openSUSE Security Announce
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
January 2011
- 2 participants
- 9 discussions
[security-announce] SUSE Security Announcement: IBM Java 6 (SUSE-SA:2011:006)
by Marcus Meissner 25 Jan '11
by Marcus Meissner 25 Jan '11
25 Jan '11
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: java-1_6_0-ibm
Announcement ID: SUSE-SA:2011:006
Date: Tue, 25 Jan 2011 12:00:00 +0000
Affected Products: SUSE Linux Enterprise Java 10 SP3
SUSE Linux Enterprise Server 10 SP3
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Java 11 SP1
SUSE Linux Enterprise Server 11 SP1
Vulnerability Type: remote code execution
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
SUSE Default Package: yes
Cross-References: CVE-2009-3555, CVE-2010-0771, CVE-2010-1321
CVE-2010-3541, CVE-2010-3548, CVE-2010-3549
CVE-2010-3550, CVE-2010-3551, CVE-2010-3553
CVE-2010-3555, CVE-2010-3556, CVE-2010-3557
CVE-2010-3558, CVE-2010-3559, CVE-2010-3560
CVE-2010-3562, CVE-2010-3563, CVE-2010-3565
CVE-2010-3566, CVE-2010-3567, CVE-2010-3568
CVE-2010-3569, CVE-2010-3571, CVE-2010-3572
CVE-2010-3573, CVE-2010-3574
Content of This Advisory:
1) Security Vulnerability Resolved:
IBM Java security update
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
IBM Java 6 SR9 was released, fixing lots of security issues.
Following CVE entries are cross referenced by this update:
CVE-2010-3553 CVE-2009-3555 CVE-2010-3562 CVE-2010-3557
CVE-2010-3558 CVE-2010-3563 CVE-2010-0771 CVE-2010-3550
CVE-2010-3549 CVE-2010-3551 CVE-2010-3555 CVE-2010-3556
CVE-2010-3559 CVE-2010-3548 CVE-2010-1321 CVE-2010-3565
CVE-2010-3567 CVE-2010-3566 CVE-2010-3568 CVE-2010-3541
CVE-2010-3569 CVE-2010-3571 CVE-2010-3572 CVE-2010-3560
CVE-2010-3573 CVE-2010-3574
IBM JDK Alerts can also be found on this page:
http://www.ibm.com/developerworks/java/jdk/alerts/
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
"Online Update" module or the "zypper" commandline tool. The package and
patch management stack will detect which updates are required and
automatically perform the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
SUSE Linux Enterprise Server 10 SP3
http://download.novell.com/patch/finder/?keywords=8d66847a4ae8caca98e746ff7…
SUSE Linux Enterprise Java 10 SP3
http://download.novell.com/patch/finder/?keywords=8d66847a4ae8caca98e746ff7…
SUSE Linux Enterprise Server 11 SP1
http://download.novell.com/patch/finder/?keywords=99e3a681bfd3aa624a6123081…
SUSE Linux Enterprise Java 11 SP1
http://download.novell.com/patch/finder/?keywords=99e3a681bfd3aa624a6123081…
SUSE Linux Enterprise Software Development Kit 11 SP1
http://download.novell.com/patch/finder/?keywords=99e3a681bfd3aa624a6123081…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iQEVAwUBTT73Tney5gA9JdPZAQKwSwf/VVT1ZN2QAmjkawREF9r/9vjA4tdMs/H4
Xp5/IvPwiVQ07XAqAhdfac46H3K5YaKdWlxjM1z/P+eWRSZjWzuCsjjyzPZk4TC/
lsp8M6H33GMmRz431g+/XncQI9FncXyFJjdzU3+1ApflCTpEkvD/8LTdbffWmkot
WwN/4IeLr/kpRXx5brHhDMP6GzyjJtWh15dx8iURXBZPkodsdUM0Rnmi6oLJ0Hhw
V9bTCr/5k1JzXtTWn8YGR4pphQiembbH9bqCdFxu3W4T1e35OlPpuetXMj0+cOoj
WdQeCQFieuEIiIqknBto8I0J3IyNItKzDYwbv7SRUOZwihuMnhwJYg==
=HOha
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:2011:005)
by Marcus Meissner 25 Jan '11
by Marcus Meissner 25 Jan '11
25 Jan '11
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: kernel
Announcement ID: SUSE-SA:2011:005
Date: Tue, 25 Jan 2011 11:00:00 +0000
Affected Products: SLE SDK 10 SP3
SUSE Linux Enterprise Desktop 10 SP3
SUSE Linux Enterprise Server 10 SP3
Vulnerability Type: local privilege escalation
CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
SUSE Default Package: yes
Cross-References: CVE-2010-3699, CVE-2010-3848, CVE-2010-3849
CVE-2010-3850, CVE-2010-4160, CVE-2010-4258
Content of This Advisory:
1) Security Vulnerability Resolved:
Linux kernel security update
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes
several security issues and bugs.
Following security issues were fixed:
CVE-2010-4258: A local attacker could use a Oops (kernel crash) caused
by other flaws to write a 0 byte to a attacker controlled address
in the kernel. This could lead to privilege escalation together with
other issues.
CVE-2010-3699: The backend driver in Xen 3.x allows guest OS users to
cause a denial of service via a kernel thread leak, which prevents the
device and guest OS from being shut down or create a zombie domain,
causes a hang in zenwatch, or prevents unspecified xm commands from
working properly, related to (1) netback, (2) blkback, or (3) blktap.
CVE-2010-3849: The econet_sendmsg function in net/econet/af_econet.c
in the Linux kernel, when an econet address is configured, allowed
local users to cause a denial of service (NULL pointer dereference
and OOPS) via a sendmsg call that specifies a NULL value for the
remote address field.
CVE-2010-3848: Stack-based buffer overflow in the econet_sendmsg
function in net/econet/af_econet.c in the Linux kernel when an econet
address is configured, allowed local users to gain privileges by
providing a large number of iovec structures.
CVE-2010-3850: The ec_dev_ioctl function in net/econet/af_econet.c
in the Linux kernel did not require the CAP_NET_ADMIN capability,
which allowed local users to bypass intended access restrictions and
configure econet addresses via an SIOCSIFADDR ioctl call.
CVE-2010-4160: An overflow in sendto() and recvfrom() routines was
fixed that could be used by local attackers to potentially crash the
kernel using some socket families like L2TP.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please reboot the machine after installing the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
"Online Update" module or the "zypper" commandline tool. The package and
patch management stack will detect which updates are required and
automatically perform the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T
http://download.novell.com/patch/finder/?keywords=f715eb6e5d39ac340637af529…
SUSE Linux Enterprise Server 10 SP3
http://download.novell.com/patch/finder/?keywords=f715eb6e5d39ac340637af529…
http://download.novell.com/patch/finder/?keywords=ae1877b162fdb5d16cb3a4804…
http://download.novell.com/patch/finder/?keywords=95d48e84e8843770d7b57f400…
http://download.novell.com/patch/finder/?keywords=c18b1f136ef4e3baf765c9110…
http://download.novell.com/patch/finder/?keywords=8b70aa4d05f245a4b664290a8…
SLE SDK 10 SP3
http://download.novell.com/patch/finder/?keywords=f715eb6e5d39ac340637af529…
http://download.novell.com/patch/finder/?keywords=95d48e84e8843770d7b57f400…
http://download.novell.com/patch/finder/?keywords=c18b1f136ef4e3baf765c9110…
http://download.novell.com/patch/finder/?keywords=8b70aa4d05f245a4b664290a8…
SUSE Linux Enterprise Desktop 10 SP3
http://download.novell.com/patch/finder/?keywords=f715eb6e5d39ac340637af529…
http://download.novell.com/patch/finder/?keywords=8b70aa4d05f245a4b664290a8…
SUSE Linux Enterprise Desktop 10 SP3 for x86
http://download.novell.com/patch/finder/?keywords=8b70aa4d05f245a4b664290a8…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iQEVAwUBTT7c6Xey5gA9JdPZAQJJcQgAmixultmAgHvX+2DPzr+mahZWRICEorWq
cFXjbg6IjGQuHRXOaDBLRuUtcxNjU85YhNc6z591rz8km1Dw8As19f0xz/ESIJJf
Iu9rKSzR5ZUzRmKR93VhpDzQrgqnMNWOGSyTzptxXWNAD6u84fjXACZ7RBLxX5HT
n2bhIRMHoLpAVDG+WYlYKvSPHZg59sNg4G1DcJXQJPv99vZa9OynfGA6Q+jexWcT
1nXaPIkif9zpgpZ03NxJ8o2cRqGkSWi82vLux/frdoub0RRQ+Edg6iynJQtz5xjj
PA5+bY0Nmzj2SnCqWbNlQixklLt7VNCHAga2NUiVRgw+0FEQ/iXxzA==
=ejxY
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
25 Jan '11
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2011:002
Date: Tue, 25 Jan 2011 11:00:00 +0000
Cross-References: CVE-2008-3916, CVE-2009-0945, CVE-2009-1681
CVE-2009-1684, CVE-2009-1685, CVE-2009-1686
CVE-2009-1687, CVE-2009-1688, CVE-2009-1689
CVE-2009-1690, CVE-2009-1691, CVE-2009-1692
CVE-2009-1693, CVE-2009-1694, CVE-2009-1695
CVE-2009-1696, CVE-2009-1697, CVE-2009-1698
CVE-2009-1699, CVE-2009-1700, CVE-2009-1701
CVE-2009-1702, CVE-2009-1703, CVE-2009-1709
CVE-2009-1710, CVE-2009-1711, CVE-2009-1712
CVE-2009-1713, CVE-2009-1714, CVE-2009-1715
CVE-2009-1718, CVE-2009-1724, CVE-2009-1725
CVE-2009-2195, CVE-2009-2199, CVE-2009-2200
CVE-2009-2419, CVE-2009-2797, CVE-2009-2816
CVE-2009-2841, CVE-2009-3272, CVE-2009-3384
CVE-2009-3933, CVE-2009-3934, CVE-2009-4134
CVE-2010-0046, CVE-2010-0047, CVE-2010-0048
CVE-2010-0049, CVE-2010-0050, CVE-2010-0051
CVE-2010-0052, CVE-2010-0053, CVE-2010-0054
CVE-2010-0315, CVE-2010-0647, CVE-2010-0650
CVE-2010-0651, CVE-2010-0656, CVE-2010-0659
CVE-2010-0661, CVE-2010-1029, CVE-2010-1126
CVE-2010-1163, CVE-2010-1233, CVE-2010-1236
CVE-2010-1386, CVE-2010-1387, CVE-2010-1388
CVE-2010-1389, CVE-2010-1390, CVE-2010-1391
CVE-2010-1392, CVE-2010-1393, CVE-2010-1394
CVE-2010-1395, CVE-2010-1396, CVE-2010-1397
CVE-2010-1398, CVE-2010-1399, CVE-2010-1400
CVE-2010-1401, CVE-2010-1402, CVE-2010-1403
CVE-2010-1404, CVE-2010-1405, CVE-2010-1406
CVE-2010-1407, CVE-2010-1408, CVE-2010-1409
CVE-2010-1410, CVE-2010-1412, CVE-2010-1413
