users.suse.comusers.suse.com/~meissner/updates/2010.txt · 2015-03-10mon jan 04 2010 ===== md5:...

Mon Jan 04 2010==============================================================================MD5: 1232434f1a9adbb5ef92fe6f2b438090PACKAGES: libtoolPRODUCTS: SLED 10 SP3,SLES 10 SP3DESCRIPTION:libtool: libltdl may load modules from the current working directory. CVE-2009-3736 has been assigned to this issue.

==============================================================================MD5: 36aff6518839e7aac5846cc7fea82024PACKAGES: libltdl7,libtool,libtool-debuginfo,libtool-debugsourcePRODUCTS: SUSE Moblin 2.0DESCRIPTION:libtool: libltdl may load modules from the current working directory. CVE-2009-3736 has been assigned to this issue.

==============================================================================MD5: 47556f0ada22d5f48c6e9e760e265edaPACKAGES: libltdl7,libtool,libtool-debuginfo,libtool-debugsourcePRODUCTS: SLE 11,SLED 11,SLES 11,SLES 11 DEBUGINFODESCRIPTION:libtool: libltdl may load modules from the current working directory. CVE-2009-3736 has been assigned to this issue.

==============================================================================MD5: 7a8b73fdf49c4662baf96f0baa7426ebPACKAGES: libltdl-3,libltdl7,libltdl7-debuginfo,libtool,libtool-debuginfo,libtool-debugsourcePRODUCTS: openSUSE 11.0-11.2DESCRIPTION:

==============================================================================MD5: 9e61de113cd060de29a2c6df6d5b38ebPACKAGES: kernel-debug,kernel-debug-base,kernel-debug-debuginfo,kernel-debug-debugsource,kernel-debug-devel,kernel-debug-devel-debuginfo,kernel-default,kernel-default-base,kernel-default-debuginfo,kernel-default-debugsource,kernel-default-devel,kernel-default-devel-debuginfo,kernel-desktop,kernel-desktop-base,kernel-desktop-base-debuginfo,kernel-desktop-debuginfo,kernel-desktop-debugsource,kernel-desktop-devel,kernel-pae,kernel-pae-base,kernel-pae-debuginfo,kernel-pae-debugsource,kernel-pae-devel,kernel-pae-devel-debuginfo,kernel-source,kernel-source-vanilla,kernel-syms,kernel-trace,kernel-trace-base,kernel-trace-base-debuginfo,kernel-trace-debuginfo,kernel-trace-debugsource,kernel-trace-devel,kernel-vanilla,kernel-vanilla-base,kernel-vanilla-base-debuginfo,kernel-vanilla-debuginfo,kernel-vanilla-debugsource,kernel-vanilla-devel,kernel-xen,kernel-xen-base,kernel-xen-debuginfo,kernel-xen-debugsource,kernel-xen-devel,kernel-xen-devel-debuginfo,preload-kmp-default,preload-kmp-desktopPRODUCTS: openSUSE 11.2DESCRIPTION:

==============================================================================MD5: fd1290b79736f61f3b2bb4f8759fcaefPACKAGES: libtoolPRODUCTS: SLED 10 SP2,SLES 10 SP2DESCRIPTION:libtool: libltdl may load modules from the current working directory. CVE-2009-3736 has been assigned to this issue.

Tue Jan 05 2010==============================================================================MD5: 5837292e6f458849939561dfd84e605bPACKAGES: gstreamer-0_10-plugins-good,gstreamer-0_10-plugins-good-debuginfo,gstreamer-0_10-plugins-good-debugsource,gstreamer-0_10-plugins-good-doc,gstreamer-0_10-plugins-good-extra,gstreamer-0_10-plugins-good-langPRODUCTS: openSUSE 11.2DESCRIPTION:

Thu Jan 07 2010==============================================================================MD5: 1cb95aa32e0a2fbde417e5060b29d0cePACKAGES: java-1_5_0-ibm,java-1_5_0-ibm-alsa,java-1_5_0-ibm-demo,java-1_5_0-ibm-devel,java-1_5_0-ibm-fonts,java-1_5_0-ibm-jdbc,java-1_5_0-ibm-plugin,java-1_5_0-ibm-srcPRODUCTS: SLED 10 SP2,SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T,SUSE Linux Enterprise Server 10 SP2 for IBM POWER,SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit,SUSE Linux Enterprise Server 10 SP2 for x86DESCRIPTION:IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs and security issues.

The timezone update to 1.6.9s (with the latest Fiji change).

CVE-2009-3876 / CVE-2009-3877: A vulnerability in the Java Runtime Environment with decodingDER encoded data might allow a remote client to cause the JRE to crash,resulting in a denial of service condition.

CVE-2009-3867: A buffer overflow vulnerability in the Java Runtime Environmentaudio system might allow an untrusted applet or Java Web Start application toescalate privileges. For example, an untrusted applet might grant itselfpermissions to read and write local files, or run local applications that areaccessible to the user running the untrusted applet.

CVE-2009-3868: A buffer overflow vulnerability in the Java Runtime Environmentwith parsing image files might allow an untrusted applet or Java Web Startapplication to escalate privileges. For example, an untrusted applet mightgrant itself permissions to read and write local files, or run localapplications that are accessible to the user running the untrusted applet.

CVE-2009-3872: An integer overflow vulnerability in the Java RuntimeEnvironment with reading JPEG files might allow an untrusted applet or Java WebStart application to escalate privileges. For example, an untrusted appletmight grant itself permissions to read and write local files, or run localapplications that are accessible to the user running the untrusted applet.

CVE-2009-3873: A buffer overflow vulnerability in the Java Runtime Environmentwith processing JPEG files might allow an untrusted applet or Java Web Startapplication to escalate privileges. For example, an untrusted applet mightgrant itself permissions to read and write local files, or run localapplications that are accessible to the user running the untrusted applet.

CVE-2009-3875: A security vulnerability in the Java Runtime Environment withverifying HMAC digests might allow authentication to be bypassed. This actioncan allow a user to forge a digital signature that would be accepted as valid.Applications that validate HMAC-based digital signatures might be vulnerable tothis type of attack.

CVE-2009-3869: A buffer overflow vulnerability in the Java Runtime Environmentwith processing image files might allow an untrusted applet or Java Web Startapplication to escalate privileges. For example, an untrusted applet mightgrant itself permissions to read and write local files or run localapplications that are accessible to the user running the untrusted applet.


CVE-2009-3874: An integer overflow vulnerability in the Java RuntimeEnvironment with processing JPEG images might allow an untrusted applet or JavaWeb Start application to escalate privileges. For example, an untrusted appletmight grant itself permissions to read and write local files or run localapplications that are accessible to the user running the untrusted applet.

CVE-2009-2493: The Java Runtime Environment includes the Java Web Starttechnology that uses the Java Web Start ActiveX control to launch Java WebStart in Internet Explorer. A security vulnerability in the Active TemplateLibrary (ATL) in various releases of Microsoft Visual Studio, which is used bythe Java Web Start ActiveX control, might allow the Java Web Start ActiveXcontrol to be leveraged to run arbitrary code. This might occur as the resultof a user of the Java Runtime Environment viewing a specially crafted web pagethat exploits this vulnerability.

