September 2011 - openSUSE Updates - openSUSE Mailing Lists

openSUSE-SU-2011:1079-1: important: MozillaFirefox: Update to Firefox 3.6.23
by opensuse-security＠opensuse.org 29 Sep '11

29 Sep '11

openSUSE Security Update: MozillaFirefox: Update to Firefox 3.6.23 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1079-1 Rating: important References: #720264 Cross-References: CVE-2011-2372 CVE-2011-2995 CVE-2011-2996 CVE-2011-2999 CVE-2011-3000 Affected Products: openSUSE 11.3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. It includes two new package versions. Description: Mozilla Firefox was updated to version 3.6.23, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled,, but are potentially a risk in browser or browser-like contexts in those products. Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported memory safety problems that affected Firefox 3.6 and Firefox 6. (CVE-2011-2995) Josh Aas reported a potential crash in the plugin API that affected Firefox 3.6 only. (CVE-2011-2996) MFSA 2011-37: Mark Kaplan reported a potentially exploitable crash due to integer underflow when using a large JavaScript RegExp expression. We would also like to thank Mark for contributing the fix for this problem. (no CVE yet) MFSA 2011-38: Mozilla developer Boris Zbarsky reported that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. Because some plugins use the value of window.location to determine the page origin this could fool the plugin into granting the plugin content access to another site or the local file system in violation of the Same Origin Policy. This flaw allows circumvention of the fix added for MFSA 2010-10. (CVE-2011-2999) MFSA 2011-39: Ian Graham of Citrix Online reported that when multiple Location headers were present in a redirect response Mozilla behavior differed from other browsers: Mozilla would use the second Location header while Chrome and Internet Explorer would use the first. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server. Most commonly it is the Location header itself that is vulnerable to the response splitting and therefore the copy preferred by Mozilla is more likely to be the malicious one. It is possible, however, that the first copy was the injected one depending on the nature of the server vulnerability. The Mozilla browser engine has been changed to treat two copies of this header with different values as an error condition. The same has been done with the headers Content-Length and Content-Disposition. (CVE-2011-3000) MFSA 2011-40: Mariusz Mlynski reported that if you could convince a user to hold down the Enter key--as part of a game or test, perhaps--a malicious page could pop up a download dialog where the held key would then activate the default Open action. For some file types this would be merely annoying (the equivalent of a pop-up) but other file types have powerful scripting capabilities. And this would provide an avenue for an attacker to exploit a vulnerability in applications not normally exposed to potentially hostile internet content. Holding enter allows arbitrary code execution due to Download Manager (CVE-2011-2372) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch MozillaFirefox-5203 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64) [New Version: 1.9.2.23 and 3.6.23]: MozillaFirefox-3.6.23-0.2.1 MozillaFirefox-branding-upstream-3.6.23-0.2.1 MozillaFirefox-translations-common-3.6.23-0.2.1 MozillaFirefox-translations-other-3.6.23-0.2.1 mozilla-js192-1.9.2.23-1.2.1 mozilla-xulrunner192-1.9.2.23-1.2.1 mozilla-xulrunner192-buildsymbols-1.9.2.23-1.2.1 mozilla-xulrunner192-devel-1.9.2.23-1.2.1 mozilla-xulrunner192-gnome-1.9.2.23-1.2.1 mozilla-xulrunner192-translations-common-1.9.2.23-1.2.1 mozilla-xulrunner192-translations-other-1.9.2.23-1.2.1 - openSUSE 11.3 (x86_64) [New Version: 1.9.2.23]: mozilla-js192-32bit-1.9.2.23-1.2.1 mozilla-xulrunner192-32bit-1.9.2.23-1.2.1 mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.2.1 mozilla-xulrunner192-translations-common-32bit-1.9.2.23-1.2.1 mozilla-xulrunner192-translations-other-32bit-1.9.2.23-1.2.1 References: http://support.novell.com/security/cve/CVE-2011-2372.html http://support.novell.com/security/cve/CVE-2011-2995.html http://support.novell.com/security/cve/CVE-2011-2996.html http://support.novell.com/security/cve/CVE-2011-2999.html http://support.novell.com/security/cve/CVE-2011-3000.html https://bugzilla.novell.com/720264

