Highly Critical Linux Secunia Advisory

[Egaladeist]

Description:
SUSE has issued updates for multiple packages. These fix various vulnerabilities, which potentially can be exploited by malicious, local users to gain access to sensitive information or perform certain actions on a vulnerable system with escalated privileges, or by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service) or compromise a user's system.

http://secunia.com/advisories/17027/
Secunia - Advisories - SUSE Updates for Multiple Packages

[Relyt]

Hey thanks EG,

The patchin's were fairly quick and painless. I guess because I only had a few for 9.3 since I did it only about 12 days ago. SuSE 10.X is coming out real soon so bet I'll have to apply this and others as well. It was never too difficult to do anyway, however SuSE and some others definitely make it easier than it used to be.

cheers

[gore]

That was a lot of text, they could have just said :

"SUSE fixes Firefox hole"...

Anyway, 10 is coming in about a week and right now 10.1 is in Alpha.

Oh, don't forget SUPER SUSE. Run RPMs without needing to install.

[slarty]

I think "Highly critical" is not really particularly accurate. Stop crying wolf.

Had you actually looked at any of the bugs, you'll see that they're mostly:
- In things that most people don't use
- Local privilege escalations
or
- Network denial of service (in some cases)
- Local denial of service

None if which are massively critical. The ssl one looks moderately inconvenient, as it's a network DoS, all the others require the user to use specific programs to be at all vulnerable.

Mark