openSUSE

This update adds workarounds or fixes for various bugs in Adobe Reader 8 which were introduced by the last security update:

- Bug #382739: use more robust code in the startscript to find
libgtkembedmoz.so. Only use the value found in ~/.adobe/
if it really points to a libgtkembedmoz.so, if not search
anew in the system.
- Bug #382777: do not replace the libcurl.so.3.0.0 which comes
with the acroread tarball with symbolic links to
libcurl.so.4.0.0 in the system, apparently these are *not*
compatible.
- Bug #375551: use LD_PRELOAD to prevent acroread from using
XGrabServer and XUngrabServer.
- Bug #373590: add symlinks to libicu*.so.34 for suse_version
< 1030 where libicu* has been deleted from the acroread package.
- Bug #370330 and bug #353251: add a workaround to the start script
/usr/bin/acroread to make input via XIM work when acroread
is started in an UTF-8 locale (.UTF-8 is cut off from the
locale name then to fix the problem).

Security Update!
The IP number for the "L" root DNS server changed.

This patch updates the root.hint zone file to get the new IP number.

Security Update!
The IP number for the "L" root DNS server changed.

This patch updates the root.hint zone file to get the new IP number.

Security Update!
The IP number for the "L" root DNS server changed.

This patch updates the root.hint zone file to get the new IP number.

Security Update!
The IP number for the "L" root DNS server changed.

This patch updates the root.hint zone file to get the new IP number.

Security Update!
The IP number for the "L" root DNS server changed.

This patch updates the root.hint zone file to get the new IP number.

Security Update!
The IP number for the "L" root DNS server changed.

This patch updates the root.hint zone file to get the new IP number.

Security Update!
The IP number for the "L" root DNS server changed.

This patch updates the root.hint zone file to get the new IP number.

Security Update!
ImageMagick is affected by two security problems:

CVE-2008-1096: Buffer overflow in the handling of XCF files
CVE-2008-1097: Heap buffer overflow in the handling of PCX files

Security Update!
ImageMagick is affected by two security problems:

CVE-2008-1096: Buffer overflow in the handling of XCF files
CVE-2008-1097: Heap buffer overflow in the handling of PCX files

Security Update!
ImageMagick is affected by two security problems:

CVE-2008-1096: Buffer overflow in the handling of XCF files
CVE-2008-1097: Heap buffer overflow in the handling of PCX files

Security Update!
ImageMagick is affected by two security problems:

CVE-2008-1096: Buffer overflow in the handling of XCF files
CVE-2008-1097: Heap buffer overflow in the handling of PCX files

Security Update!
ImageMagick is affected by two security problems:

CVE-2008-1096: Buffer overflow in the handling of XCF files
CVE-2008-1097: Heap buffer overflow in the handling of PCX files

Timezone data update: DST was introduced in Pakistan (Asia/Karachi)
and Marocco (Africa/Casablanca), Asia/Choibalsan offset was corrected.

Security Update!
An attacker could log in without a valid password if the NIS server is down. (CVE-2008-0887)

This update fixes a requirements problem caused by the last
samba security update.

This update fixes a requirements problem caused by the last
samba security update.

Security Update!
Specially crafted files or streams could potentially be abused to
trick applications that support speex into executing arbitrary code
(CVE-2008-1686).

Security Update!
Specially crafted files or streams could potentially be abused to
trick applications that support speex into executing arbitrary code
(CVE-2008-1686).

Security Update!
Specially crafted files or streams could potentially be abused to
trick applications that support speex into executing arbitrary code
(CVE-2008-1686).

This update fixes a regression in system administration embedding
caused by the Flash update fixes.

This update fixes a regression in system administration embedding
caused by the Flash update fixes.

This update fixes a regression in system administration embedding
caused by the Flash update fixes.

This update fixes a regression in system administration embedding
caused by the Flash update fixes.

