SUSE Security Announcement SUSE-SA:2006:044 - This update of libtiff is the result of a source-code audit done by Tavis Ormandy, Google Security Team. It fixes various bugs that can lead to denial-of-service conditions as well as to remote code execution while parsing a tiff image provided by an attacker.
6a33cbb63f8b28b041c9fe86b364e74bd2a3ac1255c40090586f0c51a9e70e23
SUSE Security Announcement - This is the SUSE-SU-403 Forbidden-1 security update for OpenSSL. This update improves the ClientHello handshake message parsing function. Prior to this update is was possible that this function reads beyond the end of a message leading to invalid memory access and a crash. Under some circumstances it was possible that information from the OCSP extensions was disclosed.
50c52c2e0fdd8eb6b1d4dd0b903981e171646d9fea43adee0e5936425186a5bb
SUSE Security Announcement - Flash-Player was updated to version 10.3.188.5 to fix various buffer and integer overflows. Earlier flash-player versions can be exploited to execute arbitrary code remotely with the privileges of the attacked user.
96be7d61fecca7a4af4551e34c28501ee3bc56ab21527b5e6688028fe656a43a
SUSE Security Announcement - Flash Player has been updated to version 10.3, fixing bugs and security issues.
ed2e3b1bb5da3eb2bf74418147db15007c60a70eccc4191ef22948bc675f3b00
SUSE Security Announcement - Flash Player was updated to version 10.1.82.76 fixing several critical security issues.
4215852f7aadcf5349f4c7580bafcadb08e54ededfb7e59ee009754ac6aedcda
SUSE Security Announcement - The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate already sent data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's mod_ssl was vulnerable to this kind of attack because it uses openssl. It is believed that this vulnerability is actively exploited in the wild to get access to HTTPS protected web-sites. Please note that renegotiation will be disabled for any application using openssl by this update and may cause problems in some cases. Additionally this attack is not limited to HTTP.
64dd6d04fc2d6d8902730cdd4ebe8561bc511ab3d3891aabc2ba909b1c8b1636
SUSE Security Announcement - The ibsvn_delta library in Subversion is vulnerable to integer overflows while processing svndiff streams, this leads to overflows on the heap because of insufficient memory allocation.
6a78b4f37e3feb3c74472559d5038b900e35177e18a1264f90125966092d0ceb
SUSE Security Announcement - A specially crafted Shockwave-Flash (SWF) file could cause a buffer overflow in the flash-player plugin. This buffer overflow can probably be exploited to execute arbitrary code remotely.
9c145062d4387103164347ba1fdb5070b4fa232183ed065f9d873ded408caf20
SUSE Security Announcement - The code library glib2 provides base64 encoding and decoding functions that are vulnerable to integer overflows when processing very large strings. Processes using this library functions for processing data from the network can be exploited remotely to execute arbitrary code with the privileges of the user running this process.
427e328c4b032da7dde92fb10cd1cc8487f3a3aa216decfff08d5507caa4d5a0
SUSE Security Announcement - The code library glib2 provides base64 encoding and decoding functions that are vulnerable to integer overflows when processing very large strings. Processes using this library functions for processing data from the network can be exploited remotely to execute arbitrary code with the privileges of the user running this process.
0819fc08a7b0112e84164a490ba13e08dbf8fb21bfae4fd677f800d9b9269d4f
SUSE Security Announcement - Multiple vulnerabilities were resolved in the CUPS system. These range from various integer and buffer overflows.
93909dc15080e00a19c372dbcf5e50d9d1de6d8a3def0b16ef4afb39f2ddbc3d
SUSE Security Announcement - The Kerberos implementation from MIT is vulnerable to four different security issues that range from a remote crash to to possible, but very unlikely, remote code execution.
0e007593b67fdfd063439448160fe17d35f352dbb71aa7596e28fe45c721762b
SUSE Security Announcement - Some months ago a vulnerability in the DNS protocol was published that allowed easy spoofing of DNS entries. The only way to protect against spoofing is to use DNSSEC. Unfortunately the bind code that verifies the certification chain of a DNSSEC zone transfer does not properly check the return value of function DSA_do_verify(). This allows the spoofing of records signed with DSA or NSEC3DSA.
d74f87bbc2b59d50b480b14aef11ea8b5953c91c5ba250a23200d96840fc5172
SUSE Security Announcement - The SuSE Security-Team has found two critical issues in the code for openwsman. Two remote buffer overflows while decoding the HTTP basic authentication header exist and a possible SSL session replay attack affecting the client exists.
