Articles / SuSE

All articles tagged with SuSE

March 28, 2012 06:57 SuSE: New libpng12 packages fix security vulnerabilities

0

A heap-based buffer overflow in libpng was fixed that could potentially be exploited by attackers to execute arbitrary code or cause an application to crash. Updated packages are available from download.opensuse.org.

March 26, 2012 11:50 SuSE: New csound packages fix security vulnerabilities

0

This update of csound fixes two stack-based buffer overflows that could be exploited via malformed hetro and pvoc files. Updated packages are available from download.opensuse.org.

March 22, 2012 09:22 SuSE: New Mozilla packages fix remote vulnerabilities

0

Mozilla Firefox was updated to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code. Updated packages are available from download.opensuse.org.

March 22, 2012 09:21 SuSE: New flash-player packages fix security vulnerabilities

0

This version upgrade of flash-player fixes multiple security issues that could potentially be exploited to cause a crash or even execute arbitrary code. Updated packages are available from download.opensuse.org.

March 22, 2012 09:19 SuSE: New XULrunner packages fix security issues

0

Mozilla XULRunner was updated to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code. Updated packages are available from download.opensuse.org.

March 02, 2012 07:44 SuSE: New flash-player packages fix security vulnerabilities

0

flash-player was updated to fix various security issues, some already exploited in the wild. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update also resolves a universal cross-site scripting vulnerability that could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website. Updated packages are available from download.opensuse.org.

February 26, 2012 14:23 SuSE: New Firefox packages fix security vulnerability

0

MozillaFirefox was updated to 10.0.1 to fix a security issue. Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable. Updated packages are available from download.opensuse.org.

February 23, 2012 13:02 SuSE: New Firefox packages fix security vulnerability

0

MozillaFirefox was updated to 10.0.1 to fix a security issue. Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. Updated packages are available from download.opensuse.org.

February 19, 2012 17:12 SuSE: New Firefox packages fix security vulnerabilities

0

Mozilla Firefox was updated to version 10 to fix bugs and security issues. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Researchers reported memory safety problems that were fixed in Firefox 10. Jesse Ruderman and Bob Clary reported memory safety problems that were fixed.

For historical reasons Firefox has been generous in its interpretation of web addresses containing square brackets around the host. If this host was not a valid IPv6 literal address, Firefox attempted to interpret the host as a regular domain name. Gregory Fleischer reported that requests made using IPv6 syntax using XMLHttpRequest objects through a proxy may generate errors depending on proxy configuration for IPv6. The resulting error messages from the proxy may disclose sensitive data because Same-Origin Policy (SOP) will allow the XMLHttpRequest object to read these error messages, allowing user privacy to be eroded. Alex Dvorov reported that an attacker could replace a sub-frame in another domain’s document by using the name attribute of the sub-frame as a form submission target. This can potentially allow for phishing attacks against users and violates the HTML5 frame navigation policy.

Security researcher regenrecht reported that removed child nodes of nsDOMAttribute can be accessed under certain circumstances because of a premature notification of AttributeChildRemoved. This use-after-free of the child nodes could possibly allow for for remote code execution. Mozilla security researcher moz_bug_r_a4 reported that frame scripts bypass XPConnect security checks when calling untrusted objects. This allows for cross-site scripting (XSS) attacks through web pages and Firefox extensions. The fix enables the Script Security Manager (SSM) to force security checks on all frame scripts. Mozilla developer Tim Abraldes reported that when encoding images as image/vnd.microsoft.icon the resulting data was always a fixed size, with uninitialized memory appended as padding beyond the size of the actual image. This is the result of mImageBufferSize in the encoder being initialized with a value different than the size of the source image. There is the possibility of sensitive data from uninitialized memory being appended to a PNG image when converted fron an ICO format image. This sensitive data may then be disclosed in the resulting image.

Security researcher regenrecht reported the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution. Security researchers Nicolas Gregoire and Aki Helin independently reported that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to a memory corruption. While there is no evidence that this is directly exploitable, there is a possibility of remote code execution. magicant starmen reported that if a user chooses to export their Firefox Sync key the “Firefox Recovery Key.html” file is saved with incorrect permissions, making the file contents potentially readable by other users on Linux and OS X systems.

Updated packages are available from download.opensuse.org.

February 19, 2012 17:08 SuSE: New Linux kernel packages fix security vulnerabilities

0

The openSUSE 11.4 kernel was updated to fix bugs and security issues. If root does read() on a specific socket, it’s possible to corrupt (kernel) memory over the network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used. Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. Multiple kernel information leaks via ip_tables, netfilter, and arp_tables were fixed.

The inet_diag_bc_audit function did not properly audit INET_DIAG bytecode, which allowed local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message. A buffer overflow in the clusterip_proc_write function might have allowed local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating ‘\0’ character. An integer underflow in the dccp_parse_options function allowed remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggered a buffer over-read.

The skb_gro_header_slow function, when Generic Receive Offload (GRO) is enabled, reset certain fields in incorrect situations, which allowed remote attackers to cause a denial of service (system crash) via crafted network traffic. A kernel information leak in the AF_PACKET protocol was fixed which might have allowed local attackers to read kernel memory. A local denial of service when using bridged networking via a flood ping was fixed.

A NULL ptr dereference on mounting corrupt hfs filesystems was fixed which could be used by local attackers to crash the kernel. Using the crypto interface a local user could Oops the kernel by writing to a AF_ALG socket.

Updated packages are available from download.opensuse.org.

February 17, 2012 09:39 SuSE: New nginx packages fix security vulnerabilities

0

A flaw in the custom DNS resolver of nginx could lead to a heap based buffer overflow which could potentially allow attackers to execute arbitrary code or to cause a Denial of Service. Updated packages are available from download.opensuse.org.

February 17, 2012 09:38 SuSE: New X.org packages fix security vulnerabilities

0

The X server had two security issues and one bug that is fixed by this update. It is possible for a local attacker to deduce if a file exists or not by exploiting the way that Xorg creates its lock files. It is possible for a non-root local user to set the read permission for all users on any file or directory. Updated packages are available from download.opensuse.org.

February 17, 2012 09:36 SuSE: New Firefox packages fix remote denial of service

0

Mozilla Firefox was updated to 3.6.26 fixing bugs and security issues. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman and Bob Clary reported memory safety problems that were fixed in both Firefox 10 and Firefox 3.6.26.

For historical reasons Firefox has been generous in its interpretation of web addresses containing square brackets around the host. If this host was not a valid IPv6 literal address, Firefox attempted to interpret the host as a regular domain name. Gregory Fleischer reported that requests made using IPv6 syntax using XMLHttpRequest objects through a proxy may generate errors depending on proxy configuration for IPv6. The resulting error messages from the proxy may disclose sensitive data because Same-Origin Policy (SOP) will allow the XMLHttpRequest object to read these error messages, allowing user privacy to be eroded. Firefox now enforces RFC 3986 IPv6 literal syntax and that may break links written using the non-standard Firefox-only forms that were previously accepted.

Security researcher regenrecht reported that removed child nodes of nsDOMAttribute can be accessed under certain circumstances because of a premature notification of AttributeChildRemoved. This use-after-free of the child nodes could possibly allow for for remote code execution. Security researcher regenrecht reported the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution. Security researchers Nicolas Gregoire and Aki Helin independently reported that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to a memory corruption. While there is no evidence that this is directly exploitable, there is a possibility of remote code execution.

Updated packages are available from download.opensuse.org.

February 17, 2012 09:32 SuSE: New Linux kernel packages fix security vulnerabilities

0

The openSUSE 11.3 kernel was updated to fix various bugs and security issues. If root does read() on a specific socket, it’s possible to corrupt (kernel) memory over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used. A flaw allowed the tc_fill_qdisc() function in the packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could have used this flaw to trigger a NULL pointer dereference, resulting in a denial of service. Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.

The inet_diag_bc_audit function did not properly audit INET_DIAG bytecode, which allowed local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message. The Generic Receive Offload (GRO) implementation allowed remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to a memory leak or memory corruption. A buffer overflow in the clusterip_proc_write function might have allowed local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating ‘\0’ character.

