As of now we are offering so called Patch RPM packages. A Patch RPM updates an already installed RPM. It only contains files which have changed - therefore it is (much) smaller than the complete RPM package. Prerequisite for installation is an already installed basic RPM. The packages included on the SUSE Linux 10.2 (i386) CDs/DVD are considered as basic RPMs.
If you want to update an already installed package, please download the smaller Patch RPM package.
| 21 Nov 2008 |
acroread: Adobe Reader for PDF Files |
| RPM |
acroread 8.1.3-1.1 (i586) |
41166 kB |
| Source-RPM |
acroread-8.1.3-1.1.nosrc.rpm |
|
Security Update!
The acroread package was update to fix several security vulnerabilities in the JavaScript engine. (CVE-2008-2992, CVE-2008-2549, CVE-2008-4812, CVE-2008-4813, CVE-2008-4817, CVE-2008-4816, CVE-2008-4814, CVE-2008-4815)
|
| 21 Nov 2008 |
clamav-db: Virus Database for ClamAV |
| RPM |
clamav-db 0.94.1-2.1 (i586) |
18612 kB |
| Source-RPM |
clamav-0.94.1-2.1.src.rpm |
|
Security Update!
Various bugs such as a get_unicode_name() off-by-one buffer overflow, a bug in URL parsing of phishing checks as
well as minor other issues have been fixed in clamav. (CVE-2008-5050)
|
| 21 Nov 2008 |
clamav: Antivirus Toolkit |
| RPM |
clamav 0.94.1-2.1 (i586) |
1312 kB |
| Patch-RPM |
clamav 0.94.1-2.1-patch (i586) |
1151 kB |
| Source-RPM |
clamav-0.94.1-2.1.src.rpm |
|
Security Update!
Various bugs such as a get_unicode_name() off-by-one buffer overflow, a bug in URL parsing of phishing checks as
well as minor other issues have been fixed in clamav. (CVE-2008-5050)
|
| 21 Nov 2008 |
squirrelmail: a web-mailer written in php4 |
| RPM |
squirrelmail 1.4.9a-2.12 (noarch) |
568 kB |
| Patch-RPM |
squirrelmail 1.4.9a-2.12-patch (noarch) |
253 kB |
| Source-RPM |
squirrelmail-1.4.9a-2.12.src.rpm |
|
Security Update!
Squirrelmail was updated to use the secure flag for its cookies.
Otherwise it was possible to hijack a SSL-protected session via
leaked cookies. (CVE-2008-3663)
The previous update for the problem above contained a typo which
broke squirrelmail.
|
| 21 Nov 2008 |
imp: A Web-Based Mail Client |
| RPM |
imp 4.1.3-66.1 (noarch) |
2143 kB |
| Patch-RPM |
imp 4.1.3-66.1-patch (noarch) |
50 kB |
| Source-RPM |
imp-4.1.3-66.1.src.rpm |
|
Security Update!
This update fixes a XSS vulnerability in imp. (CVE-2008-4182)
|
| 20 Nov 2008 |
OpenOffice_org-zh-TW: Chinese Traditional Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-zh-TW 2.0.4-38.14 (i586) |
12541 kB |
| Patch-RPM |
OpenOffice_org-zh-TW 2.0.4-38.14-patch (i586) |
7787 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-zu: Zulu Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-zu 2.0.4-38.14 (i586) |
2251 kB |
| Patch-RPM |
OpenOffice_org-zu 2.0.4-38.14-patch (i586) |
537 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-xh: Xhosa Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-xh 2.0.4-38.14 (i586) |
2263 kB |
| Patch-RPM |
OpenOffice_org-xh 2.0.4-38.14-patch (i586) |
547 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-zh-CN: Chinese Simplified Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-zh-CN 2.0.4-38.14 (i586) |
12445 kB |
| Patch-RPM |
OpenOffice_org-zh-CN 2.0.4-38.14-patch (i586) |
7768 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-ts: Tsonga Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-ts 2.0.4-38.14 (i586) |
2268 kB |
| Patch-RPM |
OpenOffice_org-ts 2.0.4-38.14-patch (i586) |
537 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-vi: Vietnamese Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-vi 2.0.4-38.14 (i586) |
2244 kB |
| Patch-RPM |
OpenOffice_org-vi 2.0.4-38.14-patch (i586) |
523 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-st: Sotho Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-st 2.0.4-38.14 (i586) |
2224 kB |
| Patch-RPM |
OpenOffice_org-st 2.0.4-38.14-patch (i586) |
533 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-sv: Swedish Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-sv 2.0.4-38.14 (i586) |
12540 kB |
| Patch-RPM |
OpenOffice_org-sv 2.0.4-38.14-patch (i586) |
7612 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-tr: Turkish Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-tr 2.0.4-38.14 (i586) |
2185 kB |
| Patch-RPM |
OpenOffice_org-tr 2.0.4-38.14-patch (i586) |
529 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-sr-CS: Serbian Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-sr-CS 2.0.4-38.14 (i586) |
2237 kB |
| Patch-RPM |
OpenOffice_org-sr-CS 2.0.4-38.14-patch (i586) |
535 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-sl: Slovene Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-sl 2.0.4-38.14 (i586) |
12855 kB |
| Patch-RPM |
OpenOffice_org-sl 2.0.4-38.14-patch (i586) |
7672 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-sk: Slovak Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-sk 2.0.4-38.14 (i586) |
2241 kB |
| Patch-RPM |
OpenOffice_org-sk 2.0.4-38.14-patch (i586) |
535 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-ru: Russian Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-ru 2.0.4-38.14 (i586) |
13472 kB |
