A SUSE Security Summary reports about vulnerabilities in the packages powerdns, dnsmasq, python, mailman, ruby, Opera 9.5.2, neon, rxvt-unicode, perl, wireshark/ethereal, namazu, gnome-screensaver, and mysql. Updated packages are available now and should be installed on vulnerable systems.

When an OfficeScan administrator logs on, an attacker can illegally access the password authentication token and take full control of the Web console. Patches are available now.

A security vulnerability with system calls in the Solaris Kernel may allow two unprivileged local user processes to establish a covert communication channel bypassing system restrictions such as the multi-level security policy found in Solaris Trusted Extensions or the isolation policy implemented using zones(5) or chroot(2). A patch is available now.

A security vulnerability has been identified with HP-UX running Apache. These vulnerabilities could be exploited remotely resulting in Cross Site Scripting (XSS) or Denial of Service (DoS). Patches are available now.

A security vulnerability has been identified in the HP Enterprise Discovery. The vulnerability could be exploited remotely by an authorized user to gain extended privileges. Patches are available now.

Two denial of service vulnerabilities were discovered in the ipsec-tools racoon daemon, which could allow a remote attacker to cause it to consume all available memory. Fixed packages are available now.

Several vulnerabilites were found in the Red Hat Directory Server. Fixed packages are available now.

A problem has been identified in the pppoe(4) code. A bug in range checking allows a malicious packet to make the kernel access memory outside of the allocated buffer and cause a kernel crash. A patch is available now.

Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code. Fixed packages are available now.

Several vulnerabilities were found in the Linux kernel of Red Hat Enterprise Linux 5. Fixed kernel packages are available now.

Two denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume all available memory.
Several vulnerabilities were found in the Apache Tomcat servlet container.
A numeric truncation error was found in the OpenOffice.org memory allocator. If a carefully crafted file was opened by a victim, an attacker could use this flaw to crash OpenOffice.org or, possibly, execute arbitrary code.
Fixed packages are available now.

It was discovered that libTIFF, a library for handling the Tagged Image File Format, is vulnerable to a programming error allowing malformed tiff files to lead to a crash or execution of arbitrary code. Fixed packages are available now.

Several vulnerabilities were found in the Sun Java packages of SUSE Linux. Fixed packages are available now.

A security vulnerability in the NFS kernel module may allow a local unprivileged user to cause a NFS server to panic, resulting in a Denial-of-Service (DoS). A patch is available now.

Sun Fire 12K/15K/E20K/E25K systems equipped with UltraSPARC IV or UltraSPARC IV+ System Boards that use high traffic across a Quad GigaSwift (QGE-X) card may panic, leading to a Denial-of-Service (DoS). A patch solves this problem.

OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. Updated openssh packages are now available for Red Hat Enterprise Linux 4, Red Hat Enterprise Linux 5, and Red Hat Enterprise Linux 4.5 Extended Update Support. This is due to last week Red Hat has detected an intrusion on certain of its computer systems. Red Hat is issuing this alert primarily for those who may obtain Red Hat binary packages via channels other than those of official Red Hat subscribers.

An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server. Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a Denial-of-Service (DoS) or possibly execute arbitrary code with root privileges on the X.org server. The Metisse program is likewise affected by these issues. Updated packages have been patched to prevent them.

The previous version of the PowerDNS Recursor (3.1.5) didn't properly address the issue, as UDP source port selection was insufficiently randomized. All users should upgrade to version 3.1.6 immediately.

vBulletin is a community forum solution for a wide range of users, including industry leading companies. A Cross-Site Scripting (XSS) vulnerability has been discovered that could allow an attacker to carry out an action impersonating a legal user, or to obtain access to a user's account. This flaw allows unauthorized disclosure and modification of information, and it allows disruption of service. A patch solves this potential problem.

The Linux 2.6 kernel shows some vulnerabilities which may be solved now by installing Linux 2.6.18 kernel packages. These vulnerabilities might lead to a Denial-of-Service (DoS) or arbitrary code execution.

The libxml2 packages provide a library to manipulate XML files. A Denial-of-Service vulnerability has been found in the way libxml2 processes certain content. If an application linked against libxml2 processes malformed XML content, it could cause the application to stop responding. An updated package is available now.

A format string vulnerability in yelp after version 2.19.90 and before 2.24 might allow remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command-line or via URI helpers in Firefox, Evolution, or possibly other programs. Fixed software is available now.

Remote execution of arbitrary code is possible due to various flaws in xine-lib, which is the library with most functionality for the xine media player. Fixed packages are available now.

Opera is a well known web browswer. The new version 9.52 solves many problems and fixes some security relates issues, too. So it's recommended to use this version only.

A security vulnerability in the NFSv4 client kernel module may allow a local unprivileged user who cooperates with a remote privileged user on an NFSv4 server to be able to cause all NFSv4 mounts on client systems which have an NFSv4 mount of the above NFSv4 server to become unresponsive which is a Denial-of-Service (DoS). A patch is available now.

Various potential security vulnerabilities have been identified in Microsoft software at the last Microsoft patch day. This software is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of the Security Bulletin.

Apache Tomcat is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. If a context is configured with "allowLinking=true" and the connector is configured with URIEncoding="UTF-8" then a malformed request may be used to access arbitrary files on the server. This vulnerability is addressed in Apache Tomcat 4.1.38, 5.5.27, and 6.0.18.

Intrinsic Swimage Encore automates remote desktop, server, and device deployment. This product includes both a server and a client solution. The Swimage server sends to the client .bin files that contain encypted data. The Swimage client application, Conductor.exe, contains a hardcoded, unencrypted master password that can be used to access the data in these .bin files. Following a system installation the .bin files and Conductor.exe are deleted from the remote client by the Swimage server, but the memory is not wiped. Authentication credentials may be stored in plain text on client machines. The credentials may also be sent unencrypted over the network. This issue is addressed in Intrinsic Swimage Encore version 5.0.1.21.

Amarok is a free software to manage and play audio files. A flaw in amarok prior to 1.4.10 might allow local users to overwrite arbitrary files via a symlink attack on a temporary file that amarok created with a predictable name.

An integer overflow vulnerability in the PNG image handling filter in CUPS has been found. This could allow a malicious user to execute arbitrary code with the privileges of the user running CUPS, or cause a Denial-of-Service (DoS) by sending a specially crafted PNG image to the print server. Updated software is available now for many systems.

The WebEx meeting service is a hosted multimedia conferencing solution that is managed by and maintained by Cisco WebEx. When a meeting participant connects to the WebEx meeting service through a web browser, the WebEx meeting service installs several components of the WebEx Meeting Manager browser plugin on the meeting participant's system. WebEx Meeting Manager includes the ActiveX Control atucfobj.dll, a DLL that allows meeting participants to view Unicode fonts. This library contains a buffer overflow vulnerability that could allow an attacker to execute arbitrary code. Updated client software is provided when the client reconnects to the server.

A vulnerability exists in the functionality exposed by the Symantec Veritas Storage Foundation for Windows Scheduler Service, VxSchedService.exe, which listens by default on TCP port 4888. The management console allows NULL NTLMSSP authentication thereby enabling a remote attacker to add, modify, or delete snapshots schedules and consequently run arbitrary code under the context of the SYSTEM user. Authentication is not required to exploit this vulnerability. Symantec has issued an update to correct this vulnerability.

Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), and TLS. A flaw was found in the way Postfix dereferences symbolic links. If a local user has write access to a mail spool directory with no root mailbox, it may be possible for them to append arbitrary data to files that root has write permission to. Updated packages solve this problem.

Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. When importing bugs using importxml.pl, the --attach_path option can be specified, pointing to the directory where attachments to import are stored. If the XML file being read by importxml.pl contains a malicious node, the script follows this relative path and attaches the local file pointed by it to the bug, making the file public. A security fix makes sure the relative path is always ignored.

