Description: SUSE has issued an update for multiple packages. This fixes some security issues and some vulnerabilities, which can be exploited by malicious people to manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
1) The zypp-refresh-patches wrapper does not ask the user for permission before adding new repository keys. This can be exploited to trick the wrapper into parsing manipulated XML repository files.
Solution: Updated packages are available via YaST Online Update or the SUSE FTP server.
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.