---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: SUSE Update for Multiple Packages SECUNIA ADVISORY ID: SA29242 VERIFY ADVISORY: http://secunia.com/advisories/29242/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: openSUSE 10.3 http://secunia.com/product/16124/ openSUSE 10.2 http://secunia.com/product/13375/ SUSE Linux 10.1 http://secunia.com/product/10796/ SuSE Linux 9.0 http://secunia.com/product/2467/ SuSE Linux Enterprise Server 8 http://secunia.com/product/1171/ SUSE Linux Enterprise Server 9 http://secunia.com/product/4118/ SUSE Linux Enterprise Server 10 http://secunia.com/product/12192/ SuSE Linux Openexchange Server 4.x http://secunia.com/product/2001/ SuSE Linux Standard Server 8 http://secunia.com/product/2526/ SOFTWARE: Novell Open Enterprise Server http://secunia.com/product/4664/ DESCRIPTION: SUSE has issued an update for multiple packages. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, by malicious users to conduct SQL injection attacks, and by malicious people to bypass certain security restrictions, gain potentially sensitive information, conduct HTTP response splitting, cross-site scripting, or SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA22130 SA25383 SA26466 SA27398 SA27827 SA28149 SA28308 SA28552 SA28575 SA28872 SA29156 SA29229 SOLUTION: Updated packages are available via YaST Online Update or the SUSE FTP server. Note: Adobe Acrobat Reader updates for version 7 for Novell Linux Desktop 9 and SUSE Linux Enterprise Server 9 are still pending. ORIGINAL ADVISORY: http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html OTHER REFERENCES: SA22130: http://secunia.com/advisories/22130/ SA25383: http://secunia.com/advisories/25383/ SA26466: http://secunia.com/advisories/26466/ SA27398: http://secunia.com/advisories/27398/ SA27827: http://secunia.com/advisories/27827/ SA28149: http://secunia.com/advisories/28149/ SA28308: http://secunia.com/advisories/28308/ SA28552: http://secunia.com/advisories/28552/ SA28575: http://secunia.com/advisories/28575/ SA28872: http://secunia.com/advisories/28872/ SA29156: http://secunia.com/advisories/29156/ SA29229: http://secunia.com/advisories/29229/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------