CVE-2010-1414, CVE-2010-1415, CVE-2010-1416
CVE-2010-1417, CVE-2010-1418, CVE-2010-1419
CVE-2010-1421, CVE-2010-1422, CVE-2010-1449
CVE-2010-1450, CVE-2010-1455, CVE-2010-1634
CVE-2010-1646, CVE-2010-1729, CVE-2010-1749
CVE-2010-1757, CVE-2010-1758, CVE-2010-1759
CVE-2010-1760, CVE-2010-1761, CVE-2010-1762
CVE-2010-1763, CVE-2010-1764, CVE-2010-1766
CVE-2010-1767, CVE-2010-1769, CVE-2010-1770
CVE-2010-1771, CVE-2010-1772, CVE-2010-1773
CVE-2010-1774, CVE-2010-1780, CVE-2010-1781
CVE-2010-1782, CVE-2010-1783, CVE-2010-1784
CVE-2010-1785, CVE-2010-1786, CVE-2010-1787
CVE-2010-1788, CVE-2010-1789, CVE-2010-1790
CVE-2010-1791, CVE-2010-1792, CVE-2010-1793
CVE-2010-1807, CVE-2010-1812, CVE-2010-1813
CVE-2010-1814, CVE-2010-1815, CVE-2010-1822
CVE-2010-1823, CVE-2010-1824, CVE-2010-1825
CVE-2010-2089, CVE-2010-2264, CVE-2010-2283
CVE-2010-2284, CVE-2010-2285, CVE-2010-2286
CVE-2010-2287, CVE-2010-2295, CVE-2010-2297
CVE-2010-2300, CVE-2010-2301, CVE-2010-2302
CVE-2010-2441, CVE-2010-2640, CVE-2010-2643
CVE-2010-2761, CVE-2010-2891, CVE-2010-2992
CVE-2010-2993, CVE-2010-2994, CVE-2010-2995
CVE-2010-3116, CVE-2010-3257, CVE-2010-3259
CVE-2010-3312, CVE-2010-3445, CVE-2010-3493
CVE-2010-3803, CVE-2010-3804, CVE-2010-3805
CVE-2010-3808, CVE-2010-3809, CVE-2010-3810
CVE-2010-3811, CVE-2010-3812, CVE-2010-3813
CVE-2010-3816, CVE-2010-3817, CVE-2010-3818
CVE-2010-3819, CVE-2010-3820, CVE-2010-3821
CVE-2010-3822, CVE-2010-3823, CVE-2010-3824
CVE-2010-3826, CVE-2010-3829, CVE-2010-3900
CVE-2010-4040, CVE-2010-4267, CVE-2010-4300
CVE-2010-4301, CVE-2010-4341, CVE-2010-4410
CVE-2010-4411, CVE-2010-4523, CVE-2011-0010
Content of this advisory:
1) Solved Security Vulnerabilities:
- ed
- evince
- hplip
- libopensc2/opensc
- libsmi
- libwebkit
- perl
- python
- sssd
- sudo
- wireshark
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list or
download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- ed
This update fixes a heap-based buffer overflow in ed which can be
exploited remotely only with user-assistance.
CVE-2008-3916: CVSS v2 Base Score: 9.3 (HIGH)
(AV:N/AC:M/Au:N/C:C/I:C/A:C): Buffer Errors (CWE-119)
Affected products: SLE10-SP3, SLE11-SP1
- evince
Multiple font parser vulnerabilities in the DVI backend of evince have
been fixed.
CVE-2010-2640 - CVE-2010-2643 have been assigned to these issues.
Affected products: openSUSE 11.2-11.3, SLE11-SP1
- hplip
Specially crafted SNMP replies could cause a buffer overflow in hplip's
sane backend (CVE-2010-4267).
Affected products: openSUSE 11.2-11.3, SLE11-SP1
- libopensc2/opensc
Specially crafted smart cards could cause a buffer overflow in opensc
(CVE-2010-4523).
Affected products: openSUSE 11.1-11.3
- libsmi
This update fixes a buffer overflow the smiGetNode() function in libsmi.
It allowed context-dependent attackers to execute arbitrary code via an
Object Identifier.
CVE-2010-2891: CVSS v2 Base Score: 7.5 (HIGH)
(AV:N/AC:L/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)
Affected products: SLE10-SP3, SLE11-SP1
- libwebkit
Various bugs in webkit have been fixed. The CVE id's are:
CVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685, CVE-2009-1686,
CVE-2009-1687, CVE-2009-1688, CVE-2009-1689, CVE-2009-1691, CVE-2009-1690,
CVE-2009-1692, CVE-2009-1693, CVE-2009-1694, CVE-2009-1695, CVE-2009-1696,
CVE-2009-1697, CVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701,
CVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710, CVE-2009-1711,
CVE-2009-1712, CVE-2009-1713, CVE-2009-1714, CVE-2009-1715, CVE-2009-1718,
CVE-2009-1724, CVE-2009-1725, CVE-2009-2195, CVE-2009-2199, CVE-2009-2200,
CVE-2009-2419, CVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272,
CVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2010-0046, CVE-2010-0047,
CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0052, CVE-2010-0053,
CVE-2010-0054, CVE-2010-0315, CVE-2010-0647, CVE-2010-0051, CVE-2010-0650,
CVE-2010-0651, CVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029,
CVE-2010-1126, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386, CVE-2010-1387,
CVE-2010-1388, CVE-2010-1389, CVE-2010-1390, CVE-2010-1391, CVE-2010-1392,
CVE-2010-1393, CVE-2010-1394, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397,
CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402,
CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407,
CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1413,
CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418,
CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1729, CVE-2010-1749,
CVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760, CVE-2010-1761,
CVE-2010-1762, CVE-2010-1763, CVE-2010-1764, CVE-2010-1766, CVE-2010-1767,
CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773,
CVE-2010-1774, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783,
CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788,
CVE-2010-1789, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, CVE-2010-1793,
CVE-2010-1807, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815,
CVE-2010-1822, CVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2264,
CVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301, CVE-2010-2302,
CVE-2010-2441, CVE-2010-3116, CVE-2010-3257, CVE-2010-3259, CVE-2010-3312,
CVE-2010-3803, CVE-2010-3804, CVE-2010-3805, CVE-2010-3808, CVE-2010-3809,
CVE-2010-3810, CVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816,
CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820, CVE-2010-3821,
CVE-2010-3822, CVE-2010-3823, CVE-2010-3824, CVE-2010-3826, CVE-2010-3829,
CVE-2010-3900, CVE-2010-4040
Affected products: openSUSE 11.2-11.3
- perl
Multiple header injection problems in the CGI module of perl have been
fixed. They allowed to inject HTTP headers in responses.
CVE-2010-2761, CVE-2010-4410 and CVE-2010-4411 have been assigned to
this issue.
Affected products: openSUSE 11.2-11.3, SLE10-SP3, SLE11-SP1
- python
With this update of python:
- a race condition in the accept() implementation of smtpd.py could
lead to a denial of service (CVE-2010-3493).
- integer overflows and insufficient size checks could crash the
audioop and rgbimg modules (CVE-2010-2089, CVE-2010-1634,
CVE-2009-4134,CVE-2010-1449,CVE-2010-1450).
Affected products: SLE10-SP3
- sssd
This update fixes a local denial-of-service attack that stops other users
from logging in. The bug existed in the pam_parse_in_data_v2() function.
(CVE-2010-4341: CVSS v2 Base Score: 2.1)
Affected products: openSUSE 11.3
- sudo
This update of sudo fixes:
- CVE-2011-0010: Does ask for the user password for GID changes now.
- CVE-2010-1646: CVSS v2 Base Score: 6.6 (CWE-264): The secure
environment option can handle multiple occurrence of PATH now.
- CVE-2010-1163: CVSS v2 Base Score: 6.9 (CWE-20): Improved command
matching.
Affected products: openSUSE 11.2-11.3
- wireshark
Wireshark version 1.4.2 fixes several security issues that allowed
attackers to crash wireshark or potentially even execute arbitrary code
(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,
CVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,
CVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,
CVE-2010-4301)
Affected products: openSUSE 11.2-11.3
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
none
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and integrity of a
package needs to be verified to ensure that it has not been tampered with.
The internal RPM package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on RPMv4-based
distributions) and the gpg key ring of 'root' during installation. You can
also find it on the first installation CD and included at the end of this
announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBTT68X3ey5gA9JdPZAQJLkAgAmUrmWlDW0jsub/lcN+oSmrfu3Lk6EqfM
ZmUr4pkgqdHnk/bAoqCCCy+woaL2vmvZOTZkQlkX6Fw1Ar/gFVGcYuVaITFayyQh
qAma9p2Y1PWQzSy0S8HTNiJM8tW5lBanhKaemGF3liPItGrRbW9zxHs/UeO+rzrn
wZ2w5fmoO5T10j/Xkh+gDPKUyqEiYVLQ9oAhfC+bA3eQLb3ODNXNViDvvh+BROjr
jtiWFLhiJwi/bm6YlmWDl1qrUddHwuMhidcf1MiEuLgiIZ6ZUflk2YZd6TKr6Rl1
s6Fn2g87x0rpFigXDz+4RWisuSZ9PDe+Neo9ePYeeCFgkiJHvo6SEA==
=aaX0
-----END PGP SIGNATURE-----
--
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer(a)suse.de - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE 11.1 has reached end of Novell support - 11.1 Evergreen goes on
by Marcus Meissner 14 Jan '11
by Marcus Meissner 14 Jan '11
14 Jan '11
Hi,
With the release of an opensc security fix on Thursday 13th January
Novell has released the last update for openSUSE 11.1.
openSUSE 11.1 is now officially discontinued and out of support by Novell.
However, a community effort has been started to continue 11.1 maintenance
under the codename of "Evergreen".
The overview page of this project, how to activate and use it, and other
details, is on:
http://en.opensuse.org/openSUSE:Evergreen
The Evergreen project is lead by openSUSE community member Wolfgang Rosenauer.
Here are some statistics:
openSUSE 11.1 was released on December 18th 2008, making it 2 years
and 1 month of security and bugfix support.