| Patch-RPM |
OpenOffice_org-ru 2.0.4-38.14-patch (i586) |
8449 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-sdk-doc: OpenOffice.org SDK |
| RPM |
OpenOffice_org-sdk-doc 2.0.4-38.14 (i586) |
33777 kB |
| Patch-RPM |
OpenOffice_org-sdk-doc 2.0.4-38.14-patch (i586) |
1690 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-rw: Kinyarwanda Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-rw 2.0.4-38.14 (i586) |
2237 kB |
| Patch-RPM |
OpenOffice_org-rw 2.0.4-38.14-patch (i586) |
526 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-sdk: OpenOffice.org SDK Documentation |
| RPM |
OpenOffice_org-sdk 2.0.4-38.14 (i586) |
2963 kB |
| Patch-RPM |
OpenOffice_org-sdk 2.0.4-38.14-patch (i586) |
1491 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-pt: Portuguese Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-pt 2.0.4-38.14 (i586) |
2132 kB |
| Patch-RPM |
OpenOffice_org-pt 2.0.4-38.14-patch (i586) |
533 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-pl: Polish Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-pl 2.0.4-38.14 (i586) |
12915 kB |
| Patch-RPM |
OpenOffice_org-pl 2.0.4-38.14-patch (i586) |
7831 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-pt-BR: Brazilian Portuguese Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-pt-BR 2.0.4-38.14 (i586) |
12804 kB |
| Patch-RPM |
OpenOffice_org-pt-BR 2.0.4-38.14-patch (i586) |
7803 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-officebean: OfficeBean Java Bean component for OpenOffice.org |
| RPM |
OpenOffice_org-officebean 2.0.4-38.14 (i586) |
102 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-nn: Norwegian Nynorsk Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-nn 2.0.4-38.14 (i586) |
2198 kB |
| Patch-RPM |
OpenOffice_org-nn 2.0.4-38.14-patch (i586) |
521 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-pa-IN: Punjabi Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-pa-IN 2.0.4-38.14 (i586) |
2251 kB |
| Patch-RPM |
OpenOffice_org-pa-IN 2.0.4-38.14-patch (i586) |
528 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-nb: Norwegian Bokmaal Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-nb 2.0.4-38.14 (i586) |
2205 kB |
| Patch-RPM |
OpenOffice_org-nb 2.0.4-38.14-patch (i586) |
521 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-mono: Mono UNO Bridge for OpenOffice.org |
| RPM |
OpenOffice_org-mono 2.0.4-38.14 (i586) |
320 kB |
| Patch-RPM |
OpenOffice_org-mono 2.0.4-38.14-patch (i586) |
94 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-nl: Dutch Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-nl 2.0.4-38.14 (i586) |
12881 kB |
| Patch-RPM |
OpenOffice_org-nl 2.0.4-38.14-patch (i586) |
7814 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-mk: Macedonian Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-mk 2.0.4-38.14 (i586) |
2217 kB |
| Patch-RPM |
OpenOffice_org-mk 2.0.4-38.14-patch (i586) |
533 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-lt: Lithuanian Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-lt 2.0.4-38.14 (i586) |
2209 kB |
| Patch-RPM |
OpenOffice_org-lt 2.0.4-38.14-patch (i586) |
525 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-km: Khmer Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-km 2.0.4-38.14 (i586) |
14018 kB |
| Patch-RPM |
OpenOffice_org-km 2.0.4-38.14-patch (i586) |
8872 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-ko: Korean Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-ko 2.0.4-38.14 (i586) |
12683 kB |
| Patch-RPM |
OpenOffice_org-ko 2.0.4-38.14-patch (i586) |
7813 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-kde: KDE Extensions for OpenOffice.org |
| RPM |
OpenOffice_org-kde 2.0.4-38.14 (i586) |
244 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-ja: Japanese Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-ja 2.0.4-38.14 (i586) |
13280 kB |
| Patch-RPM |
OpenOffice_org-ja 2.0.4-38.14-patch (i586) |
8069 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-it: Italian Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-it 2.0.4-38.14 (i586) |
12728 kB |
| Patch-RPM |
OpenOffice_org-it 2.0.4-38.14-patch (i586) |
7712 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-hr: Croatian Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-hr 2.0.4-38.14 (i586) |
2255 kB |
| Patch-RPM |
OpenOffice_org-hr 2.0.4-38.14-patch (i586) |
531 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-hu: Hungarian Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-hu 2.0.4-38.14 (i586) |
13283 kB |
| Patch-RPM |
OpenOffice_org-hu 2.0.4-38.14-patch (i586) |
7992 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-hi-IN: Hindi Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-hi-IN 2.0.4-38.14 (i586) |
13375 kB |
| Patch-RPM |
OpenOffice_org-hi-IN 2.0.4-38.14-patch (i586) |
8160 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-gnome: GNOME Extensions for OpenOffice.org |
| RPM |
OpenOffice_org-gnome 2.0.4-38.14 (i586) |
283 kB |
| Patch-RPM |
OpenOffice_org-gnome 2.0.4-38.14-patch (i586) |
282 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-gu-IN: Gujarati Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-gu-IN 2.0.4-38.14 (i586) |
