulnerabilities in a blended attack to access other applications listening on ports other than the one where the Javascript code was served from. CVE-2009-1093: A vulnerability in the Java Runtime Environment (JRE) with initializing LDAP connections may be exploited by a remote client to cause a denial-of-service condition on the LDAP service. CVE-2009-1094: A vulnerability in Java Runtime Environment LDAP client implementation may allow malicious data from an LDAP server to cause malicious code to be unexpectedly loaded and executed on an LDAP client. CVE-2009-1107: The Java Plugin displays a warning dialog for signed applets. A signed applet can obscure the contents of the dialog and trick a user into trusting the applet. CVE-2009-1095 / CVE-2009-1096: Buffer overflow vulnerabilities in the Java Runtime Environment (JRE) with unpacking applets and Java Web Start applications using the unpack200 JAR unpacking utility may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2009-1098: A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2009-1099: A buffer overflow vulnerability in the Java Runtime Environment with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12424 - Security update for ethereal - SLES9
Severity: <Unspecified>
Fixlet ID: 1242401
Fixlet Link: http://download.novell.com/Download?buildid=oRo39r3_lu4~

Fixlet Description: Version upgrade to Wireshark 1.0.7 to fix various vulnerabilities:   CVE-2009-1269: crash while loading a Tektronix. rf5 file CVE-2009-1268: crash in Check Point High-Availability Protocol (CPHAP) dissector CVE-2009-1267: LDAP dissector could crash on Windows CVE-2009-1210: PROFINET format string bug CVE-2009-1266: additional PROFINET format string bugs, a crash in the PCNFSD dissector Everyone using ethereal please update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9052001 - Security update for the Linux kernel - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 905200101
Fixlet Link: http://download.novell.com/Download?buildid=b_DMoKBuMhA~

Fixlet Description: The Linux kernel on SUSE Linux Enterprise 10 Service Pack 2 was updated to fix various security issues and several bugs. Following security issues were fixed:     CVE-2009-0834: The audit_syscall_entry function in the Linux kernel on the x86_64 platform did not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls.   CVE-2009-1072: nfsd in the Linux kernel did not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.   CVE-2009-0835 The __secure_computing function in kernel/seccomp. c in the seccomp subsystem in the Linux kernel on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod.   CVE-2009-1439: Buffer overflow in fs/cifs/connect. c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) or potential code execution via a long nativeFileSystem field in a Tree Connect response to an SMB mount request. This requires that kernel can be made to mount a "cifs" filesystem from a malicious CIFS server.   CVE-2009-1337: The exit_notify function in kernel/exit. c in the Linux kernel did not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.   CVE-2009-0859: The shm_get_stat function in ipc/shm. c in the shm subsystem in the Linux kernel, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program. (SUSE is enabling CONFIG_SHMEM, so is by default not affected, the fix is just for completeness). The GCC option -fwrapv has been added to compilation to work around potentially removing integer overflow checks.   CVE-2009-1265: Integer overflow in rose_sendmsg (sys/net/af_rose. c) in the Linux kernel might allow attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent. Also a number of bugs were fixed, for details please see the RPM changelog. Everyone using the Linux Kernel on x86 architecture should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9052001 - Security update for the Linux kernel - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 905200103
Fixlet Link: http://download.novell.com/Download?buildid=WY3ntU7S49E~

Fixlet Description: The Linux kernel on SUSE Linux Enterprise 10 Service Pack 2 was updated to fix various security issues and several bugs. Following security issues were fixed:     CVE-2009-0834: The audit_syscall_entry function in the Linux kernel on the x86_64 platform did not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls.   CVE-2009-1072: nfsd in the Linux kernel did not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.   CVE-2009-0835 The __secure_computing function in kernel/seccomp. c in the seccomp subsystem in the Linux kernel on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod.   CVE-2009-1439: Buffer overflow in fs/cifs/connect. c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) or potential code execution via a long nativeFileSystem field in a Tree Connect response to an SMB mount request. This requires that kernel can be made to mount a "cifs" filesystem from a malicious CIFS server.   CVE-2009-1337: The exit_notify function in kernel/exit. c in the Linux kernel did not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.   CVE-2009-0859: The shm_get_stat function in ipc/shm. c in the shm subsystem in the Linux kernel, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program. (SUSE is enabling CONFIG_SHMEM, so is by default not affected, the fix is just for completeness). The GCC option -fwrapv has been added to compilation to work around potentially removing integer overflow checks.   CVE-2009-1265: Integer overflow in rose_sendmsg (sys/net/af_rose. c) in the Linux kernel might allow attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent. Also a number of bugs were fixed, for details please see the RPM changelog. Everyone using the Linux Kernel on x86 architecture should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9052002 - Security update for Acrobat Reader - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 905200201
Fixlet Link: http://download.novell.com/Download?buildid=kegyM0n8uSg~

Fixlet Description: This update of acroread fixes two vulnerabilities in the JavaScript API that allow attackers to execute arbitrary code with a malformed PDF file. (CVE-2009-1492,CVE-2009-1493) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9052201 - Security update for IBM Java 5 - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 905220101
Fixlet Link: http://download.novell.com/Download?buildid=EqN52bFx4jI~

Fixlet Description: The update brings IBM Java 5 to SR9-SSU. It fixes a lot of security issues:   CVE-2009-1100: A vulnerability in the Java Runtime Environment (JRE) with storing temporary font files may allow an untrusted applet or application to consume a disproportionate amount of disk space resulting in a denial-of-service condition. CVE-2009-1100: A vulnerability in the Java Runtime Environment (JRE) with processing temporary font files may allow an untrusted applet or application to retain temporary files resulting in a denial-of-service condition. CVE-2009-1103: A vulnerability in the Java Plug-in with deserializing applets may allow an untrusted applet to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2009-1104: The Java Plug-in allows Javascript code that is loaded from the localhost to connect to any port on the system. This may be leveraged together with XSS vulnerabilities in a blended attack to access other applications listening on ports other than the one where the Javascript code was served from. CVE-2009-1093: A vulnerability in the Java Runtime Environment (JRE) with initializing LDAP connections may be exploited by a remote client to cause a denial-of-service condition on the LDAP service. CVE-2009-1094: A vulnerability in Java Runtime Environment LDAP client implementation may allow malicious data from an LDAP server to cause malicious code to be unexpectedly loaded and executed on an LDAP client. CVE-2009-1107: The Java Plugin displays a warning dialog for signed applets. A signed applet can obscure the contents of the dialog and trick a user into trusting the applet. CVE-2009-1095 / CVE-2009-1096: Buffer overflow vulnerabilities in the Java Runtime Environment (JRE) with unpacking applets and Java Web Start applications using the unpack200 JAR unpacking utility may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2009-1098: A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2009-1099: A buffer overflow vulnerability in the Java Runtime Environment with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9052201 - Security update for IBM Java 5 - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 905220103
Fixlet Link: http://download.novell.com/Download?buildid=tk3RLgkV0LQ~