A Security vulnerability in the FTP subsystem of Sun Java System Web Proxy Server 4.0 may allow a local or remote unprivileged user to prevent the proxy server from accepting new connections, resulting in a Denial-of-Service (DoS) to the proxy server. Fixed software is available now.

It has been discovered that yum-rhn-plugin doesn't verify the SSL certificate for all communication with a Red Hat Network server. An attacker able to redirect the network communication between a victim and an RHN server could use this flaw to provide malicious repository metadata. This metadata could be used to block the victim from receiving specific security updates. An updated package solves this potential problem.

CA HIPS (host based intrusion prevention system) contains a vulnerability that might allow local attackers to cause a system crash or potentially execute arbitrary code. The vulnerability is due insufficient verification of IOCTL requests by the kmxfw.sys driver. Another vulnerability might allow an attacker to cause a Denial-of-Service condition. The vulnerability is also due to insufficient validation by the kmxfw.sys driver. Updated software is available now.

Multiple vulnerabilities and weaknesses were discovered in Drupal. since some of them are remotely exploitable, the security risk is rated as highly critical. Due to this, updated software should be installed immediately.

Several vulnerabilities in Red Hat Network Proxy Server and Red Hat Network Satellite Server can be fixed now by installing version 5.1.1 which is available now.

The Linux 2.6 kernel shows some vulnerabilities which may be solved now. These vulnerabilities might lead to a Denial-of-Service (DoS) or the privilege escalation of local users. Further on, a vulnerability in the OCSP search functionality in stunnel might allow a remote attacker to use a revoked certificate that would be successfully authenticated by stunnel. An updated package solves this problem, too.

An incomplete fix for CVE-2008-2713 resulted in remote attackers being able to cause a Denial-of-Service via a malformed Petite file that triggered an out-of-bounds memory access. This issue is corrected with the 0.93.3 release which is being provided now.

A security vulnerability in Solaris 10 related to the sendfilev() system call may allow a user who has the ability to create pages that are hosted on a Solaris 10 system using Apache 2.2.x, to create a carefully crafted web page which could cause a system panic resulting in a Denial-of-Service (DoS) condition. In addition, it may be possible for a local unprivileged user to be able to panic the system with a specially crafted program which calls the sendfile() system call (using either the sendfilev(3EXT) library routine or else directly). Patches solve these problems.

A potential security vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited to allow remote privileged access. A patch remedies this problem.

The hplip (Hewlett-Packard Linux Imaging and Printing) packages provide drivers for Hewlett-Packard printers and multifunction peripherals. A flaw was discovered in the hplip alert-mailing functionality. A local attacker could elevate their privileges by using specially crafted packets to trigger alert mails, which are sent by the root account. Another flaw was discovered in the hpssd message parser. By sending specially-crafted packets, a local attacker could cause a Denial-of-Service, stopping the hpssd process. An updated package is available now.

The packages mentioned above show vulnerabilities possibly leading toa remote execution of arbitrary code or increased privileges of local users. It's recommended to install this update on productive systems.

An information disclosure vulnerability is present in VMware VirtualCenter. Exploitation of this flaw might result in disclosure of the user names of system accounts. An update solves this problem.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

The rmtree function in lib/File/Path.pm in Perl 5.10 doesn't properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack. Updated packages have been patched to fix this problem.

The OfficeScan Web Console utilizes several ActiveX controls when deploying the product through its Web interface. One of these controls, objRemoveCtrl, has been found to be vulnerable to a stack-based buffer overflow when embedded in a webpage. An attacker could exploit these issues by enticing a victim into viewing a malicious web page. A successful exploit would allow attacker-supplied code to run in the context of the currently logged-in user. As a workaround, the kill bit for the responsible ActiveX control should be set. As far as available, an update should be installed.

