openSUSE Security Announce June 2012

security-announce@lists.opensuse.org

1 participants
22 discussions

[security-announce] SUSE-SU-2012:0741-5: important: Security update for bind
by opensuse-security＠opensuse.org 27 Jun '12

27 Jun '12

1 0

[security-announce] SUSE-SU-2012:0789-1: important: Security update for Linux kernel
by opensuse-security＠opensuse.org 26 Jun '12

26 Jun '12

SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0789-1 Rating: important References: #556135 #735909 #743579 #744404 #747404 #754690 #756050 #757315 #758243 #759336 #759545 #759805 #760237 #760806 #761087 #761245 #762991 #762992 #763267 #763307 #763485 #763717 #764091 #764150 #764209 #764500 #764900 #765102 #765253 #765320 #765524 Cross-References: CVE-2012-2119 CVE-2012-2136 CVE-2012-2373 CVE-2012-2375 CVE-2012-2390 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 26 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.34, fixing a lot of bugs and security issues. The update from Linux kernel 3.0.31 to 3.0.34 also fixes various bugs not listed here. The following security issues have been fixed: * CVE-2012-2136: Local attackers could trigger an overflow in sock_alloc_send_pksb(), potentially crashing the machine or escalate privileges. * CVE-2012-2390: A memory leak in transparent hugepages on mmap failure could be used by local attacker to run the machine out of memory (local denial of service). * CVE-2012-2119: A malicious guest driver could overflow the host stack by passing a long descriptor, so potentially crashing the host system or escalating privileges on the host. * CVE-2012-2375: Malicious NFS server could crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute requests, only incompletely fixed by CVE-2011-4131. The following non-security bugs have been fixed: Hyper-V: * storvsc: Properly handle errors from the host (bnc#747404). * HID: hid-hyperv: Do not use hid_parse_report() directly. * HID: hyperv: Set the hid drvdata correctly. * drivers/hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp(). * drivers/hv: util: Properly handle version negotiations. * hv: fix return type of hv_post_message(). * net/hyperv: Add flow control based on hi/low watermark. * usb/net: rndis: break out <1/rndis.h> defines. only net/hyperv part * usb/net: rndis: remove ambigous status codes. only net/hyperv part * usb/net: rndis: merge command codes. only net/hyperv part * net/hyperv: Adding cancellation to ensure rndis filter is closed. * update hv drivers to 3.4-rc1, requires new hv_kvp_daemon: * drivers: hv: kvp: Add/cleanup connector defines. * drivers: hv: kvp: Move the contents of hv_kvp.h to hyperv.h. * net/hyperv: Convert camel cased variables in rndis_filter.c to lower cases. * net/hyperv: Correct the assignment in netvsc_recv_callback(). * net/hyperv: Remove the unnecessary memset in rndis_filter_send(). * drivers: hv: Cleanup the kvp related state in hyperv.h. * tools: hv: Use hyperv.h to get the KVP definitions. * drivers: hv: kvp: Cleanup the kernel/user protocol. * drivers: hv: Increase the number of VCPUs supported in the guest. * net/hyperv: Fix data corruption in rndis_filter_receive(). * net/hyperv: Add support for vlan trunking from guests. * Drivers: hv: Add new message types to enhance KVP. * Drivers: hv: Support the newly introduced KVP messages in the driver. * Tools: hv: Fully support the new KVP verbs in the user level daemon. * Tools: hv: Support enumeration from all the pools. * net/hyperv: Fix the code handling tx busy. * patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant: ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices. Btrfs: * btrfs: more module message prefixes. * vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them * btrfs: flush all the dirty pages if try_to_writeback_inodes_sb_nr() fails * vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them * btrfs: fix locking in btrfs_destroy_delayed_refs * btrfs: wake up transaction waiters when aborting a transaction * btrfs: abort the transaction if the commit fails * btrfs: fix btrfs_destroy_marked_extents * btrfs: unlock everything properly in the error case for nocow * btrfs: fix return code in drop_objectid_items * btrfs: check to see if