Novell's SuSE has released a number of "highly critical" patches, according to a report released Monday.
The patches are designed to address vulnerabilities that can be exploited for cross-site scripting attacks, remote system access, exposure of sensitive information, spoofing and denial-of-service attacks, according to the report from security information provider Secunia.
The vulnerabilities were found in SuSE' eMail Server 3.x, Linux Database Server, Linux Enterprise Server 9 and Linux Office Server.
One issue that particularly concerns Secunia is SuSE's method of sending out weekly scheduled patches.
"SuSE started a new policy of bundling their updates, so that creates some confusion over what is highly critical and needs to be addressed first," said Thomas Kristensen, Secunia's chief technology officer. "Microsoft has scheduled updates too, but there is one patch for one product. SuSE bundles in multiple patches for multiple products."
SuSE could not be immediately reached for comment.
Last month, SuSE, along with several other Linux companies, issued patches for several vulnerabilities. In the case of SuSE, the software seller issued updates to resolve a vulnerability that could allow malicious code to create a local denial-of-service attack using a specially created Acrobat document.
It would appear that you are misleading your readers about the SuSE patch procedure. If you have a legal registered copy of SuSE Linux, then you get a notification of each patch as it is released, and the severity of the patch is listed within the patch notification. If you're using a pirated copy, or haven't registered, then you are limited to the weekly e-mail which comes out on the SuSE Security mailing list. So was the author of this article using an illegal copy, or just an unregistered copy?
These types of vulnerabilities sound vaguely familiar
Let's see - Windows OS has been plagued by these same holes, and we're supposed to be magically protected by switching to Linux? Seems to me that argument just got blown full of "holes"...
Linux certainly has its benefits, but infallability isn't one of them.
The company didn't try hard enough to stop a 10-year incursion by hackers likely working from China, says a former Nortel exec cited by the Wall Street Journal.
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
When the sun goes down, that's when the iPad gets busy for folks with news readers. The iPhone? It's more of a daytime habit. If you're building an app for both devices, heed the lesson.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Linux certainly has its benefits, but infallability isn't one of them.