openSUSE

openSUSE 10.2 (x86_64)

SUSE Linux 10.2 (x86_64): patches, updates, bugfixes

Here you´ll find patches, updates, and bugfixes for SUSE Linux 10.2 (x86_64)

Our FTP-server: ftp.suse.com, a list of mirrors is located here.

Updates listed here are also available via the YaST Online Update (YOU). We strongly recommend using YOU.

Security updates are marked red. If you are using one of these packages, we strongly recommend to update! Please see our Security announcements as well.

Patch RPMs

As of now we are offering so called Patch RPM packages. A Patch RPM updates an already installed RPM. It only contains files which have changed - therefore it is (much) smaller than the complete RPM package. Prerequisite for installation is an already installed basic RPM. The packages included on the SUSE Linux 10.2 (x86_64) CDs/DVD are considered as basic RPMs.
If you want to update an already installed package, please download the smaller Patch RPM package.

i586 packages

Only x86_64- and non-architecture specific packages are listed here. If you have installed i586 packages, please see this page for respective updates.


22 Jul 2008 gnumeric: Spreadsheet Application
RPM gnumeric 1.6.3-29 (x86_64) 10521 kB
Patch-RPM gnumeric 1.6.3-29-patch (x86_64) 1955 kB
Source-RPM gnumeric-1.6.3-29.src.rpm  

Security Update!
Specially crafed xls files could trigger integer overflows in gnumeric that could potentially be exploited to execute arbitrary code (CVE-2008-0668).


16 Jul 2008 moodle-vi: Moodle language pack for Vietnamese
RPM moodle-vi 1.7.2-0.7 (noarch) 152 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-sk: Moodle language pack for Slovak
RPM moodle-sk 1.7.2-0.7 (noarch) 155 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-sl: Moodle language pack for Slovenian
RPM moodle-sl 1.7.2-0.7 (noarch) 276 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-sq: Moodle language pack for Albanian
RPM moodle-sq 1.7.2-0.7 (noarch) 188 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-so: Moodle language pack for Somali
RPM moodle-so 1.7.2-0.7 (noarch) 50 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-th: Moodle language pack for Thai
RPM moodle-th 1.7.2-0.7 (noarch) 209 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-sr: Moodle language pack for Serbian
RPM moodle-sr 1.7.2-0.7 (noarch) 52 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-tl: Moodle language pack for Tagalog
RPM moodle-tl 1.7.2-0.7 (noarch) 310 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-sv: Moodle language pack for Swedish
RPM moodle-sv 1.7.2-0.7 (noarch) 362 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-zh_cn: Moodle language pack for Chinese (Simplified) UTF8
RPM moodle-zh_cn 1.7.2-0.7 (noarch) 211 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-tr: Moodle language pack for Turkish
RPM moodle-tr 1.7.2-0.7 (noarch) 134 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-uk: Moodle language pack for Ukrainian
RPM moodle-uk 1.7.2-0.7 (noarch) 110 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-fa: Moodle language pack for Persian
RPM moodle-fa 1.7.2-0.7 (noarch) 31 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-et: Moodle language pack for Estonian
RPM moodle-et 1.7.2-0.7 (noarch) 91 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-es: Moodle language pack for Spanish
RPM moodle-es 1.7.2-0.7 (noarch) 371 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-el: Moodle language pack for Greek
RPM moodle-el 1.7.2-0.7 (noarch) 109 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-fi: Moodle language pack for Finnish
RPM moodle-fi 1.7.2-0.7 (noarch) 217 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-ms: Moodle language pack for Malay
RPM moodle-ms 1.7.2-0.7 (noarch) 74 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-hr: Moodle language pack for Croatian
RPM moodle-hr 1.7.2-0.7 (noarch) 59 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-lt: Moodle language pack for Lithuanian
RPM moodle-lt 1.7.2-0.7 (noarch) 57 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-ro: Moodle language pack for Romanian
RPM moodle-ro 1.7.2-0.7 (noarch) 37 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-he: Moodle language pack for Hebrew
RPM moodle-he 1.7.2-0.7 (noarch) 51 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-lv: Moodle language pack for Latvian
RPM moodle-lv 1.7.2-0.7 (noarch) 48 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-ko: Moodle language pack for Korean
RPM moodle-ko 1.7.2-0.7 (noarch) 401 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-kn: Moodle language pack for Kannada
RPM moodle-kn 1.7.2-0.7 (noarch) 27 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-km: Moodle language pack for Cambodian
RPM moodle-km 1.7.2-0.7 (noarch) 124 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-no: Moodle language pack for Norwegian
RPM moodle-no 1.7.2-0.7 (noarch) 153 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-nn: Moodle language pack for Nynorsk
RPM moodle-nn 1.7.2-0.7 (noarch) 51 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-fr: Moodle language pack for French
RPM moodle-fr 1.7.2-0.7 (noarch) 293 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-bs: Moodle language pack for Bosnian
RPM moodle-bs 1.7.2-0.7 (noarch) 74 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-de: Moodle language pack for German
RPM moodle-de 1.7.2-0.7 (noarch) 354 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-ga: Moodle language pack for Irish
RPM moodle-ga 1.7.2-0.7 (noarch) 75 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-da: Moodle language pack for Danish
RPM moodle-da 1.7.2-0.7 (noarch) 80 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-nl: Moodle language pack for Dutch
RPM moodle-nl 1.7.2-0.7 (noarch) 328 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-gl: Moodle language pack for Galician
RPM moodle-gl 1.7.2-0.7 (noarch) 154 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-mi_tn: Moodle language pack for Maori
RPM moodle-mi_tn 1.7.2-0.7 (noarch) 41 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-ka: Moodle language pack for Georgian
RPM moodle-ka 1.7.2-0.7 (noarch) 83 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-cs: Moodle language pack for Czech
RPM moodle-cs 1.7.2-0.7 (noarch) 306 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-af: Moodle language pack for Afrikaans
RPM moodle-af 1.7.2-0.7 (noarch) 59 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-ar: Moodle language pack for Arabic
RPM moodle-ar 1.7.2-0.7 (noarch) 94 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-ca: Moodle language pack for Catalan
RPM moodle-ca 1.7.2-0.7 (noarch) 214 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-hu: Moodle language pack for Hungarian
RPM moodle-hu 1.7.2-0.7 (noarch) 292 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-id: Moodle language pack for Indonesian
RPM moodle-id 1.7.2-0.7 (noarch) 63 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-hi: Moodle language pack for Hindi
RPM moodle-hi 1.7.2-0.7 (noarch) 33 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-is: Moodle language pack for Icelandic
RPM moodle-is 1.7.2-0.7 (noarch) 96 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-bg: Moodle language pack for Bulgarian
RPM moodle-bg 1.7.2-0.7 (noarch) 75 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-be: Moodle language pack for Byelorussian
RPM moodle-be 1.7.2-0.7 (noarch) 213 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-it: Moodle language pack for Italian
RPM moodle-it 1.7.2-0.7 (noarch) 336 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-pt: Moodle language pack for Portuguese
RPM moodle-pt 1.7.2-0.7 (noarch) 443 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-ja: Moodle language pack for Japanese
RPM moodle-ja 1.7.2-0.7 (noarch) 326 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-pl: Moodle language pack for Polish
RPM moodle-pl 1.7.2-0.7 (noarch) 290 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle: A Course Management System
RPM moodle 1.7.2-0.7 (noarch) 8027 kB
Patch-RPM moodle 1.7.2-0.7-patch (noarch) 8021 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-ru: Moodle language pack for Russian
RPM moodle-ru 1.7.2-0.7 (noarch) 153 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


16 Jul 2008 moodle-eu: Moodle language pack for Basque
RPM moodle-eu 1.7.2-0.7 (noarch) 222 kB
Source-RPM moodle-1.7.2-0.7.src.rpm  

Security Update!
An incorrect input validation in moodle could be exploited by
attackers to conduct cross site scripting attacks (CVE-2008-1502).


11 Jul 2008 sylpheed-claws: An Email client similar to Eudora on Windows
RPM sylpheed-claws 2.5.5-33 (x86_64) 4701 kB
Patch-RPM sylpheed-claws 2.5.5-33-patch (x86_64) 1359 kB
Source-RPM sylpheed-claws-2.5.5-33.src.rpm  

sylpheed-claws needed to be updated to work with clamav 0.93 and later.


11 Jul 2008 clamav-db: Virus Database for ClamAV
RPM clamav-db 0.93.3-0.1 (x86_64) 15787 kB
Source-RPM clamav-0.93.3-0.1.src.rpm  

Security Update!
This update brings clamav to version 0.93.3.

It lists CVE-2008-2713 as fixed, but this was fixed
in 0.93.1 already, but not mentioned.
The update contains stability and bugfixes.


11 Jul 2008 clamav: Antivirus Toolkit
RPM clamav 0.93.3-0.1 (x86_64) 1281 kB
Patch-RPM clamav 0.93.3-0.1-patch (x86_64) 1119 kB
Source-RPM clamav-0.93.3-0.1.src.rpm  

Security Update!
This update brings clamav to version 0.93.3.

It lists CVE-2008-2713 as fixed, but this was fixed
in 0.93.1 already, but not mentioned.
The update contains stability and bugfixes.


10 Jul 2008 MozillaFirefox-translations: Translations for MozillaFirefox
RPM MozillaFirefox-translations 2.0.0.15-0.1 (x86_64) 4684 kB
Patch-RPM MozillaFirefox-translations 2.0.0.15-0.1-patch (x86_64) 4683 kB
Source-RPM MozillaFirefox-2.0.0.15-0.1.src.rpm  

Security Update!
Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs
including following security bugs:

CVE-2008-2798 CVE-2008-2799 MFSA-2008-21:
Mozilla developers identified and fixed several stability bugs in the browser
engine used in Firefox and other Mozilla-based products. Some of these crashes
showed evidence of memory corruption under certain circumstances and we presume
that with enough effort at least some of these could be exploited to run
arbitrary code.

CVE-2008-2800 MFSA-2008-22:
Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities which allow
scripts from one document to be executed in the context of a different
document. These vulnerabilities could be used by an attacker to violate the
same-origin policy and perform an XSS attack.

CVE-2008-2801 MFSA-2008-23:
Security researcher Collin Jackson reported a series of vulnerabilities which
allow JavaScript to be injected into signed JARs and executed under the context
of the JAR's signer. This could allow an attacker to run JavaScript in a
victim's browser with the privileges of a different website, provided the
attacker possesses a JAR signed by the other website.

