SUSE Linux

Security Update!
This kernel update fixes the following security problems:

- CVE-2006-3626: A race condition allows local users to gain root privileges
by changing the file mode of /proc/self/ files in a way
that causes those files (for instance /proc/self/environ)
to become setuid root. [#192688]
- CVE-2006-2935: A stackbased buffer overflow in CDROM / DVD handling was
fixed which could be used by a physical local attacker
to crash the kernel or execute code within kernel
context, depending on presence of automatic DVD handling
in the system. [#190396]
- CVE-2006-2934: When a SCTP packet without any chunks is received, the
newconntrack variable in sctp_packet contains an out of
bounds value that is used to look up an pointer from the
array of timeouts, which is then dereferenced, resulting
in a crash. Make sure at least a single chunk is present.
[#190136]
- CVE-2006-2451: Due to an argument validation error in prctl(PR_SET_DUMPABLE)
a local attacker can easily gain administrator (root)
privileges. [#186980]
- CVE-2006-3085: Fixed a remotely triggerable endless loop in SCTP netfilter
handling caused by 0 chunk length. [#186584]
- CVE-2006-2448: Due to missing checking of validity of userspace pointers
it was possible for local attackers to read any kernel
memory, potentially exposing sensitive data to the
attacker or crash the kernel.
This problem is PowerPC specific. [#186583]
- CVE-2006-2444: The snmp_trap_decode function in the SNMP NAT helper
allows remote attackers to cause a denial of service
(crash) via unspecified remote attack vectors that cause
failures in snmp_trap_decode that trigger (1) frees of
random memory or (2) frees of previously-freed memory
(double-free) by snmp_trap_decode as well as its calling
function, as demonstrated via certain test cases of
the PROTOS SNMP test suite. [#177577]
- CVE-2006-1858: SCTP allowed remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a chunk
length that is inconsistent with the actual length of
provided parameters. [#177571]
- CVE-2006-1857: A buffer overflow in the SCTP protocol could allow remote
attackers to cause a crash or possibly execute arbitrary
code via a malformed HB-ACK chunk. [#177571]
- CVE-2006-1528: Linux allows local users to cause a denial of service (crash)
via a Direct I/O transfer from the sg driver to memory
mapped (mmap) IO space. [#177085]
- CVE-2006-0744: When the user could have changed %RIP always force IRET,
now also fixed for the UML kernel. [#156580]

and the following non security bugs:

- Fix concurrent writes to /proc/sys/vm/toss_page_cache_nodes [#183048]
- Null-terminate over-long /proc/kallsyms symbols [#190296]
- make APIC errors KERN_DEBUG [#188009]
- lpfc: Fix for "UnknownIOCB command Data: x0 x3 x0 x0" [#161780]
- SATA 'abnormal status' error, followed by system hang [#188351]
- system hangs when failing a path [#177266] (LTC23855)
- reiserfs corruption with 2.6.5-7.252-smp x86_64 + patches from #115460 [#170162]
- vfs: use in-dentry qstr rather than allocate an external one [#182924]
- Fix assertion failure in journal_drop_transaction() [#180498]
- bio_to_region fix [#151217]
- the whole RAM can't become dirty cache (pagetables, slab etc...) [#164387]

Security Update!
This kernel update fixes the following security problems:

