As of now we are offering so called Patch RPM packages. A Patch RPM updates an already installed RPM. It only contains files which have changed - therefore it is (much) smaller than the complete RPM package. Prerequisite for installation is an already installed basic RPM. The packages included on the SUSE Linux 10.2 (x86_64) CDs/DVD are considered as basic RPMs.
If you want to update an already installed package, please download the smaller Patch RPM package.
Only x86_64- and non-architecture specific packages are listed here. If you have installed i586 packages, please see this page for respective updates.
| 19 Nov 2008 |
libxml2-devel: Include Files and Libraries mandatory for Development. |
| RPM |
libxml2-devel 2.6.26-33 (x86_64) |
1412 kB |
| Patch-RPM |
libxml2-devel 2.6.26-33-patch (x86_64) |
640 kB |
| Source-RPM |
libxml2-2.6.26-33.src.rpm |
|
Security Update!
This update fixes an integer overflow in libxml2 that could lead to memory corruption and arbitrary code execution. (CVE-2008-4226)
Thanks to: Drew Yao of Apple Product Security
|
| 19 Nov 2008 |
libxml2-devel-32bit: Include Files and Libraries mandatory for Development. |
| RPM |
libxml2-devel-32bit 2.6.26-33 (x86_64) |
561 kB |
| Source-RPM |
libxml2-2.6.26-33.src.rpm |
|
Security Update!
This update fixes an integer overflow in libxml2 that could lead to memory corruption and arbitrary code execution. (CVE-2008-4226)
Thanks to: Drew Yao of Apple Product Security
|
| 19 Nov 2008 |
libxml2-32bit: A Library to Manipulate XML Files |
| RPM |
libxml2-32bit 2.6.26-33 (x86_64) |
548 kB |
| Source-RPM |
libxml2-2.6.26-33.src.rpm |
|
Security Update!
This update fixes an integer overflow in libxml2 that could lead to memory corruption and arbitrary code execution. (CVE-2008-4226)
Thanks to: Drew Yao of Apple Product Security
|
| 19 Nov 2008 |
libxml2: A Library to Manipulate XML Files |
| RPM |
libxml2 2.6.26-33 (x86_64) |
630 kB |
| Patch-RPM |
libxml2 2.6.26-33-patch (x86_64) |
590 kB |
| Source-RPM |
libxml2-2.6.26-33.src.rpm |
|
Security Update!
This update fixes an integer overflow in libxml2 that could lead to memory corruption and arbitrary code execution. (CVE-2008-4226)
Thanks to: Drew Yao of Apple Product Security
|
| 18 Nov 2008 |
phpMyAdmin: Administration of MySQL over the web |
| RPM |
phpMyAdmin 2.9.1.1-9 (noarch) |
2088 kB |
| Patch-RPM |
phpMyAdmin 2.9.1.1-9-patch (noarch) |
131 kB |
| Source-RPM |
phpMyAdmin-2.9.1.1-9.src.rpm |
|
Security Update!
This update of phpMyAdmin fixes the following bugs:
- CVE-2008-1149: SQL injection, CSRF attacks using crafted cookies
- CVE-2008-1567: local users can steal session information/credentials
- CVE-2008-1924: in a shared host environment users with CREAT permissions can read arbitrary files
- CVE-2008-3456: cross-site framing attack
- CVE-2008-3457: user-assisted XSS attack
|
| 18 Nov 2008 |
lighttpd-mod_webdav: WebDAV module for Lighttpd |
| RPM |
lighttpd-mod_webdav 1.4.13-41.13 (x86_64) |
32 kB |
| Patch-RPM |
lighttpd-mod_webdav 1.4.13-41.13-patch (x86_64) |
31 kB |
| Source-RPM |
lighttpd-1.4.13-41.13.src.rpm |
|
Security Update!
Various issues have been fixed in lighttpd.
CVE-2008-4298, CVE-2008-4359 and CVE-2008-4360
have been assigned to thess issues.
|
| 18 Nov 2008 |
lighttpd-mod_trigger_b4_dl: Another anti hot-linking module for Lighttpd |
| RPM |
lighttpd-mod_trigger_b4_dl 1.4.13-41.13 (x86_64) |
22 kB |
| Patch-RPM |
lighttpd-mod_trigger_b4_dl 1.4.13-41.13-patch (x86_64) |
21 kB |
| Source-RPM |
lighttpd-1.4.13-41.13.src.rpm |
|
Security Update!
Various issues have been fixed in lighttpd.
CVE-2008-4298, CVE-2008-4359 and CVE-2008-4360
have been assigned to thess issues.
|
| 18 Nov 2008 |
lighttpd-mod_rrdtool: Lighttpd module to feed rrdtool databases |
| RPM |
lighttpd-mod_rrdtool 1.4.13-41.13 (x86_64) |
22 kB |
| Patch-RPM |
lighttpd-mod_rrdtool 1.4.13-41.13-patch (x86_64) |
20 kB |
| Source-RPM |
lighttpd-1.4.13-41.13.src.rpm |
|
Security Update!
Various issues have been fixed in lighttpd.
CVE-2008-4298, CVE-2008-4359 and CVE-2008-4360
have been assigned to thess issues.
|
| 18 Nov 2008 |
lighttpd-mod_mysql_vhost: MySQL based virtual hosts (vhosts) module for Lighttpd |
| RPM |
lighttpd-mod_mysql_vhost 1.4.13-41.13 (x86_64) |
21 kB |
| Patch-RPM |
lighttpd-mod_mysql_vhost 1.4.13-41.13-patch (x86_64) |
20 kB |
| Source-RPM |
lighttpd-1.4.13-41.13.src.rpm |
|
Security Update!
Various issues have been fixed in lighttpd.
CVE-2008-4298, CVE-2008-4359 and CVE-2008-4360
have been assigned to thess issues.
|
| 18 Nov 2008 |
lighttpd-mod_magnet: A module to control the request handling in lighttpd |
| RPM |
lighttpd-mod_magnet 1.4.13-41.13 (x86_64) |
28 kB |
| Patch-RPM |
lighttpd-mod_magnet 1.4.13-41.13-patch (x86_64) |
24 kB |
| Source-RPM |
lighttpd-1.4.13-41.13.src.rpm |
|
Security Update!
Various issues have been fixed in lighttpd.
CVE-2008-4298, CVE-2008-4359 and CVE-2008-4360
have been assigned to thess issues.
|
| 18 Nov 2008 |
lighttpd-mod_cml: CML (Cache Meta Language) module for Lighttpd |
| RPM |
lighttpd-mod_cml 1.4.13-41.13 (x86_64) |
27 kB |
| Patch-RPM |
lighttpd-mod_cml 1.4.13-41.13-patch (x86_64) |
24 kB |
| Source-RPM |
lighttpd-1.4.13-41.13.src.rpm |
|
Security Update!
Various issues have been fixed in lighttpd.
CVE-2008-4298, CVE-2008-4359 and CVE-2008-4360
have been assigned to thess issues.
|
| 18 Nov 2008 |
lighttpd: A Secure, Fast, Compliant, and Very Flexible Web Server |
| RPM |
lighttpd 1.4.13-41.13 (x86_64) |
289 kB |
| Patch-RPM |
lighttpd 1.4.13-41.13-patch (x86_64) |
216 kB |
| Source-RPM |
lighttpd-1.4.13-41.13.src.rpm |
|
Security Update!
Various issues have been fixed in lighttpd.
CVE-2008-4298, CVE-2008-4359 and CVE-2008-4360
have been assigned to thess issues.
|
| 18 Nov 2008 |
squirrelmail: a web-mailer written in php4 |
| RPM |
squirrelmail 1.4.9a-2.10 (noarch) |
567 kB |
| Patch-RPM |
squirrelmail 1.4.9a-2.10-patch (noarch) |
253 kB |
| Source-RPM |
squirrelmail-1.4.9a-2.10.src.rpm |
|
Security Update!