Fixlet Description: The update brings IBM Java 5 to SR9-SSU. It fixes a lot of security issues:   CVE-2009-1100: A vulnerability in the Java Runtime Environment (JRE) with storing temporary font files may allow an untrusted applet or application to consume a disproportionate amount of disk space resulting in a denial-of-service condition. CVE-2009-1100: A vulnerability in the Java Runtime Environment (JRE) with processing temporary font files may allow an untrusted applet or application to retain temporary files resulting in a denial-of-service condition. CVE-2009-1103: A vulnerability in the Java Plug-in with deserializing applets may allow an untrusted applet to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2009-1104: The Java Plug-in allows Javascript code that is loaded from the localhost to connect to any port on the system. This may be leveraged together with XSS vulnerabilities in a blended attack to access other applications listening on ports other than the one where the Javascript code was served from. CVE-2009-1093: A vulnerability in the Java Runtime Environment (JRE) with initializing LDAP connections may be exploited by a remote client to cause a denial-of-service condition on the LDAP service. CVE-2009-1094: A vulnerability in Java Runtime Environment LDAP client implementation may allow malicious data from an LDAP server to cause malicious code to be unexpectedly loaded and executed on an LDAP client. CVE-2009-1107: The Java Plugin displays a warning dialog for signed applets. A signed applet can obscure the contents of the dialog and trick a user into trusting the applet. CVE-2009-1095 / CVE-2009-1096: Buffer overflow vulnerabilities in the Java Runtime Environment (JRE) with unpacking applets and Java Web Start applications using the unpack200 JAR unpacking utility may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2009-1098: A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. CVE-2009-1099: A buffer overflow vulnerability in the Java Runtime Environment with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9052501 - Security update for RealPlayer - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 905250101
Fixlet Link: http://download.novell.com/Download?buildid=0OnnzRndjzk~

Fixlet Description: RealPlayer 10 is vulnerable to a critical security problem in the flash plugin (CVE-2007-5400). Real does not provide updated binaries of RealPlayer 10 and SUSE is not allowed to ship RealPlayer 11. Therefore this update disables the flash plugin by setting restrictive file system permissions. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9052502 - Security update for acroread_ja - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 905250201
Fixlet Link: http://download.novell.com/Download?buildid=V7tON3TcpEQ~

Fixlet Description: This update of acroread fixes two vulnerabilities in the JavaScript API that allow attackers to execute arbitrary code with a malformed PDF file. (CVE-2009-1492,CVE-2009-1493) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9052601 - Security update for OpenSSL - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 905260101
Fixlet Link: http://download.novell.com/Download?buildid=6zZexN0tyC8~

Fixlet Description: Three remote DoS vulnerabilities have been fixed in OpenSSL:     a DTLS epoch record buffer memory DoS (CVE-2009-1377),  a DTLS fragment handling memory DoS (CVE-2009-1378) and   a DTLS fragment read after a free DoS (CVE-2009-1379). Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9052601 - Security update for OpenSSL - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 905260103
Fixlet Link: http://download.novell.com/Download?buildid=VzIOvv8GOi4~

Fixlet Description: Three remote DoS vulnerabilities have been fixed in OpenSSL:     a DTLS epoch record buffer memory DoS (CVE-2009-1377),  a DTLS fragment handling memory DoS (CVE-2009-1378) and   a DTLS fragment read after a free DoS (CVE-2009-1379). Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9052602 - Security update for ethereal - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 905260201
Fixlet Link: http://download.novell.com/Download?buildid=Twp8CpgIar0~

Fixlet Description: Version upgrade to Wireshark 1.0.7 to fix various vulnerabilities:     CVE-2009-1269: crash while loading a Tektronix. rf5 file  CVE-2009-1268: crash in Check Point High-Availability Protocol (CPHAP) dissector  CVE-2009-1267: LDAP dissector could crash on Windows  CVE-2009-1210: PROFINET format string bug  CVE-2009-1266: additional PROFINET  format string bugs, a crash in the PCNFSD dissector Everyone using ethereal please update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9052602 - Security update for ethereal - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 905260203
Fixlet Link: http://download.novell.com/Download?buildid=VpgmK7iHUVk~

Fixlet Description: Version upgrade to Wireshark 1.0.7 to fix various vulnerabilities:     CVE-2009-1269: crash while loading a Tektronix. rf5 file  CVE-2009-1268: crash in Check Point High-Availability Protocol (CPHAP) dissector  CVE-2009-1267: LDAP dissector could crash on Windows  CVE-2009-1210: PROFINET format string bug  CVE-2009-1266: additional PROFINET  format string bugs, a crash in the PCNFSD dissector Everyone using ethereal please update. Please see patch page for more detailed information.