Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, gain escalated privileges, and bypass certain security restrictions, by malicious users to conduct script insertion attacks and cause a DoS (Denial of Service), and by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, cause a DoS, poison the DNS cache, and potentially compromise a vulnerable system.
5481aebc75f9e4206bfaf248db7d980867f199907ad03cd78a68b2f3f5e4359d
----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
SUSE Update for Multiple Packages
SECUNIA ADVISORY ID:
SA31687
VERIFY ADVISORY:
http://secunia.com/advisories/31687/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
SUSE Linux Enterprise Server 10
http://secunia.com/product/12192/
SUSE Linux Enterprise Server 9
http://secunia.com/product/4118/
openSUSE 11.0
http://secunia.com/product/19180/
openSUSE 10.3
http://secunia.com/product/16124/
openSUSE 10.2
http://secunia.com/product/13375/
SOFTWARE:
Novell Open Enterprise Server 1.x
http://secunia.com/product/4664/
DESCRIPTION:
SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose potentially sensitive information, gain escalated
privileges, and bypass certain security restrictions, by malicious
users to conduct script insertion attacks and cause a DoS (Denial of
Service), and by malicious people to disclose potentially sensitive
information, conduct cross-site scripting attacks, cause a DoS,
poison the DNS cache, and potentially compromise a vulnerable
system.
For more information:
SA24483
SA27546
SA28794
SA29232
SA29386
SA29576
SA29595
SA29794
SA30134
SA30790
SA30886
SA31044
SA31197
SA31305
SA31407
SA31508
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server.
ORIGINAL ADVISORY:
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
OTHER REFERENCES:
SA24483:
http://secunia.com/advisories/24483/
SA27546:
http://secunia.com/advisories/27546/
SA28794:
http://secunia.com/advisories/28794/
SA29232:
http://secunia.com/advisories/29232/
SA29386:
http://secunia.com/advisories/29386/
SA29576:
http://secunia.com/advisories/29576/
SA29595:
http://secunia.com/advisories/29595/
SA29794:
http://secunia.com/advisories/29794/
SA30134:
http://secunia.com/advisories/30134/
SA30790:
http://secunia.com/advisories/30790/
SA30886:
http://secunia.com/advisories/30886/
SA31044:
http://secunia.com/advisories/31044/
SA31197:
http://secunia.com/advisories/31197/
SA31305:
http://secunia.com/advisories/31305/
SA31407:
http://secunia.com/advisories/31407/
SA31508:
http://secunia.com/advisories/31508/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------