Articles / SuSE

All articles tagged with SuSE

November 22, 2009 18:59 SuSE: New MozillaFirefox packages fix remote code execution

0

The Mozilla Firefox was updated to current stable versions on all affected Linux products. A heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject’s Common Name (CN) field of an X.509 certificate. IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates making it possible for attackers to obtain certificates that would function for any site they wished to target. Updated packages are available from download.opensuse.org.

August 25, 2009 02:08 SuSE: New kernel packages fix local privilege escalation

0

This Linux kernel update fixes various security issues. A missing NULL pointer check in the socket sendpage function can be used by local attackers to gain root privileges. A crash on r8169 network cards when receiving large packets was fixed. The hypervisor_callback function in Xen allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in certain address ranges. The NFS client implementation in the Linux kernel contains a vulnerability, which allows local users to bypass permissions and execute files. A kernel stack overflow when mounting eCryptfs filesystems in parse_tag_11_packet() was fixed. A kernel heap overflow when mounting eCryptfs filesystems in parse_tag_3_packet() was fixed. Personality flags on set*id were not cleared correctly, so ASLR and NULL page protection could be bypassed. A utf-8 console memory corruption that can be used for local privilege escalation was fixed. An integer underflow in the e1000e driver allows remote attackers to cause a denial of service (panic) via a crafted frame size. Updated packages are available from download.opensuse.org.

August 24, 2009 15:30 SuSE: New subversion packages fix remote code execution

0

Subversion is a revision control system, which is mainly used for code development. The ibsvn_delta library is vulnerable to integer overflows while processing svndiff streams, this leads to overflows on the heap because of insufficient memory allocation. This bug can be exploited by clients with commit access to cause a remote denial-of-service or arbitrary code execution. It can also be exploited in the other direction from a server to a client that tries to do a checkout or update. Updated packages are available from download.opensuse.org.

August 24, 2009 15:00 SuSe: New java packages fix remote code execution

0

The Sun Java JRE /JDK 5 was updated to Update 20 fixing various security issues. The audio system does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties. The SOCKS proxy implementation allows remote attackers to discover the user name of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors. The proxy mechanism implementation does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors. The proxy mechanism implementation allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword. An integer overflow allows context-dependent attackers to gain privileges via vectors involving an untrusted Java Web Start application that grants permissions to itself, related to parsing of JPEG images. An integer overflow in the unpack200 utility allows context-dependent attackers to gain privileges via vectors involving an untrusted (1) applet or (2) Java Web Start application that grants permissions to itself, related to decompression. An unspecified vulnerability in JNLPAppletlauncher allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet. Updated packages are available from download.opensuse.org.

August 24, 2009 14:22 SuSE: New bind packages fix remote denial of service

0

Specially crafted zone update packets could trigger an exception in bind causing it to exit. The attack works if BIND is master for a zone even if zone updates are not configured. Updated packages are available from download.opensuse.org.

August 24, 2009 13:25 SuSE: New MozillaFirefox packages fix remote code execution

0

The Mozilla Firefox 3.0.12 release fixes some critical security issues. Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products, potentially leading to the execution of arbitrary code. Security researcher Attila Suszter reported a but in the Flash plugin that could potentially be used to run arbitrary code. oCERT security researcher Will Drewry reported a series of heap and integer overflow vulnerabilities that could potentially be used to run arbitrary code on a victim’s computer. Security researcher PenPal reported a crash involving a SVG element that could potentially be used to run arbitrary code. Mozilla developer Blake Kaplan reported a problem with setTimeout that could potentially be used to run arbitrary JavaScript with chrome privileges. Mozilla security researcher moz_bug_r_a4 reported a series of vulnerabilities which can lead to cases where JavaScript from one website may unsafely access properties set by a different website, leading to a XSS attack. Updated packages are available from download.opensuse.org.