2241 kB |
| Patch-RPM |
OpenOffice_org-gu-IN 2.0.4-38.14-patch (i586) |
546 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-fr: French Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-fr 2.0.4-38.14 (i586) |
12935 kB |
| Patch-RPM |
OpenOffice_org-fr 2.0.4-38.14-patch (i586) |
7760 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-galleries: Extra Galleries for OpenOffice.org |
| RPM |
OpenOffice_org-galleries 2.0.4-38.14 (i586) |
7483 kB |
| Patch-RPM |
OpenOffice_org-galleries 2.0.4-38.14-patch (i586) |
7481 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-fi: Finnish Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-fi 2.0.4-38.14 (i586) |
2235 kB |
| Patch-RPM |
OpenOffice_org-fi 2.0.4-38.14-patch (i586) |
521 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-es: Spanish Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-es 2.0.4-38.14 (i586) |
12784 kB |
| Patch-RPM |
OpenOffice_org-es 2.0.4-38.14-patch (i586) |
7778 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-et: Estonian Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-et 2.0.4-38.14 (i586) |
12771 kB |
| Patch-RPM |
OpenOffice_org-et 2.0.4-38.14-patch (i586) |
7669 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-en-GB: British Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-en-GB 2.0.4-38.14 (i586) |
12223 kB |
| Patch-RPM |
OpenOffice_org-en-GB 2.0.4-38.14-patch (i586) |
7362 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-el: Greek Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-el 2.0.4-38.14 (i586) |
2262 kB |
| Patch-RPM |
OpenOffice_org-el 2.0.4-38.14-patch (i586) |
552 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-de: German Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-de 2.0.4-38.14 (i586) |
13340 kB |
| Patch-RPM |
OpenOffice_org-de 2.0.4-38.14-patch (i586) |
7926 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-da: Danish Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-da 2.0.4-38.14 (i586) |
12631 kB |
| Patch-RPM |
OpenOffice_org-da 2.0.4-38.14-patch (i586) |
7639 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-ca: Catalan Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-ca 2.0.4-38.14 (i586) |
2205 kB |
| Patch-RPM |
OpenOffice_org-ca 2.0.4-38.14-patch (i586) |
532 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-cy: Welsh Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-cy 2.0.4-38.14 (i586) |
2190 kB |
| Patch-RPM |
OpenOffice_org-cy 2.0.4-38.14-patch (i586) |
518 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-cs: Czech Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-cs 2.0.4-38.14 (i586) |
12658 kB |
| Patch-RPM |
OpenOffice_org-cs 2.0.4-38.14-patch (i586) |
7723 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-bg: Bulgarian Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-bg 2.0.4-38.14 (i586) |
2260 kB |
| Patch-RPM |
OpenOffice_org-bg 2.0.4-38.14-patch (i586) |
531 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-ar: Arabic Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-ar 2.0.4-38.14 (i586) |
2227 kB |
| Patch-RPM |
OpenOffice_org-ar 2.0.4-38.14-patch (i586) |
530 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-be-BY: Belorussian Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-be-BY 2.0.4-38.14 (i586) |
2234 kB |
| Patch-RPM |
OpenOffice_org-be-BY 2.0.4-38.14-patch (i586) |
530 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org: A Free Office Suite (Language-Independent Part) |
| RPM |
OpenOffice_org 2.0.4-38.14 (i586) |
102326 kB |
| Patch-RPM |
OpenOffice_org 2.0.4-38.14-patch (i586) |
64603 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 20 Nov 2008 |
OpenOffice_org-af: African Localization Files for OpenOffice.org |
| RPM |
OpenOffice_org-af 2.0.4-38.14 (i586) |
2233 kB |
| Patch-RPM |
OpenOffice_org-af 2.0.4-38.14-patch (i586) |
526 kB |
| Source-RPM |
OpenOffice_org-2.0.4-38.14.src.rpm |
|
Security Update!
This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added.
|
| 19 Nov 2008 |
libxml2-devel: Include Files and Libraries mandatory for Development. |
| RPM |
libxml2-devel 2.6.26-33 (i586) |
1417 kB |
| Patch-RPM |
libxml2-devel 2.6.26-33-patch (i586) |
610 kB |
| Source-RPM |
libxml2-2.6.26-33.src.rpm |
|
Security Update!
This update fixes an integer overflow in libxml2 that could lead to memory corruption and arbitrary code execution. (CVE-2008-4226)
Thanks to: Drew Yao of Apple Product Security
|
| 19 Nov 2008 |
libxml2: A Library to Manipulate XML Files |
| RPM |
libxml2 2.6.26-33 (i586) |
612 kB |
| Patch-RPM |
libxml2 2.6.26-33-patch (i586) |
572 kB |
| Source-RPM |
libxml2-2.6.26-33.src.rpm |
|
Security Update!
This update fixes an integer overflow in libxml2 that could lead to memory corruption and arbitrary code execution. (CVE-2008-4226)
Thanks to: Drew Yao of Apple Product Security
|
| 18 Nov 2008 |
phpMyAdmin: Administration of MySQL over the web |
| RPM |
phpMyAdmin 2.9.1.1-9 (noarch) |
2088 kB |
| Patch-RPM |
phpMyAdmin 2.9.1.1-9-patch (noarch) |
131 kB |
| Source-RPM |
phpMyAdmin-2.9.1.1-9.src.rpm |
|
Security Update!
