Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories » SUSE

SUSE Security Advisories

Here you'll find the latest security advisories from SUSE. Our database currently contains 274 SUSE security advisories.
Page: 123456 out of 11

X.Org local privilege escalation | SA:2006:023 | May 03, 2006
Miscalculation of a buffer size in the X Render extension of the X.Org X11 server could potentially be exploited by users to cause a buffer overflow and run code with elevated privileges.
» CVE-2006-1526 Low: Buffer overflow in the X render (Xrend (0.00)

Security Summary Report | SR:2006:009 | April 28, 2006
Solved Security Vulnerabilities: phpMyAdmin (XSS problems and SQL injection), asterisk (integer overflow in JPEG handling), libtiff (various denial of service attacks), beagle (potential command injec
» CVE-2005-4190 Low: Multiple cross-site scripting (XSS) vu (0.00) » CVE-2006-1260 Low: Horde Application Framework 3.0.9 allo (0.00) » CVE-2006-1550 Low: Multiple buffer overflows in the xfig (0.00) » CVE-2006-1629 Low: OpenVPN 2.0 through 2.0.5 allows remot (0.00) » CVE-2006-1678 Low: Multiple cross-site scripting (XSS) vu (0.00) » CVE-2006-1803 Low: Cross-site scripting (XSS) vulnerabili (0.00) » CVE-2006-1804 Low: SQL injection vulnerability in sql.php (0.00) » CVE-2006-1827 Low: Integer signedness error in format_jpe (0.00) » CVE-2006-1865 Low: Argument injection vulnerability in Be (0.00) » CVE-2006-2024 Low: Multiple vulnerabilities in libtiff be (0.00) » CVE-2006-2025 Low: Integer overflow in the TIFFFetchData (0.00) » CVE-2006-2026 Low: Double-free vulnerability in tif_jpeg. (0.00)

Mozilla Thunderbird multiple vulnerabilities | SA:2006:022 | April 25, 2006
Multiple vulnerabilities have been found and fixed in Mozilla Thunderbird 1.0.8. Users running versions older than 1.0.8 are strongly advised to upgrade their systems.
» CVE-2004-1316 Low: Heap-based buffer overflow in MSG_UnEs (0.00) » CVE-2005-0142 Low: Firefox 0.9, Thunderbird 0.6 and other (0.00) » CVE-2005-0149 Low: Thunderbird 0.6 through 0.9 and Mozill (0.00) » CVE-2005-0230 Low: Firefox 1.0 does not prevent the user (0.00) » CVE-2005-0255 Low: String handling functions in Mozilla 1 (0.00) » CVE-2005-0399 Low: Heap-based buffer overflow in GIF2.cpp (0.00) » CVE-2005-0587 Low: Firefox before 1.0.1 and Mozilla befor (0.00) » CVE-2005-0590 Low: The installation confirmation dialog i (0.00) » CVE-2005-0592 Low: Heap-based buffer overflow in the UTF8 (0.00) » CVE-2005-0989 Low: The find_replen function in jsstr.c in (0.00) » CVE-2005-1159 Low: The native implementations of InstallT (0.00) » CVE-2005-1160 Low: The privileged "chrome" UI code in Fir (0.00) » CVE-2005-1532 Low: Firefox before 1.0.4 and Mozilla Suite (0.00) » CVE-2005-2261 Low: Firefox before 1.0.5, Thunderbird befo (0.00) » CVE-2005-2265 Low: Firefox before 1.0.5, Mozilla before 1 (0.00) » CVE-2005-2266 Low: Firefox before 1.0.5 and Mozilla befor (0.00) » CVE-2005-2269 Low: Firefox before 1.0.5, Mozilla before 1 (0.00) » CVE-2005-2270 Low: Firefox before 1.0.5 and Mozilla befor (0.00) » CVE-2005-2706 Low: Firefox before 1.0.7 and Mozilla befor (0.00) » CVE-2005-2707 Low: Firefox before 1.0.7 and Mozilla Suite (0.00) » CVE-2006-0292 Low: The Javascript interpreter (jsinterp.c (0.00) » CVE-2006-0296 Low: The XULDocument.persist function in Mo (0.00) » CVE-2006-0748 Low: Mozilla Firefox and Thunderbird 1.x be (0.00) » CVE-2006-0749 Low: nsHTMLContentSink.cpp in Mozilla Firef (0.00) » CVE-2006-0884 Low: The WYSIWYG rendering engine ("rich ma (0.00) » CVE-2006-1045 Low: The HTML rendering engine in Mozilla T (0.00) » CVE-2006-1727 Low: Unspecified vulnerability in Mozilla F (0.00) » CVE-2006-1728 Low: Unspecified vulnerability in Mozilla F (0.00) » CVE-2006-1730 Low: Integer overflow in Mozilla Firefox an (0.00) » CVE-2006-1731 Low: Mozilla Firefox and Thunderbird 1.x be (0.00) » CVE-2006-1732 Low: Unspecified vulnerability in Mozilla F (0.00) » CVE-2006-1733 Low: Mozilla Firefox and Thunderbird 1.x be (0.00) » CVE-2006-1734 Low: Mozilla Firefox and Thunderbird 1.x be (0.00) » CVE-2006-1735 Low: Mozilla Firefox and Thunderbird 1.x be (0.00) » CVE-2006-1737 Low: Integer overflow in Mozilla Firefox an (0.00) » CVE-2006-1739 Low: The CSS border-rendering code in Mozil (0.00) » CVE-2006-1741 Low: Mozilla Firefox 1.x before 1.5 and 1.0 (0.00) » CVE-2006-1742 Low: The JavaScript engine in Mozilla Firef (0.00)

ClamAV remote code execution | SA:2006:020 | April 11, 2006
Arbitrary code execution vulnerability has been found in ClamAV 0.80, among other bugs. Users are advised to upgrade.
» CVE-2006-1614 Low: Integer overflow in the cli_scanpe fun (0.00) » CVE-2006-1615 Low: Multiple format string vulnerabilities (0.00) » CVE-2006-1630 Low: The cli_bitset_set function in libclam (0.00)

Security summary report | SR:2006:008 | April 07, 2006
Solved security vulnerabilities in: kaffeine (buffer overflow), mailman (denial of service attack) and xzgv (heap overflow).
» CVE-2006-0051 Low: Buffer overflow in playlistimport.cpp (0.00) » CVE-2006-0052 Low: The attachment scrubber (Scrubber.py) (0.00) » CVE-2006-1060 Low: Heap-based buffer overflow in zgv befo (0.00) » CVE-2006-1630 Low: The cli_bitset_set function in libclam (0.00)

Security summary report | SR:2006:007 | March 31, 2006
Solved security vulnerabilities: mediawiki (HTML injection), horde (remote code injection) and cairo (denial of service attack).
» CVE-2006-0528 Low: The cairo library (libcairo), as used (0.00) » CVE-2006-1491 Low: Eval injection vulnerability in Horde (0.00) » CVE-2006-1498 Low: Cross-site scripting (XSS) vulnerabili (0.00)

FreeRADIUS remote code execution | SA:2006:019 | March 28, 2006
A malicious attacker could manipulate their EAP-MSCHAPv2 client state machine to potentially convince the server to bypass authentication checks. This bypassing could also result in the server crashin
» CVE-2006-1354 Low: Unspecified vulnerability in FreeRADIU (0.00)

RealPlayer remote code execution | SA:2006:018 | March 23, 2006
Specially crafted SWF files could cause a buffer overflow and crash RealPlayer. Specially crafted web sites could cause heap overflow and lead to executing arbitrary code. This was already fixed with
» CVE-2005-2922 Low: Heap-based buffer overflow in the embe (0.00) » CVE-2006-0323 Low: Buffer overflow in swfformat.dll in mu (0.00)

Security summary report | SR:2006:006 | March 23, 2006
Solved security vulnerabilities in ImageMagick (various problems and zoo (buffer overflow). Users are advised to update.
» CVE-2005-4601 Low: The delegate code in ImageMagick 6.2.4 (0.00) » CVE-2006-0024 Low: Multiple unspecified vulnerabilities i (0.00) » CVE-2006-0082 Low: Format string vulnerability in the Set (0.00) » CVE-2006-0745 Low: X.Org server (xorg-server) 1.0.0 and l (0.00) » CVE-2006-0855 Low: Stack-based buffer overflow in the ful (0.00)

