Fixlet Site - PatchesforSUSELinuxEnterprise Current Version: 233 Published: Fri, 26 Jun 2009 22:10:37 GMT New Fixlets: ============ *************************************************************** Title: PATCH-B9062301 - Security update for ImageMagick.rpm - SLED10 SP2 Severity: Fixlet ID: 906230101 Fixlet Link: http://download.novell.com/Download?buildid=D4ZyqLl2EkU~ Fixlet Description: This update of ImageMagick fixes an integer overflow in the XMakeImage() function that allowed remote attackers to cause a denial-of-service and possibly the execution of arbitrary code via a crafted TIFF file. (CVE-2009-1882) Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B9062401 - Security update for poppler - SLED10 SP2 Severity: Fixlet ID: 906240101 Fixlet Link: http://download.novell.com/Download?buildid=Z8vMOjo5ZOI~ Fixlet Description: This update of poppler: fix various security bugs that occur while decoding JBIG2 (CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183). Further a denial of service bug in function FormWidgetChoice::loadDefaults() (CVE-2009-0755) and JBIG2Stream::readSymbolDictSeg() (CVE-2009-0756) was closed that could be triggered via malformed PDF files. Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B9062401 - Security update for poppler - SLES10 SP2 Severity: Fixlet ID: 906240103 Fixlet Link: http://download.novell.com/Download?buildid=g5YHaUK7XUo~ Fixlet Description: This update of poppler: fix various security bugs that occur while decoding JBIG2 (CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183). Further a denial of service bug in function FormWidgetChoice::loadDefaults() (CVE-2009-0755) and JBIG2Stream::readSymbolDictSeg() (CVE-2009-0756) was closed that could be triggered via malformed PDF files. Everyone should update. Please see patch page for more detailed information. *************************************************************** Title: PATCH-B9062402 - Security update for ipsec-tools - SLES10 SP2 Severity: Fixlet ID: 906240201 Fixlet Link: http://download.novell.com/Download?buildid=Zr6r7Zum4Ns~ Fixlet Description: This update of ipsec-tools fixes a crash of racoon in ISAKMP's de-fragmentation code due to a NULL-pointer dereference (CVE-2009-1574). Additionally multiple memory leaks were fixed that allowed to execute a remote denial of service attack (CVE-2009-1632). Everyone should update. Please see patch page for more detailed information.