As of now we are offering so called Patch RPM packages. A Patch RPM updates an already installed RPM. It only contains files which have changed - therefore it is (much) smaller than the complete RPM package. Prerequisite for installation is an already installed basic RPM. The packages included on the SUSE Linux 10.0 (x86_64) CDs/DVD are considered as basic RPMs.
If you want to update an already installed package, please download the smaller Patch RPM package.
Only x86_64- and non-architecture specific packages are listed here. If you have installed i586 packages, please see this page for respective updates.
| 20 Dec 2007 |
nmap-gtk: A Graphical Front-End for Nmap |
| RPM |
nmap-gtk 3.81-9.3 (x86_64) |
35 kB |
| Patch-RPM |
nmap-gtk 3.81-9.3-patch (x86_64) |
30 kB |
| Source-RPM |
nmap-3.81-9.3.src.rpm |
|
Security Update!
nmap contains a copy of the pcre library. Specially crafted regular
expressions could lead to a buffer overflow in the pcre library.
Applications using pcre to process regular expressions from
untrusted sources could therefore potentially be exploited by
attackers to execute arbitrary code.
This update makes nmap use the system's pcre library which was
already updated to fix the above mentioned problems. Make sure to
also install the pcre update.
|
| 20 Dec 2007 |
nmap: Portscanner |
| RPM |
nmap 3.81-9.3 (x86_64) |
550 kB |
| Patch-RPM |
nmap 3.81-9.3-patch (x86_64) |
232 kB |
| Source-RPM |
nmap-3.81-9.3.src.rpm |
|
Security Update!
nmap contains a copy of the pcre library. Specially crafted regular
expressions could lead to a buffer overflow in the pcre library.
Applications using pcre to process regular expressions from
untrusted sources could therefore potentially be exploited by
attackers to execute arbitrary code.
This update makes nmap use the system's pcre library which was
already updated to fix the above mentioned problems. Make sure to
also install the pcre update.
|
| 12 Dec 2007 |
mozilla-zh-TW: traditional Chinese Language Pack for Mozilla |
| RPM |
mozilla-zh-TW 1.7-6.6 (x86_64) |
589 kB |
| Patch-RPM |
mozilla-zh-TW 1.7-6.6-patch (x86_64) |
5 kB |
| Source-RPM |
mozilla-zh-TW-1.7-6.6.src.rpm |
|
Security Update!
This update fixed various security problems in the Mozilla Suite.
Following security problems were fixed:
MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox
retrieves the inner URL regardless of its MIME type, and considers HTML
documents within a jar archive to have the same origin as the inner URL,
which allows remote attackers to conduct cross-site scripting (XSS)
attacks via a jar: URI.
MFSA 2007-38 / CVE-2007-5959:
The Firefox 2.0.0.10 update contains fixes for three bugs that improve the
stability of the product. These crashes showed some evidence of memory
corruption under certain circumstances and we presume that with enough effort
at least some of these could be exploited to run arbitrary code.
MFSA 2007-39 / CVE-2007-5960:
Gregory Fleischer demonstrated that it was possible to generate a fake HTTP
Referer header by exploiting a timing condition when setting the
window.location property. This could be used to conduct a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer header as
protection against such attacks.
|
| 12 Dec 2007 |
mozilla-zh-CN: simplified Chinese Language Pack for Mozilla |
| RPM |
mozilla-zh-CN 1.7-6.6 (x86_64) |
774 kB |
| Patch-RPM |
mozilla-zh-CN 1.7-6.6-patch (x86_64) |
6 kB |
| Source-RPM |
mozilla-zh-CN-1.7-6.6.src.rpm |
|
Security Update!
This update fixed various security problems in the Mozilla Suite.
Following security problems were fixed:
MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox
retrieves the inner URL regardless of its MIME type, and considers HTML
documents within a jar archive to have the same origin as the inner URL,
which allows remote attackers to conduct cross-site scripting (XSS)
attacks via a jar: URI.
MFSA 2007-38 / CVE-2007-5959:
The Firefox 2.0.0.10 update contains fixes for three bugs that improve the
stability of the product. These crashes showed some evidence of memory
corruption under certain circumstances and we presume that with enough effort
at least some of these could be exploited to run arbitrary code.
MFSA 2007-39 / CVE-2007-5960:
Gregory Fleischer demonstrated that it was possible to generate a fake HTTP
Referer header by exploiting a timing condition when setting the
window.location property. This could be used to conduct a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer header as
protection against such attacks.
|
| 12 Dec 2007 |
mozilla-venkman: The Mozilla JavaScript Debugger |
| RPM |
mozilla-venkman 1.8_seamonkey_1.0.9-2.9 (x86_64) |
206 kB |
| Patch-RPM |
mozilla-venkman 1.8_seamonkey_1.0.9-2.9-patch (x86_64) |
201 kB |
| Source-RPM |
mozilla-1.8_seamonkey_1.0.9-2.9.src.rpm |
|
Security Update!
This update fixed various security problems in the Mozilla Suite.
Following security problems were fixed:
MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox
retrieves the inner URL regardless of its MIME type, and considers HTML
documents within a jar archive to have the same origin as the inner URL,
which allows remote attackers to conduct cross-site scripting (XSS)
attacks via a jar: URI.
MFSA 2007-38 / CVE-2007-5959:
The Firefox 2.0.0.10 update contains fixes for three bugs that improve the
stability of the product. These crashes showed some evidence of memory
corruption under certain circumstances and we presume that with enough effort
at least some of these could be exploited to run arbitrary code.
MFSA 2007-39 / CVE-2007-5960:
Gregory Fleischer demonstrated that it was possible to generate a fake HTTP
Referer header by exploiting a timing condition when setting the
window.location property. This could be used to conduct a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer header as
protection against such attacks.
|
| 12 Dec 2007 |
mozilla-ko: Korean Language Pack for Mozilla |
| RPM |
mozilla-ko 1.75-3.6 (x86_64) |
577 kB |
| Patch-RPM |
mozilla-ko 1.75-3.6-patch (x86_64) |
6 kB |
| Source-RPM |
mozilla-ko-1.75-3.6.src.rpm |
|
Security Update!
This update fixed various security problems in the Mozilla Suite.
Following security problems were fixed:
MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox
retrieves the inner URL regardless of its MIME type, and considers HTML
documents within a jar archive to have the same origin as the inner URL,
which allows remote attackers to conduct cross-site scripting (XSS)
attacks via a jar: URI.
MFSA 2007-38 / CVE-2007-5959:
The Firefox 2.0.0.10 update contains fixes for three bugs that improve the
stability of the product. These crashes showed some evidence of memory
corruption under certain circumstances and we presume that with enough effort
at least some of these could be exploited to run arbitrary code.
