http://support.novell.com/linux/psdb/rssi386SuSELinuxDesktop10.html Navigate and access SUSE patch downloads. en-us Mon Jan 7 22:42:12 2008 GMT http://blogs.law.harvard.edu/tech/rss support@novell.com webmaster@novell.com http://support.novell.com/techcenter/psdb/d52565d12f4ee4513d2a2c9fa0623cf2.html Obsoletes: none Indications Everyone should install this update. Contraindications None. Problem description Python contains a copy of the pcre library. Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code (CVE-2005-2491, CVE-2006-7228). Solution Please install the updates provided at the location noted below. Installation notes This update is provided as RPM packages that can easily be installed onto a running system by using this command: rpm -Fvh python.rpm python-curses.rpm python-demo.rpm python-devel.rpm python-doc.rpm python-doc-pdf.rpm python-gdbm.rpm python-korean.rpm ... Mon Jan 7 15:42:12 2008 GMT http://support.novell.com/techcenter/psdb/84c0e58baea4e5213424103bd3ab770c.html Obsoletes: none Indications Everyone using rsync should install this update. Contraindications None. Description This update fixes a bug in rsync that allows remote attackers to access restricted files outside a module's hierarchy if no chroot setup is used. (CVE-2007-6199) Please refer to http://rsync.samba.org/security.html , entry from November 28th, 2007, for more information about a secure configuration of rsync that also covers the bug tracked by CVE-2007-6200. This update also fixes some crashes that only affect rsync-2.6.8 on SLES10. Installation notes This update is provided as an RPM package that can easily be installed onto a running system by using this ... Mon Jan 7 15:42:12 2008 GMT http://support.novell.com/techcenter/psdb/e7e00fb9cc394d90331ede554824383e.html Obsoletes: none Indications Everyone should install the updated timezone information. Contraindications None. Description This patch updates the glibc timezone database according to a last-minute change of the time shift date by Venezuelan government from 2008-01-01 to 2007-12-09. Venezuela will move from UTC-4:00 to UTC-4:30. The affected timezone is named America/Caracas . Other timezones have been updated as well: Asia/Damascus (time change in effect since start of November) America/Havana (ditto) America/St_Barthelemy America/Marigot Solution Please install the updates provided at the location noted below. Installation notes This update is provided as an RPM package that can easily be installed onto a running ... Fri Dec 28 15:42:12 2007 GMT http://support.novell.com/techcenter/psdb/f61794701df3f762046f48a83269b763.html Obsoletes: none Indications Everyone using heimdal should install this update. Contraindications None. Description This update fixes a software bug due to calling free(3) on an uninitialized pointer. The bug can be triggered remotely, the impact is currently unknown. (CVE-2007-5939) Solution Please install the updates provided at the location noted below. Installation notes This update is provided as RPM packages that can easily be installed onto a running system by using this command: rpm -Fvh heimdal.rpm heimdal-devel.rpm heimdal-lib.rpm heimdal-tools.rpm ... Sat Dec 22 15:42:12 2007 GMT http://support.novell.com/techcenter/psdb/62b9c0440dd934e47058664687d5b084.html Obsoletes: none Indications Everyone using samba should update. Contraindications None. Problem description This update of Samba fixes a buffer overflow in function send_mailslot() that allows to overwrite the stack with zero-bytes. (CVE-2007-6015) Solution Please install the updates provided at the location noted below. Installation notes This update is provided as an RPM package that can easily be installed onto a running system by using this command: rpm -Fhv cifs-mount.rpm ldapsmb.rpm libmsrpc.rpm libmsrpc-devel.rpm libsmbclient.rpm libsmbclient-devel.rpm libsmbsharemodes.rpm libsmbsharemodes-devel.rpm samba.rpm samba-client.rpm samba-doc.rpm samba-krb-printing.rpm samba-pdb.rpm samba-python.rpm samba-utils.rpm samba-vscan.rpm samba-winbind.rpm samba-wrepl.rpm ... Mon Dec 10 15:42:12 2007 GMT http://support.novell.com/techcenter/psdb/6dd778b3f47ea6338ca94dac88abee05.html Obsoletes: none Indications Everyone should update. Contraindications None. Problem description This update of e2fsprogs fixes several integer overflows in memory allocating code. Programs that use libext2fs are therefore vulnerable to memory corruptions that can lead to arbitrary code execution while loading a specially crafted image. (CVE-2007-5497) Solution Please install the updates provided at the location noted below. Installation notes This update is provided as an RPM package that can easily be installed onto a running system by using this command: rpm -Fvh e2fsprogs.rpm e2fsprogs-devel.rpm libcom_err.rpm libext2fs-devel.rpm libext2fs2.rpm ... Wed Dec 5 15:42:12 2007 GMT http://support.novell.com/techcenter/psdb/56605be2584d53da1a8232f1bf454759.html Obsoletes: none Indications Everyone should install this update. Contraindications None. Problem description Specially crafted PNG files could crash applications while attempting to process the file by exploiting out-of-bounds read operations. This can be abused for local and remote denial of service attacks. The issue has been tracked by CVE-2007-5269. Solution Please install the updates provided at the location noted below. Installation notes This update is provided as RPM packages that can easily be installed onto a running system by using this command: rpm -Fvh libpng.rpm libpng-devel.rpm ... Mon Nov 26 15:42:12 2007 GMT http://support.novell.com/techcenter/psdb/4aacd60f39d38eea0965ae4a284e6214.html Obsoletes: none Indications Everyone using Samba should install this update. Contraindications None. Description This update fixes two buffer overflows in nmbd (CVE-2007-4572, CVE-2007-5398). Remote attackers could potentially exploit these to execute arbitrary code. The updated packages additionally contain fixes for numerous other defects. Please refer to the changelogs of the packages for details. Solution Please install the updates provided at the location noted below. Installation notes This update is provided as an RPM package that can easily be installed onto a running system by using this command: rpm -Fvh samba.rpm samba-client.rpm samba-vscan.rpm ... Mon Nov 26 15:42:12 2007 GMT http://support.novell.com/techcenter/psdb/ac1366b509057e23230d33e9bad84f43.html Obsoletes: none Indications Everyone should install this update. Contraindications None. Problem description Specially crafted regular expressions could lead to a buffer overflow in perl's regular expressions engine. Scripts processing data from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. Depending on the purpose of the scripts, the vulnerability can be exploited remotely or locally. The vulnerability has been tracked by CVE-2007-5116. Solution Please install the updates provided at the location noted below. Installation notes This update is provided as an RPM package that can easily be installed onto a running system by using this command: ... Fri Nov 16 15:42:12 2007 GMT http://support.novell.com/techcenter/psdb/206d9e9430eb6c86c8470f0497fc9219.html Obsoletes: none Indications Everyone should install this maintenance update. Contraindications None. Problem description Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. Depending on the application linked to libpcre , the vulnerability can be exploited remotely or locally. The vulnerability has been tracked by CVE-2006-7224 and CVE-2007-1660. Solution Please install the updates provided at the location noted below. Installation notes This update is provided as RPM packages that can easily be installed onto a ... Fri Nov 16 15:42:12 2007 GMT