Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories » SUSE

SUSE Security Advisories

Here you'll find the latest security advisories from SUSE. Our database currently contains 274 SUSE security advisories.
Page: 123456 out of 11

phpMyAdmin remote code execution | SA:2006:004 | January 26, 2006
Stefan Esser discovered a bug in in the register_globals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code. Additionally sever
» CVE-2005-3665 Low: Multiple cross-site scripting (XSS) vu (0.00) » CVE-2005-3787 Low: Multiple cross-site scripting (XSS) vu (0.00) » CVE-2005-4079 Low: The register_globals emulation in phpM (0.00)

Security summary report | SR:2006:002 | January 21, 2006
Solved security vulnerabilities: Wine (WMF SETABORTPROC problem), Cups (pdftops various xpdf problems) and Sudo (environment variable problems).
» CVE-2005-2959 Low: Incomplete blacklist vulnerability in (0.00) » CVE-2005-3191 Low: Multiple heap-based buffer overflows i (0.00) » CVE-2005-3192 Low: Heap-based buffer overflow in the Stre (0.00) » CVE-2005-4158 Low: Sudo before 1.6.8 p12, when the Perl t (0.00) » CVE-2006-0106 Low: gdi/driver.c and gdi/printdrv.c in Win (0.00) » CVE-2006-0151 Low: sudo 1.6.8 and other versions does not (0.00)

Kdelibs remote code execution | SA:2006:003 | January 21, 2006
Maksim Orlovich discovered a bug in the JavaScript interpreter used by Konqueror. UTF-8 encoded URLs could lead to a buffer overflow that causes the browser to crash or execute arbitrary code. Attacke
» CVE-2006-0019 Low: Heap-based buffer overflow in the enco (0.00)

Novell-nrm remote code execution | SA:2006:002 | January 13, 2006
By passing a huge or negative size via a HTTP request header to httpstkd it was possible to corrupt heap memory and so potentially execute code.
» CVE-2005-3655 Low: Heap-based buffer overflow in Novell O (0.00)

Security summary report | SR:2006:001 | January 13, 2006
Solved security vulnerabilities in: mailman (crash during UTF-8 decoding), pdftohtml (xpdf overflows), Mirror (overload), Sun Java JRE (security problems), nbd (buffer overflow), clamav 0.88 (heap ove
» CVE-2005-3191 Low: Multiple heap-based buffer overflows i (0.00) » CVE-2005-3192 Low: Heap-based buffer overflow in the Stre (0.00) » CVE-2005-3534 Low: Buffer overflow in the Network Block D (0.00) » CVE-2005-3904 Low: Unspecified vulnerability in Java Mana (0.00) » CVE-2005-3905 Low: Unspecified vulnerability in reflectio (0.00) » CVE-2005-3906 Low: Multiple unspecified vulnerabilities i (0.00) » CVE-2006-0162 Low: Heap-based buffer overflow in libclama (0.00)

xpdf remote code execution | SA:2006:001 | January 11, 2006
"infamous41md", Chris Evans and Dirk Mueller discovered multiple places in xpdf code where integer variables are insufficiently checked for range or overflow. Specially crafted PDF files could lead t
» CVE-2005-3191 Low: Multiple heap-based buffer overflows i (0.00) » CVE-2005-3192 Low: Heap-based buffer overflow in the Stre (0.00) » CVE-2005-3193 Low: Heap-based buffer overflow in the JPXS (0.00) » CVE-2005-3624 Low: The CCITTFaxStream::CCITTFaxStream fun (0.00) » CVE-2005-3625 Low: Xpdf, as used in products such as gpdf (0.00) » CVE-2005-3626 Low: Xpdf, as used in products such as gpdf (0.00) » CVE-2005-3627 Low: Stream.cc in Xpdf, as used in products (0.00) » CVE-2005-3628 Low: Buffer overflow in the JBIG2Bitmap::JB (0.00)

Perl remote denial of service | SA:2005:071 | December 20, 2005
Integer overflows in the format string functionality in Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which ca
» CVE-2005-3962 Low: Integer overflow in the format string (0.00)

Ipsec-tools, freeswan, openswan remote denial of service | SA:2005:070 | December 20, 2005
Openswan, Freeswan and raccoon (ipsec-tools) have been updated to fix crashes in aggressive mode. An attacker might send specially crafted packets that can crash racoon or Pluto.
» CVE-2005-3671 Low: The Internet Key Exchange version 1 (I (0.00) » CVE-2005-3732 Low: The Internet Key Exchange version 1 (I (0.00)