- CVE-2006-3626: A race condition allows local users to gain root privileges
by changing the file mode of /proc/self/ files in a way
that causes those files (for instance /proc/self/environ)
to become setuid root. [#192688]
- CVE-2006-2935: A stackbased buffer overflow in CDROM / DVD handling was
fixed which could be used by a physical local attacker
to crash the kernel or execute code within kernel
context, depending on presence of automatic DVD handling
in the system. [#190396]
- CVE-2006-2934: When a SCTP packet without any chunks is received, the
newconntrack variable in sctp_packet contains an out of
bounds value that is used to look up an pointer from the
array of timeouts, which is then dereferenced, resulting
in a crash. Make sure at least a single chunk is present.
[#190136]
- CVE-2006-2451: Due to an argument validation error in prctl(PR_SET_DUMPABLE)
a local attacker can easily gain administrator (root)
privileges. [#186980]
- CVE-2006-3085: Fixed a remotely triggerable endless loop in SCTP netfilter
handling caused by 0 chunk length. [#186584]
- CVE-2006-2448: Due to missing checking of validity of userspace pointers
it was possible for local attackers to read any kernel
memory, potentially exposing sensitive data to the
attacker or crash the kernel.
This problem is PowerPC specific. [#186583]
- CVE-2006-2444: The snmp_trap_decode function in the SNMP NAT helper
allows remote attackers to cause a denial of service
(crash) via unspecified remote attack vectors that cause
failures in snmp_trap_decode that trigger (1) frees of
random memory or (2) frees of previously-freed memory
(double-free) by snmp_trap_decode as well as its calling
function, as demonstrated via certain test cases of
the PROTOS SNMP test suite. [#177577]
- CVE-2006-1858: SCTP allowed remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a chunk
length that is inconsistent with the actual length of
provided parameters. [#177571]
- CVE-2006-1857: A buffer overflow in the SCTP protocol could allow remote
attackers to cause a crash or possibly execute arbitrary
code via a malformed HB-ACK chunk. [#177571]
- CVE-2006-1528: Linux allows local users to cause a denial of service (crash)
via a Direct I/O transfer from the sg driver to memory
mapped (mmap) IO space. [#177085]
- CVE-2006-0744: When the user could have changed %RIP always force IRET,
now also fixed for the UML kernel. [#156580]

and the following non security bugs:

- Fix concurrent writes to /proc/sys/vm/toss_page_cache_nodes [#183048]
- Null-terminate over-long /proc/kallsyms symbols [#190296]
- make APIC errors KERN_DEBUG [#188009]
- lpfc: Fix for "UnknownIOCB command Data: x0 x3 x0 x0" [#161780]
- SATA 'abnormal status' error, followed by system hang [#188351]
- system hangs when failing a path [#177266] (LTC23855)
- reiserfs corruption with 2.6.5-7.252-smp x86_64 + patches from #115460 [#170162]
- vfs: use in-dentry qstr rather than allocate an external one [#182924]
- Fix assertion failure in journal_drop_transaction() [#180498]
- bio_to_region fix [#151217]
- the whole RAM can't become dirty cache (pagetables, slab etc...) [#164387]

Security Update!
This kernel update fixes the following security problems:

- CVE-2006-3626: A race condition allows local users to gain root privileges
by changing the file mode of /proc/self/ files in a way
that causes those files (for instance /proc/self/environ)
to become setuid root. [#192688]
- CVE-2006-2935: A stackbased buffer overflow in CDROM / DVD handling was
fixed which could be used by a physical local attacker
to crash the kernel or execute code within kernel
context, depending on presence of automatic DVD handling
in the system. [#190396]
- CVE-2006-2934: When a SCTP packet without any chunks is received, the
newconntrack variable in sctp_packet contains an out of
bounds value that is used to look up an pointer from the
array of timeouts, which is then dereferenced, resulting
in a crash. Make sure at least a single chunk is present.
[#190136]
- CVE-2006-2451: Due to an argument validation error in prctl(PR_SET_DUMPABLE)
a local attacker can easily gain administrator (root)
privileges. [#186980]
- CVE-2006-3085: Fixed a remotely triggerable endless loop in SCTP netfilter
handling caused by 0 chunk length. [#186584]
- CVE-2006-2448: Due to missing checking of validity of userspace pointers
it was possible for local attackers to read any kernel
memory, potentially exposing sensitive data to the
attacker or crash the kernel.
This problem is PowerPC specific. [#186583]
- CVE-2006-2444: The snmp_trap_decode function in the SNMP NAT helper
allows remote attackers to cause a denial of service
(crash) via unspecified remote attack vectors that cause
failures in snmp_trap_decode that trigger (1) frees of
random memory or (2) frees of previously-freed memory
(double-free) by snmp_trap_decode as well as its calling
function, as demonstrated via certain test cases of
the PROTOS SNMP test suite. [#177577]
- CVE-2006-1858: SCTP allowed remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a chunk
length that is inconsistent with the actual length of
provided parameters. [#177571]
- CVE-2006-1857: A buffer overflow in the SCTP protocol could allow remote
attackers to cause a crash or possibly execute arbitrary
code via a malformed HB-ACK chunk. [#177571]
- CVE-2006-1528: Linux allows local users to cause a denial of service (crash)
via a Direct I/O transfer from the sg driver to memory
mapped (mmap) IO space. [#177085]
- CVE-2006-0744: When the user could have changed %RIP always force IRET,
now also fixed for the UML kernel. [#156580]

and the following non security bugs:

