Novell

This is Your Open EnterpriseTM

Novell XTier framework 5198

(b8833ce91ca8c8d2a478a8a32a2e2efb)

This document (5114990) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

This patch does not supersede any other patches.

patches that supersede this patch

This patch is not superseded by any other patches.

patch attributes

Architecture: x86
Security patch: YesView security alerts.
Priority: Mandatory
Distribution Type: Public

document

Revision: 1
Document ID: 5114990
Creation Date: 2011-10-25 11:45:03

abstract

Important: Security update for Novell XTier framework (5198)


Patch: sledsp1-novell-novfsd-5198
CVEs: CVE-2011-1710
Bugs: 585440

Applies to:

Package(s): novell-novfsd novell-novfsd-debuginfo novell-novfsd-debugsource novell-xtier-base novell-xtier-core novell-xtier-devel novell-xtier-web novell-xtier-xplat
Product(s):
SUSE Linux Enterprise Desktop 11 SP1

details

Indications

Everyone should update.

Contraindications

None.

Description

Several user supplied header length variables for the HTTP server component in the Novell XTier framework were not size limited, allowing integer overflow attacks to crash the service or potentially execute code. (CVE-2011-1710)

Security Issue reference:

Solution

This update is provided as a set of RPM packages that can easily be installed onto a running system by using the YaST online update module. Please install the update.

file contents

Files IncludedSizeDate
novell-novfsd-3.0.0-0.11.1.i586.rpm76.9 KB (78794)2011-10-25 11:45:12
novell-xtier-core-3.1.8-0.7.1.i586.rpm1.0 MB (1065689)2011-10-25 11:45:19
novell-xtier-base-3.1.8-0.7.1.i586.rpm4.0 MB (4213146)2011-10-25 11:45:17
novell-xtier-xplat-3.1.8-0.7.1.i586.rpm173.3 KB (177473)2011-10-25 11:45:19
readme_5114990.htmlN/A2011-10-25 11:46:05

source packages

Download the source code of the patches for maintained products.

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.

© 2007 Novell, Inc. All Rights Reserved.