Squirrelmail was updated to use the secure flag for its cookies. Otherwise it was possible to hijack a SSL-protected session via leaked cookies. (CVE-2008-3663)
|
| 11 Nov 2008 |
kernel-xen: The Xen Kernel |
| RPM |
kernel-xen 2.6.18.8-0.13 (x86_64) |
17928 kB |
| Source-RPM |
kernel-xen-2.6.18.8-0.13.nosrc.rpm |
|
Security Update!
This kernel update fixes various bugs and also several security issues:
CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between SCTP
AUTH availability. This might be exploited remotely for a denial of
service (crash) attack.
CVE-2008-3833: The generic_file_splice_write function in fs/splice.c
in the Linux kernel does not properly strip setuid and setgid bits
when there is a write to a file, which allows local users to gain the
privileges of a different group, and obtain sensitive information or
possibly have unspecified other impact, by splicing into an inode in
order to create an executable file in a setgid directory.
CVE-2008-4210: fs/open.c in the Linux kernel before 2.6.22 does not
properly strip setuid and setgid bits when there is a write to a file,
which allows local users to gain the privileges of a different group, and
obtain sensitive information or possibly have unspecified other impact,
by creating an executable file in a setgid directory through the (1)
truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
CVE-2008-4302: fs/splice.c in the splice subsystem in the Linux
kernel before 2.6.22.2 does not properly handle a failure of the
add_to_page_cache_lru function, and subsequently attempts to unlock a page
that was not locked, which allows local users to cause a denial of service
(kernel BUG and system crash), as demonstrated by the fio I/O tool.
CVE-2008-3528: The ext[234] filesystem code fails to properly handle
corrupted data structures. With a mounted filesystem image or partition
that have corrupted dir->i_size and dir->i_blocks, a user performing
either a read or write operation on the mounted image or partition can
lead to a possible denial of service by spamming the logfile.
CVE-2007-6716: fs/direct-io.c in the dio subsystem in the Linux kernel
did not properly zero out the dio struct, which allows local users to
cause a denial of service (OOPS), as demonstrated by a certain fio test.
CVE-2008-3525: Added missing capability checks in sbni_ioctl().
CVE-2008-3272: Fixed range checking in the snd_seq OSS ioctl, which
could be used to leak information from the kernel.
CVE-2008-2931: The do_change_type function in fs/namespace.c did not
verify that the caller has the CAP_SYS_ADMIN capability, which allows
local users to gain privileges or cause a denial of service by modifying
the properties of a mountpoint.
CVE-2008-2812: Various NULL ptr checks have been added to tty op
functions, which might have been used by local attackers to execute
code. We think that this affects only devices openable by root, so the
impact is limited.
CVE-2008-1673: Added range checking in ASN.1 handling for the CIFS and
SNMP NAT netfilter modules.
CVE-2008-3527: arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared
Objects (vDSO) implementation in the Linux kernel before 2.6.21 did not
properly check boundaries, which allows local users to gain privileges
or cause a denial of service via unspecified vectors, related to the
install_special_mapping, syscall, and syscall32_nopage functions.
|
| 11 Nov 2008 |
kernel-source: The Linux Kernel Sources |
| RPM |
kernel-source 2.6.18.8-0.13 (x86_64) |
46101 kB |
| Source-RPM |
kernel-source-2.6.18.8-0.13.src.rpm |
|
Security Update!
This kernel update fixes various bugs and also several security issues:
CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between SCTP
AUTH availability. This might be exploited remotely for a denial of
service (crash) attack.
CVE-2008-3833: The generic_file_splice_write function in fs/splice.c
in the Linux kernel does not properly strip setuid and setgid bits
when there is a write to a file, which allows local users to gain the
privileges of a different group, and obtain sensitive information or
possibly have unspecified other impact, by splicing into an inode in
order to create an executable file in a setgid directory.
CVE-2008-4210: fs/open.c in the Linux kernel before 2.6.22 does not
properly strip setuid and setgid bits when there is a write to a file,
which allows local users to gain the privileges of a different group, and
obtain sensitive information or possibly have unspecified other impact,
by creating an executable file in a setgid directory through the (1)
truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
CVE-2008-4302: fs/splice.c in the splice subsystem in the Linux
kernel before 2.6.22.2 does not properly handle a failure of the
add_to_page_cache_lru function, and subsequently attempts to unlock a page
that was not locked, which allows local users to cause a denial of service
(kernel BUG and system crash), as demonstrated by the fio I/O tool.
CVE-2008-3528: The ext[234] filesystem code fails to properly handle
corrupted data structures. With a mounted filesystem image or partition
that have corrupted dir->i_size and dir->i_blocks, a user performing
either a read or write operation on the mounted image or partition can
lead to a possible denial of service by spamming the logfile.
CVE-2007-6716: fs/direct-io.c in the dio subsystem in the Linux kernel
did not properly zero out the dio struct, which allows local users to
cause a denial of service (OOPS), as demonstrated by a certain fio test.
CVE-2008-3525: Added missing capability checks in sbni_ioctl().
CVE-2008-3272: Fixed range checking in the snd_seq OSS ioctl, which
could be used to leak information from the kernel.
CVE-2008-2931: The do_change_type function in fs/namespace.c did not
verify that the caller has the CAP_SYS_ADMIN capability, which allows
local users to gain privileges or cause a denial of service by modifying
the properties of a mountpoint.
CVE-2008-2812: Various NULL ptr checks have been added to tty op
functions, which might have been used by local attackers to execute
code. We think that this affects only devices openable by root, so the
impact is limited.
CVE-2008-1673: Added range checking in ASN.1 handling for the CIFS and
SNMP NAT netfilter modules.
CVE-2008-3527: arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared
Objects (vDSO) implementation in the Linux kernel before 2.6.21 did not
properly check boundaries, which allows local users to gain privileges
or cause a denial of service via unspecified vectors, related to the
install_special_mapping, syscall, and syscall32_nopage functions.
|
| 11 Nov 2008 |
kernel-syms: Kernel Symbol Versions (modversions) |
| RPM |
kernel-syms 2.6.18.8-0.13 (x86_64) |
1639 kB |
| Source-RPM |
kernel-syms-2.6.18.8-0.13.src.rpm |
|
Security Update!
This kernel update fixes various bugs and also several security issues:
CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between SCTP
AUTH availability. This might be exploited remotely for a denial of
service (crash) attack.
CVE-2008-3833: The generic_file_splice_write function in fs/splice.c
in the Linux kernel does not properly strip setuid and setgid bits
when there is a write to a file, which allows local users to gain the
privileges of a different group, and obtain sensitive information or
possibly have unspecified other impact, by splicing into an inode in
order to create an executable file in a setgid directory.
CVE-2008-4210: fs/open.c in the Linux kernel before 2.6.22 does not
properly strip setuid and setgid bits when there is a write to a file,
which allows local users to gain the privileges of a different group, and
obtain sensitive information or possibly have unspecified other impact,
by creating an executable file in a setgid directory through the (1)
truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
CVE-2008-4302: fs/splice.c in the splice subsystem in the Linux
kernel before 2.6.22.2 does not properly handle a failure of the
add_to_page_cache_lru function, and subsequently attempts to unlock a page
that was not locked, which allows local users to cause a denial of service
(kernel BUG and system crash), as demonstrated by the fio I/O tool.
CVE-2008-3528: The ext[234] filesystem code fails to properly handle
corrupted data structures. With a mounted filesystem image or partition
that have corrupted dir->i_size and dir->i_blocks, a user performing
either a read or write operation on the mounted image or partition can
lead to a possible denial of service by spamming the logfile.
CVE-2007-6716: fs/direct-io.c in the dio subsystem in the Linux kernel
did not properly zero out the dio struct, which allows local users to
cause a denial of service (OOPS), as demonstrated by a certain fio test.
CVE-2008-3525: Added missing capability checks in sbni_ioctl().
CVE-2008-3272: Fixed range checking in the snd_seq OSS ioctl, which
could be used to leak information from the kernel.