An integer underflow in the dccp_parse_options function allowed remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggered a buffer over-read. The skb_gro_header_slow function reset certain fields in incorrect situations, which allowed remote attackers to cause a denial of service (system crash) via crafted network traffic.

A kernel information leak in the AF_PACKET protocol was fixed which might have allowed local attackers to read kernel memory. A NULL ptr dereference on mounting corrupt hfs filesystems was fixed which could be used by local attackers to crash the kernel. Using the crypto interface a local user could Oops the kernel by writing to a AF_ALG socket.

Updated packages are available from download.opensuse.org.

February 17, 2012 09:30 SuSE: New XULrunner packages fix security issues

0

Mozilla XULrunner was updated to 1.9.2.26 security update, fixing security issues and bugs. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman and Bob Clary reported memory safety problems that were fixed in both Firefox 10 and Firefox 3.6.26.

For historical reasons Firefox has been generous in its interpretation of web addresses containing square brackets around the host. If this host was not a valid IPv6 literal address, Firefox attempted to interpret the host as a regular domain name. Gregory Fleischer reported that requests made using IPv6 syntax using XMLHttpRequest objects through a proxy may generate errors depending on proxy configuration for IPv6. Security researcher regenrecht reported that removed child nodes of nsDOMAttribute can be accessed under certain circumstances because of a premature notification of AttributeChildRemoved. This use-after-free of the child nodes could possibly allow for for remote code execution.

Security researcher regenrecht reported the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution. Security researchers Nicolas Gregoire and Aki Helin independently reported that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to a memory corruption. While there is no evidence that this is directly exploitable, there is a possibility of remote code execution.

Updated packages are available from download.opensuse.org.

February 13, 2012 06:38 SuSE: New Apache packages fix security vulnerabilities

0

This update fixes a regression in parameter passing (in urldecoding of parameters that contain spaces). In addition, the HTTP Digest Access Authentication implementation does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value. The HTTP Digest Access Authentication implementation does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements.

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string.

Updated packages are available from download.opensuse.org.

February 13, 2012 06:34 SuSE: New Linux kernel packages fix security vulnerabilities

0

The SUSE Linux Enterprise 11 SP1 kernel was updated to 2.6.32.54, fixing lots of bugs and security issues. A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. Fix a NULL pointer deref in the user-defined key type, which allowed local attackers to Oops the kernel. Avoid potential NULL pointer deref in ghash, which allowed local attackers to Oops the kernel. Fixed a memory corruption possibility in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image.

A overflow in the xfs acl handling was fixed that could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. A flaw in the ext3/ext4 filesystem allowed a local attacker to crash the kernel by getting a prepared ext3/ext4 filesystem mounted. Access to the taskstats /proc file was restricted to avoid local attackers gaining knowledge of IO of other users (and so effecting side-channel attacks for e.g. guessing passwords by typing speed).

When using X.25 communication a malicious sender could corrupt data structures, causing crashes or potential code execution. When using X.25 communication a malicious sender could make the machine leak memory, causing crashes. A remote denial of service due to a NULL pointer dereference by using IPv6 fragments was fixed.

Updated packages are available from download.opensuse.org.

February 10, 2012 07:04 SuSE: New Linux kernel packages fix security vulnerabilities

0

The SUSE Linux Enterprise 11 SP1 kernel has been updated to 2.6.32.54, fixing numerous bugs and security issues. A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. Fixed a NULL pointer deref in the user-defined key type, which allowed local attackers to Oops the kernel. Avoid potential NULL pointer deref in ghash, which allowed local attackers to Oops the kernel.

Fixed a memory corruption possibility in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. An overflow in the xfs acl handling was fixed that could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. A flaw in the ext3/ext4 filesystem allowed a local attacker to crash the kernel by getting a prepared ext3/ext4 filesystem mounted.

Access to the taskstats /proc file was restricted to avoid local attackers gaining knowledge of IO of other users (and so effecting side-channel attacks for e.g. guessing passwords by typing speed). When using X.25 communication a malicious sender could corrupt data structures, causing crashes or potential code execution. When using X.25 communication a malicious sender could make the machine leak memory, causing crashes.

A remote denial of service due to a NULL pointer dereference by using IPv6 fragments was fixed.

Updated packages are available from download.opensuse.org.

January 26, 2012 07:11 SuSE: New libxml2 packages fix security vulnerabilities

0

A heap-based buffer overflow during decoding of entity references with overly long names has been fixed in libxml2. Updated packages are available from download.opensuse.org.

January 19, 2012 20:03 SuSE: New libxml2 packages fix security vulnerability

0

A heap-based buffer overflow during decoding of entity references with overly long names has been fixed in libxml2. Updated packages are available from download.opensuse.org.

January 19, 2012 20:02 SuSE: New libqt4 packages fix security vulnerability

0

A stack-based buffer overflow in the glyph handling of libqt4’s harfbuzz has been fixed. Updated packages are available from download.opensuse.org.

January 17, 2012 07:10 SuSE: New OpenSSL packages fix security vulnerabilities

0

Various security vulnerabilities have been fixed in OpenSSL, including a DTLS plaintext recovery attack, a double-free issue in Policy Checks, an uninitialized SSL 3.0 padding, an assertion failutre related to malformed RFC 3779 data, and an SGC restart DoS attack. Updated packages are available from download.opensuse.org.

January 07, 2012 15:56 SuSE: New Kerberos packages fix security vulnerabilities

0

This update of krb5 fixes two security issues. A remote code execution in the kerberized telnet daemon was fixed. Unauthorized file access problems in the krb5 ftpd were fixed. Updated packages are available from download.opensuse.org.

January 07, 2012 15:54 SuSE: New freetype2 packages fix security vulnerabilities

0

This update of freetype2 fixes multiple security flaws that could allow attackers to cause a denial of service or to execute arbitrary code via specially crafted fonts Updated packages are available from download.opensuse.org.

January 07, 2012 15:53 SuSE: New OpenSSL packages fix security vulnerabilities

0

This update improves the ClientHello handshake message parsing function in OpenSSL. Prior to this update is was possible that this function reads beyond the end of a message leading to invalid memory access and a crash. Under some circumstances it was possible that information from the OCSP extensions was disclosed. Updated packages are available from download.opensuse.org.

December 21, 2011 06:39 SuSE: New Linux kernel packages fix security vulnerabilities

0

The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.49 and fixes various bugs and security issues. The TCP/IP initial sequence number generation effectively only used 24 bits of 32 to generate randomness, making a brute force man-in-the-middle attack on TCP/IP connections feasible. The generator was changed to use full 32bit randomness. Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. A NULL ptr dereference on mounting corrupt hfs filesystems was fixed which could be used by local attackers to crash the kernel.

Added a kernel option to ensure ecryptfs is mounting only on paths belonging to the current ui, which would have allowed local attackers to potentially gain privileges via symlink attacks. The Generic Receive Offload (GRO) implementation in the Linux kernel allowed remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to a memory leak or memory corruption. A name overflow in the hfs filesystem was fixed, where mounting a corrupted hfs filesystem could lead to a stack overflow and code execution in the kernel. This requires a local attacker to be able to mount hfs filesystems.

A bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. Updated packages are available from download.opensuse.org.

December 17, 2011 15:30 SuSE: Security update for freetype2

0

This update of freetype2 fixes multiple security flaws that could allow attackers to cause a denial of service or to execute arbitrary code via specially crafted fonts. Updated packages are available from download.opensuse.org.

December 07, 2011 07:41 SuSE: New nginx packages fix security issue

0

A flaw in the custom DNS resolver of nginx could lead to a heap based buffer overflow which could potentially allow attackers to execute arbitrary code or to cause a Denial of Service. Updated packages are available from download.opensuse.org.

December 07, 2011 07:39 SuSE: New xorg-x11-libs packages fix security issue

0

Specially crafted font files could cause a buffer overflow in applications that use libXfont to load such files. Updated packages are available from download.opensuse.org.

November 27, 2011 13:10 SuSE: New bind packages fix remote denial of service

0

This update for bind fixes the issue that specially crafted DNS queries could crash the bind name server. Updated packages are available from download.opensuse.org.

Screenshot

Project Spotlight

milter manager

A flexible and low administrative cost anti-spam system.

Screenshot

Project Spotlight

PyQt

Python bindings for the Qt GUI toolkit