Multiple vulnerabilities have been discovered in Ruby. They might lead to increased privileges, inappropriate access, providing misleading information or Denial-of-Service (DoS). Updated packages are available now.

Condor is a specialized workload management system for compute-intensive jobs as part of Red Hat Enterprise MRG. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. A flaw has been found in the way Condor interprets wildcards in authorization lists. Due to this, remote users may be able to submit computation jobs, even when such access should have been denied. A patch remedies this potential problem.
An updated dnsmasq package that implements UDP source-port randomization is now available for Red Hat Enterprise Linux 5.

It has been discovered that the PowerDNS (pdns) authoritative name server doesn't respond to DNS queries which contain certain characters, increasing the risk of successful DNS spoofing. An update changes PowerDNS to respond with SERVFAIL responses instead.

If a Solaris Trusted Extensions system has a labeled zone which is in the "installed" state, a security vulnerability in Solaris Trusted Extensions labeled networking may allow remote unauthorized users from another system (at the same label) to gain access to the global zone of the affected system, if that user has access to a username and password that is valid within the global zone. This is a Mandatory Access Control (MAC) policy violation. The global zone in the Solaris Trusted Extensions system is the administrative zone, which should only be accessible to administrative roles. A patch remedies this problem.

A SUSE Security Summary reports about vulnerabilities in the packages moodle, Opera 9.5.1, libxcrypt, Acroread, and gnumeric. Updated packages are available now and should be installed on vulnerable systems.

Potential cross-site scripting vulnerabilities have been identified in code generated by Adobe Presenter 7 and Adobe Presenter 6. Adobe recommends customers update to Adobe Presenter 7.0.1, and update any previously deployed content.

The Apache mod_proxy_ftp module allows the Apache web server to act as a proxy for FTP sites. Filename globbing is the process of using wildcards to match filenames. The mod_proxy_ftp module contains an XSS vulnerability that occurs because the module does not properly filter globbed characters in FTP URIs. Apache has released updates to address this issue.

A local user can hijack X11 connections. This is possible due to a vulnerability in rxvt, allowing to open a terminal on :0 if the environment variable isn't set correctly.
Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to attempting to mark non-existent regions as dirty, aka the bitblt heap overflow. Fujrther on, Qeumu shows variouis other vulnerabilities, leading to a Denial-of-Service (DoS) or even the execution of arbitrary code.
Python shows some integer overflows and underflows, leading to the execution of arbitrary code or a Denial-of-Service.
Updated packages have been patches, solving these problems.

A security vulnerability in the firmware for Sun Netra T5220 systems version 7.1.3 may allow a local unprivileged user to panic the system, which is a type of Denial-of-Service (DoS). Firmware version 7.1.4.a solves this problem.

Due to a security vulnerability in Solaris, usage of the pthread_mutex_reltimedlock_np(3C) API by a local unprivileged user or by an application, when the API is used in a particular way, can cause the system to hang or, if the deadman feature is enabled, to panic. This leads to a Denial-of-Service (DoS) condition.
A security vulnerability in the snoop(1M) network utility relating to the display of SMB traffic may allow a remote user the ability to execute arbitrary commands as the user "nobody" or possibly another local user.
Patches fix these problems.

A potential security vulnerability has been identified in HP-UX using libc. It might be exploited remotely to create a Denial-of-Service (DoS). Patches are available now.

Updated JBoss Enterprise Application Platform (JBoss EAP) packages fix various security issues. These are various possibilities for Cross-Site Scripting (XSS) as well as unauthenticated access to the status servlet.

Sun xVM VirtualBox is a virtualization solution for different operating systems. As far as this software runs unter Microsoft Windows, a flaw in the kernel driver might allow local users to execute arbitrary code in kernel context. Version 1.6.4 has fixed this vulnerability.

Opensc is a a library and utilities to handle smart cards. The initialization of smart cards with the Siemens CardOS M4 card operating system is done without proper access rights. This allows everyone to change the card's PIN. An updated package remedies this problem.