MFSA 2007-39 / CVE-2007-5960:
Gregory Fleischer demonstrated that it was possible to generate a fake HTTP
Referer header by exploiting a timing condition when setting the
window.location property. This could be used to conduct a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer header as
protection against such attacks.
|
| 12 Dec 2007 |
mozilla-spellchecker: A Spell Checker for Mozilla |
| RPM |
mozilla-spellchecker 1.8_seamonkey_1.0.9-2.9 (x86_64) |
340 kB |
| Source-RPM |
mozilla-1.8_seamonkey_1.0.9-2.9.src.rpm |
|
Security Update!
This update fixed various security problems in the Mozilla Suite.
Following security problems were fixed:
MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox
retrieves the inner URL regardless of its MIME type, and considers HTML
documents within a jar archive to have the same origin as the inner URL,
which allows remote attackers to conduct cross-site scripting (XSS)
attacks via a jar: URI.
MFSA 2007-38 / CVE-2007-5959:
The Firefox 2.0.0.10 update contains fixes for three bugs that improve the
stability of the product. These crashes showed some evidence of memory
corruption under certain circumstances and we presume that with enough effort
at least some of these could be exploited to run arbitrary code.
MFSA 2007-39 / CVE-2007-5960:
Gregory Fleischer demonstrated that it was possible to generate a fake HTTP
Referer header by exploiting a timing condition when setting the
window.location property. This could be used to conduct a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer header as
protection against such attacks.
|
| 12 Dec 2007 |
mozilla-mail: The Mozilla Mail Client |
| RPM |
mozilla-mail 1.8_seamonkey_1.0.9-2.9 (x86_64) |
2157 kB |
| Patch-RPM |
mozilla-mail 1.8_seamonkey_1.0.9-2.9-patch (x86_64) |
2143 kB |
| Source-RPM |
mozilla-1.8_seamonkey_1.0.9-2.9.src.rpm |
|
Security Update!
This update fixed various security problems in the Mozilla Suite.
Following security problems were fixed:
MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox
retrieves the inner URL regardless of its MIME type, and considers HTML
documents within a jar archive to have the same origin as the inner URL,
which allows remote attackers to conduct cross-site scripting (XSS)
attacks via a jar: URI.
MFSA 2007-38 / CVE-2007-5959:
The Firefox 2.0.0.10 update contains fixes for three bugs that improve the
stability of the product. These crashes showed some evidence of memory
corruption under certain circumstances and we presume that with enough effort
at least some of these could be exploited to run arbitrary code.
MFSA 2007-39 / CVE-2007-5960:
Gregory Fleischer demonstrated that it was possible to generate a fake HTTP
Referer header by exploiting a timing condition when setting the
window.location property. This could be used to conduct a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer header as
protection against such attacks.
|
| 12 Dec 2007 |
mozilla-irc: IRC for Mozilla |
| RPM |
mozilla-irc 1.8_seamonkey_1.0.9-2.9 (x86_64) |
239 kB |
| Patch-RPM |
mozilla-irc 1.8_seamonkey_1.0.9-2.9-patch (x86_64) |
236 kB |
| Source-RPM |
mozilla-1.8_seamonkey_1.0.9-2.9.src.rpm |
|
Security Update!
This update fixed various security problems in the Mozilla Suite.
Following security problems were fixed:
MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox
retrieves the inner URL regardless of its MIME type, and considers HTML
documents within a jar archive to have the same origin as the inner URL,
which allows remote attackers to conduct cross-site scripting (XSS)
attacks via a jar: URI.
MFSA 2007-38 / CVE-2007-5959:
The Firefox 2.0.0.10 update contains fixes for three bugs that improve the
stability of the product. These crashes showed some evidence of memory
corruption under certain circumstances and we presume that with enough effort
at least some of these could be exploited to run arbitrary code.
MFSA 2007-39 / CVE-2007-5960:
Gregory Fleischer demonstrated that it was possible to generate a fake HTTP
Referer header by exploiting a timing condition when setting the
window.location property. This could be used to conduct a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer header as
protection against such attacks.
|
| 12 Dec 2007 |
mozilla-dom-inspector: The Mozilla DOM Inspector |
| RPM |
mozilla-dom-inspector 1.8_seamonkey_1.0.9-2.9 (x86_64) |
167 kB |
| Patch-RPM |
mozilla-dom-inspector 1.8_seamonkey_1.0.9-2.9-patch (x86_64) |
163 kB |
| Source-RPM |
mozilla-1.8_seamonkey_1.0.9-2.9.src.rpm |
|
Security Update!
This update fixed various security problems in the Mozilla Suite.
Following security problems were fixed:
MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox
retrieves the inner URL regardless of its MIME type, and considers HTML
documents within a jar archive to have the same origin as the inner URL,
which allows remote attackers to conduct cross-site scripting (XSS)
attacks via a jar: URI.
MFSA 2007-38 / CVE-2007-5959:
The Firefox 2.0.0.10 update contains fixes for three bugs that improve the
stability of the product. These crashes showed some evidence of memory
corruption under certain circumstances and we presume that with enough effort
at least some of these could be exploited to run arbitrary code.
MFSA 2007-39 / CVE-2007-5960:
Gregory Fleischer demonstrated that it was possible to generate a fake HTTP
Referer header by exploiting a timing condition when setting the
window.location property. This could be used to conduct a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer header as
protection against such attacks.
|
| 12 Dec 2007 |
mozilla-devel: Mozilla Developer Environment |
| RPM |
mozilla-devel 1.8_seamonkey_1.0.9-2.9 (x86_64) |
3116 kB |
| Source-RPM |
mozilla-1.8_seamonkey_1.0.9-2.9.src.rpm |
|
Security Update!
This update fixed various security problems in the Mozilla Suite.
Following security problems were fixed:
MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox
retrieves the inner URL regardless of its MIME type, and considers HTML
documents within a jar archive to have the same origin as the inner URL,
which allows remote attackers to conduct cross-site scripting (XSS)
attacks via a jar: URI.
MFSA 2007-38 / CVE-2007-5959:
The Firefox 2.0.0.10 update contains fixes for three bugs that improve the
stability of the product. These crashes showed some evidence of memory
corruption under certain circumstances and we presume that with enough effort
at least some of these could be exploited to run arbitrary code.
MFSA 2007-39 / CVE-2007-5960:
Gregory Fleischer demonstrated that it was possible to generate a fake HTTP
Referer header by exploiting a timing condition when setting the
window.location property. This could be used to conduct a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer header as
protection against such attacks.
|
| 12 Dec 2007 |
mozilla-calendar: Mozilla's Calendar Implementation |
| RPM |
mozilla-calendar 1.8_seamonkey_1.0.9-2.9 (x86_64) |
39 kB |
| Patch-RPM |
mozilla-calendar 1.8_seamonkey_1.0.9-2.9-patch (x86_64) |
36 kB |
| Source-RPM |
mozilla-1.8_seamonkey_1.0.9-2.9.src.rpm |
|
Security Update!
This update fixed various security problems in the Mozilla Suite.
Following security problems were fixed:
MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox
retrieves the inner URL regardless of its MIME type, and considers HTML
documents within a jar archive to have the same origin as the inner URL,
which allows remote attackers to conduct cross-site scripting (XSS)
attacks via a jar: URI.
MFSA 2007-38 / CVE-2007-5959:
The Firefox 2.0.0.10 update contains fixes for three bugs that improve the
stability of the product. These crashes showed some evidence of memory
corruption under certain circumstances and we presume that with enough effort
at least some of these could be exploited to run arbitrary code.
MFSA 2007-39 / CVE-2007-5960:
Gregory Fleischer demonstrated that it was possible to generate a fake HTTP
Referer header by exploiting a timing condition when setting the
window.location property. This could be used to conduct a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer header as
protection against such attacks.
|
| 12 Dec 2007 |
mozilla: The Open Source successor of the Netscape browser |
| RPM |
mozilla 1.8_seamonkey_1.0.9-2.9 (x86_64) |
10418 kB |
| Patch-RPM |
mozilla 1.8_seamonkey_1.0.9-2.9-patch (x86_64) |
10335 kB |
| Source-RPM |
mozilla-1.8_seamonkey_1.0.9-2.9.src.rpm |
|
Security Update!
This update fixed various security problems in the Mozilla Suite.
Following security problems were fixed:
MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox
retrieves the inner URL regardless of its MIME type, and considers HTML
documents within a jar archive to have the same origin as the inner URL,
which allows remote attackers to conduct cross-site scripting (XSS)
attacks via a jar: URI.
MFSA 2007-38 / CVE-2007-5959:
The Firefox 2.0.0.10 update contains fixes for three bugs that improve the
stability of the product. These crashes showed some evidence of memory
corruption under certain circumstances and we presume that with enough effort
at least some of these could be exploited to run arbitrary code.
MFSA 2007-39 / CVE-2007-5960:
Gregory Fleischer demonstrated that it was possible to generate a fake HTTP
Referer header by exploiting a timing condition when setting the
window.location property. This could be used to conduct a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer header as
protection against such attacks.
|
| 11 Dec 2007 |
libapr0: Apache Portable Runtime (APR) Library |
| RPM |
libapr0 2.0.54-10.13 (x86_64) |
405 kB |
| Patch-RPM |
libapr0 2.0.54-10.13-patch (x86_64) |
189 kB |
| Source-RPM |
apache2-2.0.54-10.13.src.rpm |
|
Security Update!
Apache2 contains a copy of the pcre library. Specially crafted regular
expressions could lead to a buffer overflow in the pcre library.
Applications using pcre to process regular expressions from
untrusted sources could therefore potentially be exploited by
attackers to execute arbitrary code (CVE-2006-7224, CVE-2007-1660).
|
| 11 Dec 2007 |
apache2-example-pages: Example Pages for the Apache 2 Web Server |
| RPM |
apache2-example-pages 2.0.54-10.13 (x86_64) |
100 kB |
| Patch-RPM |
apache2-example-pages 2.0.54-10.13-patch (x86_64) |
73 kB |
| Source-RPM |
apache2-2.0.54-10.13.src.rpm |
|
Security Update!
Apache2 contains a copy of the pcre library. Specially crafted regular
expressions could lead to a buffer overflow in the pcre library.
Applications using pcre to process regular expressions from
untrusted sources could therefore potentially be exploited by
attackers to execute arbitrary code (CVE-2006-7224, CVE-2007-1660).
|
| 11 Dec 2007 |
apache2-worker: Apache 2 worker MPM (Multi-Processing Module) |
| RPM |
apache2-worker 2.0.54-10.13 (x86_64) |
310 kB |
| Patch-RPM |
apache2-worker 2.0.54-10.13-patch (x86_64) |
309 kB |
| Source-RPM |
apache2-2.0.54-10.13.src.rpm |
|
Security Update!
Apache2 contains a copy of the pcre library. Specially crafted regular
expressions could lead to a buffer overflow in the pcre library.
Applications using pcre to process regular expressions from
untrusted sources could therefore potentially be exploited by
attackers to execute arbitrary code (CVE-2006-7224, CVE-2007-1660).
|
| 11 Dec 2007 |
apache2-prefork: Apache 2 "prefork" MPM (Multi-Processing Module) |
| RPM |
apache2-prefork 2.0.54-10.13 (x86_64) |
303 kB |
| Patch-RPM |
apache2-prefork 2.0.54-10.13-patch (x86_64) |
302 kB |
| Source-RPM |
apache2-2.0.54-10.13.src.rpm |
|
Security Update!
Apache2 contains a copy of the pcre library. Specially crafted regular
expressions could lead to a buffer overflow in the pcre library.
Applications using pcre to process regular expressions from
untrusted sources could therefore potentially be exploited by
attackers to execute arbitrary code (CVE-2006-7224, CVE-2007-1660).
|
| 11 Dec 2007 |
apache2-doc: Additional Package Documentation. |
| RPM |
apache2-doc 2.0.54-10.13 (x86_64) |
1923 kB |
| Patch-RPM |
apache2-doc 2.0.54-10.13-patch (x86_64) |
195 kB |
| Source-RPM |
apache2-2.0.54-10.13.src.rpm |
|
Security Update!
Apache2 contains a copy of the pcre library. Specially crafted regular
expressions could lead to a buffer overflow in the pcre library.
Applications using pcre to process regular expressions from
untrusted sources could therefore potentially be exploited by
attackers to execute arbitrary code (CVE-2006-7224, CVE-2007-1660).
|
| 11 Dec 2007 |
apache2-devel: Apache 2.0 Header and Include Files |
| RPM |
apache2-devel 2.0.54-10.13 (x86_64) |
235 kB |
| Patch-RPM |
apache2-devel 2.0.54-10.13-patch (x86_64) |
125 kB |
| Source-RPM |
apache2-2.0.54-10.13.src.rpm |
|
Security Update!
Apache2 contains a copy of the pcre library. Specially crafted regular
expressions could lead to a buffer overflow in the pcre library.
Applications using pcre to process regular expressions from
untrusted sources could therefore potentially be exploited by
attackers to execute arbitrary code (CVE-2006-7224, CVE-2007-1660).
|
| 11 Dec 2007 |
apache2: The Apache web server (version 2.0) |
| RPM |
apache2 2.0.54-10.13 (x86_64) |
913 kB |
| Patch-RPM |
apache2 2.0.54-10.13-patch (x86_64) |
608 kB |
| Source-RPM |
apache2-2.0.54-10.13.src.rpm |
|
Security Update!
Apache2 contains a copy of the pcre library. Specially crafted regular
expressions could lead to a buffer overflow in the pcre library.
Applications using pcre to process regular expressions from
untrusted sources could therefore potentially be exploited by
attackers to execute arbitrary code (CVE-2006-7224, CVE-2007-1660).
|
| 11 Dec 2007 |
netpbm: A Powerful Graphics Conversion Package |
| RPM |
netpbm 10.26.12-5.7 (x86_64) |
1808 kB |
| Patch-RPM |
netpbm 10.26.12-5.7-patch (x86_64) |
1211 kB |
| Source-RPM |
netpbm-10.26.12-5.7.src.rpm |
|
Security Update!
