Articles / SuSE

All articles tagged with SuSE

November 25, 2011 10:41 SuSE: New acroread packages fix security vulnerabilities

0

acrobat reader was updated to version 9.4.6 to fix several security issues that could allow attackers to execute arbitrary code or to cause a denial of service via specially crafted PDF documents. Updated packages are available from download.opensuse.org.

November 21, 2011 10:10 SuSE: New flash-player packages fix remote code execution

0

flash-player was updated to version 11.1.102.55 to fix multiple security vulnerabilities that could be exploited by attackers to execute arbitrary code or to cause a denial of service via specially crafted flash content. Updated packages are available from download.opensuse.org.

November 15, 2011 07:24 SuSE: New apache2 packages fix security issues

0

This update fixes several security issues in the Apache2 webserver. The severe ByteRange remote denial of service attack was fixed, configuration options used by upstream were added. Allow MaxRanges Number of ranges requested, if exceeded, the complete content is served. Two fnmatch denial of service attacks were fixed that could exhaust the servers memory. Another memoryleak was fixed that could exhaust httpd server memory via unspecified methods. This update also includes fixes a fix for a mod_proxy reverse exposure via RewriteRule or ProxyPassMatch directives. Updated packages are available from download.opensuse.org.

November 07, 2011 15:09 SuSE: New Apache 2 packages fix security vulnerabilities

0

This update fixes a remote denial of service bug (memory exhaustion) in the Apache 2 HTTP server, that could be triggered by remote attackers using multiple overlapping Request Ranges . It fixes also the minor security issue in the mod_cache modules in the Apache HTTP Server that allowed remote attackers to cause a denial of service (process crash) via a request that lacks a path. Updated packages are available from download.opensuse.org.

November 07, 2011 15:07 SuSE: New Apache packages fix security vulnerabilities

0

This update brings Apache to version 2.2.12. The main reason is the enablement of the Server Name Indication (SNI) that allows several SSL-enabled domains on one IP address. Updated packages are available from download.opensuse.org.

November 07, 2011 14:57 SuSE: New pam packages fix security vulnerabilities

0

The pam_env module is vulnerable to a stack overflow and a DoS condition when parsing users .pam_environment files. Additionally a missing return value check inside pam_xauth has been fixed. Updated packages are available from download.opensuse.org.

November 05, 2011 20:21 SuSE: New rpm packages fix security vulnerabilities

0

Specially crafted RPM packages could have caused memory corruption in rpm when verifying signatures. Updated packages are available from download.opensuse.org.

November 05, 2011 20:20 SuSE: New pam packages fix security vulnerabilities

0

The pam_env module is vulnerable to a stack overflow and a DoS condition when parsing users .pam_environment files. Updated packages are available from download.opensuse.org.

November 01, 2011 06:15 SuSE: New Linux kernel packages fix security vulnerabilities

0

This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. A USB string descriptor overflow in the auerwald USB driver was fixed, which could be used by physically proximate attackers to cause a kernel crash. Always check the path in CIFS mounts to avoid interesting filesystem path interaction issues and potential crashes. A malicious CIFS server could cause a integer overflow on the local machine on directory index operations, in turn causing memory corruption. The is_gpt_valid function did not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allowed physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device. Updated packages are available from download.opensuse.org.

October 26, 2011 09:23 SuSE: New Opera packages fix security vulnerability

0

This update of Opera fixes a memory flaw in the code that processes SVG content which could be exploited by attackers to execute arbitrary code through specially crafted websites. Updated packages are available from download.opensuse.org.

October 24, 2011 06:44 SuSE: New ldns packages fix security vulnerabilities

0

A boundary error in ldns_rr_new_frm_str_internal() could lead to a heap-based buffer overfow when processing RR records. Updated packages are available from download.opensuse.org.

October 20, 2011 14:42 SuSE: New Linux kernel packages fix security vulnerabilities

0

The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.46 and fixes various bugs and security issues. A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies to the host. In the fuse filesystem, FUSE_NOTIFY_INVAL_ENTRY did not check the length of the write so the message processing could overrun and result in a BUG_ON() in fuse_copy_fill(). This flaw could be used by local users able to mount FUSE filesystems to crash the system. The befs_follow_link function did not validate the length attribute of long symlinks, which allowed local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem. Updated packages are available from download.opensuse.org.

October 14, 2011 06:42 SuSE: New Linux kernel packages fix remote denial of service

0

The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.46 and fixes various bugs and security issues. A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies to the host. In the fuse filesystem, FUSE_NOTIFY_INVAL_ENTRY did not check the length of the write so the message processing could overrun and result in a BUG_ON() in fuse_copy_fill(). This flaw could be used by local users able to mount FUSE filesystems to crash the system. The befs_follow_link function in did not validate the length attribute of long symlinks, which allowed local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem. Updated packages are available from download.opensuse.org.

October 12, 2011 05:57 SuSE: New Firefox packages fix remote code execution

0

Mozilla Firefox was updated to version 3.6.23, fixing various bugs and security issues. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported memory safety problems that affected Firefox 3.6 and Firefox 6. Josh Aas reported a potential crash in the plugin API that affected Firefox 3.6 only.