1b8fcd5682a7cf47d644d8c7af1a82a9ef7996b63316f6aaacb337171c13ac8b
SUSE Security Announcement - During a source code audit the SuSE Security-Team discovered a local privilege escalation bug as well as a mailbox ownership problem in postfix. The first bug allowed local users to execute arbitrary commands as root while the second one allowed local users to read other users mail.
81e5ad466814dd913906492cbc731965a6608acb67d8a6d24ce151ff5ae98b83
SUSE Security Announcement - The net-snmp daemon implements the "simple network management protocol". The version 3 of SNMP as implemented in net-snmp uses the length of the HMAC in a packet to verify against a local HMAC for authentication. An attacker can therefore send a SNMPv3 packet with a one byte HMAC and guess the correct first byte of the local HMAC with 256 packets (max).
51fa484aec92b65802091658bdf77bf9d1215aabe8811a2e23ba90cb8d51ba16
SUSE Security Announcement - SUSE has released updates that address the recent cache poisoning vulnerability regarding bind.
b33fa487b8062d9701e35cde6c9f6d3dacf7e307272a8699fd62e02761bc31f1
SUSE Security Announcement - A large amount of vulnerabilities related to OpenOffice have been patched on SuSE.
844f9feac6e7fecf046f967e47d04ca672e92a3da3619753c28a416cc530a21c
SUSE Security Announcement - The krb5 package has had multiple vulnerabilities patched including a dangling pointer issue, information leak, and out-of-bound array access flaws.
641290856b73f8cae8089c8e9a9bcb87e4f0611a4e29b4a75606297f548bcb1a
SUSE Security Announcement - The Evolution personal information manager is vulnerable to format string bugs in the emf_multipart_encrypted() function that is used to process encrypted messages. This bug can be abused by a remote attacker to execute arbitrary code by sending a crafted encrypted e-mail.
f0ad4928578b14285535ecc1964dcc56bd9f04a59e5cf840b0a9bb45dca19394
SUSE Security Announcement - The current security update of cups fixes a double-free bug in the function process_browse_data() that can lead to a remote denial-of-service by crashing cupsd or possibly to a remote code execution. The bug can only be exploited if cupsd listens to 631/udp by crafted UDP Browse packets. Additionally two remote denial-of-service bugs were fixed. The first one can be triggered via crafted IPP packets to use a pointer after it was freed and the second issue is a memory-leak caused by a large number of requests to add and remove shared printers.
1d33e9dc71eee1a911d8e2a1a177892a773eb3fb7cf993243327770428c9fe79
SUSE Security Announcement - The X windows system is vulnerable to several kinds of vulnerabilities that are caused due to insufficient input validation.
db2211cc4f2a6baa5e2ef0ab490f4d619771e3e98a80aaa7ce517e872678b0f7
SUSE Security Announcement - The Samba suite is an open-source implementation of the SMB protocol. This update of samba fixes a buffer overflow in function send_mailslot() that allows remote attackers to overwrite the stack with 0 (via memset(3)) by sending specially crafted SAMLOGON packets.
d44ee78d410a101198a5f8deb694eeb8e59ccfddd09e6aef980ed4fadcc4896b
SUSE Security Announcement - Secunia Research has reported a bug in function reply_netbios_packet() that allowed remote attackers to execute arbitrary code by sending specially crafted WINS "Name Registration" requests followed by a WINS "Name Query" request packet. The exploitable code in samba can only be reached if the option "wins support" was enabled. Another bug reported by Secunia Research affected the processing of GETDC mailslot request in nmbd. This error can also be exploited remotely to execute arbitrary code, but only if samba was configured as Primary or Backup Domain Controller.
ad906016b500d1e5bc098bc8ed4d3e432bd693ee9ad7dbe618e3d53a2f4b70e2
SUSE Security Announcement - Secunia Research reported three security bugs in xpdf. The first problem occurs while indexing an array in DCTStream:: readProgressiveDataUnit(). Another method in the same class named reset() is vulnerable to an integer overflow which leads to an overflow on the heap. The last bug also causes an overflow on the heap but this time in method lookChar() of class CCITTFaxStream.
5f88e680d2da9bf0a5cf06f3bcdfb825ad1ada6a02114a0c38c121fd3358df12
SUSE Security Announcement - The Opera web-browser allows an attacker to execute arbitrary code by providing an invalid pointer to a virtual function in JavaScript. This bug can be exploited automatically when a user visits a web-site that contains the attacker's JavaScript code.
6d7da325dc91c81b2493fec61eab287fa40d5a1fccbc184831ba43fa853d678f