August 14, 2009 13:40 SuSE: New kernel packages fix remote denial of service

0

The SUSE Linux Enterprise 11 and openSUSE 11.1 kernel was updated to fix various bugs and several security issues. A local denial of service problem in the splice(2) system call was fixed. A crash on r8169 network cards when receiving large packets was fixed. An integer underflow in the e1000e driver and Intel Wired Ethernet (aka e1000) allows remote attackers to cause a denial of service (panic) via a crafted frame size. The nfspermission function in the NFS client implementation, when atomicopen is available, does not check execute (aka EXEC or MAYEXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 file server. Updated packages are available from download.opensuse.org.

August 14, 2009 09:37 SuSE: New IBM Java packages fix remote code execution

0

IBM Java 6 SR 5 was released fixing various bugs and critical security issues. Among many others, a vulnerability in the Java Runtime Environment (JRE) with initializing LDAP connections may be exploited by a remote client to cause a denial-of-service condition on the LDAP service. A vulnerability in Java Runtime Environment LDAP client implementation may allow malicious data from an LDAP server to cause malicious code to be unexpectedly loaded and executed on an LDAP client. Buffer overflow vulnerabilities in the Java Runtime Environment (JRE) with unpacking applets and Java Web Start applications using the unpack200 JAR unpacking utility may allow an untrusted applet or application to escalate privileges. A buffer overflow vulnerability in the Java Runtime Environment with processing PNG or GIF images as well as fonts may allow an untrusted Java Web Start application to escalate privileges. A vulnerability in the Java Runtime Environment (JRE) with storing temporary font files may allow an untrusted applet or application to consume a disproportionate amount of disk space resulting in a denial-of-service condition. A vulnerability in the Java Runtime Environment (JRE) HTTP server implementation may allow a remote client to create a denial-of-service condition on a JAX-WS service endpoint that runs on the JRE. Updated packages are available from download.opensuse.org.

August 14, 2009 09:27 SuSE: New acroread packages fix remote code execution

0

An updated Adobe Acrobat Reader package fixes various vulnerabilities, including stack overflows, integer overflows, memory corruption, and heap overflows that could all lead to code execution.

July 02, 2009 10:02 SuSE: New MozillaFirefox packages fix remote code execution

0

The Mozilla Firefox browser was updated to version 3.0.11, fixing various security issues, including crashes with evidence of memory corruption, URL spoofing with invalid unicode characters, arbitrary domain cookie access by local file: resources, SSL tampering via non-200 responses to proxy CONNECT requests a race condition while accessing the private data of a NPObject JS wrapper class object, arbitrary code execution using event listeners attached to an element whose owner document is null, incorrect principal set for file: resources loaded via location bar, XUL scripts bypass content-policy checks, and a JavaScript chrome privilege escalation. Updated packages are available from download.opensuse.org.

July 02, 2009 09:44 SuSE: New kernel packages fix remote code execution

0

This update of the Linux kernel for SUSE Linux Enterprise Server 9 SP4 contains various security-fixes. nfsd allows local users to create device nodes. A buffer overflow in CIFS allows remote attackers to cause a denial of service (crash) or potential code execution. The exit_notify function allows local users to send an arbitrary signal to a process. The shm subsystem misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang). An integer overflow in rose_sendmsg might allow attackers to obtain sensitive information. Updated packages are available from download.opensuse.org.

July 01, 2009 08:58 SuSE: New kernel packages fix remote code execution

0

This Linux kernel update for SUSE Linux Enterprise 11 and openSUSE 11.1 fixes some security issues, including a buffer overflow in CIFS, which allows remote attackers to cause a denial of service (crash) or potential code execution. The exit_notify function allows local users to send an arbitrary signal to a process. An integer overflow in rose_sendmsg might allow attackers to obtain sensitive information via a large length value. The VMX implementation in the KVM subsystem allows guest OS users to cause a denial of service (OOPS). The __inet6_check_established function allows remote attackers to cause a denial of service (NULL pointer dereference and system crash). The agp subsystem does not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. Updated packages are available from download.opensuse.org.