Mark Kaplan reported a potentially exploitable crash due to integer underflow when using a large JavaScript RegExp expression. Mozilla developer Boris Zbarsky reported that a frame named “location” could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. Because some plugins use the value of window.location to determine the page origin this could fool the plugin into granting the plugin content access to another site or the local file system in violation of the Same Origin Policy. Ian Graham of Citrix Online reported that when multiple Location headers were present in a redirect response Mozilla behavior differed from other browsers: Mozilla would use the second Location header while Chrome and Internet Explorer would use the first. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server.

Mariusz Mlynski reported that if you could convince a user to hold down the Enter key–as part of a game or test, perhaps–a malicious page could pop up a download dialog where the held key would then activate the default Open action. For some file types this would be merely annoying (the equivalent of a pop-up) but other file types have powerful scripting capabilities. And this would provide an avenue for an attacker to exploit a vulnerability in applications not normally exposed to potentially hostile internet content.

Updated packages are available from download.opensuse.org.

October 10, 2011 09:40 SuSE: New Firefox packages fix remote denial of service

0

Mozilla Thunderbird was updated to version 3.1.14, fixing various bugs and security issues. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported memory safety problems that affected Firefox 3.6 and Firefox 6. Security researchers reported memory safety problems that affected Firefox 6, fixed in Firefox 7.

Mozilla developer Boris Zbarsky reported that a frame named “location” could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. Because some plugins use the value of window.location to determine the page origin this could fool the plugin into granting the plugin content access to another site or the local file system in violation of the Same Origin Policy. Ian Graham of Citrix Online reported that when multiple Location headers were present in a redirect response Mozilla behavior differed from other browsers: Mozilla would use the second Location header while Chrome and Internet Explorer would use the first. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server. Most commonly it is the Location header itself that is vulnerable to the response splitting and therefore the copy preferred by Mozilla is more likely to be the malicious one. The Mozilla browser engine has been changed to treat two copies of this header with different values as an error condition. The same has been done with the headers Content-Length and Content-Disposition.

Mariusz Mlynski reported that if you could convince a user to hold down the Enter key–as part of a game or test, perhaps–a malicious page could pop up a download dialog where the held key would then activate the default Open action. For some file types this would be merely annoying (the equivalent of a pop-up) but other file types have powerful scripting capabilities. And this would provide an avenue for an attacker to exploit a vulnerability in applications not normally exposed to potentially hostile internet content. Security researcher Aki Helin reported a potentially exploitable crash in the YARR regular expression library used by JavaScript.

sczimmer reported that Firefox crashed when loading a particular .ogg file. This was due to a use-after-free condition and could potentially be exploited to install malware. Updated packages are available from download.opensuse.org.

October 04, 2011 19:30 SuSE: New Firefox packages fix security vulnerability

0

Mozilla Firefox was updated to version 3.6.23, fixing various bugs and security issues. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported memory safety problems. Josh Aas reported a potential crash in the plugin API. Mark Kaplan reported a potentially exploitable crash due to integer underflow when using a large JavaScript RegExp expression.

Mozilla developer Boris Zbarsky reported that a frame named “location” could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. Ian Graham of Citrix Online reported that when multiple Location headers were present in a redirect response Mozilla behavior differed from other browsers. Mariusz Mlynski reported that if you could convince a user to hold down the Enter key–as part of a game or test, perhaps–a malicious page could pop up a download dialog where the held key would then activate the default Open action.

Updated packages are available from download.opensuse.org.

October 04, 2011 19:26 SuSE: New Mozilla XULRunner packages fix security vulnera...

0

Mozilla XULRunner was updated to version 1.9.2.23, fixing various bugs and security issues. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported memory safety problems that affected Firefox 3.6 and Firefox 6. Josh Aas reported a potential crash in the plugin API that affected Firefox 3.6 only.

Mark Kaplan reported a potentially exploitable crash due to integer underflow when using a large JavaScript RegExp expression. We would also like to thank Mark for contributing the fix for this problem. Mozilla developer Boris Zbarsky reported that a frame named “location” could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. Because some plugins use the value of window.location to determine the page origin this could fool the plugin into granting the plugin content access to another site or the local file system in violation of the Same Origin Policy.

Ian Graham of Citrix Online reported that when multiple Location headers were present in a redirect response Mozilla behavior differed from other browsers. The Mozilla browser engine has been changed to treat two copies of this header with different values as an error condition. The same has been done with the headers Content-Length and Content-Disposition. Mariusz Mlynski reported that if you could convince a user to hold down the Enter key–as part of a game or test, perhaps–a malicious page could pop up a download dialog where the held key would then activate the default Open action.

Updated packages are available from download.opensuse.org.

October 01, 2011 00:14 SuSE: New quagga packages fix denial of service

0

This update fixes various security issues, including a buffer overflow while decoding Link State Update with Inter Area Prefix Lsa, a DoS while decoding Database Description packets, a DoS while decoding Hello packets, a DoS while decoding Link State Updates, and a DoS while decoding EXTENDED_COMMUNITIES in Quagga’s BGP. Updated packages are available from download.opensuse.org.

