Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories » SUSE

SUSE Security Advisories

Here you'll find the latest security advisories from SUSE. Our database currently contains 274 SUSE security advisories.
Page: 123456 out of 11

Multiple flaws fixed | SR:2006:017 | July 21, 2006
Solved Security Vulnerabilities: quagga/zebra RIPv2 auth evasion, samba remote denial of service, squirrelmail local file inclusion and CASA various fixes.
» CVE-2006-2223 Low: RIPd in Quagga 0.98 and 0.99 before 20 (0.00) » CVE-2006-2224 Low: RIPd in Quagga 0.98 and 0.99 before 20 (0.00) » CVE-2006-2451 Low: The suid_dumpable support in Linux ker (0.00) » CVE-2006-2842 Low: ** DISPUTED ** PHP remote file inclus (0.00) » CVE-2006-3403 Low: The smdb daemon (smbd/service.c) in Sa (0.00) » CVE-2006-3626 Low: Race condition in Linux kernel 2.6.17. (0.00)

Acrobat Reader possible remote code execution | SA:2006:041 | July 04, 2006
Various unspecified security problems have been fixed in Acrobat Reader version 7.0.8.
» CVE-2006-3093 Low: Multiple unspecified vulnerabilities i (0.00)

OpenOffice_org multiple bugs | SA:2006:040 | July 03, 2006
A security vulnerability in OpenOffice.org may make it possible to inject basic code into documents which is executed upon loading of the document. Related OpenOffice.org documents may allow certain J
» CVE-2006-2198 Low: OpenOffice.org (aka StarOffice) 1.1.x (0.00) » CVE-2006-2199 Low: Unspecified vulnerability in Java Appl (0.00) » CVE-2006-3117 Low: Heap-based buffer overflow in OpenOffi (0.00)

KDM local privilege escalation | SA:2006:039 | July 03, 2006
The KDE Display Manager KDM stores the type of the previously used session in the user's home directory. By using a symlink a local attacker could trick kdm into also storing content of files that are
» CVE-2006-2449 Low: KDE Display Manager (KDM) in KDE 3.2.0 (0.00)

Opera improper handling of JPEG files vulnerability | SA:2006:038 | July 03, 2006
The web browser Opera has been upgraded to version 9.0 to add lots of new features, and to fix the integer overflow vulnerability.
» CVE-2006-3198 Low: Integer overflow in Opera 8.54 and ear (0.00) » CVE-2006-3331 Low: Opera before 9.0 does not reset the SS (0.00)

multiple security vulnerabilities fixed | SR:2006:015 | June 30, 2006
Solved Security Vulnerabilities: wv2 boundary checks, perl-Crypt-CBC weak initial vectors, arts setuid return check problems, dhcdbd remote denial of service attack, gpg denial of service attack, aste
» CVE-2006-0898 Low: Crypt::CBC Perl module 2.16 and earlie (0.00) » CVE-2006-2197 Low: Integer overflow in wv2 before 0.2.3 m (0.00) » CVE-2006-2898 Low: The IAX2 channel driver (chan_iax2) fo (0.00) » CVE-2006-2916 Low: artswrapper in aRts, when running setu (0.00) » CVE-2006-3057 Low: Unspecified vulnerability in NetworkMa (0.00) » CVE-2006-3082 Low: parse-packet.c in GnuPG (gpg) 1.4.3 an (0.00)

MySQL remote code execution | SA:2006:036 | June 23, 2006
Multiple vulnerabilities have been found in MySQL that could lead to information disclosure and arbitrary code execution.
» CVE-2006-1516 Low: The check_connection function in sql_p (0.00) » CVE-2006-1517 Low: sql_parse.cc in MySQL 4.0.x up to 4.0. (0.00) » CVE-2006-1518 Low: Buffer overflow in the open_table func (0.00)

