----------------------------------------------------------------------


  Secunia CSI
+ Microsoft SCCM
-----------------------
= Extensive Patch Management

http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/


----------------------------------------------------------------------

TITLE:
SUSE Update for Multiple Packages

SECUNIA ADVISORY ID:
SA39317

VERIFY ADVISORY:
http://secunia.com/advisories/39317/

DESCRIPTION:
SUSE has issued an update for multiple packages. This fixes a
weakness, security issues, and vulnerabilities, where some have
unknown impacts and others can be exploited by malicious people with
physical access to bypass certain security restrictions and by
malicious people to bypass certain security restrictions, disclose
system information, manipulate certain data, disclose potentially
sensitive information, cause a DoS (Denial of Service), or compromise
a vulnerable system.

For more information:
SA35326
SA37255
SA37699
SA37852
SA38316
SA38454

1) The "mount.cifs" utility does not properly sanitise certain input,
which can be exploited to corrupt the /etc/mtab file.

Successful exploitation requires that "mount.cifs" is setuid root
(not setuid root by default).

SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server.

ORIGINAL ADVISORY:
SUSE-SR:2010:008:
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

OTHER REFERENCES:
SA35326:
http://secunia.com/advisories/35326/

SA37255:
http://secunia.com/advisories/37255/

SA37699:
http://secunia.com/advisories/37699/

SA37852:
http://secunia.com/advisories/37852/

SA38316:
http://secunia.com/advisories/38316/

SA38454:
http://secunia.com/advisories/38454/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------