CVE-2008-2802 MFSA-2008-24:
Mozilla contributor moz_bug_r_a4 reported a vulnerability that allowed
non-priviliged XUL documents to load chrome scripts from the fastload file.
This could allow an attacker to run arbitrary JavaScript code with chrome
privileges.

CVE-2008-2803 MFSA-2008-25:
Mozilla contributor moz_bug_r_a4 reported a vulnerability which allows
arbitrary JavaScript to be executed with chrome privileges. The privilege
escalation was possible because JavaScript loaded via
mozIJSSubScriptLoader.loadSubScript() was not using XPCNativeWrappers when
accessing content. This could allow an attacker to overwrite trusted objects
with arbitrary code which would be executed with chrome privileges when the
trusted objects were called by the browser.

CVE-2008-2805 MFSA-2008-27:
Opera developer Claudio Santambrogio reported a vulnerability which allows
malicious content to force the browser into uploading local files to the remote
server. This could be used by an attacker to steal arbitrary files from a
victim's computer.

CVE-2008-2806 MFSA-2008-28:
Security researcher Gregory Fleischer reported a vulnerability in the way
Mozilla indicates the origin of a document to the Java plugin. This
vulnerability could allow a malicious Java applet to bypass the same-origin
policy and create arbitrary socket connections to other domains.

CVE-2008-2807 MFSA-2008-29:
Mozilla developer Daniel Glazman demonstrated that an improperly encoded
.properties file in an add-on can result in uninitialized memory being used.
This could potentially result in small chunks of data from other programs being
exposed in the browser.

CVE-2008-2808 MFSA-2008-30:
Mozilla contributor Masahiro Yamada reported that file URLs in directory
listings were not being HTML escaped properly when the filenames contained
particular characters. This resulted in files from directory listings being
opened in unintended ways or files not being able to be opened by the browser
altogether.

CVE-2008-2809 MFSA-2008-31:
Mozilla developer John G. Myers reported a weakness in the trust model used by
Mozilla regarding alternate names on self-signed certificates. A user could be
prompted to accept a self-signed certificate from a website which includes
alt-name entries. If the user accepted the certificate, they would also extend
trust to any alternate domains listed in the certificate, despite not being
prompted about the additional domains. This technique could be used by an
attacker to impersonate another server.

CVE-2008-2810 MFSA-2008-32:
Mozilla community member Geoff reported a vulnerability in the way Mozilla
opens URL files sent directly to the browser. He demonstrated that such files
were opened with local file privileges, giving the remote content access to
read from the local filesystem. If a user opened a bookmark to a malicious page
in this manner, the page could potentially read from other local files on the
user's computer.

CVE-2008-2811 MFSA 2008-33:
Security research firm Astabis, via the iSIGHT Partners GVP Program, reported a
vulnerability in Mozilla's block reflow code. This vulnerablitity could be used
by an attacker to crash the browser and run arbitrary code on the victim's
computer.


10 Jul 2008 MozillaFirefox: Mozilla Firefox Web Browser
RPM MozillaFirefox 2.0.0.15-0.1 (x86_64) 8858 kB
Patch-RPM MozillaFirefox 2.0.0.15-0.1-patch (x86_64) 7636 kB
Source-RPM MozillaFirefox-2.0.0.15-0.1.src.rpm  

Security Update!
Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs
including following security bugs:

CVE-2008-2798 CVE-2008-2799 MFSA-2008-21:
Mozilla developers identified and fixed several stability bugs in the browser
engine used in Firefox and other Mozilla-based products. Some of these crashes
showed evidence of memory corruption under certain circumstances and we presume
that with enough effort at least some of these could be exploited to run
arbitrary code.

CVE-2008-2800 MFSA-2008-22:
Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities which allow
scripts from one document to be executed in the context of a different
document. These vulnerabilities could be used by an attacker to violate the
same-origin policy and perform an XSS attack.

CVE-2008-2801 MFSA-2008-23:
Security researcher Collin Jackson reported a series of vulnerabilities which
allow JavaScript to be injected into signed JARs and executed under the context
of the JAR's signer. This could allow an attacker to run JavaScript in a
victim's browser with the privileges of a different website, provided the
attacker possesses a JAR signed by the other website.

CVE-2008-2802 MFSA-2008-24:
Mozilla contributor moz_bug_r_a4 reported a vulnerability that allowed
non-priviliged XUL documents to load chrome scripts from the fastload file.
This could allow an attacker to run arbitrary JavaScript code with chrome
privileges.

CVE-2008-2803 MFSA-2008-25:
Mozilla contributor moz_bug_r_a4 reported a vulnerability which allows
arbitrary JavaScript to be executed with chrome privileges. The privilege
escalation was possible because JavaScript loaded via
mozIJSSubScriptLoader.loadSubScript() was not using XPCNativeWrappers when
accessing content. This could allow an attacker to overwrite trusted objects
with arbitrary code which would be executed with chrome privileges when the
trusted objects were called by the browser.

CVE-2008-2805 MFSA-2008-27:
Opera developer Claudio Santambrogio reported a vulnerability which allows
malicious content to force the browser into uploading local files to the remote
server. This could be used by an attacker to steal arbitrary files from a
victim's computer.

CVE-2008-2806 MFSA-2008-28:
Security researcher Gregory Fleischer reported a vulnerability in the way
Mozilla indicates the origin of a document to the Java plugin. This
vulnerability could allow a malicious Java applet to bypass the same-origin
policy and create arbitrary socket connections to other domains.

CVE-2008-2807 MFSA-2008-29:
Mozilla developer Daniel Glazman demonstrated that an improperly encoded
.properties file in an add-on can result in uninitialized memory being used.
This could potentially result in small chunks of data from other programs being
exposed in the browser.

CVE-2008-2808 MFSA-2008-30:
Mozilla contributor Masahiro Yamada reported that file URLs in directory
listings were not being HTML escaped properly when the filenames contained
particular characters. This resulted in files from directory listings being
opened in unintended ways or files not being able to be opened by the browser
altogether.

CVE-2008-2809 MFSA-2008-31:
Mozilla developer John G. Myers reported a weakness in the trust model used by
Mozilla regarding alternate names on self-signed certificates. A user could be
prompted to accept a self-signed certificate from a website which includes
alt-name entries. If the user accepted the certificate, they would also extend
trust to any alternate domains listed in the certificate, despite not being
prompted about the additional domains. This technique could be used by an
attacker to impersonate another server.

CVE-2008-2810 MFSA-2008-32:
Mozilla community member Geoff reported a vulnerability in the way Mozilla
opens URL files sent directly to the browser. He demonstrated that such files
were opened with local file privileges, giving the remote content access to
read from the local filesystem. If a user opened a bookmark to a malicious page
in this manner, the page could potentially read from other local files on the
user's computer.

CVE-2008-2811 MFSA 2008-33:
Security research firm Astabis, via the iSIGHT Partners GVP Program, reported a
vulnerability in Mozilla's block reflow code. This vulnerablitity could be used
by an attacker to crash the browser and run arbitrary code on the victim's
computer.


10 Jul 2008 bind-utils: Utilities to query and test DNS
RPM bind-utils 9.3.5P1-0.1 (x86_64) 174 kB
Patch-RPM bind-utils 9.3.5P1-0.1-patch (x86_64) 152 kB
Source-RPM bind-9.3.5P1-0.1.src.rpm  

Security Update!
The transaction id and the UDP source port used for DNS queries by
the bind nameserver were predicatable. Attackers could potentially
exploit that weakness to manipulate the DNS cache ("DNS cache poisoning",
CVE-2008-1447).


10 Jul 2008 bind-doc: BIND documentation
RPM bind-doc 9.3.5P1-0.1 (x86_64) 1538 kB
Patch-RPM bind-doc 9.3.5P1-0.1-patch (x86_64) 393 kB
Source-RPM bind-9.3.5P1-0.1.src.rpm  

Security Update!
The transaction id and the UDP source port used for DNS queries by
the bind nameserver were predicatable. Attackers could potentially
exploit that weakness to manipulate the DNS cache ("DNS cache poisoning",
CVE-2008-1447).


10 Jul 2008 bind-libs: Shared libraries of BIND
RPM bind-libs 9.3.5P1-0.1 (x86_64) 996 kB
Source-RPM bind-9.3.5P1-0.1.src.rpm  

Security Update!
The transaction id and the UDP source port used for DNS queries by
the bind nameserver were predicatable. Attackers could potentially
exploit that weakness to manipulate the DNS cache ("DNS cache poisoning",
CVE-2008-1447).


10 Jul 2008 bind-libs-32bit: Shared libraries of BIND
RPM bind-libs-32bit 9.3.5P1-0.1 (x86_64) 876 kB
Source-RPM bind-9.3.5P1-0.1.src.rpm  

Security Update!
The transaction id and the UDP source port used for DNS queries by
the bind nameserver were predicatable. Attackers could potentially
exploit that weakness to manipulate the DNS cache ("DNS cache poisoning",
CVE-2008-1447).


10 Jul 2008 bind-devel: Development Libraries and Header Files of BIND
RPM bind-devel 9.3.5P1-0.1 (x86_64) 1289 kB
Patch-RPM bind-devel 9.3.5P1-0.1-patch (x86_64) 1005 kB
Source-RPM bind-9.3.5P1-0.1.src.rpm  

Security Update!
The transaction id and the UDP source port used for DNS queries by
the bind nameserver were predicatable. Attackers could potentially
exploit that weakness to manipulate the DNS cache ("DNS cache poisoning",
CVE-2008-1447).


10 Jul 2008 bind-chrootenv: Chroot environment for BIND named and lwresd
RPM bind-chrootenv 9.3.5P1-0.1 (x86_64) 24 kB
Patch-RPM bind-chrootenv 9.3.5P1-0.1-patch (x86_64) 23 kB
Source-RPM bind-9.3.5P1-0.1.src.rpm  

Security Update!
The transaction id and the UDP source port used for DNS queries by
the bind nameserver were predicatable. Attackers could potentially
exploit that weakness to manipulate the DNS cache ("DNS cache poisoning",
CVE-2008-1447).


10 Jul 2008 bind: Domain Name System (DNS) Server (named)
RPM bind 9.3.5P1-0.1 (x86_64) 231 kB
Patch-RPM bind 9.3.5P1-0.1-patch (x86_64) 219 kB
Source-RPM bind-9.3.5P1-0.1.src.rpm  

Security Update!
The transaction id and the UDP source port used for DNS queries by
the bind nameserver were predicatable. Attackers could potentially
exploit that weakness to manipulate the DNS cache ("DNS cache poisoning",
CVE-2008-1447).