Security Update!
Local attackers could use raw formatted disk images to access the
hosting environment. CVE-2008-2004 has been assigned to this issue.

Security Update!
- specially crafted PNG files could cause an integer overflow in the
png filter (CVE-2008-1693).

- specially crafted pdf files with embedded fonts could crash
pdftops (CVE-2008-1693).

Security Update!
- specially crafted PNG files could cause an integer overflow in the
png filter (CVE-2008-1693).

- specially crafted pdf files with embedded fonts could crash
pdftops (CVE-2008-1693).

Security Update!
- specially crafted PNG files could cause an integer overflow in the
png filter (CVE-2008-1693).

- specially crafted pdf files with embedded fonts could crash
pdftops (CVE-2008-1693).

Security Update!
- specially crafted PNG files could cause an integer overflow in the
png filter (CVE-2008-1693).

- specially crafted pdf files with embedded fonts could crash
pdftops (CVE-2008-1693).

Security Update!
This update fixes two vulnerabilities while parsing GIF images. (CVE-2008-0553, CVE-2006-4484)

Security Update!
Samba has been updated to fix a security problem:

CVE-2008-1105: Secunia research discovered vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the
"receive_smb_raw()" function in lib/util_sock.c when parsing SMB
packets. This can be exploited to cause a heap-based buffer overflow via
an overly large SMB packet received in a client context.

Security Update!
Samba has been updated to fix a security problem:

CVE-2008-1105: Secunia research discovered vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the
"receive_smb_raw()" function in lib/util_sock.c when parsing SMB
packets. This can be exploited to cause a heap-based buffer overflow via
an overly large SMB packet received in a client context.

Security Update!
Samba has been updated to fix a security problem:

CVE-2008-1105: Secunia research discovered vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the
"receive_smb_raw()" function in lib/util_sock.c when parsing SMB
packets. This can be exploited to cause a heap-based buffer overflow via
an overly large SMB packet received in a client context.

Security Update!
Samba has been updated to fix a security problem:

CVE-2008-1105: Secunia research discovered vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the
"receive_smb_raw()" function in lib/util_sock.c when parsing SMB
packets. This can be exploited to cause a heap-based buffer overflow via
an overly large SMB packet received in a client context.

Security Update!
Samba has been updated to fix a security problem:

CVE-2008-1105: Secunia research discovered vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the
"receive_smb_raw()" function in lib/util_sock.c when parsing SMB
packets. This can be exploited to cause a heap-based buffer overflow via
an overly large SMB packet received in a client context.

Security Update!
Samba has been updated to fix a security problem:

CVE-2008-1105: Secunia research discovered vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the
"receive_smb_raw()" function in lib/util_sock.c when parsing SMB
packets. This can be exploited to cause a heap-based buffer overflow via
an overly large SMB packet received in a client context.

Security Update!
Samba has been updated to fix a security problem:

CVE-2008-1105: Secunia research discovered vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the
"receive_smb_raw()" function in lib/util_sock.c when parsing SMB
packets. This can be exploited to cause a heap-based buffer overflow via
an overly large SMB packet received in a client context.

Security Update!
Samba has been updated to fix a security problem:

CVE-2008-1105: Secunia research discovered vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the
"receive_smb_raw()" function in lib/util_sock.c when parsing SMB
packets. This can be exploited to cause a heap-based buffer overflow via
an overly large SMB packet received in a client context.

Security Update!
Samba has been updated to fix a security problem:

CVE-2008-1105: Secunia research discovered vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the
"receive_smb_raw()" function in lib/util_sock.c when parsing SMB
packets. This can be exploited to cause a heap-based buffer overflow via
an overly large SMB packet received in a client context.

Security Update!
Samba has been updated to fix a security problem:

CVE-2008-1105: Secunia research discovered vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the
"receive_smb_raw()" function in lib/util_sock.c when parsing SMB
packets. This can be exploited to cause a heap-based buffer overflow via
an overly large SMB packet received in a client context.