CVE-2008-2931: The do_change_type function in fs/namespace.c did not
verify that the caller has the CAP_SYS_ADMIN capability, which allows
local users to gain privileges or cause a denial of service by modifying
the properties of a mountpoint.
CVE-2008-2812: Various NULL ptr checks have been added to tty op
functions, which might have been used by local attackers to execute
code. We think that this affects only devices openable by root, so the
impact is limited.
CVE-2008-1673: Added range checking in ASN.1 handling for the CIFS and
SNMP NAT netfilter modules.
CVE-2008-3527: arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared
Objects (vDSO) implementation in the Linux kernel before 2.6.21 did not
properly check boundaries, which allows local users to gain privileges
or cause a denial of service via unspecified vectors, related to the
install_special_mapping, syscall, and syscall32_nopage functions.
|
| 11 Nov 2008 |
kernel-kdump: kernel for kdump |
| RPM |
kernel-kdump 2.6.18.8-0.13 (x86_64) |
16157 kB |
| Source-RPM |
kernel-kdump-2.6.18.8-0.13.nosrc.rpm |
|
Security Update!
This kernel update fixes various bugs and also several security issues:
CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between SCTP
AUTH availability. This might be exploited remotely for a denial of
service (crash) attack.
CVE-2008-3833: The generic_file_splice_write function in fs/splice.c
in the Linux kernel does not properly strip setuid and setgid bits
when there is a write to a file, which allows local users to gain the
privileges of a different group, and obtain sensitive information or
possibly have unspecified other impact, by splicing into an inode in
order to create an executable file in a setgid directory.
CVE-2008-4210: fs/open.c in the Linux kernel before 2.6.22 does not
properly strip setuid and setgid bits when there is a write to a file,
which allows local users to gain the privileges of a different group, and
obtain sensitive information or possibly have unspecified other impact,
by creating an executable file in a setgid directory through the (1)
truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
CVE-2008-4302: fs/splice.c in the splice subsystem in the Linux
kernel before 2.6.22.2 does not properly handle a failure of the
add_to_page_cache_lru function, and subsequently attempts to unlock a page
that was not locked, which allows local users to cause a denial of service
(kernel BUG and system crash), as demonstrated by the fio I/O tool.
CVE-2008-3528: The ext[234] filesystem code fails to properly handle
corrupted data structures. With a mounted filesystem image or partition
that have corrupted dir->i_size and dir->i_blocks, a user performing
either a read or write operation on the mounted image or partition can
lead to a possible denial of service by spamming the logfile.
CVE-2007-6716: fs/direct-io.c in the dio subsystem in the Linux kernel
did not properly zero out the dio struct, which allows local users to
cause a denial of service (OOPS), as demonstrated by a certain fio test.
CVE-2008-3525: Added missing capability checks in sbni_ioctl().
CVE-2008-3272: Fixed range checking in the snd_seq OSS ioctl, which
could be used to leak information from the kernel.
CVE-2008-2931: The do_change_type function in fs/namespace.c did not
verify that the caller has the CAP_SYS_ADMIN capability, which allows
local users to gain privileges or cause a denial of service by modifying
the properties of a mountpoint.
CVE-2008-2812: Various NULL ptr checks have been added to tty op
functions, which might have been used by local attackers to execute
code. We think that this affects only devices openable by root, so the
impact is limited.
CVE-2008-1673: Added range checking in ASN.1 handling for the CIFS and
SNMP NAT netfilter modules.
CVE-2008-3527: arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared
Objects (vDSO) implementation in the Linux kernel before 2.6.21 did not
properly check boundaries, which allows local users to gain privileges
or cause a denial of service via unspecified vectors, related to the
install_special_mapping, syscall, and syscall32_nopage functions.
|
| 11 Nov 2008 |
kernel-default: The Standard Kernel for both Uniprocessor and Multiprocessor Systems |
| RPM |
kernel-default 2.6.18.8-0.13 (x86_64) |
18135 kB |
| Source-RPM |
kernel-default-2.6.18.8-0.13.nosrc.rpm |
|
Security Update!
This kernel update fixes various bugs and also several security issues:
CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between SCTP
AUTH availability. This might be exploited remotely for a denial of
service (crash) attack.
CVE-2008-3833: The generic_file_splice_write function in fs/splice.c
in the Linux kernel does not properly strip setuid and setgid bits
when there is a write to a file, which allows local users to gain the
privileges of a different group, and obtain sensitive information or
possibly have unspecified other impact, by splicing into an inode in
order to create an executable file in a setgid directory.
CVE-2008-4210: fs/open.c in the Linux kernel before 2.6.22 does not
properly strip setuid and setgid bits when there is a write to a file,
which allows local users to gain the privileges of a different group, and
obtain sensitive information or possibly have unspecified other impact,
by creating an executable file in a setgid directory through the (1)
truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
CVE-2008-4302: fs/splice.c in the splice subsystem in the Linux
kernel before 2.6.22.2 does not properly handle a failure of the
add_to_page_cache_lru function, and subsequently attempts to unlock a page
that was not locked, which allows local users to cause a denial of service
(kernel BUG and system crash), as demonstrated by the fio I/O tool.
CVE-2008-3528: The ext[234] filesystem code fails to properly handle
corrupted data structures. With a mounted filesystem image or partition
that have corrupted dir->i_size and dir->i_blocks, a user performing
either a read or write operation on the mounted image or partition can
lead to a possible denial of service by spamming the logfile.
CVE-2007-6716: fs/direct-io.c in the dio subsystem in the Linux kernel
did not properly zero out the dio struct, which allows local users to
cause a denial of service (OOPS), as demonstrated by a certain fio test.
CVE-2008-3525: Added missing capability checks in sbni_ioctl().
CVE-2008-3272: Fixed range checking in the snd_seq OSS ioctl, which
could be used to leak information from the kernel.
CVE-2008-2931: The do_change_type function in fs/namespace.c did not
verify that the caller has the CAP_SYS_ADMIN capability, which allows
local users to gain privileges or cause a denial of service by modifying
the properties of a mountpoint.
CVE-2008-2812: Various NULL ptr checks have been added to tty op
functions, which might have been used by local attackers to execute
code. We think that this affects only devices openable by root, so the
impact is limited.
CVE-2008-1673: Added range checking in ASN.1 handling for the CIFS and
SNMP NAT netfilter modules.
CVE-2008-3527: arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared
Objects (vDSO) implementation in the Linux kernel before 2.6.21 did not
properly check boundaries, which allows local users to gain privileges
or cause a denial of service via unspecified vectors, related to the
install_special_mapping, syscall, and syscall32_nopage functions.
|
| 11 Nov 2008 |
ipsec-tools: IPsec Utilities |
| RPM |
ipsec-tools 0.6.5-42 (x86_64) |
347 kB |
| Patch-RPM |
ipsec-tools 0.6.5-42-patch (x86_64) |
261 kB |
| Source-RPM |
ipsec-tools-0.6.5-42.src.rpm |
|
Security Update!
Remote attackers could exploit memory leaks in the 'racoon' daemon
to crash it (CVE-2008-3651, CVE-2008-3652)
|
| 9 Nov 2008 |
libcdaudio-devel: provide functions to control operation of a CD-ROM when playing audio CDs |
| RPM |
libcdaudio-devel 0.99.12-139.1 (x86_64) |
41 kB |
| Patch-RPM |
libcdaudio-devel 0.99.12-139.1-patch (x86_64) |
34 kB |
| Source-RPM |
libcdaudio-0.99.12-139.1.src.rpm |
|
Security Update!
This update fixes a heap-based buffer overflow in libcdaudio that can be exploited remotely to execute arbitrary code.
|
| 9 Nov 2008 |
libcdaudio: Functions to Control Operation of a CD-ROM When Playing Audio CDs |
| RPM |
libcdaudio 0.99.12-139.1 (x86_64) |
37 kB |
| Patch-RPM |
libcdaudio 0.99.12-139.1-patch (x86_64) |
34 kB |
| Source-RPM |
libcdaudio-0.99.12-139.1.src.rpm |
|
Security Update!