PHP4 bug fix | SA:2006:034 | June 20, 2006
SUSE SA:2006:031 advisory announced bugfixes for PHP4. Unfortunately the patches to fix CVE-2006-2657 contained a bug which made arrays work unreliable or not all and so broke several PHP applications

Security Summary Report | SR:2006:014 | June 20, 2006
Solved security vulnerabilities in tiff (buffer overflow in helpers), snort (URL parsing evasion) and xine-lib (buffer overflow in HTTP plugin).
» CVE-2006-2193 Low: Buffer overflow in the t2p_write_pdf_s (0.00) » CVE-2006-2656 Low: Stack-based buffer overflow in the tif (0.00) » CVE-2006-2769 Low: The HTTP Inspect preprocessor (http_in (0.00) » CVE-2006-2802 Low: Buffer overflow in the HTTP Plugin (xi (0.00)

Awstats remote code execution | SA:2006:033 | June 20, 2006
This update fixes remote code execution vulnerabilities in the awstats. Since back porting awstats fixes is error prone we have upgraded it to upstream version 6.6 which also includes new features.
» CVE-2006-2237 Low: The web interface for AWStats 6.4 and (0.00) » CVE-2006-2644 Low: AWStats 6.5, and possibly other versio (0.00)

Sendmail remote denial of service | SA:2006:032 | June 14, 2006
Sendmail has a remote exploitable problem where a specially crafted MIME messages can crash sendmail and block queue processing.
» CVE-2006-1173 Low: Sendmail before 8.13.7 allows remote a (0.00)

PHP4,PHP5 remote code execution | SA:2006:031 | June 14, 2006
The following security issues have been fixed in PHP 4 and 5: zend_hash_del (unsetting of some variables), substr_compare and wordwrap (crash of php interpreter), CPU consumption denial of service in
» CVE-2006-1990 Low: Integer overflow in the wordwrap funct (0.00) » CVE-2006-1991 Low: The substr_compare function in string. (0.00) » CVE-2006-2906 Low: The LZW decoding in the gdImageCreateF (0.00)

Security Summary Report | SR:2006:013 | June 09, 2006
Solved security vulnerabilities in phpMyAdmin (cross site scripting issues) and gdm (login configuration problem).
» CVE-2006-2417 Low: Cross-site scripting (XSS) vulnerabili (0.00) » CVE-2006-2418 Low: Cross-site scripting (XSS) vulnerabili (0.00) » CVE-2006-2452 Low: GNOME GDM 2.8, 2.12, 2.14, and 2.15, w (0.00)

PostgreSQL remote code execution | SA:2006:030 | June 09, 2006
Two character set encoding related security problems were fixed in the PostgreSQL database server which could lead to arbitrary SQL command injection.
» CVE-2006-2313 Low: PostgreSQL 8.1.x before 8.1.4, 8.0.x b (0.00) » CVE-2006-2314 Low: PostgreSQL 8.1.x before 8.1.4, 8.0.x b (0.00)

Rug remote command execution | SA:2006:029 | May 31, 2006
The client does not verify the SSL certificates received from the server and is therefore vulnerable to a man-in-the-middle attack which allows an attacker to read traffic and to insert commands.
» CVE-2006-2703 Low: The RedCarpet command-line client (rug (0.00)