This update of netpbm fixes a security vulnerability in the included libjasper. This bug can be triggered while processing image files and can lead to remote code execution. (CVE-2007-2721)
|
| 11 Dec 2007 |
libnetpbm-32bit: Libraries for the NetPBM (NetPortableBitmap) Graphic Formats |
| RPM |
libnetpbm-32bit 1.0.0-636.5 (x86_64) |
99 kB |
| Source-RPM |
netpbm-10.26.12-5.7.src.rpm |
|
Security Update!
This update of netpbm fixes a security vulnerability in the included libjasper. This bug can be triggered while processing image files and can lead to remote code execution. (CVE-2007-2721)
|
| 11 Dec 2007 |
libnetpbm: Libraries for the NetPBM (NetPortableBitmap) Graphic Formats |
| RPM |
libnetpbm 1.0.0-636.5 (x86_64) |
125 kB |
| Patch-RPM |
libnetpbm 1.0.0-636.5-patch (x86_64) |
106 kB |
| Source-RPM |
netpbm-10.26.12-5.7.src.rpm |
|
Security Update!
This update of netpbm fixes a security vulnerability in the included libjasper. This bug can be triggered while processing image files and can lead to remote code execution. (CVE-2007-2721)
|
| 10 Dec 2007 |
samba-winbind: Winbind Daemon and Tool |
| RPM |
samba-winbind 3.0.20b-3.19 (x86_64) |
1807 kB |
| Patch-RPM |
samba-winbind 3.0.20b-3.19-patch (x86_64) |
1788 kB |
| Source-RPM |
samba-3.0.20b-3.19.src.rpm |
|
Security Update!
This update of samba fixes a buffer overflow in function send_mailslot() that allows to overwrite the stack with zero-bytes. (CVE-2007-6015)
|
| 10 Dec 2007 |
samba-python: Samba Python Modules |
| RPM |
samba-python 3.0.20b-3.19 (x86_64) |
5315 kB |
| Patch-RPM |
samba-python 3.0.20b-3.19-patch (x86_64) |
5304 kB |
| Source-RPM |
samba-3.0.20b-3.19.src.rpm |
|
Security Update!
This update of samba fixes a buffer overflow in function send_mailslot() that allows to overwrite the stack with zero-bytes. (CVE-2007-6015)
|
| 10 Dec 2007 |
samba-vscan: On-Access Virus Scanning with Samba |
| RPM |
samba-vscan 0.3.6b-4.18 (x86_64) |
167 kB |
| Patch-RPM |
samba-vscan 0.3.6b-4.18-patch (x86_64) |
147 kB |
| Source-RPM |
samba-3.0.20b-3.19.src.rpm |
|
Security Update!
This update of samba fixes a buffer overflow in function send_mailslot() that allows to overwrite the stack with zero-bytes. (CVE-2007-6015)
|
| 10 Dec 2007 |
samba-pdb: PDB-Modules |
| RPM |
samba-pdb 3.0.20b-3.19 (x86_64) |
71 kB |
| Patch-RPM |
samba-pdb 3.0.20b-3.19-patch (x86_64) |
68 kB |
| Source-RPM |
samba-3.0.20b-3.19.src.rpm |
|
Security Update!
This update of samba fixes a buffer overflow in function send_mailslot() that allows to overwrite the stack with zero-bytes. (CVE-2007-6015)
|
| 10 Dec 2007 |
samba-client: Samba Client Utilities |
| RPM |
samba-client 3.0.20b-3.19 (x86_64) |
7321 kB |
| Patch-RPM |
samba-client 3.0.20b-3.19-patch (x86_64) |
6985 kB |
| Source-RPM |
samba-3.0.20b-3.19.src.rpm |
|
Security Update!
This update of samba fixes a buffer overflow in function send_mailslot() that allows to overwrite the stack with zero-bytes. (CVE-2007-6015)
|
| 10 Dec 2007 |
samba: A SMB/ CIFS File Server |
| RPM |
samba 3.0.20b-3.19 (x86_64) |
3125 kB |
| Patch-RPM |
samba 3.0.20b-3.19-patch (x86_64) |
3056 kB |
| Source-RPM |
samba-3.0.20b-3.19.src.rpm |
|
Security Update!
This update of samba fixes a buffer overflow in function send_mailslot() that allows to overwrite the stack with zero-bytes. (CVE-2007-6015)
|
| 10 Dec 2007 |
samba-doc: Samba Documentation |
| RPM |
samba-doc 3.0.20b-3.19 (x86_64) |
12863 kB |
| Patch-RPM |
samba-doc 3.0.20b-3.19-patch (x86_64) |
569 kB |
| Source-RPM |
samba-3.0.20b-3.19.src.rpm |
|
Security Update!
This update of samba fixes a buffer overflow in function send_mailslot() that allows to overwrite the stack with zero-bytes. (CVE-2007-6015)
|
| 10 Dec 2007 |
libsmbclient-devel: Libraries and Header Files to Develop Programs with smbclient Support |
| RPM |
libsmbclient-devel 3.0.20b-3.19 (x86_64) |
801 kB |
| Source-RPM |
samba-3.0.20b-3.19.src.rpm |
|
Security Update!
This update of samba fixes a buffer overflow in function send_mailslot() that allows to overwrite the stack with zero-bytes. (CVE-2007-6015)
|
| 10 Dec 2007 |
libsmbclient-32bit: Samba Client Library |
| RPM |
libsmbclient-32bit 3.0.20b-3.19 (x86_64) |
619 kB |
| Source-RPM |
samba-3.0.20b-3.19.src.rpm |
|
Security Update!
This update of samba fixes a buffer overflow in function send_mailslot() that allows to overwrite the stack with zero-bytes. (CVE-2007-6015)
|
| 10 Dec 2007 |
ldapsmb: Tool to administer Samba's LDAP backend |
| RPM |
ldapsmb 1.33-6.19 (x86_64) |
64 kB |
| Patch-RPM |
ldapsmb 1.33-6.19-patch (x86_64) |
44 kB |
| Source-RPM |
samba-3.0.20b-3.19.src.rpm |
|
Security Update!
This update of samba fixes a buffer overflow in function send_mailslot() that allows to overwrite the stack with zero-bytes. (CVE-2007-6015)
|
| 10 Dec 2007 |
libsmbclient: Samba Client Library |
| RPM |
libsmbclient 3.0.20b-3.19 (x86_64) |
701 kB |
| Patch-RPM |
libsmbclient 3.0.20b-3.19-patch (x86_64) |
698 kB |
| Source-RPM |
samba-3.0.20b-3.19.src.rpm |
|
Security Update!
This update of samba fixes a buffer overflow in function send_mailslot() that allows to overwrite the stack with zero-bytes. (CVE-2007-6015)
|
| 10 Dec 2007 |
cifs-mount: mount using the Common Internet File System (CIFS) |
| RPM |
cifs-mount 3.0.20b-3.19 (x86_64) |
66 kB |
| Patch-RPM |
cifs-mount 3.0.20b-3.19-patch (x86_64) |
58 kB |
| Source-RPM |
samba-3.0.20b-3.19.src.rpm |
|
Security Update!
