you certainly have heard about http://web.nvd.nist.gov/view/vuln/de...=CVE-2014-6271, probably also the successor http://web.nvd.nist.gov/view/vuln/de...=CVE-2014-7169

I wonder if Novell will publish a free version of a SLES10 SP4 fix: the relevant patches in http://support.novell.com/security/c...2014-6271.html are all locked and restricted to LTSS customers.

Furthermore I wonder when a patch for CVE-2014-7169 will be made available.

FreeBSD and Debian 7 are already done, but https://bugzilla.novell.com/show_bug.cgi?id=898346 sounds not so promising:
"Please submit fixed packages until 2014-10-03"

Cheers, Thomas