This update fixes a heap-based buffer overflow in libcdaudio that can be exploited remotely to execute arbitrary code.
|
| 6 Nov 2008 |
enscript: An ASCII to PostScript(tm) Converter |
| RPM |
enscript 1.6.4-41 (x86_64) |
412 kB |
| Patch-RPM |
enscript 1.6.4-41-patch (x86_64) |
143 kB |
| Source-RPM |
enscript-1.6.4-41.src.rpm |
|
Security Update!
This update of enscript fixes buffer overflows in the setfilename (CVE-2008-3863), process_file and read_special_escape function that can be exploited during file processing.
|
| 5 Nov 2008 |
apache2-worker: Apache 2 worker MPM (Multi-Processing Module) |
| RPM |
apache2-worker 2.2.3-26 (x86_64) |
318 kB |
| Patch-RPM |
apache2-worker 2.2.3-26-patch (x86_64) |
317 kB |
| Source-RPM |
apache2-2.2.3-26.src.rpm |
|
Security Update!
Missing sanity checks of FTP URLs allowed cross site scripting (XSS)
attacks via the mod_proxy_ftp module (CVE-2008-2939).
Missing precautions allowed cross site request forgery (CSRF) via
the mod_proxy_balancer interface (CVE-2007-6420).
|
| 5 Nov 2008 |
apache2-prefork: Apache 2 "prefork" MPM (Multi-Processing Module) |
| RPM |
apache2-prefork 2.2.3-26 (x86_64) |
311 kB |
| Patch-RPM |
apache2-prefork 2.2.3-26-patch (x86_64) |
310 kB |
| Source-RPM |
apache2-2.2.3-26.src.rpm |
|
Security Update!
Missing sanity checks of FTP URLs allowed cross site scripting (XSS)
attacks via the mod_proxy_ftp module (CVE-2008-2939).
Missing precautions allowed cross site request forgery (CSRF) via
the mod_proxy_balancer interface (CVE-2007-6420).
|
| 5 Nov 2008 |
apache2-doc: Additional Package Documentation. |
| RPM |
apache2-doc 2.2.3-26 (x86_64) |
1427 kB |
| Patch-RPM |
apache2-doc 2.2.3-26-patch (x86_64) |
153 kB |
| Source-RPM |
apache2-2.2.3-26.src.rpm |
|
Security Update!
Missing sanity checks of FTP URLs allowed cross site scripting (XSS)
attacks via the mod_proxy_ftp module (CVE-2008-2939).
Missing precautions allowed cross site request forgery (CSRF) via
the mod_proxy_balancer interface (CVE-2007-6420).
|
| 5 Nov 2008 |
apache2-example-pages: Example Pages for the Apache 2 Web Server |
| RPM |
apache2-example-pages 2.2.3-26 (x86_64) |
94 kB |
| Patch-RPM |
apache2-example-pages 2.2.3-26-patch (x86_64) |
85 kB |
| Source-RPM |
apache2-2.2.3-26.src.rpm |
|
Security Update!
Missing sanity checks of FTP URLs allowed cross site scripting (XSS)
attacks via the mod_proxy_ftp module (CVE-2008-2939).
Missing precautions allowed cross site request forgery (CSRF) via
the mod_proxy_balancer interface (CVE-2007-6420).
|
| 5 Nov 2008 |
apache2: The Apache Web Server Version 2.0 |
| RPM |
apache2 2.2.3-26 (x86_64) |
1014 kB |
| Patch-RPM |
apache2 2.2.3-26-patch (x86_64) |
692 kB |
| Source-RPM |
apache2-2.2.3-26.src.rpm |
|
Security Update!
Missing sanity checks of FTP URLs allowed cross site scripting (XSS)
attacks via the mod_proxy_ftp module (CVE-2008-2939).
Missing precautions allowed cross site request forgery (CSRF) via
the mod_proxy_balancer interface (CVE-2007-6420).
|
| 5 Nov 2008 |
apache2-devel: Apache 2.0 Header and Include Files |
| RPM |
apache2-devel 2.2.3-26 (x86_64) |
208 kB |
| Patch-RPM |
apache2-devel 2.2.3-26-patch (x86_64) |
110 kB |
| Source-RPM |
apache2-2.2.3-26.src.rpm |
|
Security Update!
Missing sanity checks of FTP URLs allowed cross site scripting (XSS)
attacks via the mod_proxy_ftp module (CVE-2008-2939).
Missing precautions allowed cross site request forgery (CSRF) via
the mod_proxy_balancer interface (CVE-2007-6420).
|
| 4 Nov 2008 |
spamassassin: SpamAssassin is an extensible email filter which is used to identify spam |
| RPM |
spamassassin 3.1.8-9.3 (x86_64) |
140 kB |
| Patch-RPM |
spamassassin 3.1.8-9.3-patch (x86_64) |
132 kB |
| Source-RPM |
spamassassin-3.1.8-9.3.src.rpm |
|
Security Update!
Spamassassin tagged all incoming mails with DNS_FROM_SECURITYSAGE=1.513
The reason is: The securityusage blacklist was disabled and replies with
127.0.0.1 to *all* queries.
This update removes this rule.
|
| 4 Nov 2008 |
perl-spamassassin: the perl modules for using spamassassin within an own perl script |
| RPM |
perl-spamassassin 3.1.8-9.3 (x86_64) |
743 kB |
| Patch-RPM |
perl-spamassassin 3.1.8-9.3-patch (x86_64) |
462 kB |
| Source-RPM |
spamassassin-3.1.8-9.3.src.rpm |
|
Security Update!
Spamassassin tagged all incoming mails with DNS_FROM_SECURITYSAGE=1.513
The reason is: The securityusage blacklist was disabled and replies with
127.0.0.1 to *all* queries.
This update removes this rule.
|
| 31 Oct 2008 |
opera: The Opera Web Browser |
| RPM |
opera 9.62-0.1 (x86_64) |
7848 kB |
| Patch-RPM |
opera 9.62-0.1-patch (x86_64) |
7716 kB |
| Source-RPM |
opera-9.62-0.1.nosrc.rpm |
|
Security Update!
This update to Opera 9.62 fixes a security bug that allowed the execution of arbitrary commands remotely. http://www.opera.com/docs/changelogs/linux/962/
|
| 28 Oct 2008 |
libexiv2-devel: Development Headers for Exiv2 |
| RPM |
libexiv2-devel 0.11-0.3 (x86_64) |
2013 kB |
| Patch-RPM |
libexiv2-devel 0.11-0.3-patch (x86_64) |
503 kB |
| Source-RPM |
libexiv2-0.11-0.3.src.rpm |
|
Security Update!
This update of libexiv2 solves a denial of service bug that can be triggered by using crafted metadata. (CVE-2008-2696)
|
| 28 Oct 2008 |
libexiv2: Library and tools to access image metadata |
| RPM |
libexiv2 0.11-0.3 (x86_64) |
342 kB |
| Patch-RPM |
libexiv2 0.11-0.3-patch (x86_64) |
336 kB |
| Source-RPM |
libexiv2-0.11-0.3.src.rpm |
|
Security Update!
This update of libexiv2 solves a denial of service bug that can be triggered by using crafted metadata. (CVE-2008-2696)
|
| 28 Oct 2008 |
tomcat5: A servlet container |
| RPM |
tomcat5 5.0.30-67 (noarch) |
2316 kB |
| Patch-RPM |
tomcat5 5.0.30-67-patch (noarch) |
2275 kB |
| Source-RPM |
tomcat5-5.0.30-67.src.rpm |
|
Security Update!
This update of tomcat fixes an information leak due to incorrect IP address filtering. (CVE-2008-3271)
|
| 28 Oct 2008 |
tomcat5-webapps: Webapps for tomcat5 |
| RPM |
tomcat5-webapps 5.0.30-67 (noarch) |
1891 kB |
| Patch-RPM |
tomcat5-webapps 5.0.30-67-patch (noarch) |
1293 kB |
| Source-RPM |
tomcat5-5.0.30-67.src.rpm |
|
Security Update!
This update of tomcat fixes an information leak due to incorrect IP address filtering. (CVE-2008-3271)
|
| 28 Oct 2008 |
tomcat5-admin-webapps: Admin webapps for tomcat5 |
| RPM |
tomcat5-admin-webapps 5.0.30-67 (noarch) |
1235 kB |
| Patch-RPM |
tomcat5-admin-webapps 5.0.30-67-patch (noarch) |
1136 kB |
| Source-RPM |
tomcat5-5.0.30-67.src.rpm |
|
Security Update!
This update of tomcat fixes an information leak due to incorrect IP address filtering. (CVE-2008-3271)
|
| 28 Oct 2008 |
graphviz-tcl: Tcl extension tools for graphviz |
| RPM |
graphviz-tcl 2.6-46 (x86_64) |
94 kB |
| Patch-RPM |
graphviz-tcl 2.6-46-patch (x86_64) |
38 kB |
| Source-RPM |
graphviz-2.6-46.src.rpm |
|
Security Update!
This update of graphviz fixes a buffer overflow that occurs while parsing a DOT file. (CVE-2008-4555)
|
| 28 Oct 2008 |
graphviz-devel: Graphiviz development package |
| RPM |
graphviz-devel 2.6-46 (x86_64) |
1003 kB |
| Patch-RPM |
graphviz-devel 2.6-46-patch (x86_64) |
689 kB |
| Source-RPM |
graphviz-2.6-46.src.rpm |
|
Security Update!
This update of graphviz fixes a buffer overflow that occurs while parsing a DOT file. (CVE-2008-4555)
|
| 28 Oct 2008 |
graphviz: Graph Visualization Tools |
| RPM |
graphviz 2.6-46 (x86_64) |
2126 kB |
| Patch-RPM |
graphviz 2.6-46-patch (x86_64) |
1011 kB |
| Source-RPM |
graphviz-2.6-46.src.rpm |
|
Security Update!
This update of graphviz fixes a buffer overflow that occurs while parsing a DOT file. (CVE-2008-4555)
|
| 21 Oct 2008 |
nscd: Name Service Caching Daemon |
| RPM |
nscd 2.5-34.13 (x86_64) |
125 kB |
| Patch-RPM |
nscd 2.5-34.13-patch (x86_64) |
123 kB |
| Source-RPM |
glibc-2.5-34.13.src.rpm |
|
Various timezone information updates:
* DST changes for Indian/Mauritius, Africa/Casablanca, Asia/Karachi,
Asia/Gaza, Asia/Damascus, Argentina and Brazil
* Historical DST information change for Central Europe and America/Nassau
* Leap second introduction for 2008
* Fix location of Pacific/Niue
Also, glibc dladdr() call has been fixed not to return incorrect values
sometimes.
|
| 21 Oct 2008 |
timezone: Timezone descriptions |
| RPM |
timezone 2.5-34.13 (x86_64) |
372 kB |
| Patch-RPM |
timezone 2.5-34.13-patch (x86_64) |
348 kB |
| Source-RPM |
glibc-2.5-34.13.src.rpm |
|
Various timezone information updates:
* DST changes for Indian/Mauritius, Africa/Casablanca, Asia/Karachi,
Asia/Gaza, Asia/Damascus, Argentina and Brazil
* Historical DST information change for Central Europe and America/Nassau
* Leap second introduction for 2008
* Fix location of Pacific/Niue
Also, glibc dladdr() call has been fixed not to return incorrect values
sometimes.
|
| 21 Oct 2008 |
glibc-profile: Libc Profiling and Debugging Versions |
| RPM |
glibc-profile 2.5-34.13 (x86_64) |
1127 kB |
| Patch-RPM |
glibc-profile 2.5-34.13-patch (x86_64) |
782 kB |
| Source-RPM |
glibc-2.5-34.13.src.rpm |
|
Various timezone information updates:
* DST changes for Indian/Mauritius, Africa/Casablanca, Asia/Karachi,
Asia/Gaza, Asia/Damascus, Argentina and Brazil
* Historical DST information change for Central Europe and America/Nassau
* Leap second introduction for 2008
* Fix location of Pacific/Niue
Also, glibc dladdr() call has been fixed not to return incorrect values
sometimes.
|
| 21 Oct 2008 |
glibc-profile-32bit: Libc Profiling and Debugging Versions |
| RPM |
glibc-profile-32bit 2.5-34.13 (x86_64) |
933 kB |
| Patch-RPM |
glibc-profile-32bit 2.5-34.13-patch (x86_64) |
779 kB |
| Source-RPM |
glibc-2.5-34.13.src.rpm |
|
Various timezone information updates:
* DST changes for Indian/Mauritius, Africa/Casablanca, Asia/Karachi,
Asia/Gaza, Asia/Damascus, Argentina and Brazil
* Historical DST information change for Central Europe and America/Nassau
* Leap second introduction for 2008
* Fix location of Pacific/Niue
Also, glibc dladdr() call has been fixed not to return incorrect values
sometimes.
|
| 21 Oct 2008 |
glibc-obsolete: Obsolete Shared Libraries from the GNU C Library |
| RPM |
glibc-obsolete 2.5-34.13 (x86_64) |
70 kB |
| Source-RPM |
glibc-2.5-34.13.src.rpm |
|
Various timezone information updates:
* DST changes for Indian/Mauritius, Africa/Casablanca, Asia/Karachi,
Asia/Gaza, Asia/Damascus, Argentina and Brazil
* Historical DST information change for Central Europe and America/Nassau
* Leap second introduction for 2008
* Fix location of Pacific/Niue
Also, glibc dladdr() call has been fixed not to return incorrect values
sometimes.
|
| 21 Oct 2008 |
glibc-locale-32bit: Locale Data for Localized Programs |
| RPM |
glibc-locale-32bit 2.5-34.13 (x86_64) |
2113 kB |
| Source-RPM |
glibc-2.5-34.13.src.rpm |
|
Various timezone information updates:
* DST changes for Indian/Mauritius, Africa/Casablanca, Asia/Karachi,
Asia/Gaza, Asia/Damascus, Argentina and Brazil
* Historical DST information change for Central Europe and America/Nassau
* Leap second introduction for 2008
* Fix location of Pacific/Niue
Also, glibc dladdr() call has been fixed not to return incorrect values
sometimes.
|
| 21 Oct 2008 |
glibc-locale: Locale Data for Localized Programs |
| RPM |
glibc-locale 2.5-34.13 (x86_64) |
13666 kB |
| Patch-RPM |
glibc-locale 2.5-34.13-patch (x86_64) |
1870 kB |
| Source-RPM |
glibc-2.5-34.13.src.rpm |
|
Various timezone information updates:
* DST changes for Indian/Mauritius, Africa/Casablanca, Asia/Karachi,
Asia/Gaza, Asia/Damascus, Argentina and Brazil
* Historical DST information change for Central Europe and America/Nassau
* Leap second introduction for 2008
* Fix location of Pacific/Niue
Also, glibc dladdr() call has been fixed not to return incorrect values
sometimes.
|
| 21 Oct 2008 |
glibc-info: Info Files for the GNU C Library |
| RPM |
glibc-info 2.5-34.13 (x86_64) |
890 kB |
| Patch-RPM |
glibc-info 2.5-34.13-patch (x86_64) |
71 kB |
| Source-RPM |
glibc-2.5-34.13.src.rpm |
|
Various timezone information updates:
* DST changes for Indian/Mauritius, Africa/Casablanca, Asia/Karachi,
Asia/Gaza, Asia/Damascus, Argentina and Brazil
* Historical DST information change for Central Europe and America/Nassau
* Leap second introduction for 2008
* Fix location of Pacific/Niue
Also, glibc dladdr() call has been fixed not to return incorrect values
sometimes.
|
| 21 Oct 2008 |
glibc-i18ndata: Database Sources for 'locale' |
| RPM |
glibc-i18ndata 2.5-34.13 (x86_64) |
3416 kB |
| Patch-RPM |
glibc-i18ndata 2.5-34.13-patch (x86_64) |
109 kB |
| Source-RPM |
glibc-2.5-34.13.src.rpm |
|
Various timezone information updates:
* DST changes for Indian/Mauritius, Africa/Casablanca, Asia/Karachi,
Asia/Gaza, Asia/Damascus, Argentina and Brazil
* Historical DST information change for Central Europe and America/Nassau
* Leap second introduction for 2008
* Fix location of Pacific/Niue
Also, glibc dladdr() call has been fixed not to return incorrect values
sometimes.
|
| 21 Oct 2008 |
glibc-html: HTML Documentation for the GNU C Library |
| RPM |
glibc-html 2.5-34.13 (x86_64) |
894 kB |
| Patch-RPM |
glibc-html 2.5-34.13-patch (x86_64) |
138 kB |
| Source-RPM |
glibc-2.5-34.13.src.rpm |
|
Various timezone information updates:
* DST changes for Indian/Mauritius, Africa/Casablanca, Asia/Karachi,
Asia/Gaza, Asia/Damascus, Argentina and Brazil
* Historical DST information change for Central Europe and America/Nassau
* Leap second introduction for 2008
* Fix location of Pacific/Niue
Also, glibc dladdr() call has been fixed not to return incorrect values
sometimes.
|
| 21 Oct 2008 |
glibc-devel-32bit: Include Files and Libraries Mandatory for Development |
| RPM |
glibc-devel-32bit 2.5-34.13 (x86_64) |
938 kB |
| Patch-RPM |
glibc-devel-32bit 2.5-34.13-patch (x86_64) |
774 kB |
| Source-RPM |
glibc-2.5-34.13.src.rpm |
|
Various timezone information updates:
* DST changes for Indian/Mauritius, Africa/Casablanca, Asia/Karachi,
Asia/Gaza, Asia/Damascus, Argentina and Brazil
* Historical DST information change for Central Europe and America/Nassau
* Leap second introduction for 2008
* Fix location of Pacific/Niue
Also, glibc dladdr() call has been fixed not to return incorrect values
sometimes.
|
| 21 Oct 2008 |
glibc-devel: Include Files and Libraries Mandatory for Development |
| RPM |
glibc-devel 2.5-34.13 (x86_64) |
1672 kB |
| Patch-RPM |
glibc-devel 2.5-34.13-patch (x86_64) |
825 kB |
| Source-RPM |
glibc-2.5-34.13.src.rpm |
|
Various timezone information updates:
* DST changes for Indian/Mauritius, Africa/Casablanca, Asia/Karachi,
Asia/Gaza, Asia/Damascus, Argentina and Brazil
* Historical DST information change for Central Europe and America/Nassau
* Leap second introduction for 2008
* Fix location of Pacific/Niue
Also, glibc dladdr() call has been fixed not to return incorrect values
sometimes.
|
| 21 Oct 2008 |
glibc: Standard Shared Libraries (from the GNU C Library) |
| RPM |
glibc 2.5-34.13 (x86_64) |
2054 kB |
| Patch-RPM |
glibc 2.5-34.13-patch (x86_64) |
1287 kB |
| Source-RPM |
glibc-2.5-34.13.src.rpm |
|
Various timezone information updates:
* DST changes for Indian/Mauritius, Africa/Casablanca, Asia/Karachi,
Asia/Gaza, Asia/Damascus, Argentina and Brazil
* Historical DST information change for Central Europe and America/Nassau
* Leap second introduction for 2008
* Fix location of Pacific/Niue
Also, glibc dladdr() call has been fixed not to return incorrect values
sometimes.
|
| 21 Oct 2008 |
glibc-32bit: Standard Shared Libraries (from the GNU C Library) |
| RPM |
glibc-32bit 2.5-34.13 (x86_64) |
1116 kB |
| Source-RPM |
glibc-2.5-34.13.src.rpm |
|
Various timezone information updates:
* DST changes for Indian/Mauritius, Africa/Casablanca, Asia/Karachi,
Asia/Gaza, Asia/Damascus, Argentina and Brazil
* Historical DST information change for Central Europe and America/Nassau
* Leap second introduction for 2008
* Fix location of Pacific/Niue
Also, glibc dladdr() call has been fixed not to return incorrect values
sometimes.
|
| 18 Oct 2008 |
openldap2-client-32bit: OpenLDAP2 Client Utilities |
| RPM |
openldap2-client-32bit 2.3.27-32 (x86_64) |
185 kB |
| Source-RPM |
openldap2-client-2.3.27-32.src.rpm |
|
Security Update!
This update fixes a security problem in the liblber client library of
openldap that allowed remote attackers to cause a denial of service
(program termination) via crafted ASN.1 BER datagrams, which triggers
an assertion error. (CVE-2008-2952)
Additionally a bug was fixed in ldap_free_connection which could result in client crashes when the server closed a connection while an operation is active.
|
| 18 Oct 2008 |
openldap2-client: OpenLDAP2 Client Utilities |
| RPM |
openldap2-client 2.3.27-32 (x86_64) |
319 kB |
| Patch-RPM |
openldap2-client 2.3.27-32-patch (x86_64) |
287 kB |
| Source-RPM |
openldap2-client-2.3.27-32.src.rpm |
|
Security Update!
This update fixes a security problem in the liblber client library of
openldap that allowed remote attackers to cause a denial of service
(program termination) via crafted ASN.1 BER datagrams, which triggers
an assertion error. (CVE-2008-2952)
Additionally a bug was fixed in ldap_free_connection which could result in client crashes when the server closed a connection while an operation is active.
|
| 18 Oct 2008 |
openldap2-devel: Libraries, Header Files and Documentation for OpenLDAP2 |
| RPM |
openldap2-devel 2.3.27-32 (x86_64) |
318 kB |
| Patch-RPM |
openldap2-devel 2.3.27-32-patch (x86_64) |
205 kB |
| Source-RPM |
openldap2-client-2.3.27-32.src.rpm |
|
Security Update!
This update fixes a security problem in the liblber client library of
openldap that allowed remote attackers to cause a denial of service
(program termination) via crafted ASN.1 BER datagrams, which triggers
an assertion error. (CVE-2008-2952)
Additionally a bug was fixed in ldap_free_connection which could result in client crashes when the server closed a connection while an operation is active.
|
| 18 Oct 2008 |
openldap2-devel-32bit: Libraries, Header Files and Documentation for OpenLDAP2 |
| RPM |
openldap2-devel-32bit 2.3.27-32 (x86_64) |
172 kB |
| Patch-RPM |
openldap2-devel-32bit 2.3.27-32-patch (x86_64) |
171 kB |
| Source-RPM |
openldap2-client-2.3.27-32.src.rpm |
|
Security Update!
This update fixes a security problem in the liblber client library of
openldap that allowed remote attackers to cause a denial of service
(program termination) via crafted ASN.1 BER datagrams, which triggers
an assertion error. (CVE-2008-2952)
Additionally a bug was fixed in ldap_free_connection which could result in client crashes when the server closed a connection while an operation is active.
|
| 18 Oct 2008 |
openldap2-back-perl: OpenLDAP Perl Back-End |
| RPM |
openldap2-back-perl 2.3.27-34 (x86_64) |
37 kB |
| Patch-RPM |
openldap2-back-perl 2.3.27-34-patch (x86_64) |
34 kB |
| Source-RPM |
openldap2-2.3.27-34.src.rpm |
|
Security Update!
This update fixes a security problem in the liblber client library of
openldap that allowed remote attackers to cause a denial of service
(program termination) via crafted ASN.1 BER datagrams, which triggers
an assertion error. (CVE-2008-2952)
Additionally a bug was fixed in ldap_free_connection which could result in client crashes when the server closed a connection while an operation is active.
|
| 18 Oct 2008 |
openldap2-back-meta: OpenLDAP Meta Back-End |
| RPM |
openldap2-back-meta 2.3.27-34 (x86_64) |
73 kB |
| Patch-RPM |
openldap2-back-meta 2.3.27-34-patch (x86_64) |
58 kB |
| Source-RPM |
openldap2-2.3.27-34.src.rpm |
|
Security Update!