Please also see http://www.ibm.com/developerworks/java/jdk/alerts/

Mon Jan 11 2010==============================================================================MD5: 0bf04a4aa83105c91a9211d8cc21a404PACKAGES: kdelibs4,kdelibs4-core,kdelibs4-debuginfo,kdelibs4-debugsource,kdelibs4-doc,libkde4,libkde4-devel,libkdecore4,libkdecore4-devel,utempter,utempter-debuginfo,utempter-debugsourcePRODUCTS: SLE 11,SLED 11,SLES 11,SLES 11 DEBUGINFODESCRIPTION:A KDELibs Remote Array Overrun (Arbitrary code execution) was fixed (CVE-2009-0689).

==============================================================================MD5: 0e39fa7b6677d51e000698bafa946c49PACKAGES: IBMJava2-JRE,IBMJava2-SDKPRODUCTS: Novell Linux POS 9,Open Enterprise Server,SLES 9DESCRIPTION:IBM Java 1.4.2 was updated to 13 fp3.

The following security issues were fixed:CVE-2009-3867: A buffer overflow vulnerability in the Java Runtime Environmentaudio system might allow an untrusted applet or Java Web Start application toescalate privileges. For example, an untrusted applet might grant itselfpermissions to read and write local files, or run local applications that areaccessible to the user running the untrusted applet.





==============================================================================MD5: 290c77bc3a064e0fbc5d2853627df587PACKAGES: java-1_4_2-ibm,java-1_4_2-ibm-devel,java-1_4_2-ibm-jdbc,java-1_4_2-ibm-pluginPRODUCTS: SLE 11,SLES 11DESCRIPTION:IBM Java 1.4.2 was updated to 13 fp3.






==============================================================================MD5: 4f8ea51c70b690cd3ab328933e9d624dPACKAGES: flash-playerPRODUCTS: SLED 10 SP3DESCRIPTION:Specially crafted Flash (SWF) files can cause overflows inflash-player. Attackers could potentially exploit that to executearbitrary code (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797,CVE-2009-3798,CVE-2009-3799, CVE-2009-3800, CVE-2009-3951)

==============================================================================MD5: 76b3da6fa588e934f34180d3a0b353d4PACKAGES: flash-playerPRODUCTS: openSUSE 11.0DESCRIPTION:

==============================================================================MD5: 7fa8b1baf25a269091b7a6ad127851a7PACKAGES: flash-playerPRODUCTS: SLED 10 SP2DESCRIPTION:Specially crafted Flash (SWF) files can cause overflows inflash-player. Attackers could potentially exploit that to executearbitrary code (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797,CVE-2009-3798,CVE-2009-3799, CVE-2009-3800, CVE-2009-3951)

==============================================================================MD5: a6455799b50922e87d6ba59452e784cePACKAGES: flash-playerPRODUCTS: Novell Linux Desktop 9DESCRIPTION:Specially crafted Flash (SWF) files can cause overflows inflash-player. Attackers could potentially exploit that to executearbitrary code (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797,CVE-2009-3798,CVE-2009-3799, CVE-2009-3800, CVE-2009-3951)

==============================================================================MD5: e795156a7d22625d0cc4c8c424474b9dPACKAGES: java-1_4_2-ibm,java-1_4_2-ibm-devel,java-1_4_2-ibm-jdbc,java-1_4_2-ibm-pluginPRODUCTS: SLE SDK 10 SP2,SLES 10 SP2DESCRIPTION:IBM Java 1.4.2 was updated to 13 fp3.






==============================================================================MD5: f558fc6a0e3ea683889ee8d14ceac1b3PACKAGES: java-1_4_2-ibm,java-1_4_2-ibm-devel,java-1_4_2-ibm-jdbcPRODUCTS: SLE SDK 10 SP3,SLES 10 SP3DESCRIPTION:IBM Java 1.4.2 was updated to 13 fp3.






Tue Jan 12 2010==============================================================================MD5: 39e43680df27683c7e496d57e45f7060PACKAGES: java-1_6_0-ibm,java-1_6_0-ibm-alsa,java-1_6_0-ibm-devel,java-1_6_0-ibm-fonts,java-1_6_0-ibm-jdbc,java-1_6_0-ibm-pluginPRODUCTS: SLE 11,SLES 11DESCRIPTION:IBM Java 6 was updated to Service Refresh 7.

The following security issues were fixed:CVE-2009-3876CVE-2009-3877: A vulnerability in the Java Runtime Environment with decodingDER encoded data might allow a remote client to cause the JRE to crash,resulting in a denial of service condition.

CVE-2009-3867: A buffer overflow vulnerability in the Java Runtime Environmentaudio system might allow an untrusted applet or Java Web Start application toescalate privileges. For example, an untrusted applet might grant itselfpermissions to read and write local files, or run local applications that areaccessible to the user running the untrusted applet.

CVE-2009-3868: A buffer overflow vulnerability in the Java Runtime Environmentwith parsing image files might allow an untrusted applet or Java Web Startapplication to escalate privileges. For example, an untrusted applet mightgrant itself permissions to read and write local files, or run localapplications that are accessible to the user running the untrusted applet.

CVE-2009-3872: An integer overflow vulnerability in the Java RuntimeEnvironment with reading JPEG files might allow an untrusted applet or Java WebStart application to escalate privileges. For example, an untrusted appletmight grant itself permissions to read and write local files, or run localapplications that are accessible to the user running the untrusted applet.

CVE-2009-3873: A buffer overflow vulnerability in the Java Runtime Environmentwith processing JPEG files might allow an untrusted applet or Java Web Startapplication to escalate privileges. For example, an untrusted applet mightgrant itself permissions to read and write local files, or run localapplications that are accessible to the user running the untrusted applet.


CVE-2009-3865: A command execution vulnerability in the Java RuntimeEnvironment Deployment Toolkit might be used to run arbitrary code. This issuemight occur as the result of a user of the Java Runtime Environment viewing aspecially crafted web page that exploits this vulnerability.



CVE-2009-3866: A security vulnerability in the Java Web Start Installer mightbe used to allow an untrusted Java Web Start application to run as a trustedapplication and run arbitrary code. This issue might occur as the result of auser of the Java Runtime Environment viewing a specially crafted web page thatexploits this vulnerability.


CVE-2009-0217: A vulnerability with verifying HMAC-based XML digital signaturesin the XML Digital Signature implementation included with the Java RuntimeEnvironment (JRE) might allow authentication to be bypassed. Applications thatvalidate HMAC-based XML digital signatures might be vulnerable to this type ofattack.

Note: This vulnerability cannot be exploited by an untrusted applet or Java WebStart application.