Security Update!
Samba has been updated to fix a security problem:

CVE-2008-1105: Secunia research discovered vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the
"receive_smb_raw()" function in lib/util_sock.c when parsing SMB
packets. This can be exploited to cause a heap-based buffer overflow via
an overly large SMB packet received in a client context.

Security Update!
Samba has been updated to fix a security problem:

CVE-2008-1105: Secunia research discovered vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the
"receive_smb_raw()" function in lib/util_sock.c when parsing SMB
packets. This can be exploited to cause a heap-based buffer overflow via
an overly large SMB packet received in a client context.

Security Update!
pdns used predictable random numbers for DNS responses. Therfore attackers could generate spoofed DNS responses (CVE-2008-1637).

Security Update!
Specially crafted files or streams could potentially be abused to
trick applications that support speex into executing arbitrary code
(CVE-2008-1686).

Security Update!
This update fixes a bug in the function sdpplin_parse() that allowed remote attackers to access process memory out-of a buffers bound. This vulnerability can be used to execute arbitrary code remotely if successfully exploited. (CVE-2008-0073)

Security Update!
This update fixes a bug in the function sdpplin_parse() that allowed remote attackers to access process memory out-of a buffers bound. This vulnerability can be used to execute arbitrary code remotely if successfully exploited. (CVE-2008-0073)

Security Update!
This update fixes a bug in the function sdpplin_parse() that allowed remote attackers to access process memory out-of a buffers bound. This vulnerability can be used to execute arbitrary code remotely if successfully exploited. (CVE-2008-0073)

Security Update!
This update fixes a bug in the function sdpplin_parse() that allowed remote attackers to access process memory out-of a buffers bound. This vulnerability can be used to execute arbitrary code remotely if successfully exploited. (CVE-2008-0073)

Security Update!
Several security problems were fixed in libvorbis:

* CVE-2008-1419 - Division by zero
* CVE-2008-1420 - integer overflow
* CVE-2008-1423 - integer overflow

Security Update!
Several security problems were fixed in libvorbis:

* CVE-2008-1419 - Division by zero
* CVE-2008-1420 - integer overflow
* CVE-2008-1423 - integer overflow

Security Update!
Xemacs automatically loaded fast-lock files which allowed local
attackers to execute arbitrary code as the user editing the
associated files (CVE-2008-2142).

Security Update!
Xemacs automatically loaded fast-lock files which allowed local
attackers to execute arbitrary code as the user editing the
associated files (CVE-2008-2142).

Security Update!
Xemacs automatically loaded fast-lock files which allowed local
attackers to execute arbitrary code as the user editing the
associated files (CVE-2008-2142).

Security Update!
Xemacs automatically loaded fast-lock files which allowed local
attackers to execute arbitrary code as the user editing the
associated files (CVE-2008-2142).

Security Update!
Xemacs automatically loaded fast-lock files which allowed local
attackers to execute arbitrary code as the user editing the
associated files (CVE-2008-2142).

Security Update!
Xemacs automatically loaded fast-lock files which allowed local
attackers to execute arbitrary code as the user editing the
associated files (CVE-2008-2142).

Security Update!
Xemacs automatically loaded fast-lock files which allowed local
attackers to execute arbitrary code as the user editing the
associated files (CVE-2008-2142).

Security Update!
Xemacs automatically loaded fast-lock files which allowed local
attackers to execute arbitrary code as the user editing the
associated files (CVE-2008-2142).

This patch adds support for online resizing an ext3 filesystem when creating the filesystem with mke2fs. This is needed if you want to enlarge the filesystem while being mounted above the 16GB limit (for 4k blocksize).

This patch adds support for online resizing an ext3 filesystem when creating the filesystem with mke2fs. This is needed if you want to enlarge the filesystem while being mounted above the 16GB limit (for 4k blocksize).

This patch adds support for online resizing an ext3 filesystem when creating the filesystem with mke2fs. This is needed if you want to enlarge the filesystem while being mounted above the 16GB limit (for 4k blocksize).

Security Update!
Specially crafted files could crash the bzip2-decoder (CVE-2008-1372).

Security Update!
A flaw in a previous previous security update could cause squid to
crash under certain circumstances (CVE-2008-1612).

When we try to access Windows2003 shared folder by using Nautilus, an authentication dialog will be displayed asking for User ID,Domain, and password. Regardless of what you put in the authentication will fail.

After update this gnome-vfs2 package, the problem will be fixed.

When we try to access Windows2003 shared folder by using Nautilus, an authentication dialog will be displayed asking for User ID,Domain, and password. Regardless of what you put in the authentication will fail.

After update this gnome-vfs2 package, the problem will be fixed.

When we try to access Windows2003 shared folder by using Nautilus, an authentication dialog will be displayed asking for User ID,Domain, and password. Regardless of what you put in the authentication will fail.

After update this gnome-vfs2 package, the problem will be fixed.

Security Update!
Multiple stack buffer overflows have been fixed in sarg.

Security Update!
An error in one SSL connection could lead to termination of all SSL
connections (CVE-2008-1531)

Security Update!
An error in one SSL connection could lead to termination of all SSL
connections (CVE-2008-1531)

Security Update!
An error in one SSL connection could lead to termination of all SSL
connections (CVE-2008-1531)

Security Update!
An error in one SSL connection could lead to termination of all SSL
connections (CVE-2008-1531)

Security Update!
An error in one SSL connection could lead to termination of all SSL
connections (CVE-2008-1531)

Security Update!
An error in one SSL connection could lead to termination of all SSL
connections (CVE-2008-1531)

Security Update!
Specially crafted PDF files with embedded fonts could potentially be
abused to trick applications that process PDF files into executing
arbitrary code (CVE-2008-1693).

Security Update!
Specially crafted PDF files with embedded fonts could potentially be
abused to trick applications that process PDF files into executing
arbitrary code (CVE-2008-1693).

Security Update!
Specially crafted PDF files with embedded fonts could potentially be
abused to trick applications that process PDF files into executing
arbitrary code (CVE-2008-1693).

Security Update!
Specially crafted PDF files with embedded fonts could potentially be
abused to trick applications that process PDF files into executing
arbitrary code (CVE-2008-1693).

Security Update!
This update brings Mozilla Firefox to security update version 2.0.0.14

Following security problems were fixed:
- MFSA 2008-20/CVE-2008-1380: Fixes for security problems in the
JavaScript engine described in MFSA 2008-15 (CVE-2008-1237) introduced
a stability problem, where some users experienced frequent crashes
during JavaScript garbage collection. These crashes may be exploitable
if someone finds a reliable way to trigger the crash.

Security Update!
This update brings Mozilla Firefox to security update version 2.0.0.14

Following security problems were fixed:
- MFSA 2008-20/CVE-2008-1380: Fixes for security problems in the
JavaScript engine described in MFSA 2008-15 (CVE-2008-1237) introduced
a stability problem, where some users experienced frequent crashes
during JavaScript garbage collection. These crashes may be exploitable
if someone finds a reliable way to trigger the crash.

Security Update!
Specially crafted PDF files with embedded fonts could potentially be
abused to trick applications that process PDF files into executing
arbitrary code (CVE-2008-1693).

Security Update!
Authenticated users could crash the LDAP server 'slapd' via the
'NOOP' command (CVE-2007-6698,CVE-2008-0658)

Security Update!
Authenticated users could crash the LDAP server 'slapd' via the
'NOOP' command (CVE-2007-6698,CVE-2008-0658)

Security Update!
Authenticated users could crash the LDAP server 'slapd' via the
'NOOP' command (CVE-2007-6698,CVE-2008-0658)

Security Update!
Authenticated users could crash the LDAP server 'slapd' via the
'NOOP' command (CVE-2007-6698,CVE-2008-0658)

Security Update!
This version upgrade of ClamAV to 0.93 fixes a long list of
vulnerabilities.
These vulnerabilities can lead to remote code execution, bypassing
the scanning engine, remote denial-of-service, local file overwrite.
(CVE-2008-1837, CVE-2008-1836, CVE-2008-1835,
CVE-2008-1833, CVE-2008-1387, CVE-2008-1100,
CVE-2008-0314, CVE-2007-6595, CVE-2007-6596)

Security Update!
This version upgrade of ClamAV to 0.93 fixes a long list of
vulnerabilities.
These vulnerabilities can lead to remote code execution, bypassing
the scanning engine, remote denial-of-service, local file overwrite.
(CVE-2008-1837, CVE-2008-1836, CVE-2008-1835,
CVE-2008-1833, CVE-2008-1387, CVE-2008-1100,
CVE-2008-0314, CVE-2007-6595, CVE-2007-6596)

Security Update!
Specially crafted png files could overwrite arbitrary memory.
Attackers could potentially exploit that to execute arbitrary code
(CVE-2008-1382).

Security Update!
Specially crafted png files could overwrite arbitrary memory.
Attackers could potentially exploit that to execute arbitrary code
(CVE-2008-1382).

Security Update!
This update of OpenOffice fixes various critical security vulnerabilities
- heap-overflow when parsing PPT files (CVE-2008-0320)
- various buffer-overflows while parsing QPRO files (CVE-2007-5745, CVE-2007-5747)
- out-of-bound memory access and a heap-overflow in the regex engine of libICU (CVE-2007-4770,CVE-2007-4771)

Security Update!
This update of OpenOffice fixes various critical security vulnerabilities
- heap-overflow when parsing PPT files (CVE-2008-0320)
- various buffer-overflows while parsing QPRO files (CVE-2007-5745, CVE-2007-5747)
- out-of-bound memory access and a heap-overflow in the regex engine of libICU (CVE-2007-4770,CVE-2007-4771)

Security Update!
This update of OpenOffice fixes various critical security vulnerabilities
- heap-overflow when parsing PPT files (CVE-2008-0320)
- various buffer-overflows while parsing QPRO files (CVE-2007-5745, CVE-2007-5747)
- out-of-bound memory access and a heap-overflow in the regex engine of libICU (CVE-2007-4770,CVE-2007-4771)

Security Update!
This update of OpenOffice fixes various critical security vulnerabilities
- heap-overflow when parsing PPT files (CVE-2008-0320)
- various buffer-overflows while parsing QPRO files (CVE-2007-5745, CVE-2007-5747)
- out-of-bound memory access and a heap-overflow in the regex engine of libICU (CVE-2007-4770,CVE-2007-4771)

Security Update!
This update of OpenOffice fixes various critical security vulnerabilities
- heap-overflow when parsing PPT files (CVE-2008-0320)
- various buffer-overflows while parsing QPRO files (CVE-2007-5745, CVE-2007-5747)
- out-of-bound memory access and a heap-overflow in the regex engine of libICU (CVE-2007-4770,CVE-2007-4771)

Security Update!
This update of OpenOffice fixes various critical security vulnerabilities
- heap-overflow when parsing PPT files (CVE-2008-0320)
- various buffer-overflows while parsing QPRO files (CVE-2007-5745, CVE-2007-5747)
- out-of-bound memory access and a heap-overflow in the regex engine of libICU (CVE-2007-4770,CVE-2007-4771)

Security Update!
This update of OpenOffice fixes various critical security vulnerabilities
- heap-overflow when parsing PPT files (CVE-2008-0320)
- various buffer-overflows while parsing QPRO files (CVE-2007-5745, CVE-2007-5747)
- out-of-bound memory access and a heap-overflow in the regex engine of libICU (CVE-2007-4770,CVE-2007-4771)