This update fixes a security problem in the liblber client library of
openldap that allowed remote attackers to cause a denial of service
(program termination) via crafted ASN.1 BER datagrams, which triggers
an assertion error. (CVE-2008-2952)
Additionally a bug was fixed in ldap_free_connection which could result in client crashes when the server closed a connection while an operation is active.
|
| 18 Oct 2008 |
openldap2: The New OpenLDAP Server (LDAPv3) |
| RPM |
openldap2 2.3.27-34 (x86_64) |
1325 kB |
| Patch-RPM |
openldap2 2.3.27-34-patch (x86_64) |
750 kB |
| Source-RPM |
openldap2-2.3.27-34.src.rpm |
|
Security Update!
This update fixes a security problem in the liblber client library of
openldap that allowed remote attackers to cause a denial of service
(program termination) via crafted ASN.1 BER datagrams, which triggers
an assertion error. (CVE-2008-2952)
Additionally a bug was fixed in ldap_free_connection which could result in client crashes when the server closed a connection while an operation is active.
|
| 17 Oct 2008 |
freeradius-dialupadmin: Web management for FreeRADIUS |
| RPM |
freeradius-dialupadmin 1.1.3-30 (x86_64) |
104 kB |
| Patch-RPM |
freeradius-dialupadmin 1.1.3-30-patch (x86_64) |
26 kB |
| Source-RPM |
freeradius-1.1.3-30.src.rpm |
|
Security Update!
This update fixes a possible symlink attack in the script freeradius-dialupadmin. (CVE-2008-4474)
|
| 17 Oct 2008 |
freeradius: Very Highly Configurable Radius Server |
| RPM |
freeradius 1.1.3-30 (x86_64) |
1598 kB |
| Patch-RPM |
freeradius 1.1.3-30-patch (x86_64) |
176 kB |
| Source-RPM |
freeradius-1.1.3-30.src.rpm |
|
Security Update!
This update fixes a possible symlink attack in the script freeradius-dialupadmin. (CVE-2008-4474)
|
| 17 Oct 2008 |
freeradius-devel: FreeRADIUS Development Files (static libs) |
| RPM |
freeradius-devel 1.1.3-30 (x86_64) |
207 kB |
| Patch-RPM |
freeradius-devel 1.1.3-30-patch (x86_64) |
34 kB |
| Source-RPM |
freeradius-1.1.3-30.src.rpm |
|
Security Update!
This update fixes a possible symlink attack in the script freeradius-dialupadmin. (CVE-2008-4474)
|
| 17 Oct 2008 |
dbus-1-x11: X11-requiring add-ons for D-Bus |
| RPM |
dbus-1-x11 1.0.0-11 (x86_64) |
86 kB |
| Patch-RPM |
dbus-1-x11 1.0.0-11-patch (x86_64) |
75 kB |
| Source-RPM |
dbus-1-1.0.0-11.src.rpm |
|
Security Update!
This update fixes a denial of service bug in dbus. (CVE-2008-3834)
|
| 17 Oct 2008 |
dbus-1-devel: Developer package for D-Bus |
| RPM |
dbus-1-devel 1.0.0-11 (x86_64) |
206 kB |
| Patch-RPM |
dbus-1-devel 1.0.0-11-patch (x86_64) |
190 kB |
| Source-RPM |
dbus-1-1.0.0-11.src.rpm |
|
Security Update!
This update fixes a denial of service bug in dbus. (CVE-2008-3834)
|
| 17 Oct 2008 |
dbus-1-devel-doc: Developer documentation package for D-Bus |
| RPM |
dbus-1-devel-doc 1.0.0-11 (x86_64) |
946 kB |
| Patch-RPM |
dbus-1-devel-doc 1.0.0-11-patch (x86_64) |
923 kB |
| Source-RPM |
dbus-1-1.0.0-11.src.rpm |
|
Security Update!
This update fixes a denial of service bug in dbus. (CVE-2008-3834)
|
| 17 Oct 2008 |
dbus-1: D-Bus Message Bus System |
| RPM |
dbus-1 1.0.0-11 (x86_64) |
436 kB |
| Patch-RPM |
dbus-1 1.0.0-11-patch (x86_64) |
271 kB |
| Source-RPM |
dbus-1-1.0.0-11.src.rpm |
|
Security Update!
This update fixes a denial of service bug in dbus. (CVE-2008-3834)
|
| 17 Oct 2008 |
dbus-1-32bit: D-Bus Message Bus System |
| RPM |
dbus-1-32bit 1.0.0-11 (x86_64) |
155 kB |
| Source-RPM |
dbus-1-1.0.0-11.src.rpm |
|
Security Update!
This update fixes a denial of service bug in dbus. (CVE-2008-3834)
|
| 16 Oct 2008 |
hplip-hpijs: HPIJS for HP's printing and scanning software HPLIP. |
| RPM |
hplip-hpijs 1.6.10-27 (x86_64) |
310 kB |
| Patch-RPM |
hplip-hpijs 1.6.10-27-patch (x86_64) |
12 kB |
| Source-RPM |
hplip-1.6.10-27.src.rpm |
|
Security Update!
This update of hplip does not allow to send alert mails as user anymore (CVE-2008-2940) and fixes a denial-of-service defect (CVE-2008-2941).
|
| 16 Oct 2008 |
hplip: HP's Printing and Scanning Software |
| RPM |
hplip 1.6.10-27 (x86_64) |
10227 kB |
| Patch-RPM |
hplip 1.6.10-27-patch (x86_64) |
162 kB |
| Source-RPM |
hplip-1.6.10-27.src.rpm |
|
Security Update!
This update of hplip does not allow to send alert mails as user anymore (CVE-2008-2940) and fixes a denial-of-service defect (CVE-2008-2941).
|
| 15 Oct 2008 |
MozillaThunderbird-translations: Translations of MozillaThunderbird |
| RPM |
MozillaThunderbird-translations 1.5.0.14-0.8 (x86_64) |
4563 kB |
| Patch-RPM |
MozillaThunderbird-translations 1.5.0.14-0.8-patch (x86_64) |
18 kB |
| Source-RPM |
MozillaThunderbird-1.5.0.14-0.8.src.rpm |
|
Security Update!
This patch backports security fixes found in MozillaThunderbird
2.0.0.17 back to the 1.5 Thunderbird used in openSUSE 10.2.
MFSA 2008-34 / CVE-2008-2785: An anonymous researcher, via
TippingPoint's Zero Day Initiative program, reported a
vulnerability in Mozilla CSS reference counting code. The
vulnerability was caused by an insufficiently sized
variable being used as a reference counter for CSS objects.
By creating a very large number of references to a common
CSS object, this counter could be overflowed which could
cause a crash when the browser attempts to free the CSS
object while still in use. An attacker could use this crash
to run arbitrary code on the victim's computer
|
| 15 Oct 2008 |
MozillaThunderbird: The Stand-Alone Mozilla Mail Component |
| RPM |
MozillaThunderbird 1.5.0.14-0.8 (x86_64) |
8822 kB |
| Patch-RPM |
MozillaThunderbird 1.5.0.14-0.8-patch (x86_64) |
7635 kB |
| Source-RPM |
MozillaThunderbird-1.5.0.14-0.8.src.rpm |
|
Security Update!
This patch backports security fixes found in MozillaThunderbird
2.0.0.17 back to the 1.5 Thunderbird used in openSUSE 10.2.
MFSA 2008-34 / CVE-2008-2785: An anonymous researcher, via
TippingPoint's Zero Day Initiative program, reported a
vulnerability in Mozilla CSS reference counting code. The
vulnerability was caused by an insufficiently sized
variable being used as a reference counter for CSS objects.