This update of phpMyAdmin fixes the following bugs:
- CVE-2008-1149: SQL injection, CSRF attacks using crafted cookies
- CVE-2008-1567: local users can steal session information/credentials
- CVE-2008-1924: in a shared host environment users with CREAT permissions can read arbitrary files
- CVE-2008-3456: cross-site framing attack
- CVE-2008-3457: user-assisted XSS attack
|
| 18 Nov 2008 |
lighttpd-mod_webdav: WebDAV module for Lighttpd |
| RPM |
lighttpd-mod_webdav 1.4.13-41.13 (i586) |
32 kB |
| Patch-RPM |
lighttpd-mod_webdav 1.4.13-41.13-patch (i586) |
31 kB |
| Source-RPM |
lighttpd-1.4.13-41.13.src.rpm |
|
Security Update!
Various issues have been fixed in lighttpd.
CVE-2008-4298, CVE-2008-4359 and CVE-2008-4360
have been assigned to thess issues.
|
| 18 Nov 2008 |
lighttpd-mod_trigger_b4_dl: Another anti hot-linking module for Lighttpd |
| RPM |
lighttpd-mod_trigger_b4_dl 1.4.13-41.13 (i586) |
22 kB |
| Patch-RPM |
lighttpd-mod_trigger_b4_dl 1.4.13-41.13-patch (i586) |
21 kB |
| Source-RPM |
lighttpd-1.4.13-41.13.src.rpm |
|
Security Update!
Various issues have been fixed in lighttpd.
CVE-2008-4298, CVE-2008-4359 and CVE-2008-4360
have been assigned to thess issues.
|
| 18 Nov 2008 |
lighttpd-mod_rrdtool: Lighttpd module to feed rrdtool databases |
| RPM |
lighttpd-mod_rrdtool 1.4.13-41.13 (i586) |
22 kB |
| Patch-RPM |
lighttpd-mod_rrdtool 1.4.13-41.13-patch (i586) |
20 kB |
| Source-RPM |
lighttpd-1.4.13-41.13.src.rpm |
|
Security Update!
Various issues have been fixed in lighttpd.
CVE-2008-4298, CVE-2008-4359 and CVE-2008-4360
have been assigned to thess issues.
|
| 18 Nov 2008 |
lighttpd-mod_mysql_vhost: MySQL based virtual hosts (vhosts) module for Lighttpd |
| RPM |
lighttpd-mod_mysql_vhost 1.4.13-41.13 (i586) |
21 kB |
| Patch-RPM |
lighttpd-mod_mysql_vhost 1.4.13-41.13-patch (i586) |
20 kB |
| Source-RPM |
lighttpd-1.4.13-41.13.src.rpm |
|
Security Update!
Various issues have been fixed in lighttpd.
CVE-2008-4298, CVE-2008-4359 and CVE-2008-4360
have been assigned to thess issues.
|
| 18 Nov 2008 |
lighttpd-mod_cml: CML (Cache Meta Language) module for Lighttpd |
| RPM |
lighttpd-mod_cml 1.4.13-41.13 (i586) |
27 kB |
| Patch-RPM |
lighttpd-mod_cml 1.4.13-41.13-patch (i586) |
24 kB |
| Source-RPM |
lighttpd-1.4.13-41.13.src.rpm |
|
Security Update!
Various issues have been fixed in lighttpd.
CVE-2008-4298, CVE-2008-4359 and CVE-2008-4360
have been assigned to thess issues.
|
| 18 Nov 2008 |
lighttpd-mod_magnet: A module to control the request handling in lighttpd |
| RPM |
lighttpd-mod_magnet 1.4.13-41.13 (i586) |
27 kB |
| Patch-RPM |
lighttpd-mod_magnet 1.4.13-41.13-patch (i586) |
23 kB |
| Source-RPM |
lighttpd-1.4.13-41.13.src.rpm |
|
Security Update!
Various issues have been fixed in lighttpd.
CVE-2008-4298, CVE-2008-4359 and CVE-2008-4360
have been assigned to thess issues.
|
| 18 Nov 2008 |
lighttpd: A Secure, Fast, Compliant, and Very Flexible Web Server |
| RPM |
lighttpd 1.4.13-41.13 (i586) |
281 kB |
| Patch-RPM |
lighttpd 1.4.13-41.13-patch (i586) |
208 kB |
| Source-RPM |
lighttpd-1.4.13-41.13.src.rpm |
|
Security Update!
Various issues have been fixed in lighttpd.
CVE-2008-4298, CVE-2008-4359 and CVE-2008-4360
have been assigned to thess issues.
|
| 11 Nov 2008 |
flash-player: Macromedia Flash Plug-In |
| RPM |
flash-player 9.0.151.0-0.1 (i586) |
2771 kB |
| Source-RPM |
flash-player-9.0.151.0-0.1.src.rpm |
|
Security Update!
This update of flash-player fixes several critical security vulnerabilities. (CVE-2007-6243, CVE-2008-3873, CVE-2007-4324, CVE-2008-4401, CVE-2008-4503, CVE-2008-4546)
|
| 11 Nov 2008 |
kernel-xen: The Xen Kernel |
| RPM |
kernel-xen 2.6.18.8-0.13 (i586) |
19279 kB |
| Source-RPM |
kernel-xen-2.6.18.8-0.13.nosrc.rpm |
|
Security Update!