- Fix concurrent writes to /proc/sys/vm/toss_page_cache_nodes [#183048]
- Null-terminate over-long /proc/kallsyms symbols [#190296]
- make APIC errors KERN_DEBUG [#188009]
- lpfc: Fix for "UnknownIOCB command Data: x0 x3 x0 x0" [#161780]
- SATA 'abnormal status' error, followed by system hang [#188351]
- system hangs when failing a path [#177266] (LTC23855)
- reiserfs corruption with 2.6.5-7.252-smp x86_64 + patches from #115460 [#170162]
- vfs: use in-dentry qstr rather than allocate an external one [#182924]
- Fix assertion failure in journal_drop_transaction() [#180498]
- bio_to_region fix [#151217]
- the whole RAM can't become dirty cache (pagetables, slab etc...) [#164387]

Security Update!
This kernel update fixes the following security problems:

- CVE-2006-3626: A race condition allows local users to gain root privileges
by changing the file mode of /proc/self/ files in a way
that causes those files (for instance /proc/self/environ)
to become setuid root. [#192688]
- CVE-2006-2935: A stackbased buffer overflow in CDROM / DVD handling was
fixed which could be used by a physical local attacker
to crash the kernel or execute code within kernel
context, depending on presence of automatic DVD handling
in the system. [#190396]
- CVE-2006-2934: When a SCTP packet without any chunks is received, the
newconntrack variable in sctp_packet contains an out of
bounds value that is used to look up an pointer from the
array of timeouts, which is then dereferenced, resulting
in a crash. Make sure at least a single chunk is present.
[#190136]
- CVE-2006-2451: Due to an argument validation error in prctl(PR_SET_DUMPABLE)
a local attacker can easily gain administrator (root)
privileges. [#186980]
- CVE-2006-3085: Fixed a remotely triggerable endless loop in SCTP netfilter
handling caused by 0 chunk length. [#186584]
- CVE-2006-2448: Due to missing checking of validity of userspace pointers
it was possible for local attackers to read any kernel
memory, potentially exposing sensitive data to the
attacker or crash the kernel.
This problem is PowerPC specific. [#186583]
- CVE-2006-2444: The snmp_trap_decode function in the SNMP NAT helper
allows remote attackers to cause a denial of service
(crash) via unspecified remote attack vectors that cause
failures in snmp_trap_decode that trigger (1) frees of
random memory or (2) frees of previously-freed memory
(double-free) by snmp_trap_decode as well as its calling
function, as demonstrated via certain test cases of
the PROTOS SNMP test suite. [#177577]
- CVE-2006-1858: SCTP allowed remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a chunk
length that is inconsistent with the actual length of
provided parameters. [#177571]
- CVE-2006-1857: A buffer overflow in the SCTP protocol could allow remote
attackers to cause a crash or possibly execute arbitrary
code via a malformed HB-ACK chunk. [#177571]
- CVE-2006-1528: Linux allows local users to cause a denial of service (crash)
via a Direct I/O transfer from the sg driver to memory
mapped (mmap) IO space. [#177085]
- CVE-2006-0744: When the user could have changed %RIP always force IRET,
now also fixed for the UML kernel. [#156580]

and the following non security bugs:

- Fix concurrent writes to /proc/sys/vm/toss_page_cache_nodes [#183048]
- Null-terminate over-long /proc/kallsyms symbols [#190296]
- make APIC errors KERN_DEBUG [#188009]
- lpfc: Fix for "UnknownIOCB command Data: x0 x3 x0 x0" [#161780]
- SATA 'abnormal status' error, followed by system hang [#188351]
- system hangs when failing a path [#177266] (LTC23855)
- reiserfs corruption with 2.6.5-7.252-smp x86_64 + patches from #115460 [#170162]
- vfs: use in-dentry qstr rather than allocate an external one [#182924]
- Fix assertion failure in journal_drop_transaction() [#180498]
- bio_to_region fix [#151217]
- the whole RAM can't become dirty cache (pagetables, slab etc...) [#164387]

Security Update!
This kernel update fixes the following security problems:

