SUSE has issued an update for multiple packages. This fixes some security issues and vulnerabilities, where one has unknown impacts and others can be exploited by malicious, local users to bypass certain security restrictions, and by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and cross-site request-forgery attacks, conduct script insertion attacks, manipulate data, cause a DoS (Denial of Service), and compromise a vulnerable system.

For more information:
SA28020
SA30621
SA30731
SA31464
SA33521
SA33775
SA34393
SA34135
SA33719
SA33695

A security issue is caused due to the "/var/run/multipathd.sock" being world-writable, which can be exploited to e.g. send arbitrary commands to the multipath daemon.

Solution
Apply updated packages using YaST Online Update or the SUSE FTP server.
Original Advisory
SUSE-SR:2009:007:
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area