7 Jul 2008 licq-icqnd: GTK-2 GUI plugin for Licq
RPM licq-icqnd 1.3.4-31 (x86_64) 505 kB
Patch-RPM licq-icqnd 1.3.4-31-patch (x86_64) 318 kB
Source-RPM licq-1.3.4-31.src.rpm  

Licq clients could no longer log in to the ICQ network due to a server
change at July 1st 2008


7 Jul 2008 licq: Linux ICQ Client
RPM licq 1.3.4-31 (x86_64) 2907 kB
Patch-RPM licq 1.3.4-31-patch (x86_64) 1725 kB
Source-RPM licq-1.3.4-31.src.rpm  

Licq clients could no longer log in to the ICQ network due to a server
change at July 1st 2008


7 Jul 2008 zypper: Command Line Package Management Using Libzypp
RPM zypper 0.6.15-0.6 (x86_64) 213 kB
Patch-RPM zypper 0.6.15-0.6-patch (x86_64) 205 kB
Source-RPM zypper-0.6.15-0.6.src.rpm  

Libzypp was not able to import updated GPG keys (with for instance new expiry dates), since it already saw the GPG key as imported.

This blocked the extension of the suse build key for instance.

This update of the zypp-refresh utility does no longer accept repository signatures and files with signature check problems without user's approval.


7 Jul 2008 libzypp: Package, Patch, Pattern, and Product Management
RPM libzypp 2.17.2-0.1 (x86_64) 2368 kB
Patch-RPM libzypp 2.17.2-0.1-patch (x86_64) 2350 kB
Source-RPM libzypp-2.17.2-0.1.src.rpm  

Libzypp was not able to import updated GPG keys (with for instance new expiry dates), since it already saw the GPG key as imported.

This blocked the extension of the suse build key for instance.

This update of the zypp-refresh utility does no longer accept repository signatures and files with signature check problems without user's approval.


7 Jul 2008 libzypp-devel: Package, Patch, Pattern, and Product Management - developers files
RPM libzypp-devel 2.17.2-0.1 (x86_64) 4345 kB
Patch-RPM libzypp-devel 2.17.2-0.1-patch (x86_64) 4294 kB
Source-RPM libzypp-2.17.2-0.1.src.rpm  

Libzypp was not able to import updated GPG keys (with for instance new expiry dates), since it already saw the GPG key as imported.

This blocked the extension of the suse build key for instance.

This update of the zypp-refresh utility does no longer accept repository signatures and files with signature check problems without user's approval.


4 Jul 2008 freetype2-devel-32bit: Include Files and Libraries mandatory for Development.
RPM freetype2-devel-32bit 2.3.5-4.3 (x86_64) 250 kB
Source-RPM freetype2-2.3.5-4.3.src.rpm  

Security Update!
This update of freetype2 fixes several potential vulnerabilities reported by iDefense.


4 Jul 2008 freetype2-devel: Include Files and Libraries mandatory for Development.
RPM freetype2-devel 2.3.5-4.3 (x86_64) 559 kB
Patch-RPM freetype2-devel 2.3.5-4.3-patch (x86_64) 480 kB
Source-RPM freetype2-2.3.5-4.3.src.rpm  

Security Update!
This update of freetype2 fixes several potential vulnerabilities reported by iDefense.


4 Jul 2008 freetype2-32bit: A TrueType Font Library
RPM freetype2-32bit 2.3.5-4.3 (x86_64) 241 kB
Source-RPM freetype2-2.3.5-4.3.src.rpm  

Security Update!
This update of freetype2 fixes several potential vulnerabilities reported by iDefense.


4 Jul 2008 freetype2: A TrueType Font Library
RPM freetype2 2.3.5-4.3 (x86_64) 348 kB
Patch-RPM freetype2 2.3.5-4.3-patch (x86_64) 339 kB
Source-RPM freetype2-2.3.5-4.3.src.rpm  

Security Update!
This update of freetype2 fixes several potential vulnerabilities reported by iDefense.


4 Jul 2008 suse-build-key: The public gpg key for rpm package signature verification
RPM suse-build-key 1.0-710 (noarch) 12 kB
Source-RPM suse-build-key-1.0-710.src.rpm  

This update extends the expiration dates of various Novell
Keys by two more years:

9C800ACA,8495160C,307E3D54: extend expiration by 2 years until 2010-05-05
7E2E3B05: extend expiration by 2 years until 2010-05-24


1 Jul 2008 mtr-gtk: Ping and Traceroute Network Diagnostic Tool
RPM mtr-gtk 0.72-20 (x86_64) 61 kB
Patch-RPM mtr-gtk 0.72-20-patch (x86_64) 41 kB
Source-RPM mtr-0.72-20.src.rpm  

Security Update!
This update fixes a stack based buffer overflow which could potentially be exploited by a remote attacker to execute arbitrary code (CVE-2008-2357).


1 Jul 2008 mtr: Ping and Traceroute Network Diagnostic Tool
RPM mtr 0.72-20 (x86_64) 51 kB
Patch-RPM mtr 0.72-20-patch (x86_64) 34 kB
Source-RPM mtr-0.72-20.src.rpm  

Security Update!
This update fixes a stack based buffer overflow which could potentially be exploited by a remote attacker to execute arbitrary code (CVE-2008-2357).