- CVE-2006-3626: A race condition allows local users to gain root privileges
by changing the file mode of /proc/self/ files in a way
that causes those files (for instance /proc/self/environ)
to become setuid root. [#192688]
- CVE-2006-2935: A stackbased buffer overflow in CDROM / DVD handling was
fixed which could be used by a physical local attacker
to crash the kernel or execute code within kernel
context, depending on presence of automatic DVD handling
in the system. [#190396]
- CVE-2006-2934: When a SCTP packet without any chunks is received, the
newconntrack variable in sctp_packet contains an out of
bounds value that is used to look up an pointer from the
array of timeouts, which is then dereferenced, resulting
in a crash. Make sure at least a single chunk is present.
[#190136]
- CVE-2006-2451: Due to an argument validation error in prctl(PR_SET_DUMPABLE)
a local attacker can easily gain administrator (root)
privileges. [#186980]
- CVE-2006-3085: Fixed a remotely triggerable endless loop in SCTP netfilter
handling caused by 0 chunk length. [#186584]
- CVE-2006-2448: Due to missing checking of validity of userspace pointers
it was possible for local attackers to read any kernel
memory, potentially exposing sensitive data to the
attacker or crash the kernel.
This problem is PowerPC specific. [#186583]
- CVE-2006-2444: The snmp_trap_decode function in the SNMP NAT helper
allows remote attackers to cause a denial of service
(crash) via unspecified remote attack vectors that cause
failures in snmp_trap_decode that trigger (1) frees of
random memory or (2) frees of previously-freed memory
(double-free) by snmp_trap_decode as well as its calling
function, as demonstrated via certain test cases of
the PROTOS SNMP test suite. [#177577]
- CVE-2006-1858: SCTP allowed remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a chunk
length that is inconsistent with the actual length of
provided parameters. [#177571]
- CVE-2006-1857: A buffer overflow in the SCTP protocol could allow remote
attackers to cause a crash or possibly execute arbitrary
code via a malformed HB-ACK chunk. [#177571]
- CVE-2006-1528: Linux allows local users to cause a denial of service (crash)
via a Direct I/O transfer from the sg driver to memory
mapped (mmap) IO space. [#177085]
- CVE-2006-0744: When the user could have changed %RIP always force IRET,
now also fixed for the UML kernel. [#156580]

and the following non security bugs:

- Fix concurrent writes to /proc/sys/vm/toss_page_cache_nodes [#183048]
- Null-terminate over-long /proc/kallsyms symbols [#190296]
- make APIC errors KERN_DEBUG [#188009]
- lpfc: Fix for "UnknownIOCB command Data: x0 x3 x0 x0" [#161780]
- SATA 'abnormal status' error, followed by system hang [#188351]
- system hangs when failing a path [#177266] (LTC23855)
- reiserfs corruption with 2.6.5-7.252-smp x86_64 + patches from #115460 [#170162]
- vfs: use in-dentry qstr rather than allocate an external one [#182924]
- Fix assertion failure in journal_drop_transaction() [#180498]
- bio_to_region fix [#151217]
- the whole RAM can't become dirty cache (pagetables, slab etc...) [#164387]

Security Update!
This kernel update fixes the following security problems:

- CVE-2006-3626: A race condition allows local users to gain root privileges
by changing the file mode of /proc/self/ files in a way
that causes those files (for instance /proc/self/environ)
to become setuid root. [#192688]
- CVE-2006-2935: A stackbased buffer overflow in CDROM / DVD handling was
fixed which could be used by a physical local attacker
to crash the kernel or execute code within kernel
context, depending on presence of automatic DVD handling
in the system. [#190396]
- CVE-2006-2934: When a SCTP packet without any chunks is received, the
newconntrack variable in sctp_packet contains an out of
bounds value that is used to look up an pointer from the
array of timeouts, which is then dereferenced, resulting
in a crash. Make sure at least a single chunk is present.
[#190136]
- CVE-2006-2451: Due to an argument validation error in prctl(PR_SET_DUMPABLE)
a local attacker can easily gain administrator (root)
privileges. [#186980]
- CVE-2006-3085: Fixed a remotely triggerable endless loop in SCTP netfilter
handling caused by 0 chunk length. [#186584]
- CVE-2006-2448: Due to missing checking of validity of userspace pointers
it was possible for local attackers to read any kernel
memory, potentially exposing sensitive data to the
attacker or crash the kernel.
This problem is PowerPC specific. [#186583]
- CVE-2006-2444: The snmp_trap_decode function in the SNMP NAT helper
allows remote attackers to cause a denial of service
(crash) via unspecified remote attack vectors that cause
failures in snmp_trap_decode that trigger (1) frees of
random memory or (2) frees of previously-freed memory
(double-free) by snmp_trap_decode as well as its calling
function, as demonstrated via certain test cases of
the PROTOS SNMP test suite. [#177577]
- CVE-2006-1858: SCTP allowed remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a chunk
length that is inconsistent with the actual length of
provided parameters. [#177571]
- CVE-2006-1857: A buffer overflow in the SCTP protocol could allow remote
attackers to cause a crash or possibly execute arbitrary
code via a malformed HB-ACK chunk. [#177571]
- CVE-2006-1528: Linux allows local users to cause a denial of service (crash)
via a Direct I/O transfer from the sg driver to memory
mapped (mmap) IO space. [#177085]
- CVE-2006-0744: When the user could have changed %RIP always force IRET,
now also fixed for the UML kernel. [#156580]

and the following non security bugs:

- Fix concurrent writes to /proc/sys/vm/toss_page_cache_nodes [#183048]
- Null-terminate over-long /proc/kallsyms symbols [#190296]
- make APIC errors KERN_DEBUG [#188009]
- lpfc: Fix for "UnknownIOCB command Data: x0 x3 x0 x0" [#161780]
- SATA 'abnormal status' error, followed by system hang [#188351]
- system hangs when failing a path [#177266] (LTC23855)
- reiserfs corruption with 2.6.5-7.252-smp x86_64 + patches from #115460 [#170162]
- vfs: use in-dentry qstr rather than allocate an external one [#182924]
- Fix assertion failure in journal_drop_transaction() [#180498]
- bio_to_region fix [#151217]
- the whole RAM can't become dirty cache (pagetables, slab etc...) [#164387]

Security Update!
This kernel update fixes the following security problems:

- CVE-2006-3626: A race condition allows local users to gain root privileges
by changing the file mode of /proc/self/ files in a way
that causes those files (for instance /proc/self/environ)
to become setuid root. [#192688]
- CVE-2006-2935: A stackbased buffer overflow in CDROM / DVD handling was
fixed which could be used by a physical local attacker
to crash the kernel or execute code within kernel
context, depending on presence of automatic DVD handling
in the system. [#190396]
- CVE-2006-2934: When a SCTP packet without any chunks is received, the
newconntrack variable in sctp_packet contains an out of
bounds value that is used to look up an pointer from the
array of timeouts, which is then dereferenced, resulting
in a crash. Make sure at least a single chunk is present.
[#190136]
- CVE-2006-2451: Due to an argument validation error in prctl(PR_SET_DUMPABLE)
a local attacker can easily gain administrator (root)
privileges. [#186980]
- CVE-2006-3085: Fixed a remotely triggerable endless loop in SCTP netfilter
handling caused by 0 chunk length. [#186584]
- CVE-2006-2448: Due to missing checking of validity of userspace pointers
it was possible for local attackers to read any kernel
memory, potentially exposing sensitive data to the
attacker or crash the kernel.
This problem is PowerPC specific. [#186583]
- CVE-2006-2444: The snmp_trap_decode function in the SNMP NAT helper
allows remote attackers to cause a denial of service
(crash) via unspecified remote attack vectors that cause
failures in snmp_trap_decode that trigger (1) frees of
random memory or (2) frees of previously-freed memory
(double-free) by snmp_trap_decode as well as its calling
function, as demonstrated via certain test cases of
the PROTOS SNMP test suite. [#177577]
- CVE-2006-1858: SCTP allowed remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a chunk
length that is inconsistent with the actual length of
provided parameters. [#177571]
- CVE-2006-1857: A buffer overflow in the SCTP protocol could allow remote
attackers to cause a crash or possibly execute arbitrary
code via a malformed HB-ACK chunk. [#177571]
- CVE-2006-1528: Linux allows local users to cause a denial of service (crash)
via a Direct I/O transfer from the sg driver to memory
mapped (mmap) IO space. [#177085]
- CVE-2006-0744: When the user could have changed %RIP always force IRET,
now also fixed for the UML kernel. [#156580]

and the following non security bugs:

- Fix concurrent writes to /proc/sys/vm/toss_page_cache_nodes [#183048]
- Null-terminate over-long /proc/kallsyms symbols [#190296]
- make APIC errors KERN_DEBUG [#188009]
- lpfc: Fix for "UnknownIOCB command Data: x0 x3 x0 x0" [#161780]
- SATA 'abnormal status' error, followed by system hang [#188351]
- system hangs when failing a path [#177266] (LTC23855)
- reiserfs corruption with 2.6.5-7.252-smp x86_64 + patches from #115460 [#170162]
- vfs: use in-dentry qstr rather than allocate an external one [#182924]
- Fix assertion failure in journal_drop_transaction() [#180498]
- bio_to_region fix [#151217]
- the whole RAM can't become dirty cache (pagetables, slab etc...) [#164387]

Security Update!
It was possible to bypass RIPv2 authentication requirements by using
RIPv1. Since RIPv1 doesn't support authentication at all this update
introduces an option to switch off RIPv1 (CVE-2006-2223,
CVE-2006-2224).