Updated kernel packages fixing some security issues and several bugs are now available for Red Hat Enterprise Linux 5. The vulnerabilities concern a possible kernel leak in the Linux kernel Simple Internet Transition (SIT) INET6 implementation allowing local users to cause a Denial-of-Service. A flaw in the Linux kernel setrlimit system call could allow a local unprivileged user to bypass the CPU time limit. Further on, multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers are missing checks for terminal validity, which could allow privilege escalation.
Updated kernel packages fixing these problems are available now.

CA ARCserve Backup for Laptops and Desktops server contains a vulnerability that can allow a remote attacker to execute arbitrary code or cause a Denial-of-Service condition. The vulnerability occurs due to insufficient bounds checking by the LGServer service. An attacker can make a request that can result in arbitrary code execution or crash the service. An appropriate update solves this potential problem.

Most versions of Apache Tomcat show a vulnerability allowing Cross-Site Scripting (XSS). Additionally, a vulnerability exposing information has been found. Please update your Tomcat installation.

A security vulnerability in the namefs kernel module may allow a local unprivileged user the ability to execute arbitrary code in kernel context or panic the system. The ability to panic the system is a type of Denial-of-Service (DoS). A patch is available now.

Local exploitation of a file permissions modification vulnerability in the "verifydb" utility, as included with Ingres Database 2006 Release 2 for Linux, allows attackers to modify the permissions of files owned by the Ingres database user. A stack-based buffer overflow vulnerability in the "libbecompat" library allows attackers to execute arbitrary code with the privileges of the Ingres user. Finally, local exploitation of an untrusted library path vulnerability in the "ingvalidpw" utility allows attackers to execute arbitrary code with root privileges.
These problems have been identified and resolved by Ingres in the following releases: Ingres 2006 release 2 (9.1.0), Ingres 2006 release 1 (9.0.4), and Ingres 2.6.

The net-snmp daemon implements SNMP. Version 3 of SNMP as implemented in net-snmp uses the length of the HMAC in a packet to verify against a local HMAC for authentication. An attacker can therefore send a SNMPv3 packet with a one byte HMAC and guess the correct first byte of the local HMAC with 256 packets (max). Additionally, a buffer overflow in perl-snmp has been found, causing a Denial-of-Service by crashing the application. Updated packages are available now.

Several remote vulnerabilities have been discovered in the Common Unix Printing System (CUPS). They might lead to buffer overflows or an integer overflow. As a consequence, arbitrary code can be executed on the vulnerable system.
Httrack is a utility to create local copies of websites. It's vulnerable to a buffer overflow potentially allowing to execute arbitrary code when passed excessively long URLs.
Updated packages solving these problems are available now.

Local exploitation of an untrusted path vulnerability in the "dbmsrv" program, as distributed with SAP AG's MaxDB, allow attackers to elevate privileges to that of the "sdb" user. Fixed software is available now.

Due to a security vulnerability in the Solaris Platform Information and Control Library daemon (picld(1M)), a local unprivileged user may be able to disable system monitoring and prevent system utilities (prtdiag(1M), prtpicl(1M), prtfru(1M)) from operating properly. A patch is available now.

A security vulnerability has been identified in HP-UX running System Administration Manager (SAM). This vulnerability may allow unintended remote access. Patche are available now.

Apple has published the security update for Mac OS X. It fixes multiple vulnerabilities in Open Scripting Architecture, BIND, CarbonCore, CoreGraphics, Data Detectors Engine, Disk Utility, OpenLDAP, OpenSSL, PHP, QuickLook, and rsync. It's recommended to install this update.

Several vulnerabilities were found in the Java Runtime Environment (JRE). Fixed packages are available now.

A flaw was found in the nfs-utils package build. The nfs-utils package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. Fixed packages are available now.

It was discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution of arbitrary code. Fixed software is available now.

It was discovered that newsx, an NNTP news exchange utility, was affected by a buffer overflow allowing remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period. Fixed packages are available now.