---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: SUSE Update for Multiple Packages SECUNIA ADVISORY ID: SA33849 VERIFY ADVISORY: http://secunia.com/advisories/33849/ DESCRIPTION: SUSE has issued an update for multiple packages. This fixes some security issues and some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and bypass certain security restrictions, malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system, and by malicious people to disclose sensitive information, conduct session fixation attacks, cross-site scripting and request forgery attacks, bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system. For more information: SA33014 SA31330 SA31450 SA31478 SA31502 SA31567 SA32164 SA32851 SA32964 SA33133 SA33198 SA33227 SA33356 SA33795 A vulnerability is caused due to an incorrect backport of the patch for CVE-2008-3663, resulting in an error within the handling of sessions, which can be exploited to hijack a user's session. This is related to: SA33517 A vulnerability is caused due to the reintroduction of CVE-2005-0448. For more information: SA14531 SOLUTION: Apply updated packages using YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2009:004: http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html OTHER REFERENCES: SA14531: http://secunia.com/advisories/14531/ SA33014: http://secunia.com/advisories/33014/ SA31330: http://secunia.com/advisories/31330/ SA31450: http://secunia.com/advisories/31450/ SA31478: http://secunia.com/advisories/31478/ SA31502: http://secunia.com/advisories/31502/ SA31567: http://secunia.com/advisories/31567/ SA32164: http://secunia.com/advisories/32164/ SA32851: http://secunia.com/advisories/32851/ SA32964: http://secunia.com/advisories/32964/ SA33133: http://secunia.com/advisories/33133/ SA33198: http://secunia.com/advisories/33198/ SA33227: http://secunia.com/advisories/33227/ SA33356: http://secunia.com/advisories/33356/ SA33517: http://secunia.com/advisories/33517/ SA33795: http://secunia.com/advisories/33795/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------