PHP4 and PHP5 remote code execution | SA:2005:069 | December 14, 2005
The previous security update for php caused crashes when mod_rewrite was used. The updated packages fix that problem as well.
» CVE-2005-3353 Low: The exif_read_data function in the Exi (0.00) » CVE-2005-3389 Low: The parse_str function in PHP 4.x up t (0.00) » CVE-2005-3390 Low: The RFC1867 file upload feature in PHP (0.00) » CVE-2005-3391 Low: Multiple vulnerabilities in PHP before (0.00) » CVE-2005-3392 Low: Unspecified vulnerability in PHP befor (0.00) » CVE-2005-3883 Low: CRLF injection vulnerability in the mb (0.00)

Security summary report | SR:2005:029 | December 09, 2005
Solved security vulnerabilities: php4, php5, mediawiki. Users of MediaWiki are not vulnerable to remote script language insertion since 1.4.x is used.
» CVE-2005-3191 Low: Multiple heap-based buffer overflows i (0.00) » CVE-2005-3192 Low: Heap-based buffer overflow in the Stre (0.00) » CVE-2005-3193 Low: Heap-based buffer overflow in the JPXS (0.00)

Security Summary Report | SR:2005:027 | November 18, 2005
Solved Security Vulnerabilities: libdga format string problem, flash-player buffer overflow, gpsdrive format string problem, squid various denial of service attacks, spamassassin denial of service, me
» CVE-2005-2628 Low: Macromedia Flash 6 and 7 (Flash.ocx) a (0.00) » CVE-2005-2917 Low: Squid 2.5.STABLE10 and earlier, while (0.00) » CVE-2005-2958 Low: Multiple format string vulnerabilities (0.00) » CVE-2005-3123 Low: Directory traversal vulnerability in G (0.00) » CVE-2005-3167 Low: Incomplete blacklist vulnerability in (0.00) » CVE-2005-3258 Low: The rfc1738_do_escape function in ftp. (0.00) » CVE-2005-3323 Low: docutils in Zope 2.6, 2.7 before 2.7.8 (0.00) » CVE-2005-3351 Low: SpamAssassin 3.0.4 allows attackers to (0.00) » CVE-2005-3388 Low: Cross-site scripting (XSS) vulnerabili (0.00) » CVE-2005-3389 Low: The parse_str function in PHP 4.x up t (0.00) » CVE-2005-3390 Low: The RFC1867 file upload feature in PHP (0.00) » CVE-2005-3523 Low: Format string vulnerability in friends (0.00)

phpMyAdmin remote code execution | SA:2005:066 | November 18, 2005
The MySQL configuration frontend phpMyAdmin was updated to fix the following security problems which can be remotely exploited: Multiple cross-site scripting (XSS) bugs. Multiple file inclusion vulner
» CVE-2005-2869 Low: Multiple cross-site scripting (XSS) vu (0.00) » CVE-2005-3300 Low: The register_globals emulation layer i (0.00) » CVE-2005-3301 Low: Multiple cross-site scripting (XSS) vu (0.00)

Gtk2, gdk-pixbuf remote code execution | SA:2005:065 | November 16, 2005
The image loading library of the gdk-pixbug/gtk2 package is vulnerable to several security-related bugs. This makes every application (mostly GNOME applications) which is linked against this library v
» CVE-2005-2975 Low: io-xpm.c in the gdk-pixbuf XPM image r (0.00) » CVE-2005-2976 Low: Integer overflow in io-xpm.c in gdk-pi (0.00) » CVE-2005-3186 Low: Integer overflow in the GTK+ gdk-pixbu (0.00)

Pwdutils local privilege escalation | SA:2005:064 | November 04, 2005
Thomas Gerisch found that the setuid 'chfn' program contained in the pwdutils suite insufficiently checks it's arguments when changing the GECOS field. This bug leads to a trivially exploitable local

Security summary report | SR:2005:025 | November 04, 2005
Solved Security Vulnerabilities: openvpn, lynx, liby2util, wget, kchmviewer, koffice-wordprocessing and ethereal.
» CVE-2005-2869 Low: Multiple cross-site scripting (XSS) vu (0.00) » CVE-2005-2917 Low: Squid 2.5.STABLE10 and earlier, while (0.00) » CVE-2005-2958 Low: Multiple format string vulnerabilities (0.00) » CVE-2005-2959 Low: Incomplete blacklist vulnerability in (0.00) » CVE-2005-2971 Low: Heap-based buffer overflow in the KWor (0.00) » CVE-2005-2974 Low: libungif library before 4.1.0 allows a (0.00) » CVE-2005-3068 Low: Unspecified vulnerability in Eric Inte (0.00) » CVE-2005-3120 Low: Stack-based buffer overflow in the HTr (0.00) » CVE-2005-3123 Low: Directory traversal vulnerability in G (0.00) » CVE-2005-3184 Low: Buffer overflow vulnerability in the u (0.00) » CVE-2005-3185 Low: Stack-based buffer overflow in the ntl (0.00) » CVE-2005-3241 Low: Multiple vulnerabilities in Ethereal 0 (0.00) » CVE-2005-3242 Low: Ethereal 0.10.12 and earlier allows re (0.00) » CVE-2005-3243 Low: Multiple buffer overflows in Ethereal (0.00) » CVE-2005-3244 Low: The BER dissector in Ethereal 0.10.3 t (0.00) » CVE-2005-3245 Low: Unspecified vulnerability in the ONC R (0.00) » CVE-2005-3246 Low: Ethereal 0.10.12 and earlier allows re (0.00) » CVE-2005-3247 Low: The SigComp UDVM in Ethereal 0.10.12 a (0.00) » CVE-2005-3248 Low: Unspecified vulnerability in the X11 d (0.00) » CVE-2005-3249 Low: Unspecified vulnerability in the WSP d (0.00) » CVE-2005-3258 Low: The rfc1738_do_escape function in ftp. (0.00) » CVE-2005-3300 Low: The register_globals emulation layer i (0.00) » CVE-2005-3301 Low: Multiple cross-site scripting (XSS) vu (0.00) » CVE-2005-3313 Low: The IRC protocol dissector in Ethereal (0.00) » CVE-2005-3318 Low: Buffer overflow in the _chm_decompress (0.00) » CVE-2005-3350 Low: libungif library before 4.1.0 allows a (0.00) » CVE-2005-3388 Low: Cross-site scripting (XSS) vulnerabili (0.00) » CVE-2005-3389 Low: The parse_str function in PHP 4.x up t (0.00) » CVE-2005-3390 Low: The RFC1867 file upload feature in PHP (0.00) » CVE-2005-3393 Low: Format string vulnerability in the for (0.00) » CVE-2005-3409 Low: OpenVPN 2.x before 2.0.4, when running (0.00)

Curl, wget remote code execution | SA:2005:063 | October 24, 2005
This update fixes a stack-based buffer overflow in the NTLM authentication code used by the file download tools/libraries curl and wget that can be triggered by using a long user or domain name (also
» CVE-2005-3185 Low: Stack-based buffer overflow in the ntl (0.00)

Permissions information disclosure | SA:2005:062 | October 24, 2005
SUSE LINUX ships with three pre defined sets of permissions, 'easy', 'secure' and 'paranoid'. The chkstat program contained in the permissions package is used to set those permissions to the chosen le

Security summary report | SR:2005:024 | October 21, 2005
Solved Security Vulnerabilities: net-snmp stream based denial of service attack, several buffer overflows in xloadimage, netpbm buffer overflow in pnmtopng, xine-lib format string problem, webmin pam
» CVE-2005-2177 Low: Unknown vulnerability in Net-SNMP 5.0. (0.00) » CVE-2005-2967 Low: Format string vulnerability in input_c (0.00) » CVE-2005-2978 Low: pnmtopng in netpbm before 10.25, when (0.00) » CVE-2005-3042 Low: miniserv.pl in Webmin before 1.230 and (0.00) » CVE-2005-3178 Low: Buffer overflow in xloadimage 4.1 and (0.00)

OpenSSL protocol downgrade attack | SA:2005:061 | October 19, 2005
The openssl cryptographic libraries have been updated to fix a protocol downgrading attack which allows a man-in-the-middle attacker to force the usage of SSLv2. This happens due to the work-around co

OpenWBEM remote code execution | SA:2005:060 | October 17, 2005
The SUSE Security Team performed a security review of important parts of the OpenWBEM system. During the audit, several integer wrap arounds and buffer overflows have been discovered and fixed. If exp

Page: 123456 out of 11

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »