SuSE releases critical patches

By Dawn Kawamoto
Staff Writer, CNET News.com Published: February 7, 2005 8:18 AM PST
Tools
Talkback
Print
Related Stories
Linux groups patch image flaw
December 8, 2004
More flaws foul security of open-source repository
June 9, 2004
Novell's SuSE has released a number of "highly critical" patches, according to a report released Monday.

The patches are designed to address vulnerabilities that can be exploited for cross-site scripting attacks, remote system access, exposure of sensitive information, spoofing and denial-of-service attacks, according to the report from security information provider Secunia.

The vulnerabilities were found in SuSE' eMail Server 3.x, Linux Database Server, Linux Enterprise Server 9 and Linux Office Server.

One issue that particularly concerns Secunia is SuSE's method of sending out weekly scheduled patches.

"SuSE started a new policy of bundling their updates, so that creates some confusion over what is highly critical and needs to be addressed first," said Thomas Kristensen, Secunia's chief technology officer. "Microsoft has scheduled updates too, but there is one patch for one product. SuSE bundles in multiple patches for multiple products."

SuSE could not be immediately reached for comment.

Last month, SuSE, along with several other Linux companies, issued patches for several vulnerabilities. In the case of SuSE, the software seller issued updates to resolve a vulnerability that could allow malicious code to create a local denial-of-service attack using a specially created Acrobat document.

More from News.com on this story's topics

Security threats

 Create an email alert | RSS feed

Linux

 Create an email alert | RSS feed

Novell

 Create an email alert | RSS feed

See more CNET content tagged:
SuSE, patch management, Novell Inc., denial of service, vulnerability

Add a Comment (Log in or register) 3 comments (Page 1 of 1)
False Info?
by February 9, 2005 9:10 AM PST
It would appear that you are misleading your readers about the SuSE patch procedure. If you have a legal registered copy of SuSE Linux, then you get a notification of each patch as it is released, and the severity of the patch is listed within the patch notification. If you're using a pirated copy, or haven't registered, then you are limited to the weekly e-mail which comes out on the SuSE Security mailing list. So was the author of this article using an illegal copy, or just an unregistered copy?
Reply to this comment View reply
These types of vulnerabilities sound vaguely familiar
by ejhonda February 16, 2005 1:53 PM PST
Let's see - Windows OS has been plagued by these same holes, and we're supposed to be magically protected by switching to Linux? Seems to me that argument just got blown full of "holes"...

Linux certainly has its benefits, but infallability isn't one of them.
Reply to this comment
Powered by Jive Software
advertisement
RSS Feeds
Add headlines from CNET News.com to your homepage or feedreader.
Google
Yahoo
MSN
More feeds available in our RSS feed index.

Latest tech news headlines

Most Popular Stories
Google's search secret: It gets rid of you
Developer creates copy-paste tech for iPhone
Palm Treo Pro: Not digging it
Intel says it has 'first silicon' for next mobile chip
American Airlines launches in-flight Wi-Fi
Markets

Market news, charts, SEC filings, and more

Related quotes

Novell (0.85%) 0.05 5.91
Dow Jones Industrials (0.11%) 12.78 11,430.21
S&P 500 (0.25%) 3.18 1,277.72
NASDAQ (0.00%) 0.00 1,816.15
CNET TECH (-0.11%) -1.72 1,629.08
  Symbol Lookup
advertisement
Welcome (log out) |View profile
Log in | Sign up Why join?
On The Insider: DMB Sax Player Dies
Advanced
search
Advanced
search
Visit other CBS Interactive sites