Sendmail remote code execution | SA:2006:017 | March 22, 2006
The popular MTA sendmail is vulnerable to a race condition when handling signals. Under certain circumstances this bug can be exploited by an attacker to execute commands remotely.
» CVE-2006-0058 Low: Signal handler race condition in Sendm (0.00)

X.Org Xserver local privilege escalation | SA:2006:016 | March 21, 2006
A programming flaw in the X.Org X Server allows local attackers to gain root access when the server is setuid root, as is the default in SUSE Linux 10.0. This flaw was spotted by the Coverity project
» CVE-2006-0745 Low: X.Org server (xorg-server) 1.0.0 and l (0.00)

Flash player remote code execution | SA:2006:015 | March 21, 2006
A critical security vulnerability has been identified in the Adobe Macromedia Flash Player that allows an attacker who successfully exploits these vulnerabilities to take control of the application ru
» CVE-2006-0024 Low: Multiple unspecified vulnerabilities i (0.00)

Gpg remote code execution | SA:2006:014 | March 10, 2006
The GNU Privacy Guard allows crafting a message which could check out correct using "--verify", but would extract a different, potentially malicious content when using "-o --batch". This problem could
» CVE-2006-0049 Low: gpg in GnuPG before 1.4.2.2 does not p (0.00) » CVE-2006-0455 Low: gpgv in GnuPG before 1.4.2.1, when usi (0.00)

Security summary report | SR:2006:005 | March 03, 2006
Solved security vulnerabilities in: Tin (single byte overflow), ethereal (denial of service in IRC dissector), zoo (buffer overflow in filename handling), ruby (security check circumvention), metamail
» CVE-2002-0399 Low: Directory traversal vulnerability in G (0.00) » CVE-2005-1918 Low: The original patch for a GNU tar direc (0.00) » CVE-2005-2337 Low: Ruby 1.6.x up to 1.6.8, 1.8.x up to 1. (0.00) » CVE-2005-3313 Low: The IRC protocol dissector in Ethereal (0.00) » CVE-2005-3699 Low: Opera Web Browser 8.50 and 8.0 through (0.00) » CVE-2006-0188 Low: webmail.php in SquirrelMail 1.4.0 to 1 (0.00) » CVE-2006-0195 Low: Interpretation conflict in the MagicHT (0.00) » CVE-2006-0300 Low: Buffer overflow in tar 1.14 through 1. (0.00) » CVE-2006-0377 Low: CRLF injection vulnerability in Squirr (0.00) » CVE-2006-0455 Low: gpgv in GnuPG before 1.4.2.1, when usi (0.00) » CVE-2006-0709 Low: Buffer overflow in Metamail 2.7-50 all (0.00) » CVE-2006-0804 Low: Off-by-one error in TIN 1.8.0 and earl (0.00) » CVE-2006-0855 Low: Stack-based buffer overflow in the ful (0.00)

gpg, liby2util remote code execution | SA:2006:013 | March 01, 2006
With certain handcraft-able signatures GPG was returning a valid signature when used on command-line with option --verify. Also, the YaST Online Update script signature verification had used a feature
» CVE-2006-0455 Low: gpgv in GnuPG before 1.4.2.1, when usi (0.00) » CVE-2006-0803 Low: The signature verification functionali (0.00)

Heimdal remote denial of service | SA:2006:011 | February 24, 2006
This update fixes two bugs in heimdal. The first one occurs in the rsh daemon and allows an authenticated malicious user to gain ownership of files that belong to other users. The second bug affects t
» CVE-2006-0582 Low: Unspecified vulnerability in rshd in H (0.00) » CVE-2006-0677 Low: telnetd in Heimdal 0.6.x before 0.6.6 (0.00)

