Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - April 13, 2012

by: Carol~ April 13, 2012 4:45 AM PDT

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - April 13, 2012

by Carol~ Moderator - 4/13/12 4:45 AM

SUSE update for php5

Release Date : 2012-04-13

Criticality level : Highly critical
Impact : Security Bypass
Exposure of sensitive information
Privilege escalation
DoS
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: SUSE Linux Enterprise Server (SLES) 11

Description:
SUSE has issued an update for php5. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to bypass certain security restrictions, disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
SUSE-SU-2012:0496-1:

http://secunia.com/advisories/48828/


Reply
Report offensive post
Email to friend

Cumin Unspecified Script Insertion Vulnerabilities

by Carol~ Moderator - 4/13/12 4:59 AM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

Release Date : 2012-04-13

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From local network
Solution Status : Vendor Patch

Software: Cumin

Description:
Multiple vulnerabilities have been reported in Cumin, which can be exploited by malicious users to conduct script insertion attacks.

Certain unspecified input is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

Solution:
Fixed in the SVN repository.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Red Hat Bug #805712:
https://bugzilla.redhat.com/show_bug.cgi?id=805712

Cumin:
https://fedorahosted.org/pipermail/cumin-developers/2012-March/000796.html

http://secunia.com/advisories/48810/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for Red Hat Enterprise MRG

by Carol~ Moderator - 4/13/12 4:59 AM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

Release Date : 2012-04-13

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 5)
Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)

Description:
Red Hat has issued an update for Red Hat Enterprise MRG. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:0476-1:
https://rhn.redhat.com/errata/RHSA-2012-0476.html

RHSA-2012:0477-1:
https://rhn.redhat.com/errata/RHSA-2012-0477.html

http://secunia.com/advisories/48829/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

nginx ngx_http_mp4_module Module Buffer Overflow

by Carol~ Moderator - 4/13/12 4:59 AM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

nginx ngx_http_mp4_module Module Buffer Overflow Vulnerability

Release Date : 2012-04-13

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: nginx 1.0.x
nginx 1.1.x

Description:
A vulnerability has been reported in nginx, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error within the ngx_http_mp4_module module when parsing certain atoms and can be exploited to cause a buffer overflow via a specially crafted MP4 file placed on the server.

Successful exploitation may allow execution of arbitrary code but requires that ngx_http_mp4_module module is enabled and the "mp4" directive is configured.

The vulnerability is reported in versions 1.1.3 through 1.1.18 and 1.0.7 through 1.0.14.

Solution:
Update to version 1.1.19 or 1.0.15.

Provided and/or discovered by:
The vendor credits Matthew Daley.

Original Advisory:
http://nginx.org/en/security_advisories.html

http://secunia.com/advisories/48827/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

VMware Multiple Products Privilege Escalation Security Issue

by Carol~ Moderator - 4/13/12 4:59 AM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

Release Date : 2012-04-13

Criticality level : Less critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch

Operating System: VMware ESX Server 3.x
VMware ESX Server 4.x
VMware ESXi 3.x
VMware ESXi 4.x
VMware ESXi 5.x

Software: VMware Fusion 4.x
VMware Workstation 8.x

Description:
A security issue has been reported in multiple VMware products, which can be exploited by malicious, local users to gain escalated privileges.

The security issue is caused due to the application setting insecure permissions on the VMware Tools folder and can be exploited to gain escalated privileges on Windows-based guest operating systems.

Please see the vendor's advisory for a list of affected products and versions.

Solution:
Update to a fixed version (please see the vendor's advisory for details).

Provided and/or discovered by:
The vendor credits Tavis Ormandy.

Original Advisory:
VMware:
http://www.vmware.com/security/advisories/VMSA-2012-0007.html

http://secunia.com/advisories/48782/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Dokodemo Rikunabi 2013 Unspecified Cross-Site Scripting

by Carol~ Moderator - 4/13/12 6:22 AM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

Dokodemo Rikunabi 2013 Unspecified Cross-Site Scripting Vulnerability

Release Date : 2012-04-13

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Dokodemo Rikunabi 2013 1.x (extension for Google Chrome)

Description:
A vulnerability has been reported in the Dokodemo Rikunabi 2013 extension for Google Chrome, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in version 1.0.0. Prior versions may also be affected.

Solution:
Update to version 1.0.1.

Provided and/or discovered by:
JVN credits Kazuhiko Kusano.

Original Advisory:
Dokodemo Rikunabi 2013:
https://chrome.google.com/webstore/detail/cfmkbngdlheahmooldblflapbpngmmbg

JVN:
http://jvn.jp/en/jp/JVN90055996/index.html

http://secunia.com/advisories/48813/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Debian update for samba

by Carol~ Moderator - 4/13/12 6:24 AM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

Release Date : 2012-04-13

Criticality level : Moderately critical
Impact : System access
Where : From local network
Solution Status : Vendor Patch

Operating System: Debian GNU/Linux 6.0

Description:
Debian has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2450-1:
http://www.us.debian.org/security/2012/dsa-2450

http://secunia.com/advisories/48818/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Ubuntu update for samba

by Carol~ Moderator - 4/13/12 6:24 AM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

Release Date : 2012-04-13

Criticality level : Moderately critical
Impact : System access
Where : From local network
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 10.04
Ubuntu Linux 11.04
Ubuntu Linux 11.10
Ubuntu Linux 8.04

Description:
Ubuntu has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
USN-1423-1:
http://www.ubuntu.com/usn/usn-1423-1


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IrfanView FlashPix PlugIn Image Decompression Buffer

by Carol~ Moderator - 4/13/12 6:33 AM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

IrfanView FlashPix PlugIn Image Decompression Buffer Overflow

Release Date : 2012-04-13

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: IrfanView FlashPix PlugIn 4.x

Description:
Francis Provencher has discovered a vulnerability in the FlashPix PlugIn for IrfanView, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to insufficient validation when decompressing FlashPix images and can be exploited to cause a heap-based buffer overflow via a specially crafted FPX file.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 4.3.2.0. Other versions may also be affected.

Solution:
Update to version 4.3.4.0.

Provided and/or discovered by:
Francis Provencher via Secunia.

http://secunia.com/advisories/48772/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Ubuntu update for kernel

by Carol~ Moderator - 4/13/12 7:07 AM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

Release Date : 2012-04-13

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 11.04

Description:
Ubuntu has issued an update for the kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

Solution:
Apply updated packages.

Original Advisory:
USN-1422-1:
http://www.ubuntu.com/usn/usn-1422-1

http://secunia.com/advisories/48820/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Ubuntu update for linux-lts-backport-maverick

by Carol~ Moderator - 4/13/12 7:07 AM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

Release Date : 2012-04-13

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 10.04

Description:
Ubuntu has issued an update for linux-lts-backport-maverick. This fixes two vulnerabilities, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

Solution:
Apply updated packages.

Original Advisory:
USN-1421-1:
http://www.ubuntu.com/usn/usn-1421-1

http://secunia.com/advisories/48799/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Debian update for puppet

by Carol~ Moderator - 4/13/12 7:08 AM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

Release Date : 2012-04-13

Criticality level : Less critical
Impact : Privilege escalation
Exposure of sensitive information
DoS
Where : From local network
Solution Status : Vendor Patch

Operating System: Debian GNU/Linux 6.0

Description:
Debian has issued an update for puppet. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and perform certain actions with escalated privileges and by malicious users to cause a DoS (Denial of Service).

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2451-1:
http://lists.debian.org/debian-security-announce/2012/msg00081.html

http://secunia.com/advisories/48789/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Seditio Chat Plugin Cross-Site Request Forgery Vulnerability

by Carol~ Moderator - 4/13/12 7:08 AM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

Release Date : 2012-04-13

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: Chat 1.x (plugin for Seditio)

Description:
A vulnerability has been discovered in the Chat plugin for Seditio, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. delete chat entries when a logged-in administrative user visits a specially crafted web page.

The vulnerability is confirmed in version 1.0. Other versions may also be affected.

Solution:
Do not browse untrusted sites or follow untrusted links while being logged-in to the application.

Provided and/or discovered by:
AkaStep

Original Advisory:
http://packetstormsecurity.org/files/111757/seditiochat-xsrf.txt

http://secunia.com/advisories/48796/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Seditio SF - Quick Ban Plugin Cross-Site Request Forgery

by Carol~ Moderator - 4/13/12 7:08 AM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

Seditio SF - Quick Ban Plugin Cross-Site Request Forgery Vulnerability

Release Date : 2012-04-13

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: SF - Quick Ban 1.x (plugin for Seditio)

Description:
A vulnerability has been discovered in the SF - Quick Ban plugin for Seditio, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. ban an IP address when a logged-in administrative user visits a specially crafted web page.

Successful exploitation requires knowledge of the user ID ("uid") of the respective user (e.g. "1" for the super administrator by default).

The vulnerability is confirmed in version 1.0. Other versions may also be affected.

Solution:
Do not browse untrusted sites or follow untrusted links while being logged-in to the application.

Provided and/or discovered by:
AkaStep

Original Advisory:
http://packetstormsecurity.org/files/111815/Seditio-SF-Quick-Ban-1.0-Cross-Site-Request-Forgery.html

http://secunia.com/advisories/48777/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

ActiveScriptRuby GRScript18.dll ActiveX Control Ruby Code

by Carol~ Moderator - 4/13/12 8:22 AM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

ActiveScriptRuby GRScript18.dll ActiveX Control Ruby Code Execution Vulnerability

Release Date : 2012-04-13

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: ActiveScriptRuby

Description:
A vulnerability has been reported in ActiveScriptRuby, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to an error in GRScript18.dll and can be exploited to execute arbitrary Ruby commands.

Successful exploitation may allow execution of arbitrary code, but requires a user to visit a malicious website.

The vulnerability is reported in GRScript18.dll version 1.2.2.0. Prior versions may also be affected.

Solution:
Update to a fixed version or apply the vendor workaround (please see the vendor's advisory for details).

Provided and/or discovered by:
JVN credits Moca.

Original Advisory:
ActiveScriptRuby:
http://www.artonx.org/data/asr/

JVN:
http://jvn.jp/en/jp/JVN33283707/index.html

http://secunia.com/advisories/48811/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Pale Moon Multiple Vulnerabilities

by Carol~ Moderator - 4/13/12 8:25 AM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

Release Date : 2012-04-13

Criticality level : Highly critical
Impact : Cross Site Scripting
System access
Where : From remote
Solution Status : Vendor Patch

Software: Pale Moon 3.6.x

Description:
Multiple vulnerabilities have been reported in Pale Moon, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.

Solution:
Update to version 3.6.31

http://secunia.com/advisories/48823/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress SH Slideshow Plugin TimThumb "src" Cross-Site

by Carol~ Moderator - 4/13/12 9:36 AM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

WordPress SH Slideshow Plugin TimThumb "src" Cross-Site Scripting Vulnerability

Release Date : 2012-04-13

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress SH Slideshow Plugin 3.x

Description:
A vulnerability has been discovered in the SH Slideshow plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "src" parameter to wp-content/plugins/sh-slideshow/timthumb.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 3.1.7. Prior versions may also be affected.

Solution:
Update to version 3.1.8.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://wordpress.org/extend/plugins/sh-slideshow/changelog/

http://secunia.com/advisories/48815/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

NVIDIA Graphics Drivers for Linux GPU Device Node Access

by Carol~ Moderator - 4/13/12 10:24 AM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

NVIDIA Graphics Drivers for Linux GPU Device Node Access Privilege Escalation Vulnerability

Release Date : 2012-04-12

Criticality level : Less critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch

Software: NVIDIA Graphics Drivers for Linux

Description:
A vulnerability has been reported in NVIDIA Graphics Drivers for Linux, which can be exploited by malicious, local users to potentially gain escalated privileges.