Kernel remote denial of service | SA:2006:028 | May 31, 2006
The Linux kernel has been updated to fix various security problems.
» CVE-2006-0095 Low: dm-crypt in Linux kernel 2.6.15 and ea (0.00) » CVE-2006-0457 Low: Race condition in the (1) add_key, (2) (0.00) » CVE-2006-0554 Low: Linux kernel 2.6 before 2.6.15.5 allow (0.00) » CVE-2006-0555 Low: The Linux Kernel before 2.6.15.5 allow (0.00) » CVE-2006-0557 Low: sys_mbind in mempolicy.c in Linux kern (0.00) » CVE-2006-0741 Low: Linux kernel before 2.6.15.5, when run (0.00) » CVE-2006-0742 Low: The die_if_kernel function in arch/ia6 (0.00) » CVE-2006-0744 Low: Linux kernel before 2.6.16.5 does not (0.00) » CVE-2006-1055 Low: The fill_write_buffer function in sysf (0.00) » CVE-2006-1056 Low: The Linux kernel before 2.6.16.9 and t (0.00) » CVE-2006-1242 Low: The ip_push_pending_frames function in (0.00) » CVE-2006-1342 Low: net/ipv4/af_inet.c in Linux kernel 2.4 (0.00) » CVE-2006-1523 Low: The __group_complete_signal function i (0.00) » CVE-2006-1524 Low: madvise_remove in Linux kernel 2.6.16 (0.00) » CVE-2006-1525 Low: ip_route_input in Linux kernel 2.6 bef (0.00) » CVE-2006-1527 Low: The SCTP-netfilter code in Linux kerne (0.00) » CVE-2005-4798 Low: Buffer overflow in NFS readlink handli (0.00) » CVE-2006-1863 Low: Directory traversal vulnerability in C (0.00) » CVE-2006-1864 Low: Directory traversal vulnerability in s (0.00) » CVE-2006-2271 Low: The ECNE chunk handling in Linux SCTP (0.00) » CVE-2006-2272 Low: Linux SCTP (lksctp) before 2.6.17 allo (0.00) » CVE-2006-2274 Low: Linux SCTP (lksctp) before 2.6.17 allo (0.00)

Cron local privilege escalation | SA:2006:027 | May 31, 2006
The code in do_command.c in Vixie cron does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource
» CVE-2006-2607 Low: do_command.c in Vixie cron (vixie-cron (0.00)

Foomatic-filters remote code execution | SA:2006:026 | May 30, 2006
A bug in cupsomatic/foomatic-filters that allowed remote printer users to execute arbitrary commands with the UID of the printer daemon has been fixed. While the same problem was fixed in earlier prod
» CVE-2004-0801 Low: Unknown vulnerability in foomatic-rip (0.00)

Security Summary Report | SR:2006:011 | May 19, 2006
Solved security vulnerabilities in: nagios (buffer overflow), avahi (local buffer overflow), pound (http request smuggling).
» CVE-2005-3751 Low: HTTP request smuggling vulnerability i (0.00) » CVE-2006-2162 Low: Buffer overflow in CGI scripts in Nagi (0.00) » CVE-2006-2288 Low: Avahi before 0.6.10 allows local users (0.00) » CVE-2006-2289 Low: Buffer overflow in avahi-core in Avahi (0.00)

Cyrus-SASL remote denial of service | SA:2006:025 | May 05, 2006
If a server or client is using DIGEST-MD5 authentication via the cyrus-sasl libraries it is possible to cause a denial of service attack against the other side (client or server) by leaving out the "r
» CVE-2006-1721 Low: digestmd5.c in the CMU Cyrus Simple Au (0.00) » CVE-2006-1905 Low: Multiple format string vulnerabilities (0.00) » CVE-2006-1989 Low: Buffer overflow in the get_database fu (0.00)

PHP4 and PHP5 vulnerabilities | SA:2006:024 | May 05, 2006
This update fixes the following security issues in PHP4 and PHP5: copy() and tempnam() functions could bypass open_basedir, restrictions, Cross-Site-Scripting (XSS) bug in phpinfo(), mb_send_mail() la
» CVE-2006-0996 Low: Cross-site scripting (XSS) vulnerabili (0.00) » CVE-2006-1014 Low: Argument injection vulnerability in ce (0.00) » CVE-2006-1015 Low: Argument injection vulnerability in ce (0.00) » CVE-2006-1490 Low: PHP before 5.1.3-RC1 might allow remot (0.00) » CVE-2006-1494 Low: Directory traversal vulnerability in f (0.00)

Page: 123456 out of 11

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »