Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 238	Published: Tue, 21 Jul 2009 16:12:25  GMT

New Fixlets:
============

***************************************************************
Title: PATCH-12447 - Security update for dhcp-client - SLES9
Severity: <Unspecified>
Fixlet ID: 1244701
Fixlet Link: http://download.novell.com/Download?buildid=88HwN1GnJvk~

Fixlet Description: The DHCP client (dhclient) could be crashed by a malicious DHCP server sending an overlong subnet field. Under some circumstances remote code execution might be possible by exploiting the resulting buffer overflow. This issue has been tracked by CVE-2009-0692. Everyone should install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12452 - Security update for ruby - SLES9
Severity: <Unspecified>
Fixlet ID: 1245201
Fixlet Link: http://download.novell.com/Download?buildid=r6Z4dfIQLRk~

Fixlet Description: A security update for ruby is now available. Everyone using ruby should install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9071501 - Security update for openswan - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 907150101
Fixlet Link: http://download.novell.com/Download?buildid=kj54ysnwnhM~

Fixlet Description: Two vulnerabilities in the openswan ASN.1 parser (when handling RDNs, UTCTIME and GENERALIZEDTIME strings) could lead to remote crashes of the pluto daemon (CVE-2009-2185). This has been fixed. Please install the update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9071501 - Security update for openswan - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 907150103
Fixlet Link: http://download.novell.com/Download?buildid=85gfAU23uqg~

Fixlet Description: Two vulnerabilities in the openswan ASN.1 parser (when handling RDNs, UTCTIME and GENERALIZEDTIME strings) could lead to remote crashes of the pluto daemon (CVE-2009-2185). This has been fixed. Please install the update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9071502 - Security update for dhclient - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 907150201
Fixlet Link: http://download.novell.com/Download?buildid=x3BLh6mjDkA~

Fixlet Description: The DHCP client (dhclient) could be crashed by a malicious DHCP server sending a overlong subnet field.  Under some circumstances code execution might be possible, but should be caught by the buffer overflow checking in newer distributions. (SLES 10 and 11). This issue has been tracked by CVE-2009-0692. Everyone should install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9071502 - Security update for dhclient - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 907150203
Fixlet Link: http://download.novell.com/Download?buildid=cWiuO3I3y2M~

Fixlet Description: The DHCP client (dhclient) could be crashed by a malicious DHCP server sending a overlong subnet field.  Under some circumstances code execution might be possible, but should be caught by the buffer overflow checking in newer distributions. (SLES 10 and 11). This issue has been tracked by CVE-2009-0692. Everyone should install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9071503 - Security update for libapr-util1 - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 907150301
Fixlet Link: http://download.novell.com/Download?buildid=_rIEaavImCA~

Fixlet Description: This update of libapr-util1 fixes a memory consumption bug in the XML parser that can cause a remote denial-of-service vulnerability in applications using APR (WebDAV for example) (CVE-2009-1955). Additionally a one byte buffer overflow in function apr_brigade_vprintf() (CVE-2009-1956) and buffer underflow in function apr_strmatch_precompile() (CVE-2009-0023) was fixed too. Depending on the application using this function it can lead to remote denial of service or information leakage. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9071503 - Security update for libapr-util1 - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 907150303
Fixlet Link: http://download.novell.com/Download?buildid=_e2NnK35bFo~

Fixlet Description: This update of libapr-util1 fixes a memory consumption bug in the XML parser that can cause a remote denial-of-service vulnerability in applications using APR (WebDAV for example) (CVE-2009-1955). Additionally a one byte buffer overflow in function apr_brigade_vprintf() (CVE-2009-1956) and buffer underflow in function apr_strmatch_precompile() (CVE-2009-0023) was fixed too. Depending on the application using this function it can lead to remote denial of service or information leakage. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9071504 - Security update for strongswan - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 907150401
Fixlet Link: http://download.novell.com/Download?buildid=gWT0AW0e870~

Fixlet Description: Two vulnerabilities in the strongswan ASN.1 parser (when handling RDNs, UTCTIME and GENERALIZEDTIME strings) could lead to remote crashes of the pluto daemon (CVE-2009-2185). This has been fixed. Please install the update. Please see patch page for more detailed information.