Security summary report | SR:2006:004 | February 24, 2006
Solver security vulnerabilities in: rsmgr, php4, php5, ethereal and apache modules.
» CVE-2005-3352 Low: Cross-site scripting (XSS) vulnerabili (0.00) » CVE-2005-3357 Low: mod_ssl in Apache 2.0 up to 2.0.55, wh (0.00) » CVE-2005-3651 Low: Stack-based buffer overflow in the dis (0.00) » CVE-2005-4585 Low: Unspecified vulnerability in the GTP d (0.00) » CVE-2006-0207 Low: Multiple HTTP response splitting vulne (0.00) » CVE-2006-0208 Low: Multiple cross-site scripting (XSS) vu (0.00)

Heimdal remote denial of service | SA:2006:010 | February 24, 2006
This update fixes two bugs in heimdal. The first one occurs in the rsh daemon and allows an authenticated malicious user to gain ownership of files that belong to other users. The second bug affects t
» CVE-2006-0582 Low: Unspecified vulnerability in rshd in H (0.00) » CVE-2006-0677 Low: telnetd in Heimdal 0.6.x before 0.6.6 (0.00)

CASA PAM handler remote root exploit | SA:2006:010 | February 22, 2006
This update fixes a remotely exploitable stack buffer overflow in the pam_micasa authentication module. Since this module is added to /etc/pam.d/sshd automatically on installation of CASA it was possi
» CVE-2006-0736 Low: Stack-based buffer overflow in the pam (0.00)

Gpg, liby2util incorrect signature checking | SA:2006:009 | February 20, 2006
With certain handcraftable signatures GPG was returning a 0 (valid signature) when used on command-line with option --verify. This could make automated checkers pass malicious files as correct.
» CVE-2006-0455 Low: gpgv in GnuPG before 1.4.2.1, when usi (0.00)

OpenSSH remote code execution | SA:2006:008 | February 14, 2006
A problem in the handling of scp in openssh could be used to execute commands on remote hosts even using a scp-only configuration.
» CVE-2006-0225 Low: scp in OpenSSH 4.2p1 allows attackers (0.00)

Privilege escalation due to empty RPATH | SA:2006:007 | February 10, 2006
A SUSE specific patch to the GNU linker 'ld' removes redundant RPATH and RUNPATH components when linking binaries. Due to a bug in this routine ld occasionally left empty RPATH components. When runnin

Kernel remote denial of service | SA:2006:006 | February 09, 2006
Numerous security vulnerabilities (and non security bugs) have been fixed in Linux kernel on SUSE Linux 10.0. Users are advised to upgrade.
» CVE-2005-3356 Low: The mq_open system call in Linux kerne (0.00) » CVE-2005-3358 Low: Linux kernel before 2.6.15 allows loca (0.00) » CVE-2005-3623 Low: nfs2acl.c in the Linux kernel 2.6.14.4 (0.00) » CVE-2005-3808 Low: Integer overflow in the invalidate_ino (0.00) » CVE-2005-4605 Low: The procfs code (proc_misc.c) in Linux (0.00) » CVE-2005-4635 Low: The nl_fib_input function in fib_front (0.00) » CVE-2006-0454 Low: Linux kernel before 2.6.15.3 down to 2 (0.00)

Security summary report | SR:2006:003 | February 03, 2006
Solved security vulnerabilities: openssh (GSSAPI problem), gd (integer overflows), mediawiki problems and bofofilter (buffer overflows).
» CVE-2004-0990 Low: Integer overflow in GD Graphics Librar (0.00) » CVE-2005-2798 Low: sshd in OpenSSH before 4.2, when GSSAP (0.00) » CVE-2005-4501 Low: MediaWiki before 1.5.4 uses a hard-cod (0.00) » CVE-2005-4591 Low: Heap-based buffer overflow in bogofilt (0.00) » CVE-2005-4592 Low: Heap-based buffer overflow in bogofilt (0.00) » CVE-2006-0322 Low: Unspecified vulnerability the edit com (0.00)

NFS server remote code execution | SA:2006:005 | January 26, 2006
Insufficient buffer space supplied to the realpath() function when processing mount requests can lead to a buffer overflow in the rpc.mountd and allows remote attackers to execute code as the root use
» CVE-2006-0043 Low: Buffer overflow in the realpath functi (0.00)

Page: 123456 out of 11

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »