Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 247	Published: Tue, 25 Aug 2009 22:13:13  GMT

New Fixlets:
============

***************************************************************
Title: PATCH-12445 - Security update for freeswan - SLES9
Severity: <Unspecified>
Fixlet ID: 1244501
Fixlet Link: http://download.novell.com/Download?buildid=esiKDlkApMo~

Fixlet Description: Two vulnerabilities in the freeswan ASN.1 parser (when handling RDNs, UTCTIME and GENERALIZEDTIME strings) could lead to remote crashes of the pluto daemon (CVE-2009-2185). This has been fixed. Please install the update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12448 - Security update for libtiff - SLES9
Severity: <Unspecified>
Fixlet ID: 1244801
Fixlet Link: http://download.novell.com/Download?buildid=WpEBfC6ltbY~

Fixlet Description: This update of libtiff fixes a buffer underflow in LZWDecodeCompat (CVE-2009-2285). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12461 - Security update for IBM Java5 JRE and SDK - SLES9
Severity: <Unspecified>
Fixlet ID: 1246101
Fixlet Link: http://download.novell.com/Download?buildid=iKFv337R9p0~

Fixlet Description: The IBM JRE/JDK version 5 was updated to Service Release 10. It fixes a number of bugs and likely also several security issues. As usual IBM does not publish fixed security issues on the release date so a detailed list cannot be given at this time. Please check http://www. ibm. com/developerworks/java/jdk/alerts/ for updated information. Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12462 - Security update for bind - SLES9
Severity: <Unspecified>
Fixlet ID: 1246201
Fixlet Link: http://download.novell.com/Download?buildid=gFxD4tn_Czo~

Fixlet Description: Specially crafted ddns update packets could trigger an exception in bind causing it to exit. The attack works if bind is master for a zone even if ddns is not configured (CVE-2009-0696). This has been fixed. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12467 - Security update for curl - SLES9
Severity: <Unspecified>
Fixlet ID: 1246701
Fixlet Link: http://download.novell.com/Download?buildid=VC47c499jtI~

Fixlet Description: This update of libcurl2 fixes the 0-character handling in the subject name of a SSL certificate. This bug could be used to execute an undetected man-in-the-middle-attack. (CVE-2009-2417) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12468 - Security update for fetchmail - SLES9
Severity: <Unspecified>
Fixlet ID: 1246801
Fixlet Link: http://download.novell.com/Download?buildid=UmhTORI897s~

Fixlet Description: This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \0-character in the certificate's subject name. (CVE-2009-2666) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12469 - Security update for libxml2 - SLES9
Severity: <Unspecified>
Fixlet ID: 1246901
Fixlet Link: http://download.novell.com/Download?buildid=TKmqb_qW4SQ~

Fixlet Description: This update of libxml2 does not use pointers after they were freed anymore. (CVE-2009-2416) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12478 - Security update for Linux kernel - SLES9
Severity: <Unspecified>
Fixlet ID: 1247801
Fixlet Link: http://download.novell.com/Download?buildid=uAAlgyrBwKc~

Fixlet Description: This update of the Linux kernel for SUSE Linux Enterprise Server 9 SP4 contains various bug and security fixes. The following security vulnerabilities have been fixed:   CVE-2009-2692: A missing NULL pointer check in the socket sendpage function can be used by local attackers to gain root privileges. No CVE yet: A sigaltstack kernel memory disclosure was fixed. The compiler option -fno-delete-null-pointer-checks was added to the kernel build. CVE-2009-1389: A crash in the r8169 driver when receiving large packets was fixed. This is probably exploitable only in the local network. CVE-2009-1758: The hypervisor_callback function in Xen allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges. " Everyone using the Linux Kernel should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-12478 - Dependencies Needed - SLES9
Severity: <Unspecified>
Fixlet ID: 1247802
Fixlet Link: http://download.novell.com/Download?buildid=uAAlgyrBwKc~

Fixlet Description: Updated Linux kernel packages are now available for SuSE Linux Enterprise 9. However, these packages have a dependency that must be resolved. The following package must be installed at the specified version or greater:  mkinitrd-1.2-27.9.i586.rpm