1 0

openSUSE-SU-2011:1077-1: important: seamonkey: Update to Mozilla Seamonkey 2.4
by opensuse-security＠opensuse.org 29 Sep '11

29 Sep '11

openSUSE Security Update: seamonkey: Update to Mozilla Seamonkey 2.4 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1077-1 Rating: important References: #720264 Cross-References: CVE-2011-2372 CVE-2011-2995 CVE-2011-2997 CVE-2011-2999 CVE-2011-3000 CVE-2011-3001 CVE-2011-3002 CVE-2011-3003 CVE-2011-3004 CVE-2011-3005 CVE-2011-3232 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. It includes two new package versions. Description: Mozilla Seamonkey was updated to version 2.4, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported memory safety problems that affected Firefox 3.6 and Firefox 6. (CVE-2011-2995) Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous reported memory safety problems that affected Firefox 6, fixed in Firefox 7. (CVE-2011-2997) MFSA 2011-38: Mozilla developer Boris Zbarsky reported that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. Because some plugins use the value of window.location to determine the page origin this could fool the plugin into granting the plugin content access to another site or the local file system in violation of the Same Origin Policy. This flaw allows circumvention of the fix added for MFSA 2010-10. (CVE-2011-2999) MFSA 2011-39: Ian Graham of Citrix Online reported that when multiple Location headers were present in a redirect response Mozilla behavior differed from other browsers: Mozilla would use the second Location header while Chrome and Internet Explorer would use the first. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server. Most commonly it is the Location header itself that is vulnerable to the response splitting and therefore the copy preferred by Mozilla is more likely to be the malicious one. It is possible, however, that the first copy was the injected one depending on the nature of the server vulnerability. The Mozilla browser engine has been changed to treat two copies of this header with different values as an error condition. The same has been done with the headers Content-Length and Content-Disposition. (CVE-2011-3000) MFSA 2011-40: Mariusz Mlynski reported that if you could convince a user to hold down the Enter key--as part of a game or test, perhaps--a malicious page could pop up a download dialog where the held key would then activate the default Open action. For some file types this would be merely annoying (the equivalent of a pop-up) but other file types have powerful scripting capabilities. And this would provide an avenue for an attacker to exploit a vulnerability in applications not normally exposed to potentially hostile internet content. Mariusz also reported a similar flaw with manual plugin installation using the PLUGINSPAGE attribute. It was possible to create an internal error that suppressed a confirmation dialog, such that holding enter would lead to the installation of an arbitrary add-on. (This variant did not affect Firefox 3.6) Holding enter allows arbitrary code execution due to Download Manager (CVE-2011-2372) Holding enter allows arbitrary extension installation (CVE-2011-3001) MFSA 2011-41: Michael Jordon of Context IS reported that in the ANGLE library used by WebGL the return value from GrowAtomTable() was not checked for errors. If an attacker could cause requests that exceeded the available memeory those would fail and potentially lead to a buffer overrun as subsequent code wrote into the non-allocated space. (CVE-2011-3002) Ben Hawkes of the Google Security Team reported a WebGL test case that demonstrated an out of bounds write after an allocation failed. (CVE-2011-3003) MFSA 2011-42: Security researcher Aki Helin reported a potentially exploitable crash in the YARR regular expression library used by JavaScript. (CVE-2011-3232) MFSA 2011-43: David Rees reported that the JSSubScriptLoader (a feature used by some add-ons) was "unwrapping" XPCNativeWrappers when they were used as the scope parameter to loadSubScript(). Without the protection of the wrappers the add-on could be vulnerable to privilege escalation attacks from malicious web content. Whether any given add-on were vulnerable would depend on how the add-on used the feature and whether it interacted directly with web content, but we did find at least one vulnerable add-on and presumer there are more. (CVE-2011-3004) The unwrapping behavior was a change introduced during Firefox 4 development. Firefox 3.6 and earlier versions are not affected. MFSA 2011-44: sczimmer reported that Firefox crashed when loading a particular .ogg file. This was due to a use-after-free condition and could potentially be exploited to install malware. (CVE-2011-3005) This vulnerability does not affect Firefox 3.6 or earlier. MFSA 2011-45: University of California, Davis researchers Liang Cai and Hao Chen presented a paper at the 2011 USENIX HotSec workshop on inferring keystrokes from device motion data on mobile devices. Web pages can now receive data similar to the apps studied in that paper and likely present a similar risk. We have decided to limit motion data events to the currently-active tab to prevent the possibility of background tabs attempting to decipher keystrokes the user is entering into the foreground tab. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch MozillaFirefox-5208 seamonkey-5210 - openSUSE 11.3: zypper in -t patch seamonkey-5210 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 2.4 and 7.0]: MozillaFirefox-7.0-1.2.1 MozillaFirefox-branding-upstream-7.0-1.2.1 MozillaFirefox-buildsymbols-7.0-1.2.1 MozillaFirefox-devel-7.0-1.2.1 MozillaFirefox-translations-common-7.0-1.2.1 MozillaFirefox-translations-other-7.0-1.2.1 seamonkey-2.4-1.2.1 seamonkey-dom-inspector-2.4-1.2.1 seamonkey-irc-2.4-1.2.1 seamonkey-translations-common-2.4-1.2.1 seamonkey-translations-other-2.4-1.2.1 seamonkey-venkman-2.4-1.2.1 - openSUSE 11.3 (i586 x86_64) [New Version: 2.4]: seamonkey-2.4-1.2.1 seamonkey-dom-inspector-2.4-1.2.1 seamonkey-irc-2.4-1.2.1 seamonkey-translations-common-2.4-1.2.1 seamonkey-translations-other-2.4-1.2.1 seamonkey-venkman-2.4-1.2.1 References: http://support.novell.com/security/cve/CVE-2011-2372.html http://support.novell.com/security/cve/CVE-2011-2995.html http://support.novell.com/security/cve/CVE-2011-2997.html http://support.novell.com/security/cve/CVE-2011-2999.html http://support.novell.com/security/cve/CVE-2011-3000.html http://support.novell.com/security/cve/CVE-2011-3001.html http://support.novell.com/security/cve/CVE-2011-3002.html http://support.novell.com/security/cve/CVE-2011-3003.html http://support.novell.com/security/cve/CVE-2011-3004.html http://support.novell.com/security/cve/CVE-2011-3005.html http://support.novell.com/security/cve/CVE-2011-3232.html https://bugzilla.novell.com/720264