The vulnerability is caused due to an error when handling read and write access to GPU (Graphics Processing Unit) device nodes, which can be exploited to reconfigure a GPU to read from or write to arbitrary system memory.

Successful exploitation requires read and write access to GPU device nodes (default configuration).

The vulnerability is reported in versions prior to 295.40.

Solution:
Update to version 295.40 or apply patch.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://nvidia.custhelp.com/app/answers/detail/a_id/3109

http://secunia.com/advisories/48650/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

OpenJPEG Gray16 TIFF Image Tile Decoding Vulnerability

by Carol~ Moderator - 4/13/12 10:54 AM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

Release Date : 2012-04-13

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Unpatched

Software: OpenJPEG 1.x

Description:
A vulnerability has been reported in OpenJPEG, which can be exploited by malicious people to compromise an application using the library.

The vulnerability is caused due to an error within the "tcd_free_encode()" function (tcd.c) when decoding tile information from Gray16 TIFF images and can be exploited to corrupt heap memory.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 1.5.0. Other versions may also be affected.

Solution:
Do not process files from untrusted sources.

Provided and/or discovered by:
Mathieu Malaterre in a bug report.

Original Advisory:
http://code.google.com/p/openjpeg/issues/detail?id=5

http://secunia.com/advisories/48781/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IP.Board and IP.Gallery Module Multiple Unspecified

by Carol~ Moderator - 4/13/12 11:36 AM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

IP.Board and IP.Gallery Module Multiple Unspecified Vulnerabilities

Release Date : 2012-04-13

Criticality level : Moderately critical
Impact : Unknown
Where : From remote
Solution Status : Vendor Patch

Software: IP.Board (Invision Power Board) 3.x
IP.Gallery (module for IP.Board) 4.x

Description:
Multiple vulnerabilities with unknown impacts have been reported in IP.Board and the IP.Gallery module for IP.Board.

The vulnerabilities are caused due to unspecified errors. No further information is currently available.

The vulnerabilities are reported in IP.Board versions 3.2.0, 3.2.1, 3.2.2, 3.2.3, and 3.3.0 and IP.Gallery versions 4.2.0 and 4.2.1.

Solution:
Apply update.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://community.invisionpower.com/topic/360518-ipboard-331-ipblog-252-ipseo-152-and-updates-for-ipboard-32x-ipgallery-42x-released/

http://secunia.com/advisories/48808/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for freetype2

by Carol~ Moderator - 4/13/12 1:20 PM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

Release Date : 2012-04-12

Criticality level : Highly critical
Impact : DoS
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: SUSE Linux Enterprise Server (SLES) 10

Description:
SUSE has issued an update for freetype2. This fixes multiple vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
SUSE-SU-2012:0483-1:
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html

http://secunia.com/advisories/48797/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for freetype2 (2)

by Carol~ Moderator - 4/13/12 1:20 PM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

Release Date : 2012-04-12

Criticality level : Highly critical
Impact : DoS
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 11.4
openSUSE 12.1
SUSE Linux Enterprise Server (SLES) 11

Description:
SUSE has issued an update for freetype2. This fixes multiple vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
SUSE-SU-2012:0484-1:
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html

openSUSE-SU-2012:0489-1:
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html

http://secunia.com/advisories/48805/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for chromium

by Carol~ Moderator - 4/13/12 1:20 PM

In Reply to: VULNERABILITIES / FIXES - April 13, 2012 by Carol~ Moderator

Release Date : 2012-04-12

Criticality level : Highly critical
Impact : Unknown
Cross Site Scripting
Spoofing
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 12.1

Description:
SUSE has issued an update for chromium. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting and spoofing attacks and compromise a user's system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0492-1:
http://lists.opensuse.org/opensuse-updates/2012-04/msg00032.html

http://secunia.com/advisories/48763/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close