July 01, 2009 08:52 SuSE: New kernel packages fix remote code execution

0

This kernel update for openSUSE 11.0 fixes several security problems, including a buffer overflow in the Stream Control Transmission Protocol (sctp) implementation allows remote attackers to remotely execute code. The nfs_permission function in the NFS client implementation allows local users to bypass permissions and execute files. The audit_syscall_entry functionallows local users to bypass certain syscall audit configurations via crafted syscalls. nfsd did not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes. The seccomp subsystem allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod. A buffer overflow in CIFS allows remote attackers to cause a denial of service (crash) or potential code execution. The exit_notify function did not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process. The shm subsystem misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang). The VMX implementation in the KVM subsystem allows guest OS users to cause a denial of service (OOPS). Updated packages are available from download.opensuse.org.

May 31, 2009 09:56 SuSE: New IBM JDK 5 packages fix remote code execution

0

The update brings IBM Java 5 to SR9-SSU. It fixes a lot of security issues, including, among others, a vulnerability with processing and storing temporary font files may allow an untrusted applet or application to consume a disproportionate amount of disk space resulting in a denial-of-service condition, a vulnerability in the Java Plug-in with deserializing applets that may allow an untrusted applet to escalate privileges, a vulnerability with initializing LDAP connections that may be exploited by a remote client to cause a denial-of-service condition on the LDAP service. Updated packages are available from download.opensuse.org.

May 25, 2009 10:46 SuSE: New kernel packages fix potential remote code execu...

0

The Linux kernel on SUSE Linux Enterprise 10 Service Pack 2 was updated to fix various security issues. The seccomp subsystem contains a vulnerability which allows local users to bypass certain syscall audit configurations via crafted syscalls. nfsd did not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes. A buffer overflow in CIFS allows remote attackers to cause a denial of service (crash) or potential code execution via a long nativeFileSystem field in a Tree Connect response to an SMB mount request. The exit_notify function did not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process. The shm_get_stat function in the shm subsystem, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang). An integer overflow in rose_sendmsg might allow attackers to obtain sensitive information via a large length value, which causes “garbage” memory to be sent. Updated packages are available from download.opensuse.org.

May 25, 2009 10:39 SuSE: New acroread packages fix remote code execution

0

The Adobe Acrobat Reader “acroread” received fixes for two vulnerabilities in the JavaScript API that allowed attackers to execute arbitrary code with a malformed PDF file. Updated packages are available from download.opensuse.org.

April 28, 2009 14:57 SuSE: New glib2 packages fix remote code execution

0

The code library glib2 provides base64 encoding and decoding functions that are vulnerable to integer overflows when processing very large strings. Processes using this library functions for processing data from the network can be exploited remotely to execute arbitrary code with the privileges of the user running this process. Updated packages are available from download.opensuse.org.

April 28, 2009 14:13 SuSE: New cups packages fix remote code execution

0

The Common Unix Printing System, CUPS, is a printing server for unix-like operating systems. A security vulnerability can be triggered by a specially crafted tiff file. This file could lead to an integer overflow in the ‘imagetops’ filter which caused an heap overflow later. Another issue affects the JBIG2 decoding of the ‘pdftops’ filter. The JBIG2 decoding routines are vulnerable to various software failure types like integer and buffer overflows and it is believed to be exploit- able remotely to execute arbitrary code with the privileges of the cupsd process. Updated packages are available from download.opensuse.org.

April 20, 2009 13:05 SuSE: New MozillaFirefox packages fix remote code execution

0

The Mozilla Firefox Browser was updated to the 3.0.8 release. Security researcher Nils reported that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim’s computer. Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim’s computer. Updated packages are available from download.opensuse.org.

April 20, 2009 12:48 SuSE: New kernel packages fix local privilege escalation

0

The Linux kernel was updated for SUSE Linux Enterprise 11 and openSUSE 11.1 fixing some security issues. nfsd does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option. The sock_getsockopt function does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. The __secure_computing function in the seccomp subsystem, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod. Updated packages are available from download.opensuse.org.

April 20, 2009 12:46 SuSE: New udev packages fix local privilege escalation

0

Sebastian Krahmer of SUSE Security identified a problem in udevd with handling of netlink messages. Local attackers could inject netlink messages due to a missing origin check where only the kernel should have been able to and so are able to escalate privileges. Updated packages are available from download.opensuse.org.

