Moderate: libxml2 (SL5, SL6)

Synopsis: Moderate: libxml2 security update Issue Date: 2012-09-18 CVE Numbers: CVE-2011-3102 CVE-2012-2807 — The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the … Read More

Moderate: spice-gtk (SL6)

Synopsis: Moderate: spice-gtk security update Issue Date: 2012-09-17 CVE Numbers: CVE-2012-4425 — The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE (Simple Protocol for Independent Computing Environments) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make … Read More

Important: openjpeg (SL6)

Synopsis: Important: openjpeg security update Issue Date: 2012-09-17 CVE Numbers: CVE-2012-3535 — OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. It was found that OpenJPEG failed to sanity-check an image header field … Read More

Important: bind (SL6)

Synopsis: Important: bind security update Issue Date: 2012-09-14 CVE Numbers: CVE-2012-4244 — The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications … Read More

bind (SL5)

Synopsis: Important: bind security and bug fix update Issue Date: 2012-09-14 CVE Numbers: CVE-2012-4244 — The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library … Read More

bind97 (SL5)

Synopsis: Important: bind97 security update Issue Date: 2012-09-14 CVE Numbers: CVE-2012-4244 — The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications … Read More

libxslt (SL5, SL6)

Synopsis: Important: libxslt security update Issue Date: 2012-09-13 CVE Numbers: CVE-2011-1202 CVE-2011-3970 CVE-2012-2825 CVE-2012-2871 CVE-2012-2870 — A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this … Read More

postgresql (SL5)

Synopsis: Moderate: postgresql security update Issue Date: 2012-09-13 CVE Numbers: CVE-2012-3488 — It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database … Read More

Moderate: postgresql and postgresql84 (SL5, SL6)

Synopsis: Moderate: postgresql and postgresql84 security update Issue Date: 2012-09-13 CVE Numbers: CVE-2012-3488 CVE-2012-3489 — It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges … Read More

Moderate: dbus (SL6)

Synopsis: Moderate: dbus security update Issue Date: 2012-09-13 CVE Numbers: CVE-2012-3524 — It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could possibly use this flaw to escalate their privileges, … Read More