30 Jun 2008 GraphicsMagick-devel: Viewer and Converter for Images - files mandatory for development
RPM GraphicsMagick-devel 1.1.7-35.7 (x86_64) 46 kB
Patch-RPM GraphicsMagick-devel 1.1.7-35.7-patch (x86_64) 11 kB
Source-RPM GraphicsMagick-1.1.7-35.7.src.rpm  

Security Update!
GraphicsMagick is affected by two security problems:

CVE-2008-1096: Buffer overflow in the handling of XCF files
CVE-2008-1097: Heap buffer overflow in the handling of PCX files


30 Jun 2008 perl-GraphicsMagick: Viewer and Converter for Images - perl interface
RPM perl-GraphicsMagick 1.1.7-35.7 (x86_64) 65 kB
Patch-RPM perl-GraphicsMagick 1.1.7-35.7-patch (x86_64) 7 kB
Source-RPM GraphicsMagick-1.1.7-35.7.src.rpm  

Security Update!
GraphicsMagick is affected by two security problems:

CVE-2008-1096: Buffer overflow in the handling of XCF files
CVE-2008-1097: Heap buffer overflow in the handling of PCX files


30 Jun 2008 GraphicsMagick-c++-devel: Viewer and Converter for Images - C++ interface - development files
RPM GraphicsMagick-c++-devel 1.1.7-35.7 (x86_64) 40 kB
Patch-RPM GraphicsMagick-c++-devel 1.1.7-35.7-patch (x86_64) 5 kB
Source-RPM GraphicsMagick-1.1.7-35.7.src.rpm  

Security Update!
GraphicsMagick is affected by two security problems:

CVE-2008-1096: Buffer overflow in the handling of XCF files
CVE-2008-1097: Heap buffer overflow in the handling of PCX files


30 Jun 2008 GraphicsMagick-c++: Viewer and Converter for Images - C++ interface
RPM GraphicsMagick-c++ 1.1.7-35.7 (x86_64) 126 kB
Source-RPM GraphicsMagick-1.1.7-35.7.src.rpm  

Security Update!
GraphicsMagick is affected by two security problems:

CVE-2008-1096: Buffer overflow in the handling of XCF files
CVE-2008-1097: Heap buffer overflow in the handling of PCX files


30 Jun 2008 GraphicsMagick: Viewer and Converter for Images
RPM GraphicsMagick 1.1.7-35.7 (x86_64) 2226 kB
Patch-RPM GraphicsMagick 1.1.7-35.7-patch (x86_64) 1161 kB
Source-RPM GraphicsMagick-1.1.7-35.7.src.rpm  

Security Update!
GraphicsMagick is affected by two security problems:

CVE-2008-1096: Buffer overflow in the handling of XCF files
CVE-2008-1097: Heap buffer overflow in the handling of PCX files


30 Jun 2008 perl-PerlMagick: Perl interface for ImageMagick
RPM perl-PerlMagick 6.3.0.0-27.10 (x86_64) 150 kB
Patch-RPM perl-PerlMagick 6.3.0.0-27.10-patch (x86_64) 92 kB
Source-RPM ImageMagick-6.3.0.0-27.10.src.rpm  

Security Update!
ImageMagick is affected by two security problems:

CVE-2008-1096: Buffer overflow in the handling of XCF files
CVE-2008-1097: Heap buffer overflow in the handling of PCX files


30 Jun 2008 ImageMagick-devel: Include Files and Libraries Mandatory for Development.
RPM ImageMagick-devel 6.3.0.0-27.10 (x86_64) 1534 kB
Patch-RPM ImageMagick-devel 6.3.0.0-27.10-patch (x86_64) 1483 kB
Source-RPM ImageMagick-6.3.0.0-27.10.src.rpm  

Security Update!
ImageMagick is affected by two security problems:

CVE-2008-1096: Buffer overflow in the handling of XCF files
CVE-2008-1097: Heap buffer overflow in the handling of PCX files


30 Jun 2008 ImageMagick-Magick++: C++ Interface for ImageMagick - runtime library
RPM ImageMagick-Magick++ 6.3.0.0-27.10 (x86_64) 143 kB
Patch-RPM ImageMagick-Magick++ 6.3.0.0-27.10-patch (x86_64) 136 kB
Source-RPM ImageMagick-6.3.0.0-27.10.src.rpm  

Security Update!
ImageMagick is affected by two security problems:

CVE-2008-1096: Buffer overflow in the handling of XCF files
CVE-2008-1097: Heap buffer overflow in the handling of PCX files


30 Jun 2008 ImageMagick-Magick++-devel: C++ Interface for ImageMagick - files mandatory for development
RPM ImageMagick-Magick++-devel 6.3.0.0-27.10 (x86_64) 205 kB
Patch-RPM ImageMagick-Magick++-devel 6.3.0.0-27.10-patch (x86_64) 136 kB
Source-RPM ImageMagick-6.3.0.0-27.10.src.rpm  

Security Update!
ImageMagick is affected by two security problems:

CVE-2008-1096: Buffer overflow in the handling of XCF files
CVE-2008-1097: Heap buffer overflow in the handling of PCX files