April 20, 2009 10:49 SuSE: New krb5 packages fix remote code execution

0

The Kerberos implementation from MIT is vulnerable to four different security issues that range from a remote crash to to possible, but very unlikely, remote code execution. Updated packages are available from download.opensuse.org.

April 20, 2009 10:32 SuSE: New IBM Java packages fix remote code execution

0

The IBM Java 1.4.2 JDK and JRE were brought to Service Release 13 and the IBM JDK and JRE 6 were brought to Service Release 4. Among other problems, a security vulnerability in the Java Runtime Environment (JRE) may allow an untrusted applet or application to list the contents of the home directory of the user running the applet or application. A security vulnerability in the Java Runtime Environment (JRE) with parsing zip files may allow an untrusted applet or application to read arbitrary memory locations in the process that the applet or application is running in. A vulnerability in Java Web Start and Java Plug-in may allow hidden code on a host to make network connections to that host and to hijack HTTP sessions using cookies stored in the browser. A vulnerability in the Java Runtime Environment (JRE) with applet classloading may allow an untrusted applet to read arbitrary files on a system that the applet runs on and make network connections to hosts other than the host it was loaded from. A buffer overflow vulnerability in the Java Runtime Environment (JRE) image processing code may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. Updated packages are available from download.opensuse.org.

April 20, 2009 10:16 SuSE: New kernel packages fix remote denial of service

0

The Linux kernel for SUSE Linux Enterprise 10 Service Pack 2 was updated to fix several security issues. The skfp_ioctl function permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics. The sock_getsockopt function does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. The clone system call allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. The Linux kernel does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits. A buffer overflow in the Stream Control Transmission Protocol (sctp) implementation allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID. The console selection feature when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an an off-by-two memory error. It is is not clear if this can be exploited at all. Updated packages are available from download.opensuse.org.

April 20, 2009 09:58 SuSE: New Sun Java packages fix remote code execution

0

The Sun JDK 5 was updated to Update18 and the Sun JDK 6 was updated to Update 13 to fix various security issues. Among other problems, LdapCtx in the LDAP service does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). An unspecified vulnerability in the LDAP implementation allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. An integer overflow and a buffer overflow in unpack200 allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. Multiple buffer overflows allow remote attackers to access files or execute arbitrary code. An integer signedness error allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow. Updated packages are available from download.opensuse.org.

April 20, 2009 09:54 SuSE: New kernel packages fix remote denial of service

0

The SUSE Linux Enterprise 9 kernel has been updated to fix several security issues. The clone system call in the Linux kernel allows local users to send arbitrary signals to a parent process from an unprivileged child process. The skfp_ioctl functionl permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an “inverted logic” issue. The sock_getsockopt function does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. The Linux kernel allows local users to cause a denial of service (system crash) via a read system call. A buffer overflow in the Stream Control Transmission Protocol (sctp) implementation allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID. Updated packages are available from download.opensuse.org.

April 01, 2009 15:02 SuSE: New acroread packages fix remote code execution

0

Multiple flaws in the JBIG2 decoder and the JavaScript engine of the Adobe Reader allowed attackers to crash acroread or even execute arbitrary code by tricking users into opening specially crafted PDF files. Updated packages are available from download.opensuse.org.

March 23, 2009 15:37 SuSE: New dbus-1 packages fix local privilege escalation

0

Joachim Breitner discovered that the default DBus system policy was too permissive. In fact the default policy was to allow all calls on the bus. Many services expected that the default was to deny everything and therefore only installed rules that explicitly allow certain calls with the result that intended access control for some services was not applied. Updated packages are available from download.opensuse.org.

March 23, 2009 11:33 SuSE: New MozillaFirefox packages fix remote code execution

0

The Mozilla Firefox browser is updated to version 3.0.7 fixing various security and stability issues. Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Updated packages are available from download.opensuse.org.

Screenshot

Project Spotlight

milter manager

A flexible and low administrative cost anti-spam system.

Screenshot

Project Spotlight

PyQt

Python bindings for the Qt GUI toolkit