Security Advisory SA40855 - SUSE update for Multiple Packages

Secunia

Blog

Secunia Advisory SA40855

SUSE update for Multiple Packages

Secunia Advisory

SA40855

Release Date

2010-08-03

Popularity

1,987 view

Comments

0 comments

Criticality level

Highly critical

Impact

Security Bypass
Cross Site Scripting
Spoofing
Manipulation of data
Exposure of sensitive information
Privilege escalation
DoS
System access

Where

From remote

Authentication level

This information is available to Secunia VIM customers

Report reliability

This information is available to Secunia VIM customers

Solution Status

Vendor Patch

Systems affected

This information is available to Secunia VIM customers

Approve distribution

This information is available to Secunia VIM customers

Operating System

openSUSE 11.0

openSUSE 11.1

openSUSE 11.2

SUSE Linux Enterprise Server (SLES) 10

SUSE Linux Enterprise Server (SLES) 11

SUSE Linux Enterprise Server 9

Secunia CVSS Score

This information is available to Secunia VIM Customers

CVE Reference(s)

Description

SUSE has issued updates for multiple packages. This fixes multiple security issues and vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, gain escalated privileges, and compromise a user's system and by malicious users to conduct script insertion and SQL injection attacks, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system and by malicious people to conduct cross-site scripting, script insertion, cross-site request forgery, and spoofing attacks, bypass certain security restrictions, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), compromise an application using the library, potentially compromise a user's system, and potentially compromise a vulnerable system.

For more information:
SA15193
SA32410
SA36001
SA36159
SA36425
SA36425
SA37107
SA37107
SA37469
SA37851
SA38286
SA38454
SA38507
SA39529
SA39753
SA39753
SA39762
SA39845
SA39845
SA39861
SA39895
SA39895
SA39935
SA40019
SA40028
SA40070
SA40134
SA40145
SA40181
SA40241
SA40248
SA40427
SA40475
SA40572
SA40635
SA40639
SA40727

1) The SUSE Lifecycle Management Server application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform unspecified actions if a logged-in user visits a malicious web site.

2) A security issue exists in the pre-installed images of the WebYaST appliance, which generates the same secret key used to create session cookies.

3) A security issue exists in LXSession due to "lxsession-logout" not properly locking the screen before suspending, hibernating, or switching users and can be exploited to compromise a user's system.

Solution
Apply updated packages via YaST Online Update or the SUSE FTP server.
Original Advisory
SUSE-SR:2010:014:
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: SUSE update for Multiple Packages

No posts yet

Secunia Advisory SA40855

SUSE update for Multiple Packages

Do you have additional information related to this advisory?

You must be logged in to post a comment.

Secunia Customer Login

Not a customer already?