September 26, 2011 06:12 SuSE: New flash-player packages fix security vulnerabilities

0

This update resolves a universal cross-site scripting issue that could be used to take actions on a user’s behalf on any website or webmail provider if the user visits a malicious website, an AVM stack overflow issue that may allow for remote code execution, an AVM stack overflow issue that may lead to denial of service and code execution, a logic error issue which causes a browser crash and may lead to code execution, a Flash Player security control bypass which could allow information disclosure, and a streaming media logic error vulnerability which could lead to code execution. Updated packages are available from download.opensuse.org.

September 23, 2011 11:43 SuSE: New Linux kernel packages fix security vulnerabilities

0

This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs. A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies to the host. Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access could gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table. The dccp_rcv_state_process function in the Datagram Congestion Control Protocol (DCCP) implementation did not properly handle packets for a CLOSED endpoint, which allowed remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet.

An integer overflow in the agp_generic_insert_memory function allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. Multiple integer overflows in the agp_allocate_memory and agp_create_user_memory functions allowed local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. The agp_generic_remove_memory function did not validate a certain start parameter, which allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call.

The do_task_stat function did not perform an expected uid check, which made it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow. However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition. A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance.

The code for evaluating LDM partitions contained bugs that could crash the kernel for certain corrupted LDM partitions. When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users. Updated packages are available from download.opensuse.org.

September 23, 2011 11:38 SuSE: New Linux kernel packages fix security vulnerabilities

0

This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs. A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies to the host. Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access could gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table. The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel did not properly handle packets for a CLOSED endpoint, which allowed remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet.

Integer overflow in the agp_generic_insert_memory function in allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. Multiple integer overflows in the agp_allocate_memory and agp_create_user_memory functions in allowed local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. The agp_generic_remove_memory function in did not validate a certain start parameter, which allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call.

The do_task_stat function did not perform an expected uid check, which made it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow. However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition. A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance.

The code for evaluating LDM partitions contained bugs that could crash the kernel for certain corrupted LDM partitions. When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users. Updated packages are available from download.opensuse.org.

September 18, 2011 13:39 SuSE: New libXfont packages fix security vulnerability

0

Specially crafted font files could cause a buffer overflow in applications that use libXfont to load such files. Updated packages are available from download.opensuse.org.

September 11, 2011 14:18 SuSE: New pure-ftpd packages fix remote denial of service

0

The OES Netware add-ons in pure-ftpd had a security problem and some bugs, which are fixed by this update. A local attacker could overwrite local files when the OES remote server feature of pure-ftpd is enabled due to a directory traversal. Updated packages are available from download.opensuse.org.

September 10, 2011 10:54 SuSE: New pure-ftpd packages fix security issue

0

The OES Netware add-ons in pure-ftpd had a security problem. A local attacker could overwrite local files when the OES remote server feature of pure-ftpd is enabled due to a directory traversal. Updated packages are available from download.opensuse.org.

September 10, 2011 10:49 SuSE: New squid3 packages fix remote denial of service

0

This update of squid3 fixes a buffer overflow vulnerability in the Gopher reply parser code. Updated packages are available from download.opensuse.org.

September 09, 2011 13:42 SuSE: New Linux kernel packages fix remote denial of service

0

This update fixes a remote denial of service bug (memory exhaustion) in the Apache 2 HTTP server, that could be triggered by remote attackers using multiple overlapping Request Ranges. It also fixes an issue in mod_dav, where the mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x allowed remote attackers to cause a denial of service (process crash) via a request that lacks a path. Updated packages are available from download.opensuse.org.

September 09, 2011 13:40 SuSE: New apache2 packages fix remote denial of service

0

This update fixes a remote denial of service bug (memory exhaustion) in the Apache 2 HTTP server, that could be triggered by remote attackers using multiple overlapping Request Ranges. Updated packages are available from download.opensuse.org.

September 08, 2011 10:51 SuSE: New Linux kernel packages fix security vulnerabilities

0

The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.45 and fixes various bugs and security issues. Timo Warns reported an issue in the implementation of GUID partitions. Users with physical access could gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted partition table. The /proc/PID/io interface could be used by local attackers to gain information on other processes like number of password characters typed or similar. A small buffer overflow in the radio driver si4713-i2c was fixed that could potentially used by local attackers to crash the kernel or potentially execute code.

A kernel information leak in the comedi driver from kernel to userspace was fixed. In the perf framework software event overflows could deadlock or delete an uninitialized timer. Updated packages are available from download.opensuse.org.

September 08, 2011 10:48 SuSE: New Xen packages fix security issue

0

This update fixes a denial of service (Host Crash) in the XEN hypervisor. Updated packages are available from download.opensuse.org.

September 06, 2011 09:29 SuSE: New vpnc packages fix security vulnerability

0

This update of vpnc fixes a flaw in the modify_resolvconf_suse script that could potentially allow remote attackers to inject commands through specially crafted DNS domains. Updated packages are available from download.opensuse.org.

Screenshot

Project Spotlight

milter manager

A flexible and low administrative cost anti-spam system.

Screenshot

Project Spotlight

PyQt

Python bindings for the Qt GUI toolkit