30 Jun 2008 ImageMagick: Viewer and Converter for Images
RPM ImageMagick 6.3.0.0-27.10 (x86_64) 3248 kB
Patch-RPM ImageMagick 6.3.0.0-27.10-patch (x86_64) 1513 kB
Source-RPM ImageMagick-6.3.0.0-27.10.src.rpm  

Security Update!
ImageMagick is affected by two security problems:

CVE-2008-1096: Buffer overflow in the handling of XCF files
CVE-2008-1097: Heap buffer overflow in the handling of PCX files


27 Jun 2008 php5-zlib: PHP5 Extension Module
RPM php5-zlib 5.2.6-0.2 (x86_64) 51 kB
Source-RPM php5-5.2.6-0.2.src.rpm  

Security Update!
This update of php5 fixes:
- possible stack-based buffer overflow CVE-2008-2050
- incomplete escapeshellcmd() CVE-2008-2051
- printf() integer overflow CVE-2008-1384
- insecure GENERATE_SEED macro CVE-2008-2107
- timezone update for DST in Pakistan


27 Jun 2008 php5-zip: PHP5 Extension Module
RPM php5-zip 5.2.6-0.2 (x86_64) 67 kB
Source-RPM php5-5.2.6-0.2.src.rpm  

Security Update!
This update of php5 fixes:
- possible stack-based buffer overflow CVE-2008-2050
- incomplete escapeshellcmd() CVE-2008-2051
- printf() integer overflow CVE-2008-1384
- insecure GENERATE_SEED macro CVE-2008-2107
- timezone update for DST in Pakistan


27 Jun 2008 php5-xsl: PHP5 Extension Module
RPM php5-xsl 5.2.6-0.2 (x86_64) 50 kB
Source-RPM php5-5.2.6-0.2.src.rpm  

Security Update!
This update of php5 fixes:
- possible stack-based buffer overflow CVE-2008-2050
- incomplete escapeshellcmd() CVE-2008-2051
- printf() integer overflow CVE-2008-1384
- insecure GENERATE_SEED macro CVE-2008-2107
- timezone update for DST in Pakistan


27 Jun 2008 php5-xmlwriter: PHP5 Extension Module
RPM php5-xmlwriter 5.2.6-0.2 (x86_64) 48 kB
Source-RPM php5-5.2.6-0.2.src.rpm  

Security Update!
This update of php5 fixes:
- possible stack-based buffer overflow CVE-2008-2050
- incomplete escapeshellcmd() CVE-2008-2051
- printf() integer overflow CVE-2008-1384
- insecure GENERATE_SEED macro CVE-2008-2107
- timezone update for DST in Pakistan


27 Jun 2008 php5-xmlrpc: PHP5 Extension Module
RPM php5-xmlrpc 5.2.6-0.2 (x86_64) 75 kB
Source-RPM php5-5.2.6-0.2.src.rpm  

Security Update!
This update of php5 fixes:
- possible stack-based buffer overflow CVE-2008-2050
- incomplete escapeshellcmd() CVE-2008-2051
- printf() integer overflow CVE-2008-1384
- insecure GENERATE_SEED macro CVE-2008-2107
- timezone update for DST in Pakistan


27 Jun 2008 php5-wddx: PHP5 Extension Module
RPM php5-wddx 5.2.6-0.2 (x86_64) 52 kB
Source-RPM php5-5.2.6-0.2.src.rpm  

Security Update!
This update of php5 fixes:
- possible stack-based buffer overflow CVE-2008-2050
- incomplete escapeshellcmd() CVE-2008-2051
- printf() integer overflow CVE-2008-1384
- insecure GENERATE_SEED macro CVE-2008-2107
- timezone update for DST in Pakistan


27 Jun 2008 php5-xmlreader: PHP5 Extension Module
RPM php5-xmlreader 5.2.6-0.2 (x86_64) 50 kB
Source-RPM php5-5.2.6-0.2.src.rpm  

Security Update!
This update of php5 fixes:
- possible stack-based buffer overflow CVE-2008-2050
- incomplete escapeshellcmd() CVE-2008-2051
- printf() integer overflow CVE-2008-1384
- insecure GENERATE_SEED macro CVE-2008-2107
- timezone update for DST in Pakistan


27 Jun 2008 php5-tokenizer: PHP5 Extension Module
RPM php5-tokenizer 5.2.6-0.2 (x86_64) 45 kB
Source-RPM php5-5.2.6-0.2.src.rpm  

Security Update!
This update of php5 fixes:
- possible stack-based buffer overflow CVE-2008-2050
- incomplete escapeshellcmd() CVE-2008-2051
- printf() integer overflow CVE-2008-1384
- insecure GENERATE_SEED macro CVE-2008-2107
- timezone update for DST in Pakistan


27 Jun 2008 php5-tidy: PHP5 Extension Module
RPM php5-tidy 5.2.6-0.2 (x86_64) 54 kB
Source-RPM php5-5.2.6-0.2.src.rpm  

Security Update!
This update of php5 fixes:
- possible stack-based buffer overflow CVE-2008-2050
- incomplete escapeshellcmd() CVE-2008-2051
- printf() integer overflow CVE-2008-1384
- insecure GENERATE_SEED macro CVE-2008-2107
- timezone update for DST in Pakistan


27 Jun 2008 php5-sysvsem: PHP5 Extension Module
RPM php5-sysvsem 5.2.6-0.2 (x86_64) 42 kB
Source-RPM php5-5.2.6-0.2.src.rpm  

Security Update!
This update of php5 fixes:
- possible stack-based buffer overflow CVE-2008-2050
- incomplete escapeshellcmd() CVE-2008-2051
- printf() integer overflow CVE-2008-1384
- insecure GENERATE_SEED macro CVE-2008-2107
- timezone update for DST in Pakistan


27 Jun 2008 php5-sysvshm: PHP5 Extension Module
RPM php5-sysvshm 5.2.6-0.2 (x86_64) 44 kB
Source-RPM php5-5.2.6-0.2.src.rpm  

Security Update!
This update of php5 fixes:
- possible stack-based buffer overflow CVE-2008-2050
- incomplete escapeshellcmd() CVE-2008-2051
- printf() integer overflow CVE-2008-1384
- insecure GENERATE_SEED macro CVE-2008-2107
- timezone update for DST in Pakistan


27 Jun 2008 php5-sqlite: PHP5 Extension Module
RPM php5-sqlite 5.2.6-0.2 (x86_64) 73 kB
Source-RPM php5-5.2.6-0.2.src.rpm  

Security Update!
This update of php5 fixes:
- possible stack-based buffer overflow CVE-2008-2050
- incomplete escapeshellcmd() CVE-2008-2051
- printf() integer overflow CVE-2008-1384
- insecure GENERATE_SEED macro CVE-2008-2107
- timezone update for DST in Pakistan


27 Jun 2008 php5-suhosin: PHP5 Extension Module
RPM php5-suhosin 5.2.6-0.2 (x86_64) 106 kB
Source-RPM php5-5.2.6-0.2.src.rpm  

Security Update!
This update of php5 fixes:
- possible stack-based buffer overflow CVE-2008-2050
- incomplete escapeshellcmd() CVE-2008-2051
- printf() integer overflow CVE-2008-1384
- insecure GENERATE_SEED macro CVE-2008-2107
- timezone update for DST in Pakistan


27 Jun 2008 php5-sysvmsg: PHP5 Extension Module
RPM php5-sysvmsg 5.2.6-0.2 (x86_64) 44 kB
Source-RPM php5-5.2.6-0.2.src.rpm  

Security Update!
This update of php5 fixes:
- possible stack-based buffer overflow CVE-2008-2050
- incomplete escapeshellcmd() CVE-2008-2051
- printf() integer overflow CVE-2008-1384
- insecure GENERATE_SEED macro CVE-2008-2107
- timezone update for DST in Pakistan


27 Jun 2008 php5-soap: PHP5 Extension Module
RPM php5-soap 5.2.6-0.2 (x86_64) 155 kB
Source-RPM php5-5.2.6-0.2.src.rpm  

Security Update!
This update of php5 fixes:
- possible stack-based buffer overflow CVE-2008-2050
- incomplete escapeshellcmd() CVE-2008-2051
- printf() integer overflow CVE-2008-1384
- insecure GENERATE_SEED macro CVE-2008-2107
- timezone update for DST in Pakistan


27 Jun 2008 php5-sockets: PHP5 Extension Module
RPM php5-sockets 5.2.6-0.2 (x86_64) 54 kB
Source-RPM php5-5.2.6-0.2.src.rpm  

Security Update!
This update of php5 fixes:
- possible stack-based buffer overflow CVE-2008-2050
- incomplete escapeshellcmd() CVE-2008-2051
- printf() integer overflow CVE-2008-1384
- insecure GENERATE_SEED macro CVE-2008-2107
- timezone update for DST in Pakistan


27 Jun 2008 php5-readline: PHP5 readline extension
RPM php5-readline 5.2.6-0.2 (x86_64) 44 kB
Source-RPM php5-5.2.6-0.2.src.rpm  

Security Update!
This update of php5 fixes:
- possible stack-based buffer overflow CVE-2008-2050
- incomplete escapeshellcmd() CVE-2008-2051
- printf() integer overflow CVE-2008-1384
- insecure GENERATE_SEED macro CVE-2008-2107
- timezone update for DST in Pakistan


27 Jun 2008 php5-snmp: PHP5 Extension Module
RPM php5-snmp 5.2.6-0.2 (x86_64) 49 kB
Source-RPM php5-5.2.6-0.2.src.rpm  

Security Update!
This update of php5 fixes:
- possible stack-based buffer overflow CVE-2008-2050
- incomplete escapeshellcmd() CVE-2008-2051
- printf() integer overflow CVE-2008-1384
- insecure GENERATE_SEED macro CVE-2008-2107
- timezone update for DST in Pakistan


27 Jun 2008 php5-shmop: PHP5 Extension Module
RPM php5-shmop 5.2.6-0.2 (x86_64) 43 kB
Source-RPM php5-5.2.6-0.2.src.rpm  

Security Update!
This update of php5 fixes:
- possible stack-based buffer overflow CVE-2008-2050
- incomplete escapeshellcmd() CVE-2008-2051
- printf() integer overflow CVE-2008-1384
- insecure GENERATE_SEED macro CVE-2008-2107
- timezone update for DST in Pakistan


27 Jun 2008 php5-pspell: PHP5 pspell extension
RPM php5-pspell 5.2.6-0.2 (x86_64) 47 kB