1 0

openSUSE-SU-2011:1076-1: important: mozilla-xulrunner192: Update to Mozilla XULRunner 1.9.2.23
by opensuse-security＠opensuse.org 29 Sep '11

29 Sep '11

openSUSE Security Update: mozilla-xulrunner192: Update to Mozilla XULRunner 1.9.2.23 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1076-1 Rating: important References: #720264 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: Mozilla XULRunner was updated to version 1.9.2.23, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled,, but are potentially a risk in browser or browser-like contexts in those products. Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported memory safety problems that affected Firefox 3.6 and Firefox 6. (CVE-2011-2995) Josh Aas reported a potential crash in the plugin API that affected Firefox 3.6 only. (CVE-2011-2996) MFSA 2011-37: Mark Kaplan reported a potentially exploitable crash due to integer underflow when using a large JavaScript RegExp expression. We would also like to thank Mark for contributing the fix for this problem. (no CVE yet) MFSA 2011-38: Mozilla developer Boris Zbarsky reported that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. Because some plugins use the value of window.location to determine the page origin this could fool the plugin into granting the plugin content access to another site or the local file system in violation of the Same Origin Policy. This flaw allows circumvention of the fix added for MFSA 2010-10. (CVE-2011-2999) MFSA 2011-39: Ian Graham of Citrix Online reported that when multiple Location headers were present in a redirect response Mozilla behavior differed from other browsers: Mozilla would use the second Location header while Chrome and Internet Explorer would use the first. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server. Most commonly it is the Location header itself that is vulnerable to the response splitting and therefore the copy preferred by Mozilla is more likely to be the malicious one. It is possible, however, that the first copy was the injected one depending on the nature of the server vulnerability. The Mozilla browser engine has been changed to treat two copies of this header with different values as an error condition. The same has been done with the headers Content-Length and Content-Disposition. (CVE-2011-3000) MFSA 2011-40: Mariusz Mlynski reported that if you could convince a user to hold down the Enter key--as part of a game or test, perhaps--a malicious page could pop up a download dialog where the held key would then activate the default Open action. For some file types this would be merely annoying (the equivalent of a pop-up) but other file types have powerful scripting capabilities. And this would provide an avenue for an attacker to exploit a vulnerability in applications not normally exposed to potentially hostile internet content. Holding enter allows arbitrary code execution due to Download Manager (CVE-2011-2372) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch mozilla-js192-5206 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 1.9.2.23]: mozilla-js192-1.9.2.23-1.2.1 mozilla-xulrunner192-1.9.2.23-1.2.1 mozilla-xulrunner192-buildsymbols-1.9.2.23-1.2.1 mozilla-xulrunner192-devel-1.9.2.23-1.2.1 mozilla-xulrunner192-gnome-1.9.2.23-1.2.1 mozilla-xulrunner192-translations-common-1.9.2.23-1.2.1 mozilla-xulrunner192-translations-other-1.9.2.23-1.2.1 - openSUSE 11.4 (x86_64) [New Version: 1.9.2.23]: mozilla-js192-32bit-1.9.2.23-1.2.1 mozilla-xulrunner192-32bit-1.9.2.23-1.2.1 mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.2.1 mozilla-xulrunner192-translations-common-32bit-1.9.2.23-1.2.1 mozilla-xulrunner192-translations-other-32bit-1.9.2.23-1.2.1 References: https://bugzilla.novell.com/720264

