A number of 'highly critical' flaws in SuSE applications have been patched by Novell, but the company's methods have been criticised by Secunia.

Novell's SuSE has released a number of "highly critical" patches, according to a report released on Monday.

The patches are designed to address vulnerabilities that can be exploited for cross-site scripting attacks, remote system access, exposure of sensitive information, spoofing and denial-of-service attacks, according to the report from security information provider Secunia.

The vulnerabilities were found in SuSE' eMail Server 3.x, Linux Database Server, Linux Enterprise Server 9 and Linux Office Server.

One issue that particularly concerns Secunia is SuSE's method of sending out weekly scheduled patches.

"SuSE started a new policy of bundling their updates, so that creates some confusion over what is highly critical and needs to be addressed first," said Thomas Kristensen, Secunia's chief technology officer. "Microsoft has scheduled updates too, but there is one patch for one product. SuSE bundles in multiple patches for multiple products."

SuSE could not be immediately reached for comment.

Last month, SuSE, along with several other Linux companies, issued patches for several vulnerabilities. In the case of SuSE, the software seller issued updates to resolve a vulnerability that could allow malicious code to create a local denial-of-service attack using a specially created Acrobat document.