This update of samba fixes a buffer overflow in function send_mailslot() that allows to overwrite the stack with zero-bytes. (CVE-2007-6015)
|
| 6 Dec 2007 |
dmapi: Data Management API Runtime Environment |
| RPM |
dmapi 2.2.1-5.2 (x86_64) |
40 kB |
| Patch-RPM |
dmapi 2.2.1-5.2-patch (x86_64) |
25 kB |
| Source-RPM |
dmapi-2.2.1-5.2.src.rpm |
|
dmapi: provide dmapi via update repository to solve new samba dependency
|
| 6 Dec 2007 |
dmapi-devel: DMAPI Libraries and Header Files |
| RPM |
dmapi-devel 2.2.1-5.2 (x86_64) |
19 kB |
| Patch-RPM |
dmapi-devel 2.2.1-5.2-patch (x86_64) |
3 kB |
| Source-RPM |
dmapi-2.2.1-5.2.src.rpm |
|
dmapi: provide dmapi via update repository to solve new samba dependency
|
| 5 Dec 2007 |
e2fsprogs-32bit: Utilities for the second extended file system |
| RPM |
e2fsprogs-32bit 1.38-4.3 (x86_64) |
78 kB |
| Source-RPM |
e2fsprogs-1.38-4.3.src.rpm |
|
Security Update!
This update of e2fsprogs fixes several integer overflows in memory allocating code. Programs that use libext2fs are therefore vulnerable to memory corruptions that can lead to arbitrary code execution while loading a specially crafted image. (CVE-2007-5497)
|
| 5 Dec 2007 |
e2fsprogs-devel-32bit: Include Files and Libraries mandatory for Development. |
| RPM |
e2fsprogs-devel-32bit 1.38-4.3 (x86_64) |
75 kB |
| Patch-RPM |
e2fsprogs-devel-32bit 1.38-4.3-patch (x86_64) |
55 kB |
| Source-RPM |
e2fsprogs-1.38-4.3.src.rpm |
|
Security Update!
This update of e2fsprogs fixes several integer overflows in memory allocating code. Programs that use libext2fs are therefore vulnerable to memory corruptions that can lead to arbitrary code execution while loading a specially crafted image. (CVE-2007-5497)
|
| 5 Dec 2007 |
e2fsprogs-devel: Include Files and Libraries mandatory for Development. |
| RPM |
e2fsprogs-devel 1.38-4.3 (x86_64) |
124 kB |
| Patch-RPM |
e2fsprogs-devel 1.38-4.3-patch (x86_64) |
70 kB |
| Source-RPM |
e2fsprogs-1.38-4.3.src.rpm |
|
Security Update!
This update of e2fsprogs fixes several integer overflows in memory allocating code. Programs that use libext2fs are therefore vulnerable to memory corruptions that can lead to arbitrary code execution while loading a specially crafted image. (CVE-2007-5497)
|
| 5 Dec 2007 |
libcom_err: com_err library |
| RPM |
libcom_err 1.38-4.3 (x86_64) |
42 kB |
| Patch-RPM |
libcom_err 1.38-4.3-patch (x86_64) |
24 kB |
| Source-RPM |
e2fsprogs-1.38-4.3.src.rpm |
|
Security Update!
This update of e2fsprogs fixes several integer overflows in memory allocating code. Programs that use libext2fs are therefore vulnerable to memory corruptions that can lead to arbitrary code execution while loading a specially crafted image. (CVE-2007-5497)
|
| 5 Dec 2007 |
libcom_err-32bit: com_err library |
| RPM |
libcom_err-32bit 1.38-4.3 (x86_64) |
30 kB |
| Patch-RPM |
libcom_err-32bit 1.38-4.3-patch (x86_64) |
22 kB |
| Source-RPM |
e2fsprogs-1.38-4.3.src.rpm |
|
Security Update!
This update of e2fsprogs fixes several integer overflows in memory allocating code. Programs that use libext2fs are therefore vulnerable to memory corruptions that can lead to arbitrary code execution while loading a specially crafted image. (CVE-2007-5497)
|
| 5 Dec 2007 |
e2fsprogs: Utilities for the second extended file system |
| RPM |
e2fsprogs 1.38-4.3 (x86_64) |
549 kB |
| Patch-RPM |
e2fsprogs 1.38-4.3-patch (x86_64) |
241 kB |
| Source-RPM |
e2fsprogs-1.38-4.3.src.rpm |
|
Security Update!
This update of e2fsprogs fixes several integer overflows in memory allocating code. Programs that use libext2fs are therefore vulnerable to memory corruptions that can lead to arbitrary code execution while loading a specially crafted image. (CVE-2007-5497)
|
| 4 Dec 2007 |
htdig: WWW index and search system |
| RPM |
htdig 3.2.0b6-7.3 (x86_64) |
1898 kB |
| Patch-RPM |
htdig 3.2.0b6-7.3-patch (x86_64) |
619 kB |
| Source-RPM |
htdig-3.2.0b6-7.3.src.rpm |
|
Security Update!
A flaw in the htsearch Program could be exploited by attackers to
conduct cross site scripting (XSS) attacks.
|
| 30 Nov 2007 |
perl-SNMP: Perl-SNMP |
| RPM |
perl-SNMP 5.2.1-10.7 (x86_64) |
148 kB |
| Patch-RPM |
perl-SNMP 5.2.1-10.7-patch (x86_64) |
102 kB |
| Source-RPM |
net-snmp-5.2.1-10.7.src.rpm |
|
Security Update!
This update of net-snmp fixes the following bug:
- default and configurable maximum number of varbinds returnable to
a GETBULK request (CVE-2007-5846)
|
| 30 Nov 2007 |
net-snmp: SNMP Daemon |
| RPM |
net-snmp 5.2.1-10.7 (x86_64) |
1468 kB |
| Patch-RPM |
net-snmp 5.2.1-10.7-patch (x86_64) |
998 kB |
| Source-RPM |
net-snmp-5.2.1-10.7.src.rpm |
|
Security Update!
This update of net-snmp fixes the following bug:
- default and configurable maximum number of varbinds returnable to
a GETBULK request (CVE-2007-5846)
|
| 30 Nov 2007 |
net-snmp-devel: SNMP Daemon |
| RPM |
net-snmp-devel 5.2.1-10.7 (x86_64) |
756 kB |
| Patch-RPM |
net-snmp-devel 5.2.1-10.7-patch (x86_64) |
41 kB |
| Source-RPM |
net-snmp-5.2.1-10.7.src.rpm |
|
Security Update!
This update of net-snmp fixes the following bug:
- default and configurable maximum number of varbinds returnable to
a GETBULK request (CVE-2007-5846)
|
| 28 Nov 2007 |
pcre-devel: A library for Perl-compatible regular expressions |
| RPM |
pcre-devel 6.2-2.8 (x86_64) |
213 kB |
| Patch-RPM |
pcre-devel 6.2-2.8-patch (x86_64) |
96 kB |
| Source-RPM |
pcre-6.2-2.8.src.rpm |
|
Security Update!