1 0

openSUSE-RU-2011:1074-1: glibc: Fix abort when running under valgrind
by maintenance＠opensuse.org 28 Sep '11

28 Sep '11

openSUSE Recommended Update: glibc: Fix abort when running under valgrind ______________________________________________________________________________ Announcement ID: openSUSE-RU-2011:1074-1 Rating: low References: #681398 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes an issue where valgrind aborts when running under a i586 CPU. (bnc#681398) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch glibc-5164 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 i686 x86_64): glibc-2.11.3-12.19.1 glibc-devel-2.11.3-12.19.1 - openSUSE 11.4 (i586 x86_64): glibc-html-2.11.3-12.19.1 glibc-i18ndata-2.11.3-12.19.1 glibc-info-2.11.3-12.19.1 glibc-locale-2.11.3-12.19.1 glibc-obsolete-2.11.3-12.19.1 glibc-profile-2.11.3-12.19.1 nscd-2.11.3-12.19.1 - openSUSE 11.4 (x86_64): glibc-32bit-2.11.3-12.19.1 glibc-devel-32bit-2.11.3-12.19.1 glibc-locale-32bit-2.11.3-12.19.1 glibc-profile-32bit-2.11.3-12.19.1 References: https://bugzilla.novell.com/681398

1 0

openSUSE-RU-2011:1073-1: librcc0: Supplement install when unzip and aspell are to be installed
by maintenance＠opensuse.org 28 Sep '11

28 Sep '11

openSUSE Recommended Update: librcc0: Supplement install when unzip and aspell are to be installed ______________________________________________________________________________ Announcement ID: openSUSE-RU-2011:1073-1 Rating: low References: #710609 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This change will trigger the installation of librcc0 if unzip and aspell are to be installed, i.e. when correct handling of foreign charsets is most likely needed. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch librcc-devel-5177 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): librcc-devel-0.2.9-6.7.1 librcc0-0.2.9-6.7.1 rcc-runtime-0.2.9-6.7.1 References: https://bugzilla.novell.com/710609

1 0

openSUSE-RU-2011:1072-1: coreutils: Cut ignores the option --output-delimiter if also -c is used
by maintenance＠opensuse.org 28 Sep '11

28 Sep '11

openSUSE Recommended Update: coreutils: Cut ignores the option --output-delimiter if also -c is used ______________________________________________________________________________ Announcement ID: openSUSE-RU-2011:1072-1 Rating: low References: #715272 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The following bug is fixed by this update: /usr/bin/cut ignores --output-delimiter when used in conjunction with -c. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch coreutils-5176 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): coreutils-8.9-11.1 - openSUSE 11.4 (noarch): coreutils-lang-8.9-11.1 References: https://bugzilla.novell.com/715272

1 0

openSUSE-RU-2011:1070-1: opensuse-manuals_en: Fix missing pictures in documentation
by maintenance＠opensuse.org 26 Sep '11

26 Sep '11

openSUSE Recommended Update: opensuse-manuals_en: Fix missing pictures in documentation ______________________________________________________________________________ Announcement ID: openSUSE-RU-2011:1070-1 Rating: low References: #718743 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes a missing picture in the documentation. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch opensuse-kvm_en-pdf-5186 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (noarch): opensuse-kvm_en-pdf-11.4-6.12.1 opensuse-manuals_en-11.4-6.12.1 opensuse-reference_en-pdf-11.4-6.12.1 opensuse-security_en-pdf-11.4-6.12.1 opensuse-startup_en-pdf-11.4-6.12.1 opensuse-tuning_en-pdf-11.4-6.12.1 References: https://bugzilla.novell.com/718743

1 0

openSUSE-SU-2011:1062-1: important: jakarta-commons-daemon
by opensuse-security＠opensuse.org 23 Sep '11

23 Sep '11

openSUSE Security Update: jakarta-commons-daemon ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1062-1 Rating: important References: #715656 Cross-References: CVE-2011-2729 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: jsvc did not properly drop capabilities, therefore allowing applications to access files owned by the super user (CVE-2011-2729). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch jakarta-commons-daemon-5156 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): jakarta-commons-daemon-1.0.5-4.5.1 - openSUSE 11.4 (noarch): jakarta-commons-daemon-java-1.0.5-4.5.1 jakarta-commons-daemon-javadoc-1.0.5-4.5.1 References: http://support.novell.com/security/cve/CVE-2011-2729.html https://bugzilla.novell.com/715656

1 0

openSUSE-SU-2011:1060-1: : Flash-Player: Update to 10.3.183.10
by opensuse-security＠opensuse.org 22 Sep '11

22 Sep '11

openSUSE Security Update: Flash-Player: Update to 10.3.183.10 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1060-1 Rating: References: #719400 Cross-References: CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2429 CVE-2011-2430 CVE-2011-2444 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. It includes one version update. Description: This update resolves a universal cross-site scripting issue that could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website (CVE-2011-2444). Note: There are reports that this issue is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message. This update resolves an AVM stack overflow issue that may allow for remote code execution. (CVE-2011-2426). This update resolves an AVM stack overflow issue that may lead to denial of service and code execution. (CVE-2011-2427). This update resolves a logic error issue which causes a browser crash and may lead to code execution. (CVE-2011- 2428). This update resolves a Flash Player security control bypass which could allow information disclosure. (CVE-2011-2429). This update resolves a streaming media logic error vulnerability which could lead to code execution. (CVE-2011-2430). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch flash-player-5183 - openSUSE 11.3: zypper in -t patch flash-player-5183 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586) [New Version: 10.3.183.10]: flash-player-10.3.183.10-0.2.1 - openSUSE 11.3 (i586) [New Version: 10.3.183.10]: flash-player-10.3.183.10-0.2.1 References: http://support.novell.com/security/cve/CVE-2011-2426.html http://support.novell.com/security/cve/CVE-2011-2427.html http://support.novell.com/security/cve/CVE-2011-2428.html http://support.novell.com/security/cve/CVE-2011-2429.html http://support.novell.com/security/cve/CVE-2011-2430.html http://support.novell.com/security/cve/CVE-2011-2444.html https://bugzilla.novell.com/719400

1 0

openSUSE-RU-2011:1056-1: atftp: Add missing PreReq in package atftp
by maintenance＠opensuse.org 20 Sep '11

20 Sep '11

openSUSE Recommended Update: atftp: Add missing PreReq in package atftp ______________________________________________________________________________ Announcement ID: openSUSE-RU-2011:1056-1 Rating: low References: #683140 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes: - #683140: package atftp was missing PreReq: pwdutils. Thus pwdutils could not be present at the time of install, so no proper user/group could get created. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch atftp-5137 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): atftp-0.7.0-143.144.1 References: https://bugzilla.novell.com/683140

1 0