This patch fixes improper memory buffer handling in pwck and grpck,
which was causing memory corruptions themselves leading to a crash
of these tools.

Security Update!
This update fixes a security in wget, where evil servers could send
terminal escape codes to the user calling wget. This would only affect
interactive sessions. (CVE-2004-1488)

Additionaly a previous ".file" fix was found to be buggy and replaced. This
bug could lead to ".directories" not being retrievable and "_files"
being overwritten.

Security Update!
Mutt had a buffer overflow in IMAP namespace parsing code
which may open a possible remote vulnerability (CVE-2006-3242).

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
Following security problems were found in OpenOffice_org:

- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading of the
document. The user will not be asked or notified and the macro will
have full access to system resources with current user's privileges. As
a result, the macro may delete/replace system files, read/send private
data and/or cause additional security issues.

Note that this attack works even with Macro execution disabled.

This attack allows remote attackers to modify files / execute code as
the user opening the document.

- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace system files,
read or send private data, and/or cause additional security issues.

Since Java applet support is only there for historical reasons, as
StarOffice was providing browser support, the support has nown been
disabled by default.

- CVE-2006-3117:
A buffer overflow in the XML utf8 converter allows for a value to be
written to an arbitrary location in memory. This may lead to command
execution in the context of the current user.

Security Update!
The KDE soundserver aRts lacked checks around some setuid() calls. This
could potentially be used by a local attacker to gain root
privileges. (CVE-2006-2916)

Security Update!
The Perl Crypt::CBC module versions through 2.16 produced weak
ciphertext when used with block encryption algorithms with blocksize larger
than 8 bytes. (CVE-2006-0898)

Security Update!
It is possible to crash (denial of service) the GNU Privacy Guard (gpg)
by supplying a specifically crafted message specifying a very large UID,
which leads to an out of memory situation or an integer overflow.

It is unclear if this problem can be exploited to execute code.

This issue is tracked by the Mitre CVE ID CVE-2006-3082.

Security Update!
KDM stores the type of the previously used session in the user's
home directory. By using a symlink users could trick kdm into also
storing content of files that are normally not accesible by users
(CVE-2006-2449).

Security Update!
The previous security update caused problems with arrays due to a broken patch for CVE-2006-2657.

Security Update!
The previous security update caused problems with arrays due to a broken patch for CVE-2006-2657.

Security Update!
The previous security update caused problems with arrays due to a broken patch for CVE-2006-2657.

Security Update!
The previous security update caused problems with arrays due to a broken patch for CVE-2006-2657.

Security Update!
The previous security update caused problems with arrays due to a broken patch for CVE-2006-2657.

Security Update!
The previous security update caused problems with arrays due to a broken patch for CVE-2006-2657.

Security Update!
The previous security update caused problems with arrays due to a broken patch for CVE-2006-2657.

Security Update!
The previous security update caused problems with arrays due to a broken patch for CVE-2006-2657.

Security Update!
The previous security update caused problems with arrays due to a broken patch for CVE-2006-2657.

Security Update!
The previous security update caused problems with arrays due to a broken patch for CVE-2006-2657.

Security Update!
The previous security update caused problems with arrays due to a broken patch for CVE-2006-2657.

Security Update!
The previous security update caused problems with arrays due to a broken patch for CVE-2006-2657.

Security Update!
The previous security update caused problems with arrays due to a broken patch for CVE-2006-2657.

Security Update!
The previous security update caused problems with arrays due to a broken patch for CVE-2006-2657.

Security Update!
The previous security update caused problems with arrays due to a broken patch for CVE-2006-2657.

Security Update!
The previous security update caused problems with arrays due to a broken patch for CVE-2006-2657.

Security Update!
The previous security update caused problems with arrays due to a broken patch for CVE-2006-2657.