Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories » SUSE

SUSE Security Advisories

Here you'll find the latest security advisories from SUSE. Our database currently contains 274 SUSE security advisories.
Page: 12... 4 5 6 7 8 9 10 11 out of 11

SuSE Security Announcement: openssl (SuSE-SA:2003:011) | SA:2003:011 | February 26, 2003
A security weakness has been found, known as "Vaudenay timing attack on CBC", named after one of the discoverers (Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and

SuSE Security Announcement: libmcrypt (SuSE-SA:2003:0010) | SA:2003:001 | February 26, 2003
Versions of libmcrypt prior to 2.5.5 include several buffer overflows that can be triggered by passing very long input to the mcrypt_* functions.

SuSE Security Announcement: mod_php4 (SuSE-SA:2003:0009) | SA:2003:000 | February 18, 2003
Under some special circumstances a buffer overflow can be triggered in mod_php4's wordwrap() function. This buffer overflow can be used to overwrite heap memory and possibly can lead to r

SuSE Security Announcement: imp (SuSE-SA:2003:0008) | SA:2003:000 | February 18, 2003
Some SQL-injection vulnerabilities were found in IMP 2.x that allow an attacker to access the underlying database. No authentication is needed to exploit this bug.

SuSE Security Announcement: dhcp (SuSE-SA:2003:0006) | SA:2003:000 | January 23, 2003
Content of this advisory: 1) security vulnerability resolved: buffer overflow in nsupdate code problem description, discussion, solution and upgrade information 2) pending v

SuSE Security Announcement: susehelp (SuSE-SA:2003:005) | SA:2003:005 | January 23, 2003
Content of this advisory: 1) security vulnerability resolved: Remote command execution due to broken filtering of shell metacharacters in CGI queries. problem descriptio

Cvs double free bug | SUSE-SA:2003:007 | January 22, 2003
Stefan Esser of e-matters reported a "double free" bug in CVS server code for handling directory requests. This free() call allows an attacker with CVS read access to compromise a CVS server.

Libpng loop offset values buffer overflow | SUSE-SA:2003:004 | January 14, 2003
Due to wrong calculation of some loop offset values a buffer overflow can occur. The buffer overflow can lead to Denial-of-Service or even to remote compromise.

Fetchmail remote compromise | SUSE-SA:2003:001 | January 03, 2003
Stefan Esser of e-matters reported a bug in fetchmail's mail address expanding code which can lead to remote system compromise. When fetchmail expands email addresses in mail headers it doesn not allo

Mysql remote command execution | SUSE-SA:2003:003 | January 02, 2003
Within the MySQL server the password checking and a signedness issue has been fixed. These could lead to a remote compromise of the system running an unpatched MySQL server. In order to exploit this b

Cups root compromise | SUSE-SA:2003:002 | January 02, 2003
iDFENSE reported several security issues with CUPS that can lead to local and remote root compromise.

Cyrus-imapd buffer overflow | SUSE-SA:2002:048 | December 20, 2002
The cyrus imapd contains a buffer overflow which could be exploited by remote attackers prior to logging in. Attackers could generate oversized error messages and overflow buffers inside imapd. Additi

OpenLDAP2 buffer overflows | SUSE-SA:2002:047 | December 06, 2002
The SUSE Security Team reviewed critical parts of that package and found several buffer overflows and other bugs remote attackers could exploit to gain access on systems running vulnerable LDAP server

Pine denial-of-service | SUSE-SA:2002:046 | November 25, 2002
While parsing and escaping characters of eMail addresses pine does not allocate enough memory for storing the escaped mailbox part of an address. This results in a buffer overflow on the heap that wil

Samba exploit | SUSE-SA:2002:045 | November 20, 2002
The error consists of a buffer overflow in a commonly used routine that accepts user input and may write up to 127 bytes past the end of the buffer allocated with static length, leaving enough room

Bind8 buffer overflow | SUSE-SA:2002:044 | November 13, 2002
The security research company ISS (Internet Security Services) has discovered several vulnerabilities in the BIND8 name server, including a remotely exploitable buffer overflow.

Traceroute-nanog/nkitb buffer overflow | SUSE-SA:2002:043 | November 12, 2002
Traceroute-nanog requires root privilege to open a raw socket. It does not relinquish these privileges after doing so. This allows a malicious user to gain root access by exploiting a buffer overflow

Perl-MailTools critical modules | SUSE-SA:2002:041 | November 12, 2002
The SUSE Security Team reviewed critical Perl modules, including the Mail::Mailer package. This package contains a security hole which allows remote attackers to execute arbitrary commands in certain

Kdenetwork lanbrowsing service vuln | SUSE-SA:2002:042 | November 12, 2002
During a security review, the SUSE security team has found two vulnerabilities in the KDE lanbrowsing service.

Lprng, html2ps ocal privilege escalation and remote command execution | SUSE-SA:2002:040 | October 31, 2002
The lprng package contains the "runlpr" program which allows the lp user to execute the lpr program as root. Local attackers can pass certain commandline arguments to lpr running as root, fooling it t

Syslog-ng remote command execution | SUSE-SA:2002:039 | October 31, 2002
Syslog-ng contained buffer overflows in its macro expansion routines. These overflows could be triggered by remote attackers if certain configuration options were enabled.

Postgresql remote privilege escalation | SUSE-SA:2002:038 | October 21, 2002
The PostgreSQL Object-Relational DBMS was found vulnerable to several security related buffer overflow problems.

Heartbeat remote root | SUSE-SA:2002:037 | October 14, 2002
Several format string bugs have been discovered in the heartbeat package. One of these format string bugs is in the normal path of execution, all the remaining ones can only be triggered if

Mod_php4 remote privilege escalation | SUSE-SA:2002:036 | October 04, 2002
An attacker can pass shell meta-characters or sendmail(8) command line options via the 5th argument (introduced in version 4.0.5) of the mail() function to execute shell commands or control the behavi

Page: 12... 4 5 6 7 8 9 10 11 out of 11

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »