Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes some security issues and some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and bypass certain security restrictions, malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system, and by malicious people to disclose sensitive information, conduct session fixation attacks, cross-site scripting and request forgery attacks, bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system.
3aac417cacad07dc406ccb7d1319d6c546f163f3e3e47021d2a1975457112c13----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
https://secunia.com/advisories/business_solutions/
----------------------------------------------------------------------
TITLE:
SUSE Update for Multiple Packages
SECUNIA ADVISORY ID:
SA33849
VERIFY ADVISORY:
https://secunia.com/advisories/33849/
DESCRIPTION:
SUSE has issued an update for multiple packages. This fixes some
security issues and some vulnerabilities, which can be exploited by
malicious, local users to gain escalated privileges and bypass
certain security restrictions, malicious users to cause a DoS (Denial
of Service) and potentially compromise a vulnerable system, and by
malicious people to disclose sensitive information, conduct session
fixation attacks, cross-site scripting and request forgery attacks,
bypass certain security restrictions, cause a DoS, and potentially
compromise a vulnerable system.
For more information:
SA33014
SA31330
SA31450
SA31478
SA31502
SA31567
SA32164
SA32851
SA32964
SA33133
SA33198
SA33227
SA33356
SA33795
A vulnerability is caused due to an incorrect backport of the patch
for CVE-2008-3663, resulting in an error within the handling of
sessions, which can be exploited to hijack a user's session.
This is related to:
SA33517
A vulnerability is caused due to the reintroduction of
CVE-2005-0448.
For more information:
SA14531
SOLUTION:
Apply updated packages using YaST Online Update or the SUSE FTP
server.
ORIGINAL ADVISORY:
SUSE-SR:2009:004:
https://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
OTHER REFERENCES:
SA14531:
https://secunia.com/advisories/14531/
SA33014:
https://secunia.com/advisories/33014/
SA31330:
https://secunia.com/advisories/31330/
SA31450:
https://secunia.com/advisories/31450/
SA31478:
https://secunia.com/advisories/31478/
SA31502:
https://secunia.com/advisories/31502/
SA31567:
https://secunia.com/advisories/31567/
SA32164:
https://secunia.com/advisories/32164/
SA32851:
https://secunia.com/advisories/32851/
SA32964:
https://secunia.com/advisories/32964/
SA33133:
https://secunia.com/advisories/33133/
SA33198:
https://secunia.com/advisories/33198/
SA33227:
https://secunia.com/advisories/33227/
SA33356:
https://secunia.com/advisories/33356/
SA33517:
https://secunia.com/advisories/33517/
SA33795:
https://secunia.com/advisories/33795/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
https://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
https://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed