A security hole was discovered in the GNU make package version 3.77-44 distributed with SuSE 6.1 and 6.3. If Makefile contents are fed in via stdin, files will be created in /tmp without checking if there is a symbolic link with the same name. Implications are command execution as the user running make. Other distributions are also affected. SuSE security site here.
ea08e1d1f74ae57dec28f0224d6ad7a4b1254790603ed556b334ded009d41465
A security hole was discovered in the util package (mount and umount commands) installed by default on SuSE and other flavors of linux. Local root compromise possible. SuSE security site here.
d5441c0cfdf9c9b309b67e8539ad4feae7ae7d635226df5cbeedc83b7c860831
SuSE Security Announcment - A security hole was found in lprold which was distributed with all SuSE versions including 6.3. There are local and remote vulnerabilities. SuSE security site here.
e738169bb2cdb3573f768840d7317d4a7f648780d7155ba0e73a45c7e5943212
The mailinglist software "majordomo" was found having several local vulnerabilties. However, the licence of the program prohibites us providing a fix. You should either remove majordomo or trust your local users until an official fix from greatcircles is available. SuSE security website here.
6494ccefa98173cb286a431e760b4b3a72f1ed68c9f590f66271894a3ae50fd1
A security hole was found in wvdial which can allow regular users access to dialup passwords. SuSE security website here.
6691e23fba7b944f3c30ec907d9f37340be3a0d009a6325713258f1fe960d70d
A remote denial of service attack was discovered in inn here.
466542993a4ad12faadefa87ea87012515ad1d221744c4c930e99b195c1b74be
SuSE Advisory: Announcement of new security tools from SuSE. Includes SuSE FTP Proxy, SuSE Firewall (The new firewall script from SuSE, rewritten from scratch), Harden SuSE script, SuSE Secumod (This loadable kernel module enhances the security of the system by adding a symlink/hardlink/pipe protection, procfs protection, trusted path execution and capabilities), SuSE Secchk cron scripts, Yast-1, SuSE auditdisk (This tool generates a bootdisk with checksum data and all binaries etc. needed to automaticaly verify file checksums upon booting. This way it can't be subverted by lkm's like a standard e.g. tripwire installation), plus tmpwatch, arpwatch, plug, sslwrap, the newest nmap and more. SuSE security website here.
79e2c81812f8dd6ef4480bef4faaff9c9f0718e66d5f0a8f52f7f692c58108df
SuSE Security Announcement: bind8 here.
e9ff1adacc050405b9af047443d0fbd7e678cadfffa955f09d04d0898099bba3
A security hole was discovered in thttpd server, distributed with SuSE 6.2 and 6.3. When overflowing a static buffer in tdate_parse() an attacker could remotely execute commands on the thttpd host with the permissions of thttpd. Patches available here.
8b5e0fbf85086d789ebdff5f9083447393cac48f65be5b050868c8efa4cf1cff
The rpc.nfsd which is part of the nfs-server package was found to have two remote vulnerabilities. Patches available here.
29d784915088dec312cde6439f632f6fc7c438e0c1e9e3c966d72df9b8cf1a42
Several vulnerabilities exist: ypserv prior 1.3.9 allows an administrator in the NIS domain to inject password tables; rpc.yppasswd prior 1.3.6.92 has got a buffer overflow in the md5 hash generation [SuSE linux is unaffected by this, other linux falvors are]; rpc.yppasswdd prior 1.3.9 allows users to change GECO and login shell values of other users. Affected are all linux distributions using the ypserv package. Website for patches here.
760ce3bd92792f507a4556e1a3b80e429915e2e35a020f7efc814d176a4281a6