==============================================================================MD5: 3cac3fb5903c9272730a8239dda56078PACKAGES: ntp,ntp-debuginfo,ntp-debugsource,ntp-docPRODUCTS: openSUSE 11.0-11.2DESCRIPTION:

==============================================================================MD5: 56ca97c7cac4e3de1757053bc75f217fPACKAGES: ntp,ntp-debuginfo,ntp-debugsource,ntp-docPRODUCTS: SLED 11,SLES 11,SLES 11 DEBUGINFODESCRIPTION:By sending specially crafted NTP packets attackers could make ntpd flood it's log file with error messages or even run into an endless loop (CVE-2009-3563).

Thu Jan 14 2010==============================================================================MD5: 2e633ac53e145fe980b1672ed0d9450fPACKAGES: expatPRODUCTS: SLED 10 SP2,SLES 10 SP2DESCRIPTION:The previous expat security update (CVE-2009-3560) caused parse errors with some xml documents.

==============================================================================MD5: 3830bdefa112876096e97d7864937bc9PACKAGES: kernel-debug,kernel-debug-base,kernel-debug-debuginfo,kernel-debug-debugsource,kernel-debug-extra,kernel-default,kernel-default-base,kernel-default-debuginfo,kernel-default-debugsource,kernel-default-extra,kernel-docs,kernel-kdump,kernel-kdump-debuginfo,kernel-kdump-debugsource,kernel-pae,kernel-pae-base,kernel-pae-debuginfo,kernel-pae-debugsource,kernel-pae-extra,kernel-ppc64,kernel-ppc64-base,kernel-ppc64-debuginfo,kernel-ppc64-debugsource,kernel-ppc64-extra,kernel-ps3,kernel-ps3-debuginfo,kernel-ps3-debugsource,kernel-source,kernel-source-debuginfo,kernel-syms,kernel-trace,kernel-trace-base,kernel-trace-debuginfo,kernel-trace-debugsource,kernel-trace-extra,kernel-vanilla,kernel-vanilla-debuginfo,kernel-vanilla-debugsource,kernel-xen,kernel-xen-base,kernel-xen-debuginfo,kernel-xen-debugsource,kernel-xen-extraPRODUCTS: openSUSE 11.1DESCRIPTION:

==============================================================================MD5: 5d2b76c2e616bd0554e6be62b375d69bPACKAGES: expat,expat-debuginfo,expat-debugsource,libexpat-devel,libexpat1PRODUCTS: openSUSE 11.0-11.2DESCRIPTION:

==============================================================================MD5: 820bf995b0b8ef652938ed9ac02c7290PACKAGES: expatPRODUCTS: SLED 10 SP3,SLES 10 SP3DESCRIPTION:The previous expat security update (CVE-2009-3560) caused parse errors with some xml documents.

==============================================================================MD5: 8e502c324db4da917dfadb04239032d7PACKAGES: expatPRODUCTS: Novell Linux Desktop 9,Novell Linux POS 9,Open Enterprise Server,SLES 9DESCRIPTION:The previous expat security update (CVE-2009-3560) caused parse errors with some xml documents.

==============================================================================MD5: d4c3d61ff4cb77f117d3acbc6602aaebPACKAGES: kernel-default-extra,kernel-pae-extra,kernel-xen-extraPRODUCTS: SLE 11 SERVER Unsupported ExtrasDESCRIPTION:The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.42 fixingvarious bugs and security issues.

Following security issues were fixed:CVE-2009-4536: A underflow in the e1000 jumbo ethernet frame handlingcould be use by link-local remote attackers to crash the machine orpotentially execute code in kernel context. This requires the attackerto be able to send Jumbo Frames to the target machine.

CVE-2009-4538: A underflow in the e1000e jumbo ethernet frame handlingcould be use by link-local remote attackers to crash the machine orpotentially execute code in kernel context. This requires the attackerto be able to send Jumbo Frames to the target machine.

CVE-2009-4138: drivers/firewire/ohci.c in the Linux kernel, whenpacket-per-buffer mode is used, allows local users to cause a denialof service (NULL pointer dereference and system crash) or possibly haveunknown other impact via an unspecified ioctl associated with receivingan ISO packet that contains zero in the payload-length field.

CVE-2009-4307: The ext4_fill_flex_info function in fs/ext4/super.cin the Linux kernel allows user-assisted remote attackers to cause adenial of service (divide-by-zero error and panic) via a malformed ext4filesystem containing a super block with a large FLEX_BG group size(aka s_log_groups_per_flex value).

CVE-2009-4308: The ext4_decode_error function in fs/ext4/super.c in theext4 filesystem in the Linux kernel before 2.6.32 allows user-assistedremote attackers to cause a denial of service (NULL pointer dereference),and possibly have unspecified other impact, via a crafted read-onlyfilesystem that lacks a journal.

CVE-2009-3939: The poll_mode_io file for the megaraid_sas driver in theLinux kernel has world-writable permissions, which allows local usersto change the I/O mode of the driver by modifying this file.

CVE-2009-4005: The collect_rx_frame function indrivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers tohave an unspecified impact via a crafted HDLC packet that arrives overISDN and triggers a buffer under-read.

CVE-2009-3080: A negative offset in a ioctl in the GDTH RAID driverwas fixed.

CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in theLinux kernel allows remote attackers to have an unspecified impact viaa crafted Hierarchical File System (HFS) filesystem, related to thehfs_readdir function in fs/hfs/dir.c.

For a complete list of changes, please look at the RPM changelog.

==============================================================================MD5: e7c5f7ef7eeb152d788f9406d2374894PACKAGES: cluster-network-kmp-default,cluster-network-kmp-pae,cluster-network-kmp-xen,ext4dev-kmp-default,ext4dev-kmp-pae,ext4dev-kmp-vmi,ext4dev-kmp-xen,kernel-default,kernel-default-base,kernel-default-debuginfo,kernel-default-debugsource,kernel-default-extra,kernel-pae,kernel-pae-base,kernel-pae-debuginfo,kernel-pae-debugsource,kernel-pae-extra,kernel-source,kernel-source-debuginfo,kernel-syms,kernel-vmi,kernel-vmi-base,kernel-vmi-debuginfo,kernel-vmi-debugsource,kernel-xen,kernel-xen-base,kernel-xen-debuginfo,kernel-xen-debugsource,kernel-xen-extraPRODUCTS: SLE 11 DEBUGINFO,SUSE Linux Enterprise Desktop 11,SUSE Linux Enterprise High Availability Extension 11,SUSE Linux Enterprise Server 11DESCRIPTION:The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.42 fixingvarious bugs and security issues.











==============================================================================MD5: e9ed7474141480a4d84752bb6a9c8342PACKAGES: postfixPRODUCTS: SLED 10 SP3,SLES 10 SP3DESCRIPTION:The post install script of postfix accidentally let postfix listen on all network interfaces.

==============================================================================MD5: fd770268071e50829313d8b6d3bc05c8PACKAGES: expat,expat-debuginfo,expat-debugsource,libexpat-devel,libexpat1PRODUCTS: SLE 11,SLED 11,SLES 11,SLES 11 DEBUGINFODESCRIPTION:The previous expat security update (CVE-2009-3560) caused parse errors with some xml documents.