Specially crafted regular expressions could lead to a buffer overflow in the
pcre library. Applications using pcre to process regular expressions from
untrusted sources could therefore potentially be exploited by attackers to
execute arbitrary code (CVE-2006-7230).
|
| 28 Nov 2007 |
pcre-32bit: A library for Perl-compatible regular expressions |
| RPM |
pcre-32bit 6.2-2.8 (x86_64) |
102 kB |
| Source-RPM |
pcre-6.2-2.8.src.rpm |
|
Security Update!
Specially crafted regular expressions could lead to a buffer overflow in the
pcre library. Applications using pcre to process regular expressions from
untrusted sources could therefore potentially be exploited by attackers to
execute arbitrary code (CVE-2006-7230).
|
| 28 Nov 2007 |
pcre: A library for Perl-compatible regular expressions |
| RPM |
pcre 6.2-2.8 (x86_64) |
287 kB |
| Patch-RPM |
pcre 6.2-2.8-patch (x86_64) |
129 kB |
| Source-RPM |
pcre-6.2-2.8.src.rpm |
|
Security Update!
Specially crafted regular expressions could lead to a buffer overflow in the
pcre library. Applications using pcre to process regular expressions from
untrusted sources could therefore potentially be exploited by attackers to
execute arbitrary code (CVE-2006-7230).
|
| 27 Nov 2007 |
nagios-plugins: The Nagios Plug-Ins |
| RPM |
nagios-plugins 1.4.1-2.4 (x86_64) |
279 kB |
| Patch-RPM |
nagios-plugins 1.4.1-2.4-patch (x86_64) |
167 kB |
| Source-RPM |
nagios-plugins-1.4.1-2.4.src.rpm |
|
Security Update!
fix possible buffer overflow during HTTP Location header parsing in check_http (CVE-2007-5198)
fix possible buffer overflow during snmpget parsing in check_snmp (CVE-2007-5623)
|
| 27 Nov 2007 |
nagios-plugins-extras: Nagios Plug-Ins which Depend on Additional Packages |
| RPM |
nagios-plugins-extras 1.4.1-2.4 (x86_64) |
51 kB |
| Source-RPM |
nagios-plugins-1.4.1-2.4.src.rpm |
|
Security Update!
fix possible buffer overflow during HTTP Location header parsing in check_http (CVE-2007-5198)
fix possible buffer overflow during snmpget parsing in check_snmp (CVE-2007-5623)
|
| 26 Nov 2007 |
apache2-mod_python: A Python Module for the Apache 2 Web Server |
| RPM |
apache2-mod_python 3.1.3-43.3 (x86_64) |
587 kB |
| Patch-RPM |
apache2-mod_python 3.1.3-43.3-patch (x86_64) |
472 kB |
| Source-RPM |
apache2-mod_python-3.1.3-43.3.src.rpm |
|
Security Update!
This update fixes a buffer overflow in apache2-mod_python that occurs while using python-based output-filter. This bug can be triggered remotely to read possibly confidential data from the process space of the web-server and in rare cases to execute arbitrary code. (CVE-2004-2680)
|
| 23 Nov 2007 |
libpng-devel: Include Files and Libraries mandatory for Development. |
| RPM |
libpng-devel 1.2.8-5.6 (x86_64) |
201 kB |
| Patch-RPM |
libpng-devel 1.2.8-5.6-patch (x86_64) |
104 kB |
| Source-RPM |
libpng-1.2.8-5.6.src.rpm |
|
Security Update!
Speciall crafted png files could crash applications when attempting
to open such a file (CVE-2007-5269).
|
| 23 Nov 2007 |
libpng-devel-32bit: Include Files and Libraries mandatory for Development. |
| RPM |
libpng-devel-32bit 1.2.8-5.6 (x86_64) |
109 kB |
| Patch-RPM |
libpng-devel-32bit 1.2.8-5.6-patch (x86_64) |
108 kB |
| Source-RPM |
libpng-1.2.8-5.6.src.rpm |
|
Security Update!
Speciall crafted png files could crash applications when attempting
to open such a file (CVE-2007-5269).
|
| 23 Nov 2007 |
libpng-32bit: Library for the Portable Network Graphics Format |
| RPM |
libpng-32bit 1.2.8-5.6 (x86_64) |
125 kB |
| Source-RPM |
libpng-1.2.8-5.6.src.rpm |
|
Security Update!
Speciall crafted png files could crash applications when attempting
to open such a file (CVE-2007-5269).
|
| 23 Nov 2007 |
libpng: Library for the Portable Network Graphics Format |
| RPM |
libpng 1.2.8-5.6 (x86_64) |
188 kB |
| Patch-RPM |
libpng 1.2.8-5.6-patch (x86_64) |
129 kB |
| Source-RPM |
libpng-1.2.8-5.6.src.rpm |
|
Security Update!
Speciall crafted png files could crash applications when attempting
to open such a file (CVE-2007-5269).
|
| 22 Nov 2007 |
cacti: Web Front-End to Monitor System Data via RRDtool |
| RPM |
cacti 0.8.6f-2.4 (noarch) |
968 kB |
| Patch-RPM |
cacti 0.8.6f-2.4-patch (noarch) |
56 kB |
| Source-RPM |
cacti-0.8.6f-2.4.src.rpm |
|
Security Update!
This update fixes a SQL injection bug. (CVE-2007-6035)
|
| 19 Nov 2007 |
java-1_5_0-sun-jdbc: Java(TM) 2 Runtime Environment |
| RPM |
java-1_5_0-sun-jdbc 1.5.0_13-0.5 (x86_64) |
25 kB |
| Source-RPM |
java-1_5_0-sun-1.5.0_13-0.5.nosrc.rpm |
|
The previous Sun Java update had problems where the alternatives
link to the Java Plugin was incorrectly removed. This update fixes
this problem and also changes the state of the symlinks from manual back
to auto.
|
| 19 Nov 2007 |
java-1_5_0-sun-demo: Java(TM) 2 Runtime Environment |
| RPM |
java-1_5_0-sun-demo 1.5.0_13-0.5 (x86_64) |
4762 kB |
| Patch-RPM |
java-1_5_0-sun-demo 1.5.0_13-0.5-patch (x86_64) |
4672 kB |
| Source-RPM |
java-1_5_0-sun-1.5.0_13-0.5.nosrc.rpm |
|
The previous Sun Java update had problems where the alternatives
link to the Java Plugin was incorrectly removed. This update fixes
this problem and also changes the state of the symlinks from manual back
to auto.
|
| 19 Nov 2007 |
java-1_5_0-sun-devel: Java(TM) 2 Runtime Environment |
| RPM |
java-1_5_0-sun-devel 1.5.0_13-0.5 (x86_64) |
3945 kB |
| Patch-RPM |
java-1_5_0-sun-devel 1.5.0_13-0.5-patch (x86_64) |
3831 kB |
| Source-RPM |
java-1_5_0-sun-1.5.0_13-0.5.nosrc.rpm |
|
The previous Sun Java update had problems where the alternatives
link to the Java Plugin was incorrectly removed. This update fixes
this problem and also changes the state of the symlinks from manual back
to auto.
|
| 19 Nov 2007 |
java-1_5_0-sun-alsa: Java(TM) 2 Runtime Environment |
| RPM |
java-1_5_0-sun-alsa 1.5.0_13-0.5 (x86_64) |
35 kB |
| Source-RPM |
java-1_5_0-sun-1.5.0_13-0.5.nosrc.rpm |
|
The previous Sun Java update had problems where the alternatives
link to the Java Plugin was incorrectly removed. This update fixes
this problem and also changes the state of the symlinks from manual back
to auto.
|
| 19 Nov 2007 |
java-1_5_0-sun: Java(TM) 2 Runtime Environment |
| RPM |
java-1_5_0-sun 1.5.0_13-0.5 (x86_64) |
23042 kB |
| Patch-RPM |
java-1_5_0-sun 1.5.0_13-0.5-patch (x86_64) |
22989 kB |
| Source-RPM |
java-1_5_0-sun-1.5.0_13-0.5.nosrc.rpm |
|
The previous Sun Java update had problems where the alternatives
link to the Java Plugin was incorrectly removed. This update fixes
this problem and also changes the state of the symlinks from manual back
to auto.
|
| 19 Nov 2007 |
update-alternatives: Maintain symbolic links determining default commands |
| RPM |
update-alternatives 1.8.3-4.3 (noarch) |
12 kB |
| Patch-RPM |
update-alternatives 1.8.3-4.3-patch (noarch) |
8 kB |
| Source-RPM |
update-alternatives-1.8.3-4.3.src.rpm |
|
This update fixes a problem in update-alternatives which has switched
Java modules from Auto to Manual on java online updates.
|
| 16 Nov 2007 |
perl-32bit: The Perl interpreter |
| RPM |
perl-32bit 5.8.7-5.6 (x86_64) |
3318 kB |
| Source-RPM |
perl-5.8.7-5.6.src.rpm |
|
Security Update!
This update fixes a buffer overflow in perl's regex engine. (CVE-2007-5116)
|
| 16 Nov 2007 |
perl: The Perl interpreter |
| RPM |
perl 5.8.7-5.6 (x86_64) |
13481 kB |
| Patch-RPM |
perl 5.8.7-5.6-patch (x86_64) |
5375 kB |
| Source-RPM |
perl-5.8.7-5.6.src.rpm |
|
Security Update!
This update fixes a buffer overflow in perl's regex engine. (CVE-2007-5116)
|
| 13 Nov 2007 |
kdegraphics3-pdf: KDE PDF File Viewer |
| RPM |
kdegraphics3-pdf 3.4.2-12.10 (x86_64) |
667 kB |
| Patch-RPM |
kdegraphics3-pdf 3.4.2-12.10-patch (x86_64) |
623 kB |
| Source-RPM |
kdegraphics3-3.4.2-12.10.src.rpm |
|
Security Update!
A buffer overflow in the xpdf code contained in kpdf could be
exploited by attackers to potentially execute arbitrary code
(CVE-2007-5393).
|
| 13 Nov 2007 |
cups-libs-32bit: libraries for CUPS |
| RPM |
cups-libs-32bit 1.1.23-21.16 (x86_64) |
109 kB |
| Source-RPM |
cups-1.1.23-21.16.src.rpm |
|
Security Update!
A buffer overflow in the xpdf code contained in cups could be
exploited by attackers to potentially execute arbitrary code
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
|
| 13 Nov 2007 |
cups: The Common UNIX Printing System |
| RPM |
cups 1.1.23-21.16 (x86_64) |
6705 kB |
| Patch-RPM |
cups 1.1.23-21.16-patch (x86_64) |
694 kB |
| Source-RPM |
cups-1.1.23-21.16.src.rpm |
|
Security Update!
A buffer overflow in the xpdf code contained in cups could be
exploited by attackers to potentially execute arbitrary code
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
|
| 13 Nov 2007 |
cups-client: CUPS Client Programs |
| RPM |
cups-client 1.1.23-21.16 (x86_64) |
171 kB |
| Patch-RPM |
cups-client 1.1.23-21.16-patch (x86_64) |
76 kB |
| Source-RPM |
cups-1.1.23-21.16.src.rpm |
|
Security Update!
A buffer overflow in the xpdf code contained in cups could be
exploited by attackers to potentially execute arbitrary code
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
|
| 13 Nov 2007 |
cups-libs: libraries for CUPS |
| RPM |
cups-libs 1.1.23-21.16 (x86_64) |
112 kB |
| Patch-RPM |
cups-libs 1.1.23-21.16-patch (x86_64) |
111 kB |
| Source-RPM |
cups-1.1.23-21.16.src.rpm |
|
Security Update!
A buffer overflow in the xpdf code contained in cups could be
exploited by attackers to potentially execute arbitrary code
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
|
| 13 Nov 2007 |
cups-devel: Development Environment for CUPS |
| RPM |
cups-devel 1.1.23-21.16 (x86_64) |
132 kB |
| Patch-RPM |
cups-devel 1.1.23-21.16-patch (x86_64) |
81 kB |
| Source-RPM |
cups-1.1.23-21.16.src.rpm |
|
Security Update!
A buffer overflow in the xpdf code contained in cups could be
exploited by attackers to potentially execute arbitrary code
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
|
| 13 Nov 2007 |
derby: Embeddable database engine written in java |
| RPM |
derby 10.3.1.4-0.1 (noarch) |
7875 kB |
| Patch-RPM |
derby 10.3.1.4-0.1-patch (noarch) |
7874 kB |
| Source-RPM |
derby-10.3.1.4-0.1.src.rpm |
|
Security Update!
Apache Derby did not determine schema privilege requirements during
the DropSchemaNode bind phase, which allows remote authenticated
users to execute arbitrary drop schema statements in SQL authorization
mode. (CVE-2006-7217)
This update also brings a new requirement of a Java 1.5 JRE.
|
| 9 Nov 2007 |
yast2-core-devel: YaST2 - Include Files and Documentation for Core Libraries |
| RPM |
yast2-core-devel 2.12.28-0.3 (x86_64) |
1959 kB |
| Patch-RPM |
yast2-core-devel 2.12.28-0.3-patch (x86_64) |
813 kB |
| Source-RPM |
yast2-core-2.12.28-0.3.src.rpm |
|
Security Update!
This update fixes a security bug in yast2-core that allowed local attackers to provide malicious yast2 modules to yast2 that are executed with root privileges. To trigger this vulnerability root has to execute yast2 in an untrusted directory (i.e. /tmp).
Thanks to Stefan Nordhausen for reporting this to us.
|
| 9 Nov 2007 |
yast2-core: YaST2 - Core Libraries |
| RPM |
yast2-core 2.12.28-0.3 (x86_64) |
1380 kB |
| Patch-RPM |
yast2-core 2.12.28-0.3-patch (x86_64) |
1347 kB |
| Source-RPM |
yast2-core-2.12.28-0.3.src.rpm |
|
Security Update!
This update fixes a security bug in yast2-core that allowed local attackers to provide malicious yast2 modules to yast2 that are executed with root privileges. To trigger this vulnerability root has to execute yast2 in an untrusted directory (i.e. /tmp).
Thanks to Stefan Nordhausen for reporting this to us.
|
| 9 Nov 2007 |
gpdf: A GNOME PDF Viewer |
| RPM |
gpdf 2.10.0-12.9 (x86_64) |
825 kB |
| Patch-RPM |
gpdf 2.10.0-12.9-patch (x86_64) |
499 kB |
| Source-RPM |
gpdf-2.10.0-12.9.src.rpm |
|
Security Update!
A buffer overflow in the xpdf code contained in gpdf could be
exploited by attackers to potentially execute arbitrary code
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
|
| 9 Nov 2007 |
poppler-qt: PDF rendering library - a qt wrapper |
| RPM |
poppler-qt 0.4.2-3.11 (x86_64) |
13 kB |
| Source-RPM |
poppler-0.4.2-3.11.src.rpm |
|
Security Update!
A buffer overflow in the xpdf code contained in poppler could be
exploited by attackers to potentially execute arbitrary code
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
|
| 9 Nov 2007 |
poppler-glib: PDF rendering library - a glib wrapper |
| RPM |
poppler-glib 0.4.2-3.11 (x86_64) |
25 kB |
| Source-RPM |
poppler-0.4.2-3.11.src.rpm |
|
Security Update!
A buffer overflow in the xpdf code contained in poppler could be
exploited by attackers to potentially execute arbitrary code
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
|
| 9 Nov 2007 |
poppler-devel: PDF rendering library |
| RPM |
poppler-devel 0.4.2-3.11 (x86_64) |
562 kB |
| Patch-RPM |
poppler-devel 0.4.2-3.11-patch (x86_64) |
468 kB |
| Source-RPM |
poppler-0.4.2-3.11.src.rpm |
|
Security Update!
A buffer overflow in the xpdf code contained in poppler could be
exploited by attackers to potentially execute arbitrary code
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
|
| 9 Nov 2007 |
poppler: PDF rendering library |
| RPM |
poppler 0.4.2-3.11 (x86_64) |
456 kB |
| Patch-RPM |
poppler 0.4.2-3.11-patch (x86_64) |
432 kB |
| Source-RPM |
poppler-0.4.2-3.11.src.rpm |
|
Security Update!
A buffer overflow in the xpdf code contained in poppler could be
exploited by attackers to potentially execute arbitrary code
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
|
| 9 Nov 2007 |
koffice-presentation: A KOffice program to create presentations |
| RPM |
koffice-presentation 1.4.1-10.8 (x86_64) |
2755 kB |
| Patch-RPM |
koffice-presentation 1.4.1-10.8-patch (x86_64) |
1088 kB |
| Source-RPM |
koffice-1.4.1-10.8.src.rpm |
|
Security Update!
A buffer overflow in the xpdf code contained in koffice could be
exploited by attackers to potentially execute arbitrary code
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
|
| 9 Nov 2007 |
koffice-spreadsheet: A spreadsheet for KDE |
| RPM |
koffice-spreadsheet 1.4.1-10.8 (x86_64) |
3502 kB |
| Patch-RPM |
koffice-spreadsheet 1.4.1-10.8-patch (x86_64) |
2101 kB |
| Source-RPM |
koffice-1.4.1-10.8.src.rpm |
|
Security Update!
A buffer overflow in the xpdf code contained in koffice could be
exploited by attackers to potentially execute arbitrary code
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
|
| 9 Nov 2007 |
koffice-wordprocessing: A KDE word processor |
| RPM |
koffice-wordprocessing 1.4.1-10.8 (x86_64) |
5996 kB |
| Patch-RPM |
koffice-wordprocessing 1.4.1-10.8-patch (x86_64) |
2197 kB |
| Source-RPM |
koffice-1.4.1-10.8.src.rpm |
|
Security Update!
A buffer overflow in the xpdf code contained in koffice could be
exploited by attackers to potentially execute arbitrary code
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
|
| 9 Nov 2007 |
koffice-illustration: Illustration and Image manipulation applications based on KOffice libraries (krita, karbon, kivio) |
| RPM |
koffice-illustration 1.4.1-10.8 (x86_64) |
3144 kB |
| Patch-RPM |
koffice-illustration 1.4.1-10.8-patch (x86_64) |
2518 kB |
| Source-RPM |
koffice-1.4.1-10.8.src.rpm |
|
Security Update!
A buffer overflow in the xpdf code contained in koffice could be
exploited by attackers to potentially execute arbitrary code
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
|
| 9 Nov 2007 |
koffice-extra: Small addon applications for KOffice |
| RPM |
koffice-extra 1.4.1-10.8 (x86_64) |
481 kB |
| Patch-RPM |
koffice-extra 1.4.1-10.8-patch (x86_64) |
256 kB |
| Source-RPM |
koffice-1.4.1-10.8.src.rpm |
|
Security Update!
A buffer overflow in the xpdf code contained in koffice could be
exploited by attackers to potentially execute arbitrary code
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
|
| 9 Nov 2007 |
koffice-devel: The build enviroment from KOffice |
| RPM |
koffice-devel 1.4.1-10.8 (x86_64) |
180 kB |
| Patch-RPM |
koffice-devel 1.4.1-10.8-patch (x86_64) |
22 kB |
| Source-RPM |
koffice-1.4.1-10.8.src.rpm |
|
Security Update!
A buffer overflow in the xpdf code contained in koffice could be
exploited by attackers to potentially execute arbitrary code
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
|
| 9 Nov 2007 |
koffice-database: Libraries and base files for the KDE Office suite |
| RPM |
koffice-database 1.4.1-10.8 (x86_64) |
1944 kB |
| Patch-RPM |
koffice-database 1.4.1-10.8-patch (x86_64) |
1773 kB |
| Source-RPM |
koffice-1.4.1-10.8.src.rpm |
|
Security Update!
A buffer overflow in the xpdf code contained in koffice could be
exploited by attackers to potentially execute arbitrary code
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
|
| 9 Nov 2007 |
koffice: Libraries and base files for the KDE Office suite |
| RPM |
koffice 1.4.1-10.8 (x86_64) |
4277 kB |
| Patch-RPM |
koffice 1.4.1-10.8-patch (x86_64) |
2130 kB |
| Source-RPM |
koffice-1.4.1-10.8.src.rpm |
|
Security Update!
A buffer overflow in the xpdf code contained in koffice could be
exploited by attackers to potentially execute arbitrary code
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
|
| 9 Nov 2007 |
liblcms-devel: Include Files and Libraries Mandatory for Development |
| RPM |
|