***************************************************************
Title: PATCH-B9072101 - Security update for gaim - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 907210101
Fixlet Link: http://download.novell.com/Download?buildid=x2AwmxaUB_A~

Fixlet Description: The following bugs have been fixed:     malformed responses to file transfers could cause a buffer   overflow in pidgin (CVE-2009-1373)  the fix against integer overflows in the msn protocol handling was   incomplete (CVE-2009-1376).  certain ICQ message types could crash pidgin (CVE-2009-1889) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9072102 - Security update for pidgin - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 907210203
Fixlet Link: http://download.novell.com/Download?buildid=plhOiLxbOYA~

Fixlet Description: Several bugfixes were done for the Instant Messenger Pidgin:     Malformed responses to file transfers could cause a buffer overflow in   pidgin (CVE-2009-1373) and specially crafted packets could crash it   (CVE-2009-1375).  The fix against integer overflows in the msn protocol handling was   incomplete (CVE-2009-1376).  Fixed misparsing ICQ message as SMS DoS (CVE-2009-1889, Pidgin#9483). Also the Yahoo IM protocol was fixed to work again. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9073001 - Security update for bind - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 907300101
Fixlet Link: http://download.novell.com/Download?buildid=BHEEIrE3hI4~

Fixlet Description: Specially crafted ddns update packets could trigger an exception in bind causing it to exit. The attack works if BIND is master for a zone even if ddns is not configured (CVE-2009-0696). This has been fixed. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9073001 - Security update for bind - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 907300103
Fixlet Link: http://download.novell.com/Download?buildid=IP8fxKGI8wg~

Fixlet Description: Specially crafted ddns update packets could trigger an exception in bind causing it to exit. The attack works if BIND is master for a zone even if ddns is not configured (CVE-2009-0696). This has been fixed. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9073002 - Security update for nagios - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 907300201
Fixlet Link: http://download.novell.com/Download?buildid=rk_cKdG3Da4~

Fixlet Description: A shell injection bug in nagios'  statuswml. cgi CGI script has been fixed. CVE-2009-2288 has been assigned to this issue. Everyone using nagios should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9080301 - Security update for Tomcat 5 - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 908030101
Fixlet Link: http://download.novell.com/Download?buildid=_f7moH_nVJc~

Fixlet Description: This update of tomcat fixes several vulnerabilities:     CVE-2008-5515: RequestDispatcher usage can lead to information leakage  CVE-2009-0033: denial of service via AJP connection  CVE-2009-0580: some authentication classes allow user enumeration  CVE-2009-0781: XSS bug in example application cal2. jsp  CVE-2009-0783: replacing XML parser leads to information leakage Additionally, non-security bugs were fixed. Everyone using Tomcat should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9080401 - Security update for flash-player - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 908040101
Fixlet Link: http://download.novell.com/Download?buildid=s7R2xmHVVbc~

Fixlet Description: Specially crafted Flash (SWF) files could cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code (CVE-2009-1862, CVE-2009-0901, CVE-2009-2395, CVE-2009-2493, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870). This has been fixed. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9080501 - Security update for IBM Java - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 908050101
Fixlet Link: http://download.novell.com/Download?buildid=APXgnNWlCZ0~

Fixlet Description: The IBM JRE/JDK version 5 was updated to Service Release 10. It fixes a number of bugs and likely also several security issues. As usual IBM does not publish fixed security issues on the release date so a detailed list cannot be given at this time. Please check http://www. ibm. com/developerworks/java/jdk/alerts/ for updated information. Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9080501 - Security update for IBM Java - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 908050103
Fixlet Link: http://download.novell.com/Download?buildid=QrB5rxH1fyg~

Fixlet Description: The IBM JRE/JDK version 5 was updated to Service Release 10. It fixes a number of bugs and likely also several security issues. As usual IBM does not publish fixed security issues on the release date so a detailed list cannot be given at this time. Please check http://www. ibm. com/developerworks/java/jdk/alerts/ for updated information. Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9080501 - Dependencies Needed - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 908050104
Fixlet Link: http://download.novell.com/Download?buildid=QrB5rxH1fyg~

Fixlet Description: Updated IBM Java packages are now available for SuSE Linux Enterprise 10. However, these packages have a dependency that must be resolved. The following package must be installed at the specified version or greater:  unixODBC-2.2.11-21.4.i586

***************************************************************
Title: PATCH-B9080502 - Security update for libtiff - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 908050201
Fixlet Link: http://download.novell.com/Download?buildid=cnVTTdDo28I~

Fixlet Description: This update of libtiff fixes a buffer underflow in LZWDecodeCompat (CVE-2009-2285). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9080502 - Security update for libtiff - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 908050203
Fixlet Link: http://download.novell.com/Download?buildid=qqUlPNmELeg~

Fixlet Description: This update of libtiff fixes a buffer underflow in LZWDecodeCompat (CVE-2009-2285). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9081101 - Security update for libxml2 - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 908110103
Fixlet Link: http://download.novell.com/Download?buildid=YgZqJtAJSUs~

Fixlet Description: This update of libxml2 does not use pointers after they were freed anymore. (CVE-2009-2416) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9081101 - Security update for libxml2 - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 908110105
Fixlet Link: http://download.novell.com/Download?buildid=XaySrSn0ioc~

Fixlet Description: This update of libxml2 does not use pointers after they were freed anymore. (CVE-2009-2416) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9081102 - Security update for fetchmail - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 908110201
Fixlet Link: http://download.novell.com/Download?buildid=yIaLtUR2qAI~

Fixlet Description: This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \0-character in the certificate's subject name. (CVE-2009-2666) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9081102 - Security update for fetchmail - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 908110203
Fixlet Link: http://download.novell.com/Download?buildid=YXzu1994C_g~

Fixlet Description: This update of fetchmail improves SSL certificate validation to stop possible man-in-the-middle attacks by inserting \0-character in the certificate's subject name. (CVE-2009-2666) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9081201 - Security update for subversion - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 908120101
Fixlet Link: http://download.novell.com/Download?buildid=s8XH3MTYZxw~

Fixlet Description: This update of subversion fixes some buffer overflows in the client and server code that can occur while parsing binary diffs. (CVE-2009-2411) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9081301 - Security update for wget - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 908130101
Fixlet Link: http://download.novell.com/Download?buildid=N0UjjmSMg-A~

Fixlet Description: This update wget improves the handling of the  0-character in the subject name of a SSL certificate. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9081301 - Security update for wget - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 908130103
Fixlet Link: http://download.novell.com/Download?buildid=2wI7CLBuX9g~

Fixlet Description: This update wget improves the handling of the  0-character in the subject name of a SSL certificate. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9081401 - Security update for icu - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 908140101
Fixlet Link: http://download.novell.com/Download?buildid=zKyzrDFuVDg~

Fixlet Description: icu does not properly handle invalid byte sequences during Unicode conversion. Remote attackers could potentially exploit that to conduct cross-site scripting (XSS) attacks (CVE-2009-0153). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9081401 - Security update for icu - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 908140103
Fixlet Link: http://download.novell.com/Download?buildid=_HY3boQilXs~

Fixlet Description: icu does not properly handle invalid byte sequences during Unicode conversion. Remote attackers could potentially exploit that to conduct cross-site scripting (XSS) attacks (CVE-2009-0153). Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9081701 - Security update for curl - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 908170101
Fixlet Link: http://download.novell.com/Download?buildid=p88Mvx3nVo8~

Fixlet Description: This update of libcurl2 fixes the 0-character handling in the subject name of a SSL certificate. This bug could be used to execute an undetected man-in-the-middle-attack. (CVE-2009-2417) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9081701 - Security update for curl - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 908170103
Fixlet Link: http://download.novell.com/Download?buildid=Uw7erA1woMk~

Fixlet Description: This update of libcurl2 fixes the 0-character handling in the subject name of a SSL certificate. This bug could be used to execute an undetected man-in-the-middle-attack. (CVE-2009-2417) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9081702 - Security update for compat-curl2 - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 908170201
Fixlet Link: http://download.novell.com/Download?buildid=FUS8QBb1ZYY~

Fixlet Description: This update of libcurl2 fixes the 0-character handling in the subject name of a SSL certificate. This bug could be used to execute an undetected man-in-the-middle-attack. (CVE-2009-2417) Additionally the arbitrary file access problem was fixed. (CVE-2009-0037) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9081702 - Security update for compat-curl2 - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 908170203
Fixlet Link: http://download.novell.com/Download?buildid=pT3ZORvLStQ~

Fixlet Description: This update of libcurl2 fixes the 0-character handling in the subject name of a SSL certificate. This bug could be used to execute an undetected man-in-the-middle-attack. (CVE-2009-2417) Additionally the arbitrary file access problem was fixed. (CVE-2009-0037) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9081801 - Security update for Mozilla Firefox - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 908180103
Fixlet Link: http://download.novell.com/Download?buildid=YX6PbU5YlJM~

Fixlet Description: MozillaFirefox was updated to the 3.0.13 release, fixing some security issues and bugs:   MFSA 2009-44 / CVE-2009-2654: Security researcher Juan Pablo Lopez Yacubian reported that an attacker could call window. open() on an invalid URL which looks similar to a legitimate URL and then use document. write() to place content within the new document, appearing to have come from the spoofed location. Additionally, if the spoofed document was created by a document with a valid SSL certificate, the SSL indicators would be carried over into the spoofed document. An attacker could use these issues to display misleading location and SSL information for a malicious web page. MFSA 2009-45 / CVE-2009-2662: The browser engine in Mozilla Firefox before 3.0.13, and 3.5. x before 3.5.2, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the TraceRecorder::snapshot function in js/src/jstracer. cpp, and unspecified other vectors. CVE-2009-2663 / MFSA 2009-45: libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and 3.5. x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted. ogg file. CVE-2009-2664 / MFSA 2009-45: The js_watch_set function in js/src/jsdbgapi. cpp in the JavaScript engine in Mozilla Firefox before 3.0.13, and 3.5. x before 3.5.2, allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted. js file, related to a "memory safety bug. " Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9081801 - Security update for Mozilla Firefox - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 908180105
Fixlet Link: http://download.novell.com/Download?buildid=xGd_W7fdghs~

Fixlet Description: MozillaFirefox was updated to the 3.0.13 release, fixing some security issues and bugs:   MFSA 2009-44 / CVE-2009-2654: Security researcher Juan Pablo Lopez Yacubian reported that an attacker could call window. open() on an invalid URL which looks similar to a legitimate URL and then use document. write() to place content within the new document, appearing to have come from the spoofed location. Additionally, if the spoofed document was created by a document with a valid SSL certificate, the SSL indicators would be carried over into the spoofed document. An attacker could use these issues to display misleading location and SSL information for a malicious web page. MFSA 2009-45 / CVE-2009-2662: The browser engine in Mozilla Firefox before 3.0.13, and 3.5. x before 3.5.2, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the TraceRecorder::snapshot function in js/src/jstracer. cpp, and unspecified other vectors. CVE-2009-2663 / MFSA 2009-45: libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and 3.5. x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted. ogg file. CVE-2009-2664 / MFSA 2009-45: The js_watch_set function in js/src/jsdbgapi. cpp in the JavaScript engine in Mozilla Firefox before 3.0.13, and 3.5. x before 3.5.2, allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted. js file, related to a "memory safety bug. " Install this update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9081901 - Security update for acroread_ja - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 908190101
Fixlet Link: http://download.novell.com/Download?buildid=1n44u5VvgjY~

Fixlet Description: This update of acroread fixes the following vulnerabilities:      CVE-2009-1855: stack overflow that could lead to code execution   CVE-2009-1856: integer overflow with potential to lead to arbitrary code execution   CVE-2009-1857: memory corruption with potential to lead to arbitrary code execution   CVE-2009-1858: memory corruption with potential to lead to arbitrary code execution   CVE-2009-1859: memory corruption with potential to lead to arbitrary code execution   CVE-2009-0198: memory corruption with potential to lead to arbitrary code execution   CVE-2009-0509, CVE-2009-0510 CVE-2009-0511, CVE-2009-0512: heap overflow that could lead to code execution   CVE-2009-1861: heap overflow that could lead to code execution Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9081902 - Security update for libtiff - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 908190201
Fixlet Link: http://download.novell.com/Download?buildid=kpO3oktmOGE~

Fixlet Description: This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9081902 - Security update for libtiff - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 908190203
Fixlet Link: http://download.novell.com/Download?buildid=Zk-7NVnBNw4~

Fixlet Description: This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9082001 - Security update for Linux kernel - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 908200101
Fixlet Link: http://download.novell.com/Download?buildid=3ZHseHWk6Og~

Fixlet Description: This patch updates the SUSE Linux Enterprise 10 SP2 kernel to fix various bugs and some security issues. Following security issues were fixed:     CVE-2009-2692: A missing NULL pointer check in the socket sendpage function can be used by local attackers to gain root privileges.   (No cve yet) A information leak from using sigaltstack was fixed.   Enabled -fno-delete-null-pointer-checks to avoid optimizing away NULL pointer checks and fixed Makefiles to make sure -fwrapv is used everywhere.   CVE-2009-1758: The hypervisor_callback function in Xen allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges. "   CVE-2009-1389: A crash on r8169 network cards when receiving large packets was fixed.   CVE-2009-1630: The nfs_permission function in fs/nfs/dir. c in the NFS client implementation in the Linux kernel, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver Everyone using the Linux Kernel on x86 architecture should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9082001 - Security update for Linux kernel - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 908200105
Fixlet Link: http://download.novell.com/Download?buildid=37lgNyDEv3U~

Fixlet Description: This patch updates the SUSE Linux Enterprise 10 SP2 kernel to fix various bugs and some security issues. Following security issues were fixed:     CVE-2009-2692: A missing NULL pointer check in the socket sendpage function can be used by local attackers to gain root privileges.   (No cve yet) A information leak from using sigaltstack was fixed.   Enabled -fno-delete-null-pointer-checks to avoid optimizing away NULL pointer checks and fixed Makefiles to make sure -fwrapv is used everywhere.   CVE-2009-1758: The hypervisor_callback function in Xen allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges. "   CVE-2009-1389: A crash on r8169 network cards when receiving large packets was fixed.   CVE-2009-1630: The nfs_permission function in fs/nfs/dir. c in the NFS client implementation in the Linux kernel, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver Everyone using the Linux Kernel on x86 architecture should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9082002 - Security update for xpdf - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 908200201
Fixlet Link: http://download.novell.com/Download?buildid=IlpqO_ONrvQ~

Fixlet Description: Specially crafted PDF documents could crash xpdf or potentially even allow execution of arbitrary code (CVE-2009-0791). This has been fixed. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9082002 - Security update for xpdf - SLES10 SP2
Severity: <Unspecified>
Fixlet ID: 908200203
Fixlet Link: http://download.novell.com/Download?buildid=A-hwo3L9h6o~

Fixlet Description: Specially crafted PDF documents could crash xpdf or potentially even allow execution of arbitrary code (CVE-2009-0791). This has been fixed. Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B9082101 - Security update for XEmacs - SLED10 SP2
Severity: <Unspecified>
Fixlet ID: 908210101
Fixlet Link: http://download.novell.com/Download?buildid=DLL6OD7SWJE~

Fixlet Description: The following bugs have been fixed:     Specially crafted tiff, png and jpeg images could cause integer overflows in xemacs and possible system compromise. (CVE-2009-2688)  Additionally two non-security bugs were fixed that enable xeamcs to use the configured fonts. Everyone using XEmacs should update. Please see patch page for more detailed information.