By creating a very large number of references to a common
CSS object, this counter could be overflowed which could
cause a crash when the browser attempts to free the CSS
object while still in use. An attacker could use this crash
to run arbitrary code on the victim's computer
|
| 9 Oct 2008 |
kdenetwork3-InstantMessenger: Chat applications for KDE |
| RPM |
kdenetwork3-InstantMessenger 3.5.5-41.6 (x86_64) |
6923 kB |
| Patch-RPM |
kdenetwork3-InstantMessenger 3.5.5-41.6-patch (x86_64) |
4742 kB |
| Source-RPM |
kdenetwork3-3.5.5-41.6.src.rpm |
|
Updates the client IDs used by Kopete to login to ICQ. Solve potential crash with Yahoo! on login.
|
| 8 Oct 2008 |
epiphany-extensions: Extensions Collection for Epiphany |
| RPM |
epiphany-extensions 2.16.1-34 (x86_64) |
476 kB |
| Patch-RPM |
epiphany-extensions 2.16.1-34-patch (x86_64) |
118 kB |
| Source-RPM |
epiphany-extensions-2.16.1-34.src.rpm |
|
This patch updates epiphany to match the current mozilla-xulrunner181 package.
|
| 8 Oct 2008 |
epiphany-doc: Developer Documentation for Epiphany |
| RPM |
epiphany-doc 2.16.1-34 (x86_64) |
39 kB |
| Patch-RPM |
epiphany-doc 2.16.1-34-patch (x86_64) |
11 kB |
| Source-RPM |
epiphany-2.16.1-34.src.rpm |
|
This patch updates epiphany to match the current mozilla-xulrunner181 package.
|
| 8 Oct 2008 |
epiphany-devel: GNOME Web Browser based on the Mozilla Rendering Engine |
| RPM |
epiphany-devel 2.16.1-34 (x86_64) |
26 kB |
| Patch-RPM |
epiphany-devel 2.16.1-34-patch (x86_64) |
12 kB |
| Source-RPM |
epiphany-2.16.1-34.src.rpm |
|
This patch updates epiphany to match the current mozilla-xulrunner181 package.
|
| 8 Oct 2008 |
epiphany: GNOME Web Browser Based on the Mozilla Rendering Engine |
| RPM |
epiphany 2.16.1-34 (x86_64) |
3433 kB |
| Patch-RPM |
epiphany 2.16.1-34-patch (x86_64) |
486 kB |
| Source-RPM |
epiphany-2.16.1-34.src.rpm |
|
This patch updates epiphany to match the current mozilla-xulrunner181 package.
|
| 8 Oct 2008 |
mozilla-xulrunner181-devel: XULRunner/Gecko SDK 1.8.1.x |
| RPM |
mozilla-xulrunner181-devel 1.8.1.17-0.1 (x86_64) |
2243 kB |
| Source-RPM |
mozilla-xulrunner181-1.8.1.17-0.1.src.rpm |
|
Security Update!
This update brings mozilla-xulrunner181 to security fix version 1.8.1.17.
It contains the following security fixes:
MFSA 2008-45 / CVE-2008-4069: XBM image uninitialized memory reading
MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities
MFSA 2008-43: BOM characters stripped from JavaScript before execution
CVE-2008-4065: Stripped BOM characters bug
CVE-2008-4066: HTML escaped low surrogates bug
MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17):
CVE-2008-4061: Jesse Ruderman reported a crash in the layout engine.
CVE-2008-4062: Igor Bukanov, Philip Taylor, Georgi Guninski,
and Antoine Labour reported crashes in the
JavaScript engine.
CVE-2008-4063: Jesse Ruderman, Bob Clary, and Martijn Wargers
reported crashes in the layout engine which only
affected Firefox 3.
CVE-2008-4064: David Maciejak and Drew Yao reported crashes in
graphics rendering which only affected Firefox 3.
MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
CVE-2008-4058: XPCnativeWrapper pollution bugs
CVE-2008-4059: XPCnativeWrapper pollution (Firefox 2)
CVE-2008-4060: Documents without script handling objects
MFSA 2008-40 / CVE-2008-3837: Forced mouse drag
MFSA 2008-39 / CVE-2008-3836: Privilege escalation using feed preview page and XSS flaw
MFSA 2008-38 / CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation
MFSA 2008-37 / CVE-2008-0016: UTF-8 URL stack buffer overflow
For more details:
http://www.mozilla.org/security/known-vulnerabilities/firefox20.html
|
| 8 Oct 2008 |
mozilla-xulrunner181-l10n: Translations for XULRunner 1.8.1.x |
| RPM |
mozilla-xulrunner181-l10n 1.8.1.17-0.1 (x86_64) |
1414 kB |
| Source-RPM |
mozilla-xulrunner181-1.8.1.17-0.1.src.rpm |
|
Security Update!
This update brings mozilla-xulrunner181 to security fix version 1.8.1.17.
It contains the following security fixes:
MFSA 2008-45 / CVE-2008-4069: XBM image uninitialized memory reading
MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities
MFSA 2008-43: BOM characters stripped from JavaScript before execution
CVE-2008-4065: Stripped BOM characters bug
CVE-2008-4066: HTML escaped low surrogates bug
MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17):
CVE-2008-4061: Jesse Ruderman reported a crash in the layout engine.
CVE-2008-4062: Igor Bukanov, Philip Taylor, Georgi Guninski,
and Antoine Labour reported crashes in the
JavaScript engine.
CVE-2008-4063: Jesse Ruderman, Bob Clary, and Martijn Wargers
reported crashes in the layout engine which only
affected Firefox 3.
CVE-2008-4064: David Maciejak and Drew Yao reported crashes in
graphics rendering which only affected Firefox 3.
MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
CVE-2008-4058: XPCnativeWrapper pollution bugs
CVE-2008-4059: XPCnativeWrapper pollution (Firefox 2)
CVE-2008-4060: Documents without script handling objects
MFSA 2008-40 / CVE-2008-3837: Forced mouse drag
MFSA 2008-39 / CVE-2008-3836: Privilege escalation using feed preview page and XSS flaw
MFSA 2008-38 / CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation
MFSA 2008-37 / CVE-2008-0016: UTF-8 URL stack buffer overflow
For more details:
http://www.mozilla.org/security/known-vulnerabilities/firefox20.html
|
| 8 Oct 2008 |
mozilla-xulrunner181: Mozilla Runtime Environment 1.8.1.x |
| RPM |
mozilla-xulrunner181 1.8.1.17-0.1 (x86_64) |
8822 kB |
| Source-RPM |
mozilla-xulrunner181-1.8.1.17-0.1.src.rpm |
|
Security Update!
This update brings mozilla-xulrunner181 to security fix version 1.8.1.17.
It contains the following security fixes:
MFSA 2008-45 / CVE-2008-4069: XBM image uninitialized memory reading
MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities
MFSA 2008-43: BOM characters stripped from JavaScript before execution
CVE-2008-4065: Stripped BOM characters bug
CVE-2008-4066: HTML escaped low surrogates bug
MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17):
CVE-2008-4061: Jesse Ruderman reported a crash in the layout engine.
CVE-2008-4062: Igor Bukanov, Philip Taylor, Georgi Guninski,
and Antoine Labour reported crashes in the
JavaScript engine.
CVE-2008-4063: Jesse Ruderman, Bob Clary, and Martijn Wargers
reported crashes in the layout engine which only
affected Firefox 3.
CVE-2008-4064: David Maciejak and Drew Yao reported crashes in
graphics rendering which only affected Firefox 3.
MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
CVE-2008-4058: XPCnativeWrapper pollution bugs
CVE-2008-4059: XPCnativeWrapper pollution (Firefox 2)
CVE-2008-4060: Documents without script handling objects
MFSA 2008-40 / CVE-2008-3837: Forced mouse drag
MFSA 2008-39 / CVE-2008-3836: Privilege escalation using feed preview page and XSS flaw
MFSA 2008-38 / CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation
MFSA 2008-37 / CVE-2008-0016: UTF-8 URL stack buffer overflow
For more details:
http://www.mozilla.org/security/known-vulnerabilities/firefox20.html
|