http://support.novell.com/linux/psdb/rssia64SuSESLES8.html Navigate and access SUSE patch downloads. en-us Mon Jan 7 22:42:11 2008 GMT http://blogs.law.harvard.edu/tech/rss support@novell.com webmaster@novell.com http://support.novell.com/techcenter/psdb/d52565d12f4ee4513d2a2c9fa0623cf2.html Obsoletes: none Indications Everyone should install this update. Contraindications None. Problem description Python contains a copy of the pcre library. Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code (CVE-2005-2491, CVE-2006-7228). Solution Please install the updates provided at the location noted below. Installation notes This update is provided as RPM packages that can easily be installed onto a running system by using this command: rpm -Fvh python.rpm python-curses.rpm python-demo.rpm python-devel.rpm python-doc.rpm python-doc-pdf.rpm python-gdbm.rpm python-korean.rpm ... Mon Jan 7 15:42:11 2008 GMT http://support.novell.com/techcenter/psdb/84c0e58baea4e5213424103bd3ab770c.html Obsoletes: none Indications Everyone using rsync should install this update. Contraindications None. Description This update fixes a bug in rsync that allows remote attackers to access restricted files outside a module's hierarchy if no chroot setup is used. (CVE-2007-6199) Please refer to http://rsync.samba.org/security.html , entry from November 28th, 2007, for more information about a secure configuration of rsync that also covers the bug tracked by CVE-2007-6200. This update also fixes some crashes that only affect rsync-2.6.8 on SLES10. Installation notes This update is provided as an RPM package that can easily be installed onto a running system by using this ... Mon Jan 7 15:42:11 2008 GMT http://support.novell.com/techcenter/psdb/01ed940afb4b4e3e1979f23f2535d210.html Obsoletes: none Indications Everybody using the check_disk plugin should update. Contraindications None. Problem description The latest maintenance version of the nagios-plugins was built without specifying the full path for the "df" command. This causes the check_disk plugin to fail. Solution Please install the updates provided at the location noted below. Installation notes This update is provided as an RPM package that can easily be installed onto a running system by using this command: rpm -Fhv nagios-plugins.rpm nagios-plugins-extras.rpm ... Mon Jan 7 15:42:11 2008 GMT http://support.novell.com/techcenter/psdb/b5b74dcd208aaf4729bddde09fdaa4c7.html Obsoletes: none Indications Everyone should update. Contraindications None. Problem description This update of squid fixes a denial-of-service bug during "cache update reply processing" (CVE-2007-6239). Solution Please install the updates provided at the location noted below. Installation notes This update is provided as an RPM package that can easily be installed onto a running system by using this command: rpm -Fhv squid.rpm ... Mon Jan 7 15:42:11 2008 GMT http://support.novell.com/techcenter/psdb/e7e00fb9cc394d90331ede554824383e.html Obsoletes: none Indications Everyone should install the updated timezone information. Contraindications None. Description This patch updates the glibc timezone database according to a last-minute change of the time shift date by Venezuelan government from 2008-01-01 to 2007-12-09. Venezuela will move from UTC-4:00 to UTC-4:30. The affected timezone is named America/Caracas . Other timezones have been updated as well: Asia/Damascus (time change in effect since start of November) America/Havana (ditto) America/St_Barthelemy America/Marigot Solution Please install the updates provided at the location noted below. Installation notes This update is provided as an RPM package that can easily be installed onto a running ... Fri Dec 28 15:42:11 2007 GMT http://support.novell.com/techcenter/psdb/f61794701df3f762046f48a83269b763.html Obsoletes: none Indications Everyone using heimdal should install this update. Contraindications None. Description This update fixes a software bug due to calling free(3) on an uninitialized pointer. The bug can be triggered remotely, the impact is currently unknown. (CVE-2007-5939) Solution Please install the updates provided at the location noted below. Installation notes This update is provided as RPM packages that can easily be installed onto a running system by using this command: rpm -Fvh heimdal.rpm heimdal-devel.rpm heimdal-lib.rpm heimdal-tools.rpm ... Sat Dec 22 15:42:11 2007 GMT http://support.novell.com/techcenter/psdb/c0fff4be80778f0372cecb64db0cabef.html Obsoletes: none Indications Everyone using the Mozilla suite should install this update. Contraindications None. Description This update fixes various security problems in the Mozilla suite: The jar protocol handler in retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. (MFSA 2007-37, CVE-2007-5947) The update contains fixes for three bugs that improve the stability of the product. These crashes showed some evidence of memory corruption under certain circumstances and we ... Sat Dec 15 15:42:11 2007 GMT http://support.novell.com/techcenter/psdb/62b9c0440dd934e47058664687d5b084.html Obsoletes: none Indications Everyone using samba should update. Contraindications None. Problem description This update of Samba fixes a buffer overflow in function send_mailslot() that allows to overwrite the stack with zero-bytes. (CVE-2007-6015) Solution Please install the updates provided at the location noted below. Installation notes This update is provided as an RPM package that can easily be installed onto a running system by using this command: rpm -Fhv cifs-mount.rpm ldapsmb.rpm libmsrpc.rpm libmsrpc-devel.rpm libsmbclient.rpm libsmbclient-devel.rpm libsmbsharemodes.rpm libsmbsharemodes-devel.rpm samba.rpm samba-client.rpm samba-doc.rpm samba-krb-printing.rpm samba-pdb.rpm samba-python.rpm samba-utils.rpm samba-vscan.rpm samba-winbind.rpm samba-wrepl.rpm ... Mon Dec 10 15:42:11 2007 GMT http://support.novell.com/techcenter/psdb/6dd778b3f47ea6338ca94dac88abee05.html Obsoletes: none Indications Everyone should update. Contraindications None. Problem description This update of e2fsprogs fixes several integer overflows in memory allocating code. Programs that use libext2fs are therefore vulnerable to memory corruptions that can lead to arbitrary code execution while loading a specially crafted image. (CVE-2007-5497) Solution Please install the updates provided at the location noted below. Installation notes This update is provided as an RPM package that can easily be installed onto a running system by using this command: rpm -Fvh e2fsprogs.rpm e2fsprogs-devel.rpm libcom_err.rpm libext2fs-devel.rpm libext2fs2.rpm ... Wed Dec 5 15:42:11 2007 GMT http://support.novell.com/techcenter/psdb/7dcf095c223a892d3b0140eaa9312402.html Obsoletes: none Indications Everyone using Emacs should update. Contraindications None. Problem description This update fixes a buffer overflow in Emacs that can be triggered over the command-line. Solution Please install the updates provided at the location noted below. Installation notes This update is provided as an RPM package that can easily be installed onto a running system by using this command: rpm -Fvh emacs.rpm emacs-el.rpm emacs-info.rpm emacs-nox.rpm emacs-x11.rpm ... Thu Nov 29 15:42:11 2007 GMT