SuSE advises two vulnerabilities were found in the "tiny" web-server thttpd.
The first bug is a buffer overflow that can be exploited remotely to overwrite the EBP register of the stack. The second bug occurs in the virtual-hosting code of thttpd and allows an attacker to bypass the virtual-hosting mechanism to read arbitrary files.
The vendor has also released an overall update on pending vulnerabilities in SuSE distributions, including updated packages for KDE and libnids.
More information on the thttpd flaws as well as the overall distribution update can be found at: http://www.suse.de/de/security/2003_044_thttpd.html