SUSE Security Announcement - With certain handcraftable signatures GPG was returning a 0 (valid signature) when used on command-line with option --verify. This only affects GPG version 1.4.x, so it only affects SUSE Linux 9.3 and 10.0. Other SUSE Linux versions are not affected. This could make automated checkers, like for instance the patch file verification checker of the YaST Online Update, pass malicious patch files as correct.
dbcd94580d937c8fdef6ffd158eb912f1108bcb0aa65778e07df99b105d01d9b
Stefan Esser discovered a bug in in the register_globals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code (CVE-2005-4079). Additionally several cross-site-scripting bugs were discovered (CVE-2005-3787, CVE-2005-3665).
b64f32086896128a7524972310d015e83c678f8cf9b97ebf8fd1a79eba34f537
SUSE Security Announcement - Maksim Orlovich discovered a bug in the JavaScript interpreter used by Konqueror. UTF-8 encoded URLs could lead to a buffer overflow that causes the browser to crash or execute arbitrary code. Attackers could trick users into visiting specially crafted web sites that exploit this bug (CVE-2006-0019).
c28d6c9ffd4342fd4f859e8dacce3e1f2ad0b7d4b783c8275b49a9b1289f642e