Some statistics on the released patches (compared to 11.0):
Total updates: 707 (+63)
Security: 467 (-18)
Recommended: 236 (+79)
Optional: 4 (+ 2)
CVE Entries: 1175 (+34)
There is a 4% decrease in the number of security updates compared
to openSUSE 11.0. There is however a 2% increase in CVE numbers fixed.
Top issues (compared to 11.0 for issues down to 5):
19 MozillaFirefox (+1)
14 kernel (+5)
11 acroread (+1)
10 java-1_6_0-openjdk (+5)
9 wireshark (+1)
9 opera (-3)
9 libopenssl-devel (+4)
9 flash-player (+2)
8 seamonkey (-1)
8 MozillaThunderbird (-1)
7 java-1_6_0-sun (0)
7 clamav (+3)
7 apache2-mod_php5 (0)
6 moodle (-1)
6 libpng-devel (0)
6 samba (0)
5 postgresql
5 krb5
5 java-1_5_0-sun (-1)
5 cups (-2)
And top issues sorted by CVE (Common Vulnerability Enumeration) count
(down to 5) (compared to 11.0 for the top):
163 MozillaFirefox (+20)
115 acroread (+22)
114 java-1_6_0-sun (+12)
83 seamonkey (0)
83 kernel (+8)
83 java-1_6_0-openjdk (+33)
82 flash-player (+18)
70 MozillaThunderbird (+16)
51 java-1_5_0-sun (-12, EOLed during the lifetime)
41 mozilla-xulrunner191
38 php5 (+14)
33 wireshark (-2)
28 mozilla-xulrunner190 (-12, EOLed during the lifetime)
28 moodle (+1)
27 opera (-4)
21 xpdf (-2)
17 freetype2
15 mysql (+2)
14 openssl (+5)
14 pidgin/finch (-4)
13 libpoppler4 (+-0 to libpoppler3)
13 kdegraphics3 (+2)
12 krb5 (+4)
12 samba (+-0)
11 postgresql (+1)
11 ghostscript (+-0)
10 tomcat6 (-1)
10 MozillaFirefox-branding-openSUSE
10 firefox35upgrade
10 clamav (-7)
8 ruby (-9)
8 mozilla-xulrunner181 (-28, EOLed during the lifetime)
8 poppler
8 cups (-6)
7 OpenOffice_org
7 kvm (0)
7 gvim (0)
7 apache2 (-4)
6 qemu (0)
6 libpng (0)
6 glibc
5 strongswan (-2)
5 squid (0)
5 bind (-2)
# security updates by count
# grep -l type..secur updateinfo-*|sed -e 's/^updateinfo-//;s/-[0-9]*.xml$//;'|sort|uniq -c|sort -n +0 -r|less
# grep CVE- update* |perl -e '%cves=();while (<>) { while (/(CVE-2...-....)/) { $cve{$1}++; s/CVE-2...-....//;} } print join("\n",sort keys %cve)."\n";' | wc -l
# for i in updateinfo-* ; do echo -n "$i " ; grep CVE- $i|perl -e '%cves=();while (<>) { while (/(CVE-2...-....)/) { $cve{$1}++; s/CVE-2...-....//;} } print join("\n",sort keys %cve)."\n";' | wc -l ; done |perl -e 'while (<>) { /^updateinfo-(\S*)-\d*.xml (\d*)$/; $cnt{$1}+=$2; } ; foreach (sort { $cnt{$b} <=> $cnt{$a} } keys %cnt) { print "$cnt{$_}\t\t$_\n";} '
1
0
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:2011:004)
by Marcus Meissner 14 Jan '11
by Marcus Meissner 14 Jan '11
14 Jan '11
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: kernel
Announcement ID: SUSE-SA:2011:004
Date: Fri, 14 Jan 2011 13:00:00 +0000
Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP1
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Server 11 SP1
Vulnerability Type: local privilege escalation
CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
SUSE Default Package: yes
Cross-References: CVE-2010-3437, CVE-2010-3861, CVE-2010-3874
CVE-2010-3881, CVE-2010-4072, CVE-2010-4073
CVE-2010-4082, CVE-2010-4083, CVE-2010-4157
CVE-2010-4158, CVE-2010-4160, CVE-2010-4162
CVE-2010-4163, CVE-2010-4164, CVE-2010-4165
CVE-2010-4169, CVE-2010-4175, CVE-2010-4258
Content of This Advisory:
1) Security Vulnerability Resolved:
Linux kernel security problems
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to
2.6.32.27 and fixes various bugs and security issues.
Following security issues were fixed:
CVE-2010-4258: A local attacker could use a Oops (kernel crash) caused
by other flaws to write a 0 byte to a attacker controlled address
in the kernel. This could lead to privilege escalation together with
other issues.
CVE-2010-4160: An overflow in sendto() and recvfrom() routines was
fixed that could be used by local attackers to potentially crash the
kernel using some socket families like L2TP.
CVE-2010-4157: A 32bit vs 64bit integer mismatch in gdth_ioctl_alloc
could lead to memory corruption in the GDTH driver.
CVE-2010-4165: The do_tcp_setsockopt function in net/ipv4/tcp.c
in the Linux kernel did not properly restrict TCP_MAXSEG (aka MSS)
values, which allowed local users to cause a denial of service (OOPS)
via a setsockopt call that specifies a small value, leading to a
divide-by-zero error or incorrect use of a signed integer.
CVE-2010-4164: A remote (or local) attacker communicating over X.25
could cause a kernel panic by attempting to negotiate malformed
facilities.
CVE-2010-4175: A local attacker could cause memory overruns in the
RDS protocol stack, potentially crashing the kernel. So far it is
considered not to be exploitable.
CVE-2010-4169: Use-after-free vulnerability in mm/mprotect.c in the
Linux kernel allowed local users to cause a denial of service via
vectors involving an mprotect system call.
CVE-2010-3874: A minor heap overflow in the CAN network module
was fixed. Due to nature of the memory allocator it is likely not
exploitable.
CVE-2010-4158: A memory information leak in Berkeley packet filter
rules allowed local attackers to read uninitialized memory of the
kernel stack.
CVE-2010-4162: A local denial of service in the blockdevice layer
was fixed.
CVE-2010-4163: By submitting certain I/O requests with 0 length,
a local user could have caused a kernel panic.
CVE-2010-3861: The ethtool_get_rxnfc function in net/core/ethtool.c
in the Linux kernel did not initialize a certain block of heap memory,
which allowed local users to obtain potentially sensitive information
via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt
value.
CVE-2010-3881: arch/x86/kvm/x86.c in the Linux kernel did not
initialize certain structure members, which allowed local users to
obtain potentially sensitive information from kernel stack memory
via read operations on the /dev/kvm device.
CVE-2010-3437: A range checking overflow in pktcdvd ioctl was fixed.
CVE-2010-4082: The viafb_ioctl_get_viafb_info function in
drivers/video/via/ioctl.c in the Linux kernel did not properly
initialize a certain structure member, which allowed local users to
obtain potentially sensitive information from kernel stack memory
via a VIAFB_GET_INFO ioctl call.
CVE-2010-4073: The ipc subsystem in the Linux kernel did not
initialize certain structures, which allowed local users to obtain
potentially sensitive information from kernel stack memory via
vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl,
and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4)
compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in
ipc/compat_mq.c.
CVE-2010-4072: The copy_shmid_to_user function in ipc/shm.c in the
Linux kernel did not initialize a certain structure, which allowed
local users to obtain potentially sensitive information from kernel
stack memory via vectors related to the shmctl system call and the
"old shm interface."
CVE-2010-4083: The copy_semid_to_user function in ipc/sem.c in the
Linux kernel did not initialize a certain structure, which allowed
local users to obtain potentially sensitive information from kernel
stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4)
SEM_STAT command in a semctl system call.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please reboot the machine after installing the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
"Online Update" module or the "zypper" commandline tool. The package and
patch management stack will detect which updates are required and
automatically perform the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
SLE 11 SERVER Unsupported Extras
http://download.novell.com/patch/finder/?keywords=a5b88975f26bf20b19b4cb348…
http://download.novell.com/patch/finder/?keywords=6b7fd41bd7226b53d8a5478d2…
http://download.novell.com/patch/finder/?keywords=bcb4e168cb163343275c4d62f…
http://download.novell.com/patch/finder/?keywords=927b9000702886355ba37c627…
http://download.novell.com/patch/finder/?keywords=356fcef510f901c1aa5982e30…
SUSE Linux Enterprise Server 11 SP1
http://download.novell.com/patch/finder/?keywords=23f8d08c0e40d5d87542968bb…
http://download.novell.com/patch/finder/?keywords=aa169ef3e3233aaf1120bd771…
http://download.novell.com/patch/finder/?keywords=84fa31032843bdcdb6803fdf5…
http://download.novell.com/patch/finder/?keywords=965b02d89397493aaac6b5e6a…
http://download.novell.com/patch/finder/?keywords=1e884403c52fc77802015c35c…
SUSE Linux Enterprise Desktop 11 SP1
http://download.novell.com/patch/finder/?keywords=23f8d08c0e40d5d87542968bb…
http://download.novell.com/patch/finder/?keywords=1e884403c52fc77802015c35c…
SUSE Linux Enterprise High Availability Extension 11 SP1
http://download.novell.com/patch/finder/?keywords=23f8d08c0e40d5d87542968bb…
http://download.novell.com/patch/finder/?keywords=aa169ef3e3233aaf1120bd771…
http://download.novell.com/patch/finder/?keywords=84fa31032843bdcdb6803fdf5…
http://download.novell.com/patch/finder/?keywords=965b02d89397493aaac6b5e6a…
http://download.novell.com/patch/finder/?keywords=1e884403c52fc77802015c35c…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iQEVAwUBTTBtNXey5gA9JdPZAQIcqgf8Dhpeu/SBhSxAxXV7TwFAsBmIQ8QLto3q
SnU3+bkF+rKPJoknwi0c4I+o737eBv6xUrTVySBL1FWVoV/EMOGu0kzYPB29JaYo
HBrxyOedYr3aOARhIIWxHGTTR3eNSLPOgkTz2Wn31x7Ro/0xS8DUvP7uxTd4U0kU
y9khiFMkLQXCM59SXV32o/LE1c+yq4JCq100M/Kw1e777LdmIkS+mfMbTWAcsSBg
HYk4Fl1GufcITSd2VwPtujbiAsfmdaPPuNXumxAe7w8pJhx2MprXDJ9E9TVgJYQc
Qma3wGwewXPTQbkO2ce9YIumpc9AqETs3rmc9R8KZ9Ee+AfcO/JY2A==
=1f0P
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
11 Jan '11
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2011:001
Date: Tue, 11 Jan 2011 10:00:00 +0000
Cross-References: CVE-2010-1455, CVE-2010-2283, CVE-2010-2284
CVE-2010-2285, CVE-2010-2286, CVE-2010-2287
CVE-2010-2761, CVE-2010-2891, CVE-2010-2992
CVE-2010-2993, CVE-2010-2994, CVE-2010-2995
CVE-2010-3445, CVE-2010-3912, CVE-2010-4180
CVE-2010-4254, CVE-2010-4300, CVE-2010-4301
CVE-2010-4528
Content of this advisory:
1) Solved Security Vulnerabilities:
- finch/pidgin
- libmoon-devel/moonlight-plugin
- libsmi
- openssl
- perl-CGI-Simple
- supportutils
- wireshark
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list or
download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- finch/pidgin
A NULL pointer dereference DoS has been fixed in pidgin.