This kernel update fixes various bugs and also several security issues:
CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between SCTP
AUTH availability. This might be exploited remotely for a denial of
service (crash) attack.
CVE-2008-3833: The generic_file_splice_write function in fs/splice.c
in the Linux kernel does not properly strip setuid and setgid bits
when there is a write to a file, which allows local users to gain the
privileges of a different group, and obtain sensitive information or
possibly have unspecified other impact, by splicing into an inode in
order to create an executable file in a setgid directory.
CVE-2008-4210: fs/open.c in the Linux kernel before 2.6.22 does not
properly strip setuid and setgid bits when there is a write to a file,
which allows local users to gain the privileges of a different group, and
obtain sensitive information or possibly have unspecified other impact,
by creating an executable file in a setgid directory through the (1)
truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
CVE-2008-4302: fs/splice.c in the splice subsystem in the Linux
kernel before 2.6.22.2 does not properly handle a failure of the
add_to_page_cache_lru function, and subsequently attempts to unlock a page
that was not locked, which allows local users to cause a denial of service
(kernel BUG and system crash), as demonstrated by the fio I/O tool.
CVE-2008-3528: The ext[234] filesystem code fails to properly handle
corrupted data structures. With a mounted filesystem image or partition
that have corrupted dir->i_size and dir->i_blocks, a user performing
either a read or write operation on the mounted image or partition can
lead to a possible denial of service by spamming the logfile.
CVE-2007-6716: fs/direct-io.c in the dio subsystem in the Linux kernel
did not properly zero out the dio struct, which allows local users to
cause a denial of service (OOPS), as demonstrated by a certain fio test.
CVE-2008-3525: Added missing capability checks in sbni_ioctl().
CVE-2008-3272: Fixed range checking in the snd_seq OSS ioctl, which
could be used to leak information from the kernel.
CVE-2008-2931: The do_change_type function in fs/namespace.c did not
verify that the caller has the CAP_SYS_ADMIN capability, which allows
local users to gain privileges or cause a denial of service by modifying
the properties of a mountpoint.
CVE-2008-2812: Various NULL ptr checks have been added to tty op
functions, which might have been used by local attackers to execute
code. We think that this affects only devices openable by root, so the
impact is limited.
CVE-2008-1673: Added range checking in ASN.1 handling for the CIFS and
SNMP NAT netfilter modules.
CVE-2008-3527: arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared
Objects (vDSO) implementation in the Linux kernel before 2.6.21 did not
properly check boundaries, which allows local users to gain privileges
or cause a denial of service via unspecified vectors, related to the
install_special_mapping, syscall, and syscall32_nopage functions.
|
| 11 Nov 2008 |
kernel-xenpae: The Xen Kernel with PAE support |
| RPM |
kernel-xenpae 2.6.18.8-0.13 (i586) |
19350 kB |
| Source-RPM |
kernel-xenpae-2.6.18.8-0.13.nosrc.rpm |
|
Security Update!
This kernel update fixes various bugs and also several security issues:
CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between SCTP
AUTH availability. This might be exploited remotely for a denial of
service (crash) attack.
CVE-2008-3833: The generic_file_splice_write function in fs/splice.c
in the Linux kernel does not properly strip setuid and setgid bits
when there is a write to a file, which allows local users to gain the
privileges of a different group, and obtain sensitive information or
possibly have unspecified other impact, by splicing into an inode in
order to create an executable file in a setgid directory.
CVE-2008-4210: fs/open.c in the Linux kernel before 2.6.22 does not
properly strip setuid and setgid bits when there is a write to a file,
which allows local users to gain the privileges of a different group, and
obtain sensitive information or possibly have unspecified other impact,
by creating an executable file in a setgid directory through the (1)
truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
CVE-2008-4302: fs/splice.c in the splice subsystem in the Linux
kernel before 2.6.22.2 does not properly handle a failure of the
add_to_page_cache_lru function, and subsequently attempts to unlock a page
that was not locked, which allows local users to cause a denial of service
(kernel BUG and system crash), as demonstrated by the fio I/O tool.
CVE-2008-3528: The ext[234] filesystem code fails to properly handle
corrupted data structures. With a mounted filesystem image or partition
that have corrupted dir->i_size and dir->i_blocks, a user performing
either a read or write operation on the mounted image or partition can
lead to a possible denial of service by spamming the logfile.
CVE-2007-6716: fs/direct-io.c in the dio subsystem in the Linux kernel
did not properly zero out the dio struct, which allows local users to
cause a denial of service (OOPS), as demonstrated by a certain fio test.
CVE-2008-3525: Added missing capability checks in sbni_ioctl().
CVE-2008-3272: Fixed range checking in the snd_seq OSS ioctl, which
could be used to leak information from the kernel.
CVE-2008-2931: The do_change_type function in fs/namespace.c did not
verify that the caller has the CAP_SYS_ADMIN capability, which allows
local users to gain privileges or cause a denial of service by modifying
the properties of a mountpoint.
CVE-2008-2812: Various NULL ptr checks have been added to tty op
functions, which might have been used by local attackers to execute
code. We think that this affects only devices openable by root, so the
impact is limited.
CVE-2008-1673: Added range checking in ASN.1 handling for the CIFS and
SNMP NAT netfilter modules.
