----------------------------------------------------------------------

Do you need accurate and reliable IDS / IPS / AV detection rules?

Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/

----------------------------------------------------------------------

TITLE:
SUSE Update for Multiple Packages

SECUNIA ADVISORY ID:
SA32575

VERIFY ADVISORY:
http://secunia.com/advisories/32575/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting, DoS, System access

WHERE:
>From remote

OPERATING SYSTEM:
openSUSE 10.2
http://secunia.com/advisories/product/13375/
openSUSE 10.3
http://secunia.com/advisories/product/16124/
openSUSE 11.0
http://secunia.com/advisories/product/19180/
SUSE Linux Enterprise Server 10
http://secunia.com/advisories/product/12192/
SUSE Linux Enterprise Server 9
http://secunia.com/advisories/product/4118/

SOFTWARE:
Novell Open Enterprise Server 1.x
http://secunia.com/advisories/product/4664/

DESCRIPTION:
SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious people to
conduct cross-site scripting and cross-site request forgery attacks,
cause a DoS (Denial of Service), and compromise a vulnerable system.

For more information:
SA28046
SA31384
SA32137

A boundary error within the function "cddb_read_disc_data()" in
src/cddb.c of libcdaudio can be exploited cause a heap-based buffer
overflow by e.g. tricking an application using the library into
processing a specially crafted CDDB entry.

Note: This only affects OpenSUSE 10.2 through OpenSUSE 11.0.

SOLUTION:
Updated packages are available via YaST Online Update or the SUSE FTP
server.

ORIGINAL ADVISORY:
SUSE-SR:2008:024:
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html

OTHER REFERENCES:
SA28046:
http://secunia.com/advisories/28046/

SA31384:
http://secunia.com/advisories/31384/

SA32137:
http://secunia.com/advisories/32137/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------