Secunia

SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious users to disclose sensitive information, manipulate certain data, and by malicious people to disclose sensitive information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

For more information:
SA33338
SA33853
SA33884
SA34035
SA34481
SA34746
SA34797
SA35021
SA35128
SA35216
SA35296
SA35344
SA35422

1) A boundary error exists within the "pg_db_putline()" function in perl-DBD-Pg's dbdimp.c. This can be exploited to cause a heap-based buffer overflow if malicious rows are retrieved from the database using the "pg_getline()" or "getline()" function.

2) A memory leak exists within the function "dequote_bytea()" in perl-DBD-Pg's quote.c, which can be exploited to cause a memory exhaustion.

3) Various integer overflow errors exist within the "pdftops" application. This can be exploited to e.g. cause a crash or potentially execute arbitrary code by printing a specially crafted PDF file.

4) A vulnerability is caused due to an assertion error in bgpd when handling an AS path containing multiple 4 byte AS numbers, which can be exploited to crash to the daemon by advertising specially crafted AS paths.

Solution
Apply updated packages via YaST Online Update or the SUSE FTP server.
Original Advisory
SUSE-SR:2009:012:
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area