CVE-2010-4528 has been assigned to this issue.
Affected products: openSUSE 11.2-11.3
- libmoon-devel/moonlight-plugin
Untrusted Moonlight apps could bypass constraints on methods which
potentially allowed attackers to execute arbitrary code (CVE-2010-4254).
Affected products: SLE11-SP1
- libsmi
This update fixes a buffer overflow the smiGetNode() function in libsmi.
It allowed context-dependent attackers to execute arbitrary code via an
Object Identifier.
CVE-2010-2891: CVSS v2 Base Score: 7.5 (HIGH)
(AV:N/AC:L/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)
Affected products: openSUSE 11.1-11.3
- openssl
Malicious clients could downgrade a connection to a low strength cipher
suite on session resumption if the server offers such ciphers
(CVE-2010-4180).
Affected products: openSUSE 11.1-11.3, SLE11-SP1
- perl-CGI-Simple
A HTTP header injection attack was fixed in perl-CGI-Simple.
CVE-2010-2761 has been assigned to this issue.
Affected products: openSUSE 11.2-11.3
- supportutils
the supportconfig script did not disguise passwords in the config files
it collected (CVE-2010-3912).
Affected products: SLE11-SP1, SLE10-SP3
- wireshark
Wireshark version 1.4.2 fixes several security issues that allowed
attackers to crash wireshark or potentially even execute arbitrary code
(CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285,
CVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993,
CVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300,
CVE-2010-4301)
Affected products: openSUSE 11.1
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
none
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and integrity of a
package needs to be verified to ensure that it has not been tampered with.
The internal RPM package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on RPMv4-based
distributions) and the gpg key ring of 'root' during installation. You can
also find it on the first installation CD and included at the end of this
announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBTSw4+ney5gA9JdPZAQIDaQf/fymwHyYtYgh8nKEJb5QiiO0WuMtIQyNE
MkD8vQF7nLKhik1vs6i6S/gKxhWu4kqgPQBO8hS7NafX+zZQlz81VGU/FpmP06OZ
+7TOpqfq8ssDlzXqQTxRtfh+yxAee8DS5TYTkteH+K+7lpEo+QWkB9gqEm9KaW+r
oJPCn2eeH/u7BPU77iLfwtEjULKKJ89IdKS2JdTJguH50LU7GB+9evz3qnbnmfuh
ds43p05Zvbz8qEaCgrZl5/J6saTabo1q+43bHCrHLYmxPTxiEIQZkHYQhAVrLtFD
LOV6hctyiKU0z+kE33/ihpbcSKxqzudsPBkF1NQDdQc8b2cVD7sUfA==
=5R4j
-----END PGP SIGNATURE-----
--
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer(a)suse.de - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE Security Announcement: Mozilla (SUSE-SA:2011:003)
by Marcus Meissner 05 Jan '11
by Marcus Meissner 05 Jan '11
05 Jan '11
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: MozillaFirefox,MozillaThunderbird,Seamonkey
Announcement ID: SUSE-SA:2011:003
Date: Wed, 05 Jan 2011 10:00:00 +0000
Affected Products: openSUSE 11.1
openSUSE 11.2
openSUSE 11.3
SLE SDK 10 SP3
SUSE Linux Enterprise Desktop 10 SP3
SUSE Linux Enterprise Server 10 SP3
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Server 11 SP1
Vulnerability Type: remote code execution
CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
SUSE Default Package: yes
Cross-References: CVE-2010-0179, CVE-2010-3766, CVE-2010-3767
CVE-2010-3768, CVE-2010-3769, CVE-2010-3770
CVE-2010-3771, CVE-2010-3772, CVE-2010-3773
CVE-2010-3774, CVE-2010-3775, CVE-2010-3776
CVE-2010-3777, CVE-2010-3778, MFSA 2010-74
MFSA 2010-75, MFSA 2010-76, MFSA 2010-77
MFSA 2010-78, MFSA 2010-79, MFSA 2010-80
MFSA 2010-81, MFSA 2010-82, MFSA 2010-83
MFSA 2010-84
Content of This Advisory:
1) Security Vulnerability Resolved:
Mozilla security issues
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
Mozilla Firefox was updated to update 3.6.13 to fix several security issues.
Also Mozilla Thunderbird and Seamonkey were updated on openSUSE.
Following security issues were fixed:
MFSA 2010-74: Mozilla developers identified and fixed several
memory safety bugs in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence of memory
corruption under certain circumstances, and we presume that with enough
effort at least some of these could be exploited to run arbitrary code.
Jesee Ruderman, Andreas Gal, Nils, and Brian Hackett reported
memory safety problems that affected Firefox 3.6 and Firefox
3.5. (CVE-2010-3776)
Igor Bukanov reported a memory safety problem that was fixed in
Firefox 3.6 only. (CVE-2010-3777)
Jesse Ruderman reported a crash which affected Firefox 3.5 only. (CVE-2010-3778)
MFSA 2010-75 / CVE-2010-3769: Dirk Heinrich reported that on Windows
platforms when document.write() was called with a very long string
a buffer overflow was caused in line breaking routines attempting
to process the string for display. Such cases triggered an invalid
read past the end of an array causing a crash which an attacker could
potentially use to run arbitrary code on a victim's computer.
MFSA 2010-76 / CVE-2010-3771: Security researcher echo reported that
a web page could open a window with an about:blank location and then
inject an <isindex> element into that page which upon submission would
redirect to a chrome: document. The effect of this defect was that the
original page would wind up with a reference to a chrome-privileged
object, the opened window, which could be leveraged for privilege
escalation attacks.
Mozilla security researcher moz_bug_r_a4 provided proof-of-concept
code demonstrating how the above vulnerability could be used to run
arbitrary code with chrome privileges.
MFSA 2010-77 / CVE-2010-3772: Security researcher wushi of team509
reported that when a XUL tree had an HTML <div> element nested inside a
<treechildren> element then code attempting to display content in the
XUL tree would incorrectly treat the <div> element as a parent node
to tree content underneath it resulting in incorrect indexes being
calculated for the child content. These incorrect indexes were used
in subsequent array operations which resulted in writing data past
the end of an allocated buffer. An attacker could use this issue to
crash a victim's browser and run arbitrary code on their machine.
MFSA 2010-78 / CVE-2010-3768: Mozilla added the OTS font sanitizing
library to prevent downloadable fonts from exposing vulnerabilities
in the underlying OS font code. This library mitigates against several
issues independently reported by Red Hat Security Response Team member
Marc Schoenefeld and Mozilla security researcher Christoph Diehl.
MFSA 2010-79 / CVE-2010-3775: Security researcher Gregory Fleischer
reported that when a Java LiveConnect script was loaded via a data:
URL which redirects via a meta refresh, then the resulting plugin
object was created with the wrong security principal and thus received
elevated privileges such as the abilities to read local files, launch
processes, and create network connections.
MFSA 2010-80 / CVE-2010-3766: Security researcher regenrecht reported
via TippingPoint's Zero Day Initiative that a nsDOMAttribute node
can be modified without informing the iterator object responsible
for various DOM traversals. This flaw could lead to a inconsistent
state where the iterator points to an object it believes is part of
the DOM but actually points to some other object. If such an object
had been deleted and its memory reclaimed by the system, then the
iterator could be used to call into attacker-controlled memory.
MFSA 2010-81 / CVE-2010-3767: Security researcher regenrecht reported
via TippingPoint's Zero Day Initiative that JavaScript arrays
were vulnerable to an integer overflow vulnerability. The report
demonstrated that an array could be constructed containing a very
large number of items such that when memory was allocated to store the
array items, the integer value used to calculate the buffer size would
overflow resulting in too small a buffer being allocated. Subsequent
use of the array object could then result in data being written past
the end of the buffer and causing memory corruption.
MFSA 2010-82 / CVE-2010-3773: Mozilla security researcher moz_bug_r_a4
reported that the fix for CVE-2010-0179 could be circumvented
permitting the execution of arbitrary JavaScript with chrome
privileges.
MFSA 2010-83 / CVE-2010-3774: Google security researcher Michal
Zalewski reported that when a window was opened to a site resulting
in a network or certificate error page, the opening site could access
the document inside the opened window and inject arbitrary content. An
attacker could use this bug to spoof the location bar and trick a user
into thinking they were on a different site than they actually were.
MFSA 2010-84 / CVE-2010-3770: Security researchers Yosuke Hasegawa
and Masatoshi Kimura reported that the x-mac-arabic, x-mac-farsi and
x-mac-hebrew character encodings are vulnerable to XSS attacks due
to some characters being converted to angle brackets when displayed
by the rendering engine. Sites using these character encodings would
thus be potentially vulnerable to script injection attacks if their
script filtering code fails to strip out these specific characters.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please restart all running Mozilla instances after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
"Online Update" module or the "zypper" commandline tool. The package and
patch management stack will detect which updates are required and
automatically perform the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 11.3:
http://download.opensuse.org/update/11.3/rpm/i586/MozillaFirefox-3.6.13-0.2…
http://download.opensuse.org/update/11.3/rpm/i586/MozillaFirefox-branding-u…
http://download.opensuse.org/update/11.3/rpm/i586/MozillaFirefox-translatio…
http://download.opensuse.org/update/11.3/rpm/i586/MozillaFirefox-translatio…
http://download.opensuse.org/update/11.3/rpm/i586/MozillaThunderbird-3.0.11…
http://download.opensuse.org/update/11.3/rpm/i586/MozillaThunderbird-devel-…
http://download.opensuse.org/update/11.3/rpm/i586/MozillaThunderbird-transl…
http://download.opensuse.org/update/11.3/rpm/i586/MozillaThunderbird-transl…
http://download.opensuse.org/update/11.3/rpm/i586/enigmail-1.0.1-4.5.1.i586…
http://download.opensuse.org/update/11.3/rpm/i586/mozilla-js192-1.9.2.13-0.…
http://download.opensuse.org/update/11.3/rpm/i586/mozilla-xulrunner191-1.9.…
http://download.opensuse.org/update/11.3/rpm/i586/mozilla-xulrunner191-deve…
http://download.opensuse.org/update/11.3/rpm/i586/mozilla-xulrunner191-gnom…
http://download.opensuse.org/update/11.3/rpm/i586/mozilla-xulrunner191-tran…
http://download.opensuse.org/update/11.3/rpm/i586/mozilla-xulrunner191-tran…
http://download.opensuse.org/update/11.3/rpm/i586/mozilla-xulrunner192-1.9.…
http://download.opensuse.org/update/11.3/rpm/i586/mozilla-xulrunner192-buil…
http://download.opensuse.org/update/11.3/rpm/i586/mozilla-xulrunner192-deve…
http://download.opensuse.org/update/11.3/rpm/i586/mozilla-xulrunner192-gnom…
http://download.opensuse.org/update/11.3/rpm/i586/mozilla-xulrunner192-tran…
http://download.opensuse.org/update/11.3/rpm/i586/mozilla-xulrunner192-tran…
http://download.opensuse.org/update/11.3/rpm/i586/python-xpcom191-1.9.1.16-…
http://download.opensuse.org/update/11.3/rpm/i586/seamonkey-2.0.11-0.2.1.i5…
http://download.opensuse.org/update/11.3/rpm/i586/seamonkey-dom-inspector-2…
http://download.opensuse.org/update/11.3/rpm/i586/seamonkey-irc-2.0.11-0.2.…
http://download.opensuse.org/update/11.3/rpm/i586/seamonkey-translations-co…
http://download.opensuse.org/update/11.3/rpm/i586/seamonkey-translations-ot…
http://download.opensuse.org/update/11.3/rpm/i586/seamonkey-venkman-2.0.11-…
openSUSE 11.2:
http://download.opensuse.org/update/11.2/rpm/i586/MozillaFirefox-3.6.13-0.2…
http://download.opensuse.org/update/11.2/rpm/i586/MozillaFirefox-branding-u…
http://download.opensuse.org/update/11.2/rpm/i586/MozillaFirefox-translatio…
http://download.opensuse.org/update/11.2/rpm/i586/MozillaFirefox-translatio…
http://download.opensuse.org/update/11.2/rpm/i586/MozillaThunderbird-3.0.11…
http://download.opensuse.org/update/11.2/rpm/i586/MozillaThunderbird-devel-…
http://download.opensuse.org/update/11.2/rpm/i586/MozillaThunderbird-transl…
http://download.opensuse.org/update/11.2/rpm/i586/MozillaThunderbird-transl…
http://download.opensuse.org/update/11.2/rpm/i586/enigmail-1.0.1-3.5.1.i586…
http://download.opensuse.org/update/11.2/rpm/i586/mozilla-js192-1.9.2.13-0.…
http://download.opensuse.org/update/11.2/rpm/i586/mozilla-xulrunner191-1.9.…
http://download.opensuse.org/update/11.2/rpm/i586/mozilla-xulrunner191-deve…
http://download.opensuse.org/update/11.2/rpm/i586/mozilla-xulrunner191-gnom…
http://download.opensuse.org/update/11.2/rpm/i586/mozilla-xulrunner191-tran…
http://download.opensuse.org/update/11.2/rpm/i586/mozilla-xulrunner191-tran…
http://download.opensuse.org/update/11.2/rpm/i586/mozilla-xulrunner192-1.9.…
http://download.opensuse.org/update/11.2/rpm/i586/mozilla-xulrunner192-buil…
http://download.opensuse.org/update/11.2/rpm/i586/mozilla-xulrunner192-deve…
http://download.opensuse.org/update/11.2/rpm/i586/mozilla-xulrunner192-gnom…
http://download.opensuse.org/update/11.2/rpm/i586/mozilla-xulrunner192-tran…
http://download.opensuse.org/update/11.2/rpm/i586/mozilla-xulrunner192-tran…
http://download.opensuse.org/update/11.2/rpm/i586/python-xpcom191-1.9.1.16-…
http://download.opensuse.org/update/11.2/rpm/i586/seamonkey-2.0.11-0.2.1.i5…
http://download.opensuse.org/update/11.2/rpm/i586/seamonkey-dom-inspector-2…
http://download.opensuse.org/update/11.2/rpm/i586/seamonkey-irc-2.0.11-0.2.…
http://download.opensuse.org/update/11.2/rpm/i586/seamonkey-venkman-2.0.11-…
openSUSE 11.1:
http://download.opensuse.org/update/11.1/rpm/i586/MozillaFirefox-3.6.13-0.1…
http://download.opensuse.org/update/11.1/rpm/i586/MozillaFirefox-branding-u…
http://download.opensuse.org/update/11.1/rpm/i586/MozillaFirefox-translatio…
http://download.opensuse.org/update/11.1/rpm/i586/MozillaFirefox-translatio…
http://download.opensuse.org/update/11.1/rpm/i586/MozillaThunderbird-3.0.11…
http://download.opensuse.org/update/11.1/rpm/i586/MozillaThunderbird-devel-…
http://download.opensuse.org/update/11.1/rpm/i586/MozillaThunderbird-transl…
http://download.opensuse.org/update/11.1/rpm/i586/MozillaThunderbird-transl…
http://download.opensuse.org/update/11.1/rpm/i586/enigmail-1.0.1-6.6.1.i586…
http://download.opensuse.org/update/11.1/rpm/i586/mozilla-js192-1.9.2.13-0.…
http://download.opensuse.org/update/11.1/rpm/i586/mozilla-xulrunner191-1.9.…
http://download.opensuse.org/update/11.1/rpm/i586/mozilla-xulrunner191-deve…
http://download.opensuse.org/update/11.1/rpm/i586/mozilla-xulrunner191-gnom…
http://download.opensuse.org/update/11.1/rpm/i586/mozilla-xulrunner191-tran…
http://download.opensuse.org/update/11.1/rpm/i586/mozilla-xulrunner191-tran…
http://download.opensuse.org/update/11.1/rpm/i586/mozilla-xulrunner192-1.9.…
http://download.opensuse.org/update/11.1/rpm/i586/mozilla-xulrunner192-buil…
http://download.opensuse.org/update/11.1/rpm/i586/mozilla-xulrunner192-deve…
http://download.opensuse.org/update/11.1/rpm/i586/mozilla-xulrunner192-gnom…
http://download.opensuse.org/update/11.1/rpm/i586/mozilla-xulrunner192-tran…
http://download.opensuse.org/update/11.1/rpm/i586/mozilla-xulrunner192-tran…
http://download.opensuse.org/update/11.1/rpm/i586/python-xpcom191-1.9.1.16-…
http://download.opensuse.org/update/11.1/rpm/i586/seamonkey-2.0.11-0.1.1.i5…
http://download.opensuse.org/update/11.1/rpm/i586/seamonkey-dom-inspector-2…
http://download.opensuse.org/update/11.1/rpm/i586/seamonkey-irc-2.0.11-0.1.…
http://download.opensuse.org/update/11.1/rpm/i586/seamonkey-venkman-2.0.11-…
Power PC Platform:
openSUSE 11.1:
http://download.opensuse.org/update/11.1/rpm/ppc/MozillaFirefox-3.6.13-0.1.…
http://download.opensuse.org/update/11.1/rpm/ppc/MozillaFirefox-branding-up…
http://download.opensuse.org/update/11.1/rpm/ppc/MozillaFirefox-translation…
http://download.opensuse.org/update/11.1/rpm/ppc/MozillaFirefox-translation…
http://download.opensuse.org/update/11.1/rpm/ppc/MozillaThunderbird-3.0.11-…
http://download.opensuse.org/update/11.1/rpm/ppc/MozillaThunderbird-devel-3…
http://download.opensuse.org/update/11.1/rpm/ppc/MozillaThunderbird-transla…
http://download.opensuse.org/update/11.1/rpm/ppc/MozillaThunderbird-transla…
http://download.opensuse.org/update/11.1/rpm/ppc/enigmail-1.0.1-6.6.1.ppc.r…
http://download.opensuse.org/update/11.1/rpm/ppc/mozilla-js192-1.9.2.13-0.1…
http://download.opensuse.org/update/11.1/rpm/ppc/mozilla-xulrunner191-1.9.1…
http://download.opensuse.org/update/11.1/rpm/ppc/mozilla-xulrunner191-devel…
http://download.opensuse.org/update/11.1/rpm/ppc/mozilla-xulrunner191-gnome…
http://download.opensuse.org/update/11.1/rpm/ppc/mozilla-xulrunner191-trans…
http://download.opensuse.org/update/11.1/rpm/ppc/mozilla-xulrunner191-trans…
http://download.opensuse.org/update/11.1/rpm/ppc/mozilla-xulrunner192-1.9.2…
http://download.opensuse.org/update/11.1/rpm/ppc/mozilla-xulrunner192-devel…
http://download.opensuse.org/update/11.1/rpm/ppc/mozilla-xulrunner192-trans…
http://download.opensuse.org/update/11.1/rpm/ppc/mozilla-xulrunner192-trans…
http://download.opensuse.org/update/11.1/rpm/ppc/python-xpcom191-1.9.1.16-0…
http://download.opensuse.org/update/11.1/rpm/ppc/seamonkey-2.0.11-0.1.1.ppc…
http://download.opensuse.org/update/11.1/rpm/ppc/seamonkey-dom-inspector-2.…
http://download.opensuse.org/update/11.1/rpm/ppc/seamonkey-irc-2.0.11-0.1.1…
http://download.opensuse.org/update/11.1/rpm/ppc/seamonkey-venkman-2.0.11-0…
x86-64 Platform:
openSUSE 11.3:
http://download.opensuse.org/update/11.3/rpm/x86_64/MozillaFirefox-3.6.13-0…
http://download.opensuse.org/update/11.3/rpm/x86_64/MozillaFirefox-branding…
http://download.opensuse.org/update/11.3/rpm/x86_64/MozillaFirefox-translat…
http://download.opensuse.org/update/11.3/rpm/x86_64/MozillaFirefox-translat…
http://download.opensuse.org/update/11.3/rpm/x86_64/MozillaThunderbird-3.0.…
http://download.opensuse.org/update/11.3/rpm/x86_64/MozillaThunderbird-deve…
http://download.opensuse.org/update/11.3/rpm/x86_64/MozillaThunderbird-tran…
http://download.opensuse.org/update/11.3/rpm/x86_64/MozillaThunderbird-tran…
http://download.opensuse.org/update/11.3/rpm/x86_64/enigmail-1.0.1-4.5.1.x8…
http://download.opensuse.org/update/11.3/rpm/x86_64/mozilla-js192-1.9.2.13-…
http://download.opensuse.org/update/11.3/rpm/x86_64/mozilla-js192-32bit-1.9…
http://download.opensuse.org/update/11.3/rpm/x86_64/mozilla-xulrunner191-1.…
http://download.opensuse.org/update/11.3/rpm/x86_64/mozilla-xulrunner191-32…
http://download.opensuse.org/update/11.3/rpm/x86_64/mozilla-xulrunner191-de…