CVE-2008-3527: arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared
Objects (vDSO) implementation in the Linux kernel before 2.6.21 did not
properly check boundaries, which allows local users to gain privileges
or cause a denial of service via unspecified vectors, related to the
install_special_mapping, syscall, and syscall32_nopage functions.
|
| 11 Nov 2008 |
kernel-source: The Linux Kernel Sources |
| RPM |
kernel-source 2.6.18.8-0.13 (i586) |
46982 kB |
| Source-RPM |
kernel-source-2.6.18.8-0.13.src.rpm |
|
Security Update!
This kernel update fixes various bugs and also several security issues:
CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between SCTP
AUTH availability. This might be exploited remotely for a denial of
service (crash) attack.
CVE-2008-3833: The generic_file_splice_write function in fs/splice.c
in the Linux kernel does not properly strip setuid and setgid bits
when there is a write to a file, which allows local users to gain the
privileges of a different group, and obtain sensitive information or
possibly have unspecified other impact, by splicing into an inode in
order to create an executable file in a setgid directory.
CVE-2008-4210: fs/open.c in the Linux kernel before 2.6.22 does not
properly strip setuid and setgid bits when there is a write to a file,
which allows local users to gain the privileges of a different group, and
obtain sensitive information or possibly have unspecified other impact,
by creating an executable file in a setgid directory through the (1)
truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
CVE-2008-4302: fs/splice.c in the splice subsystem in the Linux
kernel before 2.6.22.2 does not properly handle a failure of the
add_to_page_cache_lru function, and subsequently attempts to unlock a page
that was not locked, which allows local users to cause a denial of service
(kernel BUG and system crash), as demonstrated by the fio I/O tool.
CVE-2008-3528: The ext[234] filesystem code fails to properly handle
corrupted data structures. With a mounted filesystem image or partition
that have corrupted dir->i_size and dir->i_blocks, a user performing
either a read or write operation on the mounted image or partition can
lead to a possible denial of service by spamming the logfile.
CVE-2007-6716: fs/direct-io.c in the dio subsystem in the Linux kernel
did not properly zero out the dio struct, which allows local users to
cause a denial of service (OOPS), as demonstrated by a certain fio test.
CVE-2008-3525: Added missing capability checks in sbni_ioctl().
CVE-2008-3272: Fixed range checking in the snd_seq OSS ioctl, which
could be used to leak information from the kernel.
CVE-2008-2931: The do_change_type function in fs/namespace.c did not
verify that the caller has the CAP_SYS_ADMIN capability, which allows
local users to gain privileges or cause a denial of service by modifying
the properties of a mountpoint.
CVE-2008-2812: Various NULL ptr checks have been added to tty op
functions, which might have been used by local attackers to execute
code. We think that this affects only devices openable by root, so the
impact is limited.
CVE-2008-1673: Added range checking in ASN.1 handling for the CIFS and
SNMP NAT netfilter modules.
CVE-2008-3527: arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared
Objects (vDSO) implementation in the Linux kernel before 2.6.21 did not
properly check boundaries, which allows local users to gain privileges
or cause a denial of service via unspecified vectors, related to the
install_special_mapping, syscall, and syscall32_nopage functions.
|
| 11 Nov 2008 |
kernel-syms: Kernel Symbol Versions (modversions) |
| RPM |
kernel-syms 2.6.18.8-0.13 (i586) |
2013 kB |
| Source-RPM |
kernel-syms-2.6.18.8-0.13.src.rpm |
|
Security Update!
This kernel update fixes various bugs and also several security issues:
CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between SCTP
AUTH availability. This might be exploited remotely for a denial of
service (crash) attack.
CVE-2008-3833: The generic_file_splice_write function in fs/splice.c
in the Linux kernel does not properly strip setuid and setgid bits
when there is a write to a file, which allows local users to gain the
privileges of a different group, and obtain sensitive information or
possibly have unspecified other impact, by splicing into an inode in
order to create an executable file in a setgid directory.
CVE-2008-4210: fs/open.c in the Linux kernel before 2.6.22 does not
properly strip setuid and setgid bits when there is a write to a file,
which allows local users to gain the privileges of a different group, and
obtain sensitive information or possibly have unspecified other impact,
by creating an executable file in a setgid directory through the (1)
truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
CVE-2008-4302: fs/splice.c in the splice subsystem in the Linux
kernel before 2.6.22.2 does not properly handle a failure of the
add_to_page_cache_lru function, and subsequently attempts to unlock a page
that was not locked, which allows local users to cause a denial of service
(kernel BUG and system crash), as demonstrated by the fio I/O tool.
CVE-2008-3528: The ext[234] filesystem code fails to properly handle
corrupted data structures. With a mounted filesystem image or partition
that have corrupted dir->i_size and dir->i_blocks, a user performing
either a read or write operation on the mounted image or partition can
lead to a possible denial of service by spamming the logfile.
CVE-2007-6716: fs/direct-io.c in the dio subsystem in the Linux kernel
did not properly zero out the dio struct, which allows local users to
cause a denial of service (OOPS), as demonstrated by a certain fio test.
CVE-2008-3525: Added missing capability checks in sbni_ioctl().
CVE-2008-3272: Fixed range checking in the snd_seq OSS ioctl, which
could be used to leak information from the kernel.
