Secunia Logo
Netsikker nu! 2008
 
SUSE Update for Multiple Packages
Secunia Advisory: SA23984
Release Date: 2007-01-29
Popularity: 6,770 views

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information
Privilege escalation
DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS:openSUSE 10.2
SuSE eMail Server 3.x
SUSE Linux 10
SUSE Linux 10.1
SUSE Linux 9.3
SUSE Linux Enterprise Server 10
SuSE Linux Enterprise Server 8
SUSE Linux Enterprise Server 9
SuSE Linux Firewall on CD/Admin host
SuSE Linux Openexchange Server 4.x
SuSE Linux Standard Server 8

Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2006-5750
CVE-2007-0010
CVE-2007-0157


Description:
SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information, cause a DoS (Denial of Service), or gain escalated privileges; by malicious users to manipulate data, disclose sensitive information, or compromise a vulnerable system; and by malicious people to cause a DoS.

For more information:
SA23095
SA23751
SA23884
SA23937

Additionally, updated Amarok packages fix crashes in the magnatune.com album browser and incorrect quoting within the ruby handlers, which can potentially be exploited to inject and execute arbitrary shell commands.

Solution:
Apply updated packages.

Updated packages are available via YaST Online Update or via the SUSE FTP site.

Original Advisory:
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html

Other References:
SA23095:
http://secunia.com/advisories/23095/

SA23751:
http://secunia.com/advisories/23751/

SA23884:
http://secunia.com/advisories/23884/

SA23937:
http://secunia.com/advisories/23937/


Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. My PHP Indexer "d" File Disclosure Vulnerability // 94 views
2. WinFTP "PASV" Denial of Service Vulnerability // 66 views
3. NewLife Blogger "nlb3" SQL Injection Vulnerability // 64 views
4. Ayco Okul "linkid" SQL Injection Vulnerability // 55 views
5. Joomla Ignite Gallery Component "gallery" SQL Injection // 46 views
6. ScriptsEz Mini Hosting Panel "dir" File Disclosure // 43 views
7. Real Estates Classifieds "cat" SQL Injection Vulnerability // 42 views
8. Joomla Mad4Joomla Mailforms Component "jid" SQL Injection // 36 views
9. GuildFTPd "LIST" Processing Buffer Overflow Vulnerability // 36 views
10. Apache Tomcat "RemoteFilterValve" Security Bypass Security Issue // 34 views