http://download.opensuse.org/update/11.3/rpm/x86_64/mozilla-xulrunner191-gn…
http://download.opensuse.org/update/11.3/rpm/x86_64/mozilla-xulrunner191-gn…
http://download.opensuse.org/update/11.3/rpm/x86_64/mozilla-xulrunner191-tr…
http://download.opensuse.org/update/11.3/rpm/x86_64/mozilla-xulrunner191-tr…
http://download.opensuse.org/update/11.3/rpm/x86_64/mozilla-xulrunner192-1.…
http://download.opensuse.org/update/11.3/rpm/x86_64/mozilla-xulrunner192-32…
http://download.opensuse.org/update/11.3/rpm/x86_64/mozilla-xulrunner192-bu…
http://download.opensuse.org/update/11.3/rpm/x86_64/mozilla-xulrunner192-de…
http://download.opensuse.org/update/11.3/rpm/x86_64/mozilla-xulrunner192-gn…
http://download.opensuse.org/update/11.3/rpm/x86_64/mozilla-xulrunner192-gn…
http://download.opensuse.org/update/11.3/rpm/x86_64/mozilla-xulrunner192-tr…
http://download.opensuse.org/update/11.3/rpm/x86_64/mozilla-xulrunner192-tr…
http://download.opensuse.org/update/11.3/rpm/x86_64/mozilla-xulrunner192-tr…
http://download.opensuse.org/update/11.3/rpm/x86_64/mozilla-xulrunner192-tr…
http://download.opensuse.org/update/11.3/rpm/x86_64/python-xpcom191-1.9.1.1…
http://download.opensuse.org/update/11.3/rpm/x86_64/seamonkey-2.0.11-0.2.1.…
http://download.opensuse.org/update/11.3/rpm/x86_64/seamonkey-dom-inspector…
http://download.opensuse.org/update/11.3/rpm/x86_64/seamonkey-irc-2.0.11-0.…
http://download.opensuse.org/update/11.3/rpm/x86_64/seamonkey-translations-…
http://download.opensuse.org/update/11.3/rpm/x86_64/seamonkey-translations-…
http://download.opensuse.org/update/11.3/rpm/x86_64/seamonkey-venkman-2.0.1…
openSUSE 11.2:
http://download.opensuse.org/update/11.2/rpm/x86_64/MozillaFirefox-3.6.13-0…
http://download.opensuse.org/update/11.2/rpm/x86_64/MozillaFirefox-branding…
http://download.opensuse.org/update/11.2/rpm/x86_64/MozillaFirefox-translat…
http://download.opensuse.org/update/11.2/rpm/x86_64/MozillaFirefox-translat…
http://download.opensuse.org/update/11.2/rpm/x86_64/MozillaThunderbird-3.0.…
http://download.opensuse.org/update/11.2/rpm/x86_64/MozillaThunderbird-deve…
http://download.opensuse.org/update/11.2/rpm/x86_64/MozillaThunderbird-tran…
http://download.opensuse.org/update/11.2/rpm/x86_64/MozillaThunderbird-tran…
http://download.opensuse.org/update/11.2/rpm/x86_64/enigmail-1.0.1-3.5.1.x8…
http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-js192-1.9.2.13-…
http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-js192-32bit-1.9…
http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner191-1.…
http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner191-32…
http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner191-de…
http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner191-gn…
http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner191-gn…
http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner191-tr…
http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner191-tr…
http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner192-1.…
http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner192-32…
http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner192-bu…
http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner192-de…
http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner192-gn…
http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner192-gn…
http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner192-tr…
http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner192-tr…
http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner192-tr…
http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner192-tr…
http://download.opensuse.org/update/11.2/rpm/x86_64/python-xpcom191-1.9.1.1…
http://download.opensuse.org/update/11.2/rpm/x86_64/seamonkey-2.0.11-0.2.1.…
http://download.opensuse.org/update/11.2/rpm/x86_64/seamonkey-dom-inspector…
http://download.opensuse.org/update/11.2/rpm/x86_64/seamonkey-irc-2.0.11-0.…
http://download.opensuse.org/update/11.2/rpm/x86_64/seamonkey-venkman-2.0.1…
openSUSE 11.1:
http://download.opensuse.org/update/11.1/rpm/x86_64/MozillaFirefox-3.6.13-0…
http://download.opensuse.org/update/11.1/rpm/x86_64/MozillaFirefox-branding…
http://download.opensuse.org/update/11.1/rpm/x86_64/MozillaFirefox-translat…
http://download.opensuse.org/update/11.1/rpm/x86_64/MozillaFirefox-translat…
http://download.opensuse.org/update/11.1/rpm/x86_64/MozillaThunderbird-3.0.…
http://download.opensuse.org/update/11.1/rpm/x86_64/MozillaThunderbird-deve…
http://download.opensuse.org/update/11.1/rpm/x86_64/MozillaThunderbird-tran…
http://download.opensuse.org/update/11.1/rpm/x86_64/MozillaThunderbird-tran…
http://download.opensuse.org/update/11.1/rpm/x86_64/enigmail-1.0.1-6.6.1.x8…
http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-js192-1.9.2.13-…
http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-js192-32bit-1.9…
http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner191-1.…
http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner191-32…
http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner191-de…
http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner191-gn…
http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner191-gn…
http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner191-tr…
http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner191-tr…
http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner192-1.…
http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner192-32…
http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner192-bu…
http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner192-de…
http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner192-gn…
http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner192-gn…
http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner192-tr…
http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner192-tr…
http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner192-tr…
http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner192-tr…
http://download.opensuse.org/update/11.1/rpm/x86_64/python-xpcom191-1.9.1.1…
http://download.opensuse.org/update/11.1/rpm/x86_64/seamonkey-2.0.11-0.1.1.…
http://download.opensuse.org/update/11.1/rpm/x86_64/seamonkey-dom-inspector…
http://download.opensuse.org/update/11.1/rpm/x86_64/seamonkey-irc-2.0.11-0.…
http://download.opensuse.org/update/11.1/rpm/x86_64/seamonkey-venkman-2.0.1…
Sources:
openSUSE 11.3:
http://download.opensuse.org/update/11.3/rpm/src/MozillaFirefox-3.6.13-0.2.…
http://download.opensuse.org/update/11.3/rpm/src/MozillaThunderbird-3.0.11-…
http://download.opensuse.org/update/11.3/rpm/src/mozilla-xulrunner191-1.9.1…
http://download.opensuse.org/update/11.3/rpm/src/mozilla-xulrunner192-1.9.2…
http://download.opensuse.org/update/11.3/rpm/src/seamonkey-2.0.11-0.2.1.src…
openSUSE 11.2:
http://download.opensuse.org/update/11.2/rpm/src/MozillaFirefox-3.6.13-0.2.…
http://download.opensuse.org/update/11.2/rpm/src/MozillaThunderbird-3.0.11-…
http://download.opensuse.org/update/11.2/rpm/src/mozilla-xulrunner191-1.9.1…
http://download.opensuse.org/update/11.2/rpm/src/mozilla-xulrunner192-1.9.2…
http://download.opensuse.org/update/11.2/rpm/src/seamonkey-2.0.11-0.2.1.src…
openSUSE 11.1:
http://download.opensuse.org/update/11.1/rpm/src/MozillaFirefox-3.6.13-0.1.…
http://download.opensuse.org/update/11.1/rpm/src/MozillaThunderbird-3.0.11-…
http://download.opensuse.org/update/11.1/rpm/src/mozilla-xulrunner191-1.9.1…
http://download.opensuse.org/update/11.1/rpm/src/mozilla-xulrunner192-1.9.2…
http://download.opensuse.org/update/11.1/rpm/src/seamonkey-2.0.11-0.1.1.src…
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
SLE SDK 10 SP3
http://download.novell.com/patch/finder/?keywords=61e0860309635831b6c4f3a30…
SUSE Linux Enterprise Server 10 SP3
http://download.novell.com/patch/finder/?keywords=61e0860309635831b6c4f3a30…
SUSE Linux Enterprise Desktop 10 SP3
http://download.novell.com/patch/finder/?keywords=61e0860309635831b6c4f3a30…
SUSE Linux Enterprise Server 11 SP1
http://download.novell.com/patch/finder/?keywords=b2953cad2a3b3bd6c26f1ac28…
http://download.novell.com/patch/finder/?keywords=60c97a6dd73ffa7ac423d55d9…
SUSE Linux Enterprise Desktop 11 SP1
http://download.novell.com/patch/finder/?keywords=b2953cad2a3b3bd6c26f1ac28…
http://download.novell.com/patch/finder/?keywords=60c97a6dd73ffa7ac423d55d9…
SUSE Linux Enterprise Software Development Kit 11 SP1
http://download.novell.com/patch/finder/?keywords=b2953cad2a3b3bd6c26f1ac28…
http://download.novell.com/patch/finder/?keywords=60c97a6dd73ffa7ac423d55d9…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iQEVAwUBTSRHC3ey5gA9JdPZAQLfdwgAmIk38ZCi01BG9g39uI21SqlPdiJs8oX6
XIjpf/rVePLFUipGgmZxE789mXMyrYlwag0p+sANXY/rYI1uT0HKFrz5mzwS5x4D
lj/jo2QF5Cnr2yRFK2U1MJgyYYb7AkjxlihyKBxHy0hVMUng0TKp8Q+GadJxgwl4
f3pdk0cyZPorHNKXclTgM2FljofexgbKzucUX3mkJJ88Xn6PiQqWV1sGIAKtyp/B
KsmvXkxf1tfhxy2nnM5k4W/EnRuZIUnWInvU6FGriT6K9P75WyOU+lBnLlZz0d8Y
DNJrS/pok+Uygp58E2brj+D7pqje3ChtVtcZnFj4a+w6RqWctohyRg==
=UHj6
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:2011:002)
by Marcus Meissner 03 Jan '11
by Marcus Meissner 03 Jan '11
03 Jan '11
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: kernel
Announcement ID: SUSE-SA:2011:002
Date: Mon, 03 Jan 2011 15:00:00 +0000
Affected Products: openSUSE 11.2
Vulnerability Type: potential local privilege escalation
CVSS v2 Base Score: 6.6 (AV:L/AC:L/Au:N/C:C/I:N/A:C)
SUSE Default Package: yes
Cross-References: CVE-2010-3067, CVE-2010-3437, CVE-2010-3442
CVE-2010-3861, CVE-2010-3865, CVE-2010-3874
CVE-2010-4078, CVE-2010-4080, CVE-2010-4081
CVE-2010-4082, CVE-2010-4157, CVE-2010-4158
CVE-2010-4160, CVE-2010-4162, CVE-2010-4163
CVE-2010-4164, CVE-2010-4165, CVE-2010-4175
CVE-2010-4258
Content of This Advisory:
1) Security Vulnerability Resolved:
Linux kernel security update
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
This update of the openSUSE 11.2 kernel fixes various bugs
and lots of security issues.
Following security issues have been fixed:
CVE-2010-4258: A local attacker could use a Oops (kernel crash) caused
by other flaws to write a 0 byte to a attacker controlled address in the
kernel. This could lead to privilege escalation together with other issues.
CVE-2010-4160: A overflow in sendto() and recvfrom() routines was fixed
that could be used by local attackers to potentially crash the kernel
using some socket families like L2TP.
CVE-2010-4157: A 32bit vs 64bit integer mismatch in gdth_ioctl_alloc
could lead to memory corruption in the GDTH driver.
CVE-2010-4165: The do_tcp_setsockopt function in net/ipv4/tcp.c in the
Linux kernel did not properly restrict TCP_MAXSEG (aka MSS) values, which
allows local users to cause a denial of service (OOPS) via a setsockopt
call that specifies a small value, leading to a divide-by-zero error or
incorrect use of a signed integer.
CVE-2010-4164: A remote (or local) attacker communicating over X.25
could cause a kernel panic by attempting to negotiate malformed
facilities.
CVE-2010-4175: A local attacker could cause memory overruns in the RDS
protocol stack, potentially crashing the kernel. So far it is considered
not to be exploitable.
CVE-2010-3874: A minor heap overflow in the CAN network module was fixed.
Due to nature of the memory allocator it is likely not exploitable.
CVE-2010-3874: A minor heap overflow in the CAN network module was fixed.
Due to nature of the memory allocator it is likely not exploitable.
CVE-2010-4158: A memory information leak in Berkeley packet filter rules
allowed local attackers to read uninitialized memory of the kernel stack.
CVE-2010-4162: A local denial of service in the blockdevice layer was fixed.
CVE-2010-4163: By submitting certain I/O requests with 0 length, a local
user could have caused a kernel panic.
CVE-2010-3861: The ethtool_get_rxnfc function in net/core/ethtool.c
in the Linux kernel did not initialize a certain block of heap memory,
which allowed local users to obtain potentially sensitive information via
an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value.
CVE-2010-3442: Multiple integer overflows in the snd_ctl_new function
in sound/core/control.c in the Linux kernel allowed local users to
cause a denial of service (heap memory corruption) or possibly have
unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or
(2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.
CVE-2010-3437: A range checking overflow in pktcdvd ioctl was fixed.
CVE-2010-4078: The sisfb_ioctl function in drivers/video/sis/sis_main.c in
the Linux kernel did not properly initialize a certain structure member,
which allowed local users to obtain potentially sensitive information
from kernel stack memory via an FBIOGET_VBLANK ioctl call.
CVE-2010-4080: The snd_hdsp_hwdep_ioctl function in
sound/pci/rme9652/hdsp.c in the Linux kernel did not initialize
a certain structure, which allowed local users to obtain
potentially sensitive information from kernel stack memory via an
SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call.
CVE-2010-4081: The snd_hdspm_hwdep_ioctl function in
sound/pci/rme9652/hdspm.c in the Linux kernel did not initialize
a certain structure, which allowed local users to obtain
potentially sensitive information from kernel stack memory via an
SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call.
CVE-2010-4082: The viafb_ioctl_get_viafb_info function in
drivers/video/via/ioctl.c in the Linux kernel did not properly
initialize a certain structure member, which allowed local users to
obtain potentially sensitive information from kernel stack memory via
a VIAFB_GET_INFO ioctl call.
CVE-2010-3067: Integer overflow in the do_io_submit function in fs/aio.c
in the Linux kernel allowed local users to cause a denial of service or
possibly have unspecified other impact via crafted use of the io_submit
system call.
CVE-2010-3865: A iovec integer overflow in RDS sockets was fixed which
could lead to local attackers gaining kernel privileges.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please reboot the machine after installing the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
"Online Update" module or the "zypper" commandline tool. The package and
patch management stack will detect which updates are required and
automatically perform the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 11.2:
http://download.opensuse.org/update/11.2/rpm/i586/kernel-debug-2.6.31.14-0.…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-debug-base-2.6.31.…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-debug-devel-2.6.31…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-default-2.6.31.14-…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-default-base-2.6.3…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-default-devel-2.6.…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-desktop-2.6.31.14-…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-desktop-base-2.6.3…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-desktop-devel-2.6.…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-pae-2.6.31.14-0.6.…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-pae-base-2.6.31.14…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-pae-devel-2.6.31.1…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-syms-2.6.31.14-0.6…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-trace-2.6.31.14-0.…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-trace-base-2.6.31.…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-trace-devel-2.6.31…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-vanilla-2.6.31.14-…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-vanilla-base-2.6.3…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-vanilla-devel-2.6.…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-xen-2.6.31.14-0.6.…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-xen-base-2.6.31.14…
http://download.opensuse.org/update/11.2/rpm/i586/kernel-xen-devel-2.6.31.1…
http://download.opensuse.org/update/11.2/rpm/i586/preload-kmp-default-1.1_2…
http://download.opensuse.org/update/11.2/rpm/i586/preload-kmp-desktop-1.1_2…
Platform Independent:
openSUSE 11.2:
http://download.opensuse.org/update/11.2/rpm/noarch/kernel-source-2.6.31.14…
http://download.opensuse.org/update/11.2/rpm/noarch/kernel-source-vanilla-2…
x86-64 Platform:
openSUSE 11.2:
http://download.opensuse.org/update/11.2/rpm/x86_64/kernel-debug-2.6.31.14-…
http://download.opensuse.org/update/11.2/rpm/x86_64/kernel-debug-base-2.6.3…
http://download.opensuse.org/update/11.2/rpm/x86_64/kernel-debug-devel-2.6.…
http://download.opensuse.org/update/11.2/rpm/x86_64/kernel-default-2.6.31.1…
http://download.opensuse.org/update/11.2/rpm/x86_64/kernel-default-base-2.6…
http://download.opensuse.org/update/11.2/rpm/x86_64/kernel-default-devel-2.…
http://download.opensuse.org/update/11.2/rpm/x86_64/kernel-desktop-2.6.31.1…
http://download.opensuse.org/update/11.2/rpm/x86_64/kernel-desktop-base-2.6…
http://download.opensuse.org/update/11.2/rpm/x86_64/kernel-desktop-devel-2.…
http://download.opensuse.org/update/11.2/rpm/x86_64/kernel-syms-2.6.31.14-0…
http://download.opensuse.org/update/11.2/rpm/x86_64/kernel-trace-2.6.31.14-…
http://download.opensuse.org/update/11.2/rpm/x86_64/kernel-trace-base-2.6.3…
http://download.opensuse.org/update/11.2/rpm/x86_64/kernel-trace-devel-2.6.…
http://download.opensuse.org/update/11.2/rpm/x86_64/kernel-vanilla-2.6.31.1…
http://download.opensuse.org/update/11.2/rpm/x86_64/kernel-vanilla-base-2.6…
http://download.opensuse.org/update/11.2/rpm/x86_64/kernel-vanilla-devel-2.…
http://download.opensuse.org/update/11.2/rpm/x86_64/kernel-xen-2.6.31.14-0.…
http://download.opensuse.org/update/11.2/rpm/x86_64/kernel-xen-base-2.6.31.…
http://download.opensuse.org/update/11.2/rpm/x86_64/kernel-xen-devel-2.6.31…
http://download.opensuse.org/update/11.2/rpm/x86_64/preload-kmp-default-1.1…
http://download.opensuse.org/update/11.2/rpm/x86_64/preload-kmp-desktop-1.1…
Sources:
openSUSE 11.2:
http://download.opensuse.org/update/11.2/rpm/src/kernel-debug-2.6.31.14-0.6…
http://download.opensuse.org/update/11.2/rpm/src/kernel-default-2.6.31.14-0…
http://download.opensuse.org/update/11.2/rpm/src/kernel-desktop-2.6.31.14-0…
http://download.opensuse.org/update/11.2/rpm/src/kernel-pae-2.6.31.14-0.6.1…
http://download.opensuse.org/update/11.2/rpm/src/kernel-source-2.6.31.14-0.…
http://download.opensuse.org/update/11.2/rpm/src/kernel-syms-2.6.31.14-0.6.…
http://download.opensuse.org/update/11.2/rpm/src/kernel-trace-2.6.31.14-0.6…
http://download.opensuse.org/update/11.2/rpm/src/kernel-vanilla-2.6.31.14-0…
http://download.opensuse.org/update/11.2/rpm/src/kernel-xen-2.6.31.14-0.6.1…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iQEVAwUBTSHd/3ey5gA9JdPZAQLzKgf/X34whB/W3SfornjtP1Eb90gIA5u35STN
Pq77abB1xU5DkNW71AvcIfkCPnrODjaEO8l07KCA53/NxOhpO3sDirKoKP3Qn6y2
G/4RYqP3zvrHux4GNQITmAqDc4RdQ2rkH8zoazs1BS2BpKEi+pmSzrQ2991jl6bx
X4THh+AxC/H3Y03Jdrk7lSSzd8FsXwct8iYLnoR4htuHk8VEJ2rT1BmvlQApbiUq
N6Ou6gf1ijEIE4f6nI6Jtl5coXnjLSfh7j/onB8CtQf0hMwdCXej+oKO6eL91bMu
MUPc8beqh1w4DQQCQszO3BJLimzPWpD0FHg7ZzVvs+wXcyfVU8xAMQ==
=pDkE
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:2011:001)
by Marcus Meissner 03 Jan '11
by Marcus Meissner 03 Jan '11
03 Jan '11
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: kernel
Announcement ID: SUSE-SA:2011:001
Date: Mon, 03 Jan 2011 15:00:00 +0000
Affected Products: openSUSE 11.3
Vulnerability Type: local privilege escalation, remote denial of service
CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
SUSE Default Package: yes
Cross-References: CVE-2010-0435, CVE-2010-3067, CVE-2010-3432
CVE-2010-3437, CVE-2010-3442, CVE-2010-3861
CVE-2010-3865, CVE-2010-3874, CVE-2010-4072
CVE-2010-4073, CVE-2010-4078, CVE-2010-4080
CVE-2010-4081, CVE-2010-4082, CVE-2010-4083
CVE-2010-4157, CVE-2010-4158, CVE-2010-4162
CVE-2010-4163, CVE-2010-4164, CVE-2010-4165
CVE-2010-4169, CVE-2010-4175, CVE-2010-4258
CVE-2010-4347
Content of This Advisory:
1) Security Vulnerability Resolved:
Linux kernel security update
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The openSUSE 11.3 kernel was updated to fix various bugs and security
issues.
Following security issues have been fixed:
CVE-2010-4347: A local user could inject ACPI code into the kernel
via the world-writable "custom_debug" file, allowing local privilege
escalation.
CVE-2010-4258: A local attacker could use a Oops (kernel crash) caused
by other flaws to write a 0 byte to a attacker controlled address
in the kernel. This could lead to privilege escalation together with
other issues.
CVE-2010-4157: A 32bit vs 64bit integer mismatch in gdth_ioctl_alloc
could lead to memory corruption in the GDTH driver.
CVE-2010-4165: The do_tcp_setsockopt function in net/ipv4/tcp.c
in the Linux kernel did not properly restrict TCP_MAXSEG (aka MSS)
values, which allows local users to cause a denial of service (OOPS)
via a setsockopt call that specifies a small value, leading to a
divide-by-zero error or incorrect use of a signed integer.
CVE-2010-4164: A remote (or local) attacker communicating over X.25
could cause a kernel panic by attempting to negotiate malformed
facilities.
CVE-2010-4175: A local attacker could cause memory overruns in the
RDS protocol stack, potentially crashing the kernel. So far it is
considered not to be exploitable.
CVE-2010-4169: Use-after-free vulnerability in mm/mprotect.c in the
Linux kernel allowed local users to cause a denial of service via
vectors involving an mprotect system call.
CVE-2010-3874: A minor heap overflow in the CAN network module
was fixed. Due to nature of the memory allocator it is likely not
exploitable.
CVE-2010-4158: A memory information leak in Berkeley packet filter
rules allowed local attackers to read uninitialized memory of the
kernel stack.
CVE-2010-4162: A local denial of service in the blockdevice layer
was fixed.
CVE-2010-4163: By submitting certain I/O requests with 0 length,
a local user could have caused a kernel panic.
CVE-2010-0435: The Hypervisor in KVM 83, when the Intel VT-x extension
is enabled, allows guest OS users to cause a denial of service
(NULL pointer dereference and host OS crash) via vectors related to
instruction emulation.
CVE-2010-3861: The ethtool_get_rxnfc function in net/core/ethtool.c
in the Linux kernel did not initialize a certain block of heap memory,
which allowed local users to obtain potentially sensitive information
via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt
value.
CVE-2010-3442: Multiple integer overflows in the snd_ctl_new function
in sound/core/control.c in the Linux kernel allowed local users to
cause a denial of service (heap memory corruption) or possibly have
unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or
(2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.
CVE-2010-3437: A range checking overflow in pktcdvd ioctl was fixed.
CVE-2010-4078: The sisfb_ioctl function in drivers/video/sis/sis_main.c
in the Linux kernel did not properly initialize a certain structure
member, which allowed local users to obtain potentially sensitive
information from kernel stack memory via an FBIOGET_VBLANK ioctl call.
CVE-2010-4080: The snd_hdsp_hwdep_ioctl function in
sound/pci/rme9652/hdsp.c in the Linux kernel did not initialize
a certain structure, which allowed local users to obtain
potentially sensitive information from kernel stack memory via an
SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call.
CVE-2010-4081: The snd_hdspm_hwdep_ioctl function in
sound/pci/rme9652/hdspm.c in the Linux kernel did not initialize
a certain structure, which allowed local users to obtain
potentially sensitive information from kernel stack memory via an
SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call.
CVE-2010-4082: The viafb_ioctl_get_viafb_info function in
drivers/video/via/ioctl.c in the Linux kernel did not properly
initialize a certain structure member, which allowed local users to
obtain potentially sensitive information from kernel stack memory
via a VIAFB_GET_INFO ioctl call.
CVE-2010-4073: The ipc subsystem in the Linux kernel did not
initialize certain structures, which allowed local users to obtain
potentially sensitive information from kernel stack memory via
vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl,
and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4)
compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in
ipc/compat_mq.c.
CVE-2010-4072: The copy_shmid_to_user function in ipc/shm.c in the
Linux kernel did not initialize a certain structure, which allowed
local users to obtain potentially sensitive information from kernel
stack memory via vectors related to the shmctl system call and the
"old shm interface."
CVE-2010-4083: The copy_semid_to_user function in ipc/sem.c in the
Linux kernel did not initialize a certain structure, which allowed
local users to obtain potentially sensitive information from kernel
stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4)
SEM_STAT command in a semctl system call.
CVE-2010-3432: The sctp_packet_config function in net/sctp/output.c
in the Linux kernel performed extraneous initializations of packet
data structures, which allowed remote attackers to cause a denial of
service (panic) via a certain sequence of SCTP traffic.
CVE-2010-3067: Integer overflow in the do_io_submit function in
fs/aio.c in the Linux kernel allowed local users to cause a denial
of service or possibly have unspecified other impact via crafted use
of the io_submit system call.
CVE-2010-3865: A iovec integer overflow in RDS sockets was fixed
which could lead to local attackers gaining kernel privileges.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please reboot the machine after installing the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
"Online Update" module or the "zypper" commandline tool. The package and
patch management stack will detect which updates are required and
automatically perform the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 11.3:
http://download.opensuse.org/update/11.3/rpm/i586/kernel-debug-2.6.34.7-0.7…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-debug-base-2.6.34.…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-debug-devel-2.6.34…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-default-2.6.34.7-0…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-default-base-2.6.3…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-default-devel-2.6.…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-desktop-2.6.34.7-0…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-desktop-base-2.6.3…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-desktop-devel-2.6.…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-ec2-2.6.34.7-0.7.1…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-ec2-base-2.6.34.7-…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-ec2-devel-2.6.34.7…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-ec2-extra-2.6.34.7…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-pae-2.6.34.7-0.7.1…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-pae-base-2.6.34.7-…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-pae-devel-2.6.34.7…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-syms-2.6.34.7-0.7.…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-trace-2.6.34.7-0.7…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-trace-base-2.6.34.…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-trace-devel-2.6.34…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-vanilla-2.6.34.7-0…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-vanilla-base-2.6.3…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-vanilla-devel-2.6.…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-vmi-2.6.34.7-0.7.1…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-vmi-base-2.6.34.7-…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-vmi-devel-2.6.34.7…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-xen-2.6.34.7-0.7.1…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-xen-base-2.6.34.7-…
http://download.opensuse.org/update/11.3/rpm/i586/kernel-xen-devel-2.6.34.7…
http://download.opensuse.org/update/11.3/rpm/i586/preload-kmp-default-1.1_k…
http://download.opensuse.org/update/11.3/rpm/i586/preload-kmp-desktop-1.1_k…
Platform Independent:
openSUSE 11.3:
http://download.opensuse.org/update/11.3/rpm/noarch/kernel-devel-2.6.34.7-0…
http://download.opensuse.org/update/11.3/rpm/noarch/kernel-source-2.6.34.7-…
http://download.opensuse.org/update/11.3/rpm/noarch/kernel-source-vanilla-2…
x86-64 Platform:
openSUSE 11.3:
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-debug-2.6.34.7-0…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-debug-base-2.6.3…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-debug-devel-2.6.…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-default-2.6.34.7…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-default-base-2.6…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-default-devel-2.…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-desktop-2.6.34.7…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-desktop-base-2.6…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-desktop-devel-2.…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-ec2-2.6.34.7-0.7…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-ec2-base-2.6.34.…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-ec2-devel-2.6.34…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-ec2-extra-2.6.34…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-syms-2.6.34.7-0.…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-trace-2.6.34.7-0…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-trace-base-2.6.3…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-trace-devel-2.6.…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-vanilla-2.6.34.7…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-vanilla-base-2.6…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-vanilla-devel-2.…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-xen-2.6.34.7-0.7…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-xen-base-2.6.34.…
http://download.opensuse.org/update/11.3/rpm/x86_64/kernel-xen-devel-2.6.34…
http://download.opensuse.org/update/11.3/rpm/x86_64/preload-kmp-default-1.1…
http://download.opensuse.org/update/11.3/rpm/x86_64/preload-kmp-desktop-1.1…
Sources:
openSUSE 11.3:
http://download.opensuse.org/update/11.3/rpm/src/kernel-debug-2.6.34.7-0.7.…
http://download.opensuse.org/update/11.3/rpm/src/kernel-default-2.6.34.7-0.…
http://download.opensuse.org/update/11.3/rpm/src/kernel-desktop-2.6.34.7-0.…
http://download.opensuse.org/update/11.3/rpm/src/kernel-ec2-2.6.34.7-0.7.1.…
http://download.opensuse.org/update/11.3/rpm/src/kernel-pae-2.6.34.7-0.7.1.…
http://download.opensuse.org/update/11.3/rpm/src/kernel-source-2.6.34.7-0.7…
http://download.opensuse.org/update/11.3/rpm/src/kernel-syms-2.6.34.7-0.7.1…
http://download.opensuse.org/update/11.3/rpm/src/kernel-trace-2.6.34.7-0.7.…
http://download.opensuse.org/update/11.3/rpm/src/kernel-vanilla-2.6.34.7-0.…
http://download.opensuse.org/update/11.3/rpm/src/kernel-vmi-2.6.34.7-0.7.1.…
http://download.opensuse.org/update/11.3/rpm/src/kernel-xen-2.6.34.7-0.7.1.…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iQEVAwUBTSHd93ey5gA9JdPZAQJ3lwf+KTA3cV8oT163osL5yS91E3FKskPUB46J
J5oeZfPjfMuUc9xaKUKNV/rD4hG014suDwHHwZuTIObtGdbtfv5CIFMVyCj3utSp
h419+vSQiiDqOcQ2RHkne4GsSWxPf2larM16LaVtS54au92TJftKH+q2vgszR+b9
ZjgN+6PFP7PYKA5noxenK3kg5F4QdnVWozxGNyCKD4IYzUbA+4hdFJ80WrfmUIkI
18b+3kOLfHkd4CWx9FxJ+eD17R/9ZNPcFvz/zDN5pqslcdQgP/RIeoI2G/+HHZx3
gKqRSfuEzlgOCQccQYDRqYjOLA4c6lzI3mioIOyAl6ROVPaEIzxviA==
=ChuL
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0