CVE-2008-2931: The do_change_type function in fs/namespace.c did not
verify that the caller has the CAP_SYS_ADMIN capability, which allows
local users to gain privileges or cause a denial of service by modifying
the properties of a mountpoint.
CVE-2008-2812: Various NULL ptr checks have been added to tty op
functions, which might have been used by local attackers to execute
code. We think that this affects only devices openable by root, so the
impact is limited.
CVE-2008-1673: Added range checking in ASN.1 handling for the CIFS and
SNMP NAT netfilter modules.
CVE-2008-3527: arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared
Objects (vDSO) implementation in the Linux kernel before 2.6.21 did not
properly check boundaries, which allows local users to gain privileges
or cause a denial of service via unspecified vectors, related to the
install_special_mapping, syscall, and syscall32_nopage functions.
|
| 11 Nov 2008 |
kernel-kdump: kernel for kdump |
| RPM |
kernel-kdump 2.6.18.8-0.13 (i586) |
17168 kB |
| Source-RPM |
kernel-kdump-2.6.18.8-0.13.nosrc.rpm |
|
Security Update!
This kernel update fixes various bugs and also several security issues:
CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between SCTP
AUTH availability. This might be exploited remotely for a denial of
service (crash) attack.
CVE-2008-3833: The generic_file_splice_write function in fs/splice.c
in the Linux kernel does not properly strip setuid and setgid bits
when there is a write to a file, which allows local users to gain the
privileges of a different group, and obtain sensitive information or
possibly have unspecified other impact, by splicing into an inode in
order to create an executable file in a setgid directory.
CVE-2008-4210: fs/open.c in the Linux kernel before 2.6.22 does not
properly strip setuid and setgid bits when there is a write to a file,
which allows local users to gain the privileges of a different group, and
obtain sensitive information or possibly have unspecified other impact,
by creating an executable file in a setgid directory through the (1)
truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
CVE-2008-4302: fs/splice.c in the splice subsystem in the Linux
kernel before 2.6.22.2 does not properly handle a failure of the
add_to_page_cache_lru function, and subsequently attempts to unlock a page
that was not locked, which allows local users to cause a denial of service
(kernel BUG and system crash), as demonstrated by the fio I/O tool.
CVE-2008-3528: The ext[234] filesystem code fails to properly handle
corrupted data structures. With a mounted filesystem image or partition
that have corrupted dir->i_size and dir->i_blocks, a user performing
either a read or write operation on the mounted image or partition can
lead to a possible denial of service by spamming the logfile.
CVE-2007-6716: fs/direct-io.c in the dio subsystem in the Linux kernel
did not properly zero out the dio struct, which allows local users to
cause a denial of service (OOPS), as demonstrated by a certain fio test.
CVE-2008-3525: Added missing capability checks in sbni_ioctl().
CVE-2008-3272: Fixed range checking in the snd_seq OSS ioctl, which
could be used to leak information from the kernel.
CVE-2008-2931: The do_change_type function in fs/namespace.c did not
verify that the caller has the CAP_SYS_ADMIN capability, which allows
local users to gain privileges or cause a denial of service by modifying
the properties of a mountpoint.
CVE-2008-2812: Various NULL ptr checks have been added to tty op
functions, which might have been used by local attackers to execute
code. We think that this affects only devices openable by root, so the
impact is limited.
CVE-2008-1673: Added range checking in ASN.1 handling for the CIFS and
SNMP NAT netfilter modules.
CVE-2008-3527: arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared
Objects (vDSO) implementation in the Linux kernel before 2.6.21 did not
properly check boundaries, which allows local users to gain privileges
or cause a denial of service via unspecified vectors, related to the
install_special_mapping, syscall, and syscall32_nopage functions.
|
| 11 Nov 2008 |
kernel-default: The Standard Kernel for both Uniprocessor and Multiprocessor Systems |
| RPM |
kernel-default 2.6.18.8-0.13 (i586) |
18924 kB |
| Source-RPM |
kernel-default-2.6.18.8-0.13.nosrc.rpm |
|
Security Update!
This kernel update fixes various bugs and also several security issues:
CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between SCTP
AUTH availability. This might be exploited remotely for a denial of
service (crash) attack.
CVE-2008-3833: The generic_file_splice_write function in fs/splice.c
in the Linux kernel does not properly strip setuid and setgid bits
when there is a write to a file, which allows local users to gain the
privileges of a different group, and obtain sensitive information or
possibly have unspecified other impact, by splicing into an inode in
order to create an executable file in a setgid directory.
CVE-2008-4210: fs/open.c in the Linux kernel before 2.6.22 does not
properly strip setuid and setgid bits when there is a write to a file,
which allows local users to gain the privileges of a different group, and
obtain sensitive information or possibly have unspecified other impact,
by creating an executable file in a setgid directory through the (1)
truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
CVE-2008-4302: fs/splice.c in the splice subsystem in the Linux
kernel before 2.6.22.2 does not properly handle a failure of the
add_to_page_cache_lru function, and subsequently attempts to unlock a page
that was not locked, which allows local users to cause a denial of service
(kernel BUG and system crash), as demonstrated by the fio I/O tool.
CVE-2008-3528: The ext[234] filesystem code fails to properly handle
corrupted data structures. With a mounted filesystem image or partition
that have corrupted dir->i_size and dir->i_blocks, a user performing
either a read or write operation on the mounted image or partition can
lead to a possible denial of service by spamming the logfile.
