SUSE Security Summary Report

English News and Announcements
#1

SUSE Security Summary Report

25 Jan 2011

More…

#2

  1. Solved Security Vulnerabilities

    …]

    Fixed packages for the following incidents are already available on our FTP
    server and via the YaST Online Update.

…]

  • evince
    Multiple font parser vulnerabilities in the DVI backend of evince have
    been fixed.
    CVE-2010-2640 - CVE-2010-2643 have been assigned to these issues.

    Affected products: openSUSE 11.2-11.3, SLE11-SP1

  • hplip
    Specially crafted SNMP replies could cause a buffer overflow in hplip’s
    sane backend (CVE-2010-4267).

    Affected products: openSUSE 11.2-11.3, SLE11-SP1

  • libopensc2/opensc
    Specially crafted smart cards could cause a buffer overflow in opensc
    (CVE-2010-4523).

    Affected products: openSUSE 11.1-11.3

…]

  • libwebkit
    Various bugs in webkit have been fixed. The CVE id’s are:

    CVE-2009-0945, CVE-2009-1681,
    …]
    CVE-2010-3900, CVE-2010-4040

    Affected products: openSUSE 11.2-11.3

  • perl
    Multiple header injection problems in the CGI module of perl have been
    fixed. They allowed to inject HTTP headers in responses.
    CVE-2010-2761, CVE-2010-4410 and CVE-2010-4411 have been assigned to
    this issue.

    Affected products: openSUSE 11.2-11.3, SLE10-SP3, SLE11-SP1

…]

  • sssd
    This update fixes a local denial-of-service attack that stops other users
    from logging in. The bug existed in the pam_parse_in_data_v2() function.
    (CVE-2010-4341: CVSS v2 Base Score: 2.1)

    Affected products: openSUSE 11.3

  • sudo
    This update of sudo fixes:

    • CVE-2011-0010: Does ask for the user password for GID changes now.
    • CVE-2010-1646: CVSS v2 Base Score: 6.6 (CWE-264): The secure
      environment option can handle multiple occurrence of PATH now.
    • CVE-2010-1163: CVSS v2 Base Score: 6.9 (CWE-20): Improved command
      matching.

    Affected products: openSUSE 11.2-11.3

  • wireshark
    Wireshark version 1.4.2 fixes several security issues that allowed
    attackers to crash wireshark or potentially even execute arbitrary code

    (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,
    CVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,
    CVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,
    CVE-2010-4301)

    Affected products: openSUSE 11.2-11.3

Hope I got some interesting part snipped out and pasted in to improve the forums’ search index a bit.
:wink: But do not think you could relay on me - read the original for yourselves to be sure…/:wink:
pistazienfresser