Fri Jan 15 2010==============================================================================MD5: 4971d1bc45dfe19245872ca92e7fe051PACKAGES: kernel-default-extraPRODUCTS: SLE 11 SERVER Unsupported ExtrasDESCRIPTION:The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.42 fixingvarious bugs and security issues.











==============================================================================MD5: 51cdeaf4505dbc37870fece945793189PACKAGES: kernel-default-extra,kernel-ppc64-extraPRODUCTS: SLE 11 SERVER Unsupported ExtrasDESCRIPTION:The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.42 fixingvarious bugs and security issues.











==============================================================================MD5: 5ecbc30d0c137f9f7ce500a198dee54aPACKAGES: cluster-network-kmp-default,ext4dev-kmp-default,ext4dev-kmp-ppc64,kernel-default,kernel-default-base,kernel-default-debuginfo,kernel-default-debugsource,kernel-kdump,kernel-kdump-debuginfo,kernel-kdump-debugsource,kernel-ppc64,kernel-ppc64-base,kernel-ppc64-debuginfo,kernel-ppc64-debugsource,kernel-source,kernel-source-debuginfo,kernel-symsPRODUCTS: SLE 11 High Availability Extension,SLES 11,SLES 11 DEBUGINFODESCRIPTION:The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.42 fixingvarious bugs and security issues.











==============================================================================MD5: 9a0454a0e15d8a3d7e1869913ff2b725PACKAGES: kernel-default-extra,kernel-xen-extraPRODUCTS: SLE 11 SERVER Unsupported ExtrasDESCRIPTION:The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.42 fixingvarious bugs and security issues.











==============================================================================MD5: aa78a7136a779ea72415981ed4b06e1cPACKAGES: phpMyAdminPRODUCTS: openSUSE 11.0DESCRIPTION:

==============================================================================MD5: c9825ea9eb0265fbaf58b4e7f15828d7PACKAGES: kernel-default-extraPRODUCTS: SLE 11 SERVER Unsupported ExtrasDESCRIPTION:The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.42 fixingvarious bugs and security issues.











==============================================================================MD5: e87c441668f87fa162f810ea0e06c3baPACKAGES: cluster-network-kmp-default,cluster-network-kmp-xen,ext4dev-kmp-default,ext4dev-kmp-xen,kernel-default,kernel-default-base,kernel-default-debuginfo,kernel-default-debugsource,kernel-default-extra,kernel-source,kernel-source-debuginfo,kernel-syms,kernel-xen,kernel-xen-base,kernel-xen-debuginfo,kernel-xen-debugsource,kernel-xen-extraPRODUCTS: SLE 11 DEBUGINFO,SUSE Linux Enterprise Desktop 11,SUSE Linux Enterprise High Availability Extension 11,SUSE Linux Enterprise Server 11DESCRIPTION:The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.42 fixingvarious bugs and security issues.











==============================================================================MD5: ef72143c4837b653dc18408ca8832f96PACKAGES: cluster-network-kmp-default,ext4dev-kmp-default,kernel-default,kernel-default-base,kernel-default-debuginfo,kernel-default-debugsource,kernel-source,kernel-source-debuginfo,kernel-symsPRODUCTS: SLE 11 High Availability Extension,SLES 11,SLES 11 DEBUGINFODESCRIPTION:The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.42 fixingvarious bugs and security issues.











==============================================================================MD5: f5e83f559ce7469c64852e5d2a3cc38dPACKAGES: cluster-network-kmp-default,ext4dev-kmp-default,kernel-default,kernel-default-base,kernel-default-debuginfo,kernel-default-debugsource,kernel-default-man,kernel-source,kernel-source-debuginfo,kernel-symsPRODUCTS: SLE 11 DEBUGINFO,SUSE Linux Enterprise High Availability Extension 11,SUSE Linux Enterprise Server 11DESCRIPTION:The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.42 fixingvarious bugs and security issues.











Mon Jan 18 2010==============================================================================MD5: 1affd8250bdc70c2adb0d16417d75fc6PACKAGES: postgresql,postgresql-contrib,postgresql-devel,postgresql-docs,postgresql-libs,postgresql-pl,postgresql-serverPRODUCTS: SLE SDK 10 SP2,SLED 10 SP2,SLES 10 SP2DESCRIPTION:An unprivileged, authenticated PostgreSQL user could create a tablewhich references functions with malicious content. Maintenanceoperations carried out be the database superuser could execute suchfunctions (CVE-2009-4136).

Embedded null bytes in the common name of SSL certificates couldbypass certificate hostname checks (CVE-2009-4034).

postgresql was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.

==============================================================================MD5: 3c417b624dd7c9352d811841c176ffe7PACKAGES: postgresql,postgresql-contrib,postgresql-devel,postgresql-docs,postgresql-libs,postgresql-pl,postgresql-serverPRODUCTS: SLE SDK 10 SP3,SLED 10 SP3,SLES 10 SP3DESCRIPTION:An unprivileged, authenticated PostgreSQL user could create a tablewhich references functions with malicious content. Maintenanceoperations carried out be the database superuser could execute suchfunctions (CVE-2009-4136).



==============================================================================MD5: 525ed99dde8b46293eb0ecfa04651841PACKAGES: postgresql,postgresql-contrib,postgresql-debuginfo,postgresql-debugsource,postgresql-devel,postgresql-docs,postgresql-libs,postgresql-libs-debuginfo,postgresql-plperl,postgresql-plpython,postgresql-pltcl,postgresql-serverPRODUCTS: openSUSE 11.0-11.2DESCRIPTION:

==============================================================================MD5: 60350894f45471126371713fb1946bb0PACKAGES: postgresql,postgresql-contrib,postgresql-debuginfo,postgresql-debugsource,postgresql-devel,postgresql-docs,postgresql-libs,postgresql-serverPRODUCTS: SLE 11,SLED 11,SLES 11,SLES 11 DEBUGINFODESCRIPTION:An unprivileged, authenticated PostgreSQL user could create a tablewhich references functions with malicious content. Maintenanceoperations carried out be the database superuser could execute suchfunctions (CVE-2009-4136).



==============================================================================MD5: 84292b9f8d7063024f7e9beff78f1bc7PACKAGES: postgresql,postgresql-contrib,postgresql-devel,postgresql-docs,postgresql-libs,postgresql-pl,postgresql-serverPRODUCTS: Novell Linux Desktop 9,Novell Linux POS 9,Open Enterprise Server,SLES 9DESCRIPTION:An unprivileged, authenticated PostgreSQL user could create a tablewhich references functions with malicious content. Maintenanceoperations carried out be the database superuser could execute suchfunctions (CVE-2009-4136).



==============================================================================MD5: af69a8bb06502c097fb0ab2c474ea4daPACKAGES: dovecot12,dovecot12-backend-mysql,dovecot12-backend-pgsql,dovecot12-backend-sqlite,dovecot12-debuginfo,dovecot12-debugsource,dovecot12-devel,dovecot12-fts-lucene,dovecot12-fts-lucene-debuginfoPRODUCTS: openSUSE 11.2DESCRIPTION:

Tue Jan 19 2010==============================================================================MD5: 12a439b51e3ef88080bf93bfb92c9272PACKAGES: krb5,krb5-apps-clients,krb5-apps-servers,krb5-client,krb5-debuginfo,krb5-debugsource,krb5-devel,krb5-plugin-kdb-ldap,krb5-plugin-preauth-pkinit,krb5-plugin-preauth-pkinit-debuginfo,krb5-serverPRODUCTS: openSUSE 11.2DESCRIPTION:

==============================================================================MD5: 1b314433d001fbc44480d69334488081PACKAGES: krb5,krb5-apps-clients,krb5-apps-servers,krb5-client,krb5-debuginfo,krb5-devel,krb5-serverPRODUCTS: SLE 10 DEBUGINFO SP2,SLE SDK 10 SP2,SLED 10 SP2,SLES 10 SP2DESCRIPTION:Specially crafted AES and RC4 packets could allow unauthenticatedremote attackers to trigger an integer overflow leads to heap memorycorruption (CVE-2009-4212).

==============================================================================MD5: 1bedaaa888e968a71e801332958567edPACKAGES: krb5,krb5-apps-clients,krb5-apps-servers,krb5-client,krb5-debuginfo,krb5-devel,krb5-serverPRODUCTS: SLE 10 DEBUGINFO SP3,SLE SDK 10 SP3,SLED 10 SP3,SLES 10 SP3DESCRIPTION:Specially crafted AES and RC4 packets could allow unauthenticatedremote attackers to trigger an integer overflow leads to heap memorycorruption (CVE-2009-4212).

==============================================================================MD5: 50472277a8983b6e02cde01a1094f1f5PACKAGES: msmtp,msmtp-debuginfo,msmtp-debugsourcePRODUCTS: openSUSE 11.0-11.2DESCRIPTION:

==============================================================================MD5: c3f00622573f678ec6905accc33e53b4PACKAGES: krb5,krb5-apps-clients,krb5-apps-servers,krb5-client,krb5-debuginfo,krb5-debugsource,krb5-devel,krb5-serverPRODUCTS: openSUSE 11.0-11.1DESCRIPTION:

==============================================================================MD5: f95c0cbef4a252636c67dd8d77f705f6PACKAGES: krb5,krb5-apps-clients,krb5-apps-servers,krb5-client,krb5-debuginfo,krb5-debugsource,krb5-devel,krb5-serverPRODUCTS: SLE 11,SLED 11,SLES 11,SLES 11 DEBUGINFODESCRIPTION:Specially crafted AES and RC4 packets could allow unauthenticatedremote attackers to trigger an integer underflow that leads to heap memorycorruption (CVE-2009-4212).

Thu Jan 21 2010==============================================================================MD5: f765e0443654ec8e8bc6efba5d2ceca3PACKAGES: transmission,transmission-common,transmission-common-lang,transmission-debuginfo,transmission-debugsource,transmission-gtk,transmission-lang,transmission-qtPRODUCTS: openSUSE 11.0-11.2DESCRIPTION:

Fri Jan 22 2010==============================================================================MD5: 28c8f48c0fee5a87c37ae066bdfccd05PACKAGES: kernel-bigsmp,kernel-bigsmp-debuginfo,kernel-debug,kernel-debug-debuginfo,kernel-default,kernel-default-debuginfo,kernel-kdump,kernel-kdump-debuginfo,kernel-kdumppae,kernel-kdumppae-debuginfo,kernel-smp,kernel-smp-debuginfo,kernel-source,kernel-source-debuginfo,kernel-syms,kernel-vmi,kernel-vmi-debuginfo,kernel-vmipae,kernel-vmipae-debuginfo,kernel-xen,kernel-xen-debuginfo,kernel-xenpae,kernel-xenpae-debuginfoPRODUCTS: SLE SDK 10 SP3 for x86,SUSE Linux Enterprise 10 SP3 DEBUGINFO for x86,SUSE Linux Enterprise Desktop 10 SP3 for x86,SUSE Linux Enterprise Server 10 SP3 for x86DESCRIPTION:This update fixes various bugs and some security issues in the SUSE LinuxEnterprise 10 SP 3 kernel.

Following security issues were fixed:CVE-2009-4536: drivers/net/e1000/e1000_main.c in the e1000 driver in theLinux kernel handles Ethernet frames that exceed the MTU by processingcertain trailing payload data as if it were a complete frame, whichallows remote attackers to bypass packet filters via a large packet witha crafted payload.

CVE-2009-4538: drivers/net/e1000e/netdev.c in the e1000e driver in theLinux kernel does not properly check the size of an Ethernet frame thatexceeds the MTU, which allows remote attackers to have an unspecifiedimpact via crafted packets.

CVE-2010-0007: Missing CAP_NET_ADMIN checks in the ebtables netfiltercode might have allowed local attackers to modify bridge firewallsettings.

==============================================================================MD5: 30f07ef6de0dd95483ac654f9d961abbPACKAGES: kernel-default,kernel-default-debuginfo,kernel-iseries64,kernel-iseries64-debuginfo,kernel-kdump,kernel-kdump-debuginfo,kernel-ppc64,kernel-ppc64-debuginfo,kernel-source,kernel-symsPRODUCTS: SLE SDK 10 SP3 for IBM iSeries and IBM pSeries,SUSE Linux Enterprise 10 SP3 DEBUGINFO for IBM POWER,SUSE Linux Enterprise Server 10 SP3 for IBM POWERDESCRIPTION:This update fixes various bugs and some security issues in the SUSE LinuxEnterprise 10 SP 3 kernel.




==============================================================================MD5: 57a3a4a9839eab360dee86a579b868c1PACKAGES: kernel-debug,kernel-debug-debuginfo,kernel-default,kernel-default-debuginfo,kernel-source,kernel-source-debuginfo,kernel-symsPRODUCTS: SLE SDK 10 SP3 for IPF,SUSE Linux Enterprise 10 SP3 DEBUGINFO for IPF,SUSE Linux Enterprise Server 10 SP3 for IPFDESCRIPTION:This update fixes various bugs and some security issues in the SUSE LinuxEnterprise 10 SP 3 kernel.




==============================================================================MD5: 7ab8659e9762f6aa1d31509f781cf439PACKAGES: kernel-debug,kernel-debug-debuginfo,kernel-default,kernel-default-debuginfo,kernel-kdump,kernel-kdump-debuginfo,kernel-smp,kernel-smp-debuginfo,kernel-source,kernel-source-debuginfo,kernel-syms,kernel-xen,kernel-xen-debuginfoPRODUCTS: SLE SDK 10 SP3 for X86-64,SUSE Linux Enterprise 10 SP3 DEBUGINFO for AMD64 and Intel EM64T,SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T,SUSE Linux Enterprise Server 10 SP3 for AMD64 and Intel EM64TDESCRIPTION:This update fixes various bugs and some security issues in the SUSE LinuxEnterprise 10 SP 3 kernel.




==============================================================================MD5: 8b2b60b887db75c09a6f2674ec8bea6ePACKAGES: kernel-default,kernel-default-debuginfo,kernel-source,kernel-symsPRODUCTS: SUSE Linux Enterprise 10 SP3 DEBUGINFO for IBM zSeries 64bit,SUSE Linux Enterprise Server 10 SP3 for IBM zSeries 64bitDESCRIPTION:This update fixes various bugs and some security issues in the SUSE LinuxEnterprise 10 SP 3 kernel.




Mon Jan 25 2010==============================================================================MD5: 1915c5a071fe3232134ef53a4a42aba0PACKAGES: libopenssl-devel,libopenssl0_9_8,openssl,openssl-debuginfo,openssl-debugsource,openssl-docPRODUCTS: openSUSE 11.1DESCRIPTION:

==============================================================================MD5: 1ae6c4e9639b98001a2ac448ab1ed302PACKAGES: libopenssl-devel,libopenssl0_9_8,openssl,openssl-debuginfo,openssl-debugsource,openssl-docPRODUCTS: SLE 11,SLED 11,SLES 11,SLES 11 DEBUGINFODESCRIPTION:Incorrect use of an openssl cleanup function can lead to memoryleaks in applications. For example an ssl enabled web server such asapache that uses php, curl and openssl leaks memory if a SIGHUPsignal was sent to apache. The openssl cleanup function was mademore robust to avoid memory leaks (CVE-2009-4355).

==============================================================================MD5: 206279037214e4a68954e12f6a5d8ab1PACKAGES: openssl,openssl-debuginfo,openssl-devel,openssl-docPRODUCTS: SLE 10 DEBUGINFO SP2,SLE SDK 10 SP2,SLED 10 SP2,SLES 10 SP2DESCRIPTION:Incorrect use of an openssl cleanup function can lead to memoryleaks in applications. For example an ssl enabled web server such asapache that uses php, curl and openssl leaks memory if a SIGHUPsignal was sent to apache. The openssl cleanup function was mademore robust to avoid memory leaks (CVE-2009-4355).

==============================================================================MD5: 373d1722f8baa6f0246e1f1564e17b32PACKAGES: openssl,openssl-debuginfo,openssl-devel,openssl-docPRODUCTS: SLE 10 DEBUGINFO SP3,SLE SDK 10 SP3,SLED 10 SP3,SLES 10 SP3DESCRIPTION:Incorrect use of an openssl cleanup function can lead to memoryleaks in applications. For example an ssl enabled web server such asapache that uses php, curl and openssl leaks memory if a SIGHUPsignal was sent to apache. The openssl cleanup function was mademore robust to avoid memory leaks (CVE-2009-4355).

==============================================================================MD5: 37827d5d85a565d898b03c827aa4bb0dPACKAGES: gzipPRODUCTS: SLED 10 SP2,SLES 10 SP2DESCRIPTION:Specially crafted gzip archives could trigger integer overflows. Attackers could exploit that to crash gzip or potentially execute arbitrary code (CVE-2010-0001). Only 64bit architectures are affected by this flaw.

==============================================================================MD5: 440b3d1daa2c9fed4b99f7865ea3a906PACKAGES: bind,bind-chrootenv,bind-debuginfo,bind-debugsource,bind-devel,bind-doc,bind-libs,bind-utilsPRODUCTS: SLE 11,SLED 11,SLES 11,SLES 11 DEBUGINFODESCRIPTION:bind when configured for DNSSEC could incorrectly cache NXDOMAIN responses (CVE-2010-0097). Moreover, the fix for CVE-2009-4022 was incomplete. Despite the previous fix CNAME and DNAME responses could be incorrectly cached (CVE-2010-0290).

==============================================================================MD5: 5e020c0fdf9bfed4daa27c5a6bdb4f2aPACKAGES: gzipPRODUCTS: SLED 10 SP3,SLES 10 SP3DESCRIPTION:Specially crafted gzip archives could trigger integer overflows. Attackers could exploit that to crash gzip or potentially execute arbitrary code (CVE-2010-0001). Only 64bit architectures are affected by this flaw.

==============================================================================MD5: 61555e3bdebb1ff4f9ac9dfdf0b48711PACKAGES: gzipPRODUCTS: Novell Linux Desktop 9,Novell Linux POS 9,Open Enterprise Server,SLES 9DESCRIPTION:Specially crafted gzip archives could trigger integer overflows. Attackers could exploit that to crash gzip or potentially execute arbitrary code (CVE-2010-0001). Only 64bit architectures are affected by this flaw.

==============================================================================MD5: 8388a149c9d32703af6f0ac8782851c4PACKAGES: gzip,gzip-debuginfo,gzip-debugsourcePRODUCTS: SLED 11,SLES 11,SLES 11 DEBUGINFODESCRIPTION:Specially crafted gzip archives could lead to gzip allocating a too small huffman table. Attackers could exploit that to crash gzip (CVE-2009-2624).

Specially crafted gzip archives could trigger integer overflows. Attackers could exploit that to crash gzip or potentially execute arbitrary code (CVE-2010-0001). Only 64bit architectures are affected by this flaw.

==============================================================================MD5: 92cc3368337b3767a6a4451406360608PACKAGES: acroread,acroread-debuginfoPRODUCTS: SLED 11,SLES 11 DEBUGINFODESCRIPTION:Specially crafted PDF files could crash acroread. Attackers couldexploit that to potentially execute arbitrary code (CVE-2009-3953,CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957,CVE-2009-3958, CVE-2009-3959, CVE-2009-4324).

Acrobat reader was updated to version 9.3 to fix those security issues.

==============================================================================MD5: 97713b441a49675416b27b3eed0fe6e8PACKAGES: bind,bind-chrootenv,bind-debuginfo,bind-debugsource,bind-devel,bind-doc,bind-libs,bind-utilsPRODUCTS: openSUSE 11.1-11.2DESCRIPTION:

==============================================================================MD5: a2862dc82a06968bf258e3bb085ab14bPACKAGES: bind,bind-chrootenv,bind-debuginfo,bind-debugsource,bind-devel,bind-doc,bind-libs,bind-utilsPRODUCTS: openSUSE 11.0DESCRIPTION:

==============================================================================MD5: a45fbe6ee8657c4b02d8a2b5418ad16cPACKAGES: libopenssl-devel,libopenssl0_9_8,libopenssl0_9_8-debuginfo,openssl,openssl-certs,openssl-debuginfo,openssl-debugsource,openssl-docPRODUCTS: openSUSE 11.0-11.2DESCRIPTION:

==============================================================================MD5: cce6f950d887c9dbc2a539986dfc1a53PACKAGES: acroreadPRODUCTS: openSUSE 11.0-11.2DESCRIPTION:

==============================================================================MD5: cf2b0afd8f6b10f16eb564f537758acbPACKAGES: gzip,gzip-debuginfo,gzip-debugsourcePRODUCTS: openSUSE 11.0-11.2DESCRIPTION:

Tue Jan 26 2010==============================================================================MD5: b54d2612ff8b184a832b35aa7639b161PACKAGES: viewvcPRODUCTS: openSUSE 11.2DESCRIPTION:

Fri Jan 29 2010==============================================================================MD5: 1297d8b2abfe71e091e93b8aaf32c101PACKAGES: virtualbox-ose,virtualbox-ose-debuginfo,virtualbox-ose-debugsource,virtualbox-ose-guest-tools,virtualbox-ose-kmp-debug,virtualbox-ose-kmp-default,virtualbox-ose-kmp-desktop,virtualbox-ose-kmp-desktop-debuginfo,virtualbox-ose-kmp-pae,virtualbox-ose-kmp-trace,xorg-x11-driver-virtualbox-osePRODUCTS: openSUSE 11.0-11.2DESCRIPTION:

Mon Feb 01 2010==============================================================================MD5: 0e62c3af8b734325d297f36aa439e519PACKAGES: acroread_jaPRODUCTS: SLED 11DESCRIPTION:Specially crafted PDF files could crash acroread. Attackers couldexploit that to potentially execute arbitrary code (CVE-2009-3953,CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957,CVE-2009-3958, CVE-2009-3959, CVE-2009-4324).

==============================================================================MD5: 10901acbd5408cdc5281942a3f48749dPACKAGES: MozillaFirefox,MozillaFirefox-branding-upstream,MozillaFirefox-debuginfo,MozillaFirefox-debugsource,MozillaFirefox-translations-common,MozillaFirefox-translations-other,mozilla-xulrunner191,mozilla-xulrunner191-debuginfo,mozilla-xulrunner191-debugsource,mozilla-xulrunner191-devel,mozilla-xulrunner191-gnomevfs,mozilla-xulrunner191-translations-common,mozilla-xulrunner191-translations-other,python-xpcom191,python-xpcom191-debuginfoPRODUCTS: openSUSE 11.2DESCRIPTION:

==============================================================================MD5: 2568eceb5f6176299a81e01527909250PACKAGES: mozilla-xulrunner190,mozilla-xulrunner190-debuginfo,mozilla-xulrunner190-devel,mozilla-xulrunner190-gnomevfs,mozilla-xulrunner190-translations,python-xpcom190PRODUCTS: SLE 10 DEBUGINFO SP2,SLE SDK 10 SP2,SLED 10 SP2,SLES 10 SP2DESCRIPTION:Mozilla XULrunner was upgraded to 1.9.0.17 fixing some bugs and regressions.

CVE-2010-0220: The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array.

==============================================================================MD5: 300024d3172356ca0ae65b91542e36fcPACKAGES: mozilla-xulrunner190,mozilla-xulrunner190-debuginfo,mozilla-xulrunner190-debugsource,mozilla-xulrunner190-devel,mozilla-xulrunner190-gnomevfs,mozilla-xulrunner190-translationsPRODUCTS: SLE 11,SLED 11,SLES 11,SLES 11 DEBUGINFODESCRIPTION:Mozilla XULrunner was upgraded to 1.9.0.17 fixing some bugs and regressions.


==============================================================================MD5: 528adddcf9bf5dc8d7fd5111b7629d4fPACKAGES: acroreadPRODUCTS: SLED 10 SP2DESCRIPTION:Specially crafted PDF files could crash acroread. Attackers couldexploit that to potentially execute arbitrary code (CVE-2009-3953,CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957,CVE-2009-3958, CVE-2009-3959, CVE-2009-4324).


==============================================================================MD5: 73bd1b6a089975c2c242ccdaf305c42aPACKAGES: acroread_jaPRODUCTS: SLED 10 SP3DESCRIPTION:Specially crafted PDF files could crash acroread. Attackers couldexploit that to potentially execute arbitrary code (CVE-2009-3953,CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957,CVE-2009-3958, CVE-2009-3959, CVE-2009-4324).

==============================================================================MD5: 77419c0cd60fac7cfc4337f7cf5333f9PACKAGES: MozillaFirefox,MozillaFirefox-debuginfo,MozillaFirefox-debugsource,MozillaFirefox-translations,mozilla-xulrunner191,mozilla-xulrunner191-debuginfo,mozilla-xulrunner191-debugsource,mozilla-xulrunner191-translationsPRODUCTS: SUSE Moblin 2.0DESCRIPTION:Mozilla Firefox was upgraded to 3.5.7 fixing some bugs and regressions.


==============================================================================MD5: 776b8b47d07dc7f9d184e6dc49981f25PACKAGES: NetworkManager-gnome,NetworkManager-gnome-debuginfo,NetworkManager-gnome-debugsourcePRODUCTS: SLED 11,SLES 11,SLES 11 DEBUGINFODESCRIPTION:nm-applet connected to WPA2 Enterprise networks even if the specified CA certificate file didn't exist (CVE-2009-4144).

When editing connections in nm-applet the connection object was exported via DBus disclosing potentially sensitive information to local users (CVE-2009-4145).

==============================================================================MD5: 9087eabeec74919402b9c8cd2c46e6dePACKAGES: NetworkManager-gnome,NetworkManager-gnome-debuginfo,NetworkManager-gnome-debugsourcePRODUCTS: openSUSE 11.0-11.2DESCRIPTION:

==============================================================================MD5: a7dc4cc37271495503154c83476a0d3fPACKAGES: avahi,avahi-devel,avahi-glibPRODUCTS: SLE SDK 10 SP2,SLED 10 SP2DESCRIPTION:The avahi-daemon reflector could cause packet storms when reflecting legacy unicast mDNS traffic (CVE-2009-0758).

==============================================================================MD5: af3b019b054c2108bc5e0192f1063c73PACKAGES: MozillaFirefox,MozillaFirefox-branding-upstream,MozillaFirefox-debuginfo,MozillaFirefox-translations,mozilla-xulrunner191,mozilla-xulrunner191-debuginfo,mozilla-xulrunner191-devel,mozilla-xulrunner191-gnomevfs,mozilla-xulrunner191-translations,python-xpcom191PRODUCTS: SLE 10 DEBUGINFO SP2,SLE SDK 10 SP2,SLED 10 SP2,SLES 10 SP2DESCRIPTION:Mozilla Firefox was upgraded to 3.5.7 fixing some bugs and regressions.


==============================================================================MD5: b04bab26d5032d6ebaf5024421d826fbPACKAGES: MozillaFirefox,MozillaFirefox-branding-upstream,MozillaFirefox-debuginfo,MozillaFirefox-debugsource,MozillaFirefox-translations,mozilla-xulrunner190,mozilla-xulrunner190-debuginfo,mozilla-xulrunner190-debugsource,mozilla-xulrunner190-devel,mozilla-xulrunner190-gnomevfs,mozilla-xulrunner190-translations,python-xpcom190PRODUCTS: openSUSE 11.0-11.1DESCRIPTION:

==============================================================================MD5: b6a9313e49b43726b07c7c0404de0ff8PACKAGES: acl,acl-debuginfo,acl-debugsource,libacl,libacl-develPRODUCTS: openSUSE 11.0-11.1DESCRIPTION:

==============================================================================MD5: c3933fedd02a93f5348103c05533810ePACKAGES: MozillaFirefox,MozillaFirefox-debuginfo,MozillaFirefox-debugsource,MozillaFirefox-translations,mozilla-xulrunner191,mozilla-xulrunner191-debuginfo,mozilla-xulrunner191-debugsource,mozilla-xulrunner191-devel,mozilla-xulrunner191-gnomevfs,mozilla-xulrunner191-translationsPRODUCTS: SLE 11,SLED 11,SLES 11,SLES 11 DEBUGINFODESCRIPTION:Mozilla Firefox was upgraded to 3.5.7 fixing some bugs and regressions.


==============================================================================MD5: d926b913c14cd4eac4ae89a8e4602ba6PACKAGES: mozilla-xulrunner190,mozilla-xulrunner190-debuginfo,mozilla-xulrunner190-debugsourcePRODUCTS: SUSE Moblin 2.0DESCRIPTION:Mozilla XULrunner was upgraded to 1.9.0.17 fixing some bugs and regressions.


==============================================================================MD5: da56ca86da85ef606f70a983d233b213PACKAGES: libthai,libthai-debuginfo,libthai-debugsource,libthai-develPRODUCTS: SLE 11,SLES 11 DEBUGINFODESCRIPTION:very long strings could lead to a heap buffer overflow in libthai (CVE-2009-4012)

==============================================================================MD5: dad5d10952b85be36dde7d43721be905PACKAGES: avahi,avahi-compat-howl-devel,avahi-compat-mDNSResponder-devel,avahi-debuginfo,avahi-debugsource,avahi-lang,avahi-utils,avahi-utils-gtk,libavahi-client3,libavahi-common3,libavahi-core5,libavahi-devel,libavahi-glib-devel,libavahi-glib1,libavahi-gobject-devel,libavahi-gobject0,libavahi-ui0,libdns_sd,libhowl0,python-avahiPRODUCTS: openSUSE 11.0-11.1DESCRIPTION:

==============================================================================MD5: dc54ee1b47999122c311e1e4e28dcdb9PACKAGES: acroread_jaPRODUCTS: SLED 10 SP2DESCRIPTION:Specially crafted PDF files could crash acroread. Attackers couldexploit that to potentially execute arbitrary code (CVE-2009-3953,CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957,CVE-2009-3958, CVE-2009-3959, CVE-2009-4324).

==============================================================================MD5: e0375f6a4697591175520d61a8dd7b70PACKAGES: mozilla-xulrunner190,mozilla-xulrunner190-debuginfo,mozilla-xulrunner190-devel,mozilla-xulrunner190-gnomevfs,mozilla-xulrunner190-translations,python-xpcom190PRODUCTS: SLE 10 DEBUGINFO SP3,SLE SDK 10 SP3,SLED 10 SP3,SLES 10 SP3DESCRIPTION:Mozilla XULrunner was upgraded to 1.9.0.17 fixing some bugs and regressions.


==============================================================================MD5: e120e08caae007ef5da62938c4998230PACKAGES: acroreadPRODUCTS: SLED 10 SP3DESCRIPTION:Specially crafted PDF files could crash acroread. Attackers couldexploit that to potentially execute arbitrary code (CVE-2009-3953,CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957,CVE-2009-3958, CVE-2009-3959, CVE-2009-4324).


==============================================================================MD5: e3449d21d93e94ca21dab3032a76a26dPACKAGES: avahi,avahi-devel,avahi-glibPRODUCTS: SLE SDK 10 SP3,SLED 10 SP3,SLES 10 SP3DESCRIPTION:The avahi-daemon reflector could cause packet storms when reflecting legacy unicast mDNS traffic (CVE-2009-0758).

==============================================================================MD5: e62a04513f7f4a262e1c7a10a38b46e8PACKAGES: avahi,avahi-compat-howl-devel,avahi-compat-mDNSResponder-devel,avahi-debuginfo,avahi-debugsource,avahi-lang,libavahi-client3,libavahi-common3,libavahi-core5,libavahi-devel,libdns_sd,libhowl0,python-avahiPRODUCTS: SLE 11,SLED 11,SLES 11,SLES 11 DEBUGINFODESCRIPTION:The avahi-daemon reflector could cause packet storms when reflecting legacy unicast mDNS traffic (CVE-2009-0758).

==============================================================================MD5: f9103589486f0a989bea800ed2b2ea23PACKAGES: MozillaFirefox,MozillaFirefox-branding-upstream,MozillaFirefox-debuginfo,MozillaFirefox-translations,mozilla-xulrunner191,mozilla-xulrunner191-debuginfo,mozilla-xulrunner191-devel,mozilla-xulrunner191-gnomevfs,mozilla-xulrunner191-translations,python-xpcom191PRODUCTS: SLE 10 DEBUGINFO SP3,SLE SDK 10 SP3,SLED 10 SP3,SLES 10 SP3DESCRIPTION:Mozilla Firefox was upgraded to 3.5.7 fixing some bugs and regressions.


==============================================================================MD5: fec58df171cc71f8af1763e5afae9a8ePACKAGES: libthai,libthai-debuginfo,libthai-debugsource,libthai-develPRODUCTS: openSUSE 11.0-11.2DESCRIPTION:

==============================================================================MD5: fef3a822e18985ac5eff08598984741ePACKAGES: acl,acl-debuginfo,acl-debugsource,libacl,libacl-develPRODUCTS: SLE 11,SLED 11,SLES 11,SLES 11 DEBUGINFODESCRIPTION:the setfacl tool followed symbolic links in recursive (-R) mode even if the --physical (-P) option was specified (CVE-2009-4411).

Tue Feb 02 2010==============================================================================MD5: b6c393b7824be70f6fe978da077b8735PACKAGES: acroread,acroread-debuginfoPRODUCTS: SUSE Moblin 2.0DESCRIPTION:Specially crafted PDF files could crash acroread. Attackers couldexploit that to potentially execute arbitrary code (CVE-2009-3953,CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957,CVE-2009-3958, CVE-2009-3959, CVE-2009-4324).


==============================================================================MD5: f1ed5706f5031275bd4d15784f3692adPACKAGES: fuse,fuse-debuginfo,fuse-debugsource,fuse-devel,libfuse2PRODUCTS: SLE 11,SLED 11,SLES 11,SLES 11 DEBUGINFODESCRIPTION:A race condition in fusermount allowed users to umount any filesystem (CVE-2009-3297).

Thu Feb 04 2010==============================================================================MD5: 0e38893ae48531

users.suse.comusers.suse.com/~meissner/updates/2010.txt · 2015-03-10mon jan 04 2010 ===== md5:...

Documents