CVE-2007-6716: fs/direct-io.c in the dio subsystem in the Linux kernel
did not properly zero out the dio struct, which allows local users to
cause a denial of service (OOPS), as demonstrated by a certain fio test.
CVE-2008-3525: Added missing capability checks in sbni_ioctl().
CVE-2008-3272: Fixed range checking in the snd_seq OSS ioctl, which
could be used to leak information from the kernel.
CVE-2008-2931: The do_change_type function in fs/namespace.c did not
verify that the caller has the CAP_SYS_ADMIN capability, which allows
local users to gain privileges or cause a denial of service by modifying
the properties of a mountpoint.
CVE-2008-2812: Various NULL ptr checks have been added to tty op
functions, which might have been used by local attackers to execute
code. We think that this affects only devices openable by root, so the
impact is limited.
CVE-2008-1673: Added range checking in ASN.1 handling for the CIFS and
SNMP NAT netfilter modules.
CVE-2008-3527: arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared
Objects (vDSO) implementation in the Linux kernel before 2.6.21 did not
properly check boundaries, which allows local users to gain privileges
or cause a denial of service via unspecified vectors, related to the
install_special_mapping, syscall, and syscall32_nopage functions.
|
| 11 Nov 2008 |
kernel-bigsmp: Kernel with PAE Support |
| RPM |
kernel-bigsmp 2.6.18.8-0.13 (i586) |
18992 kB |
| Source-RPM |
kernel-bigsmp-2.6.18.8-0.13.nosrc.rpm |
|
Security Update!
This kernel update fixes various bugs and also several security issues:
CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between SCTP
AUTH availability. This might be exploited remotely for a denial of
service (crash) attack.
CVE-2008-3833: The generic_file_splice_write function in fs/splice.c
in the Linux kernel does not properly strip setuid and setgid bits
when there is a write to a file, which allows local users to gain the
privileges of a different group, and obtain sensitive information or
possibly have unspecified other impact, by splicing into an inode in
order to create an executable file in a setgid directory.
CVE-2008-4210: fs/open.c in the Linux kernel before 2.6.22 does not
properly strip setuid and setgid bits when there is a write to a file,
which allows local users to gain the privileges of a different group, and
obtain sensitive information or possibly have unspecified other impact,
by creating an executable file in a setgid directory through the (1)
truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
CVE-2008-4302: fs/splice.c in the splice subsystem in the Linux
kernel before 2.6.22.2 does not properly handle a failure of the
add_to_page_cache_lru function, and subsequently attempts to unlock a page
that was not locked, which allows local users to cause a denial of service
(kernel BUG and system crash), as demonstrated by the fio I/O tool.
CVE-2008-3528: The ext[234] filesystem code fails to properly handle
corrupted data structures. With a mounted filesystem image or partition
that have corrupted dir->i_size and dir->i_blocks, a user performing
either a read or write operation on the mounted image or partition can
lead to a possible denial of service by spamming the logfile.
CVE-2007-6716: fs/direct-io.c in the dio subsystem in the Linux kernel
did not properly zero out the dio struct, which allows local users to
cause a denial of service (OOPS), as demonstrated by a certain fio test.
CVE-2008-3525: Added missing capability checks in sbni_ioctl().
CVE-2008-3272: Fixed range checking in the snd_seq OSS ioctl, which
could be used to leak information from the kernel.
CVE-2008-2931: The do_change_type function in fs/namespace.c did not
verify that the caller has the CAP_SYS_ADMIN capability, which allows
local users to gain privileges or cause a denial of service by modifying
the properties of a mountpoint.
CVE-2008-2812: Various NULL ptr checks have been added to tty op
functions, which might have been used by local attackers to execute
code. We think that this affects only devices openable by root, so the
impact is limited.
CVE-2008-1673: Added range checking in ASN.1 handling for the CIFS and
SNMP NAT netfilter modules.
CVE-2008-3527: arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared
Objects (vDSO) implementation in the Linux kernel before 2.6.21 did not
properly check boundaries, which allows local users to gain privileges
or cause a denial of service via unspecified vectors, related to the
install_special_mapping, syscall, and syscall32_nopage functions.
|
| 11 Nov 2008 |
ipsec-tools: IPsec Utilities |
| RPM |
ipsec-tools 0.6.5-42 (i586) |
310 kB |
| Patch-RPM |
ipsec-tools 0.6.5-42-patch (i586) |
245 kB |
| Source-RPM |
ipsec-tools-0.6.5-42.src.rpm |
|
Security Update!
Remote attackers could exploit memory leaks in the 'racoon' daemon
to crash it (CVE-2008-3651, CVE-2008-3652)
|
| 9 Nov 2008 |
libcdaudio-devel: provide functions to control operation of a CD-ROM when playing audio CDs |
| RPM |
libcdaudio-devel 0.99.12-139.1 (i586) |
38 kB |
| Patch-RPM |
libcdaudio-devel 0.99.12-139.1-patch (i586) |
31 kB |
| Source-RPM |
libcdaudio-0.99.12-139.1.src.rpm |
|
Security Update!
This update fixes a heap-based buffer overflow in libcdaudio that can be exploited remotely to execute arbitrary code.
|
| 9 Nov 2008 |
libcdaudio |