the inode is in the log before fsyncing * btrfs: pass locked_page into extent_clear_unlock_delalloc if theres an error * btrfs: check the return code of btrfs_save_ino_cache * btrfs: do not update atime for RO snapshots (FATE#306586). * btrfs: convert the inode bit field to use the actual bit operations * btrfs: fix deadlock when the process of delayed refs fails * btrfs: stop defrag the files automatically when doin readonly remount or umount * btrfs: avoid memory leak of extent state in error handling routine * btrfs: make sure that we have made everything in pinned tree clean * btrfs: destroy the items of the delayed inodes in error handling routine * btrfs: ulist realloc bugfix * btrfs: bugfix in btrfs_find_parent_nodes * btrfs: bugfix: ignore the wrong key for indirect tree block backrefs * btrfs: avoid buffer overrun in btrfs_printk * btrfs: fall back to non-inline if we do not have enough space * btrfs: NUL-terminate path buffer in DEV_INFO ioctl result * btrfs: avoid buffer overrun in mount option handling * btrfs: do not do balance in readonly mode * btrfs: fix the same inode id problem when doing auto defragment * btrfs: fix wrong error returned by adding a device * btrfs: use fastpath in extent state ops as much as possible Misc: * tcp: drop SYN+FIN messages (bnc#765102). * mm: avoid swapping out with swappiness==0 (swappiness). * thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE (bnc#762991). * paravirt: Split paravirt MMU ops (bnc#556135, bnc#754690, FATE#306453). * paravirt: Only export pv_mmu_ops symbol if PARAVIRT_MMU * parvirt: Stub support KABI for KVM_MMU (bnc#556135, bnc#754690, FATE#306453). * tmpfs: implement NUMA node interleaving (bnc#764209). * synaptics-hp-clickpad: Fix the detection of LED on the recent HP laptops (bnc#765524) * supported.conf: mark xt_AUDIT as supported (bnc#765253) * mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition (bnc#762991 CVE-2012-2373). * xhci: Do not free endpoints in xhci_mem_cleanup() (bnc#763307). * xhci: Fix invalid loop check in xhci_free_tt_info() (bnc#763307). * drm: Skip too big EDID extensions (bnc#764900). * drm/i915: Add HP EliteBook to LVDS-temporary-disable list (bnc#763717). * hwmon: (fam15h_power) Increase output resolution (bnc#759336). * hwmon: (k10temp) Add support for AMD Trinity CPUs (bnc#759336). * rpm/kernel-binary.spec.in: Own the right -kdump initrd (bnc#764500) * memcg: prevent from OOM with too many dirty pages. * dasd: re-prioritize partition detection message (bnc#764091,LTC#81617). * kernel: pfault task state race (bnc#764091,LTC#81724). * kernel: clear page table for sw large page emulation (bnc#764091,LTC#81933). * USB: fix bug of device descriptor got from superspeed device (bnc#761087). * xfrm: take net hdr len into account for esp payload size calculation (bnc#759545). * st: clean up dev cleanup in st_probe (bnc#760806). * st: clean up device file creation and removal (bnc#760806). * st: get rid of scsi_tapes array (bnc#760806). * st: raise device limit (bnc#760806). * st: Use static class attributes (bnc#760806). * mm: Optimize put_mems_allowed() usage (VM performance). * cifs: fix oops while traversing open file list (try #4) (bnc#756050). * scsi: Fix dm-multipath starvation when scsi host is busy (bnc#763485). * dasd: process all requests in the device tasklet (bnc#763267). * rt2x00:Add RT539b chipset support (bnc#760237). * kabi/severities: Ignore changes in drivers/net/wireless/rt2x00, these are just exports used among the rt2x00 modules. * rt2800: radio 3xxx: reprogram only lower bits of RF_R3 (bnc#759805). * rt2800: radio 3xxx: program RF_R1 during channel switch (bnc#759805). * rt2800: radio 3xxxx: channel switch RX/TX calibration fixes (bnc#759805). * rt2x00: Avoid unnecessary uncached (bnc#759805). * rt2x00: Introduce sta_add/remove callbacks (bnc#759805). * rt2x00: Add WCID to crypto struct (bnc#759805). * rt2x00: Add WCID to HT TX descriptor (bnc#759805). * rt2x00: Move bssidx calculation into its own function (bnc#759805). * rt2x00: Make use of sta_add/remove callbacks in rt2800 (bnc#759805). * rt2x00: Forbid aggregation for STAs not programmed into the hw (bnc#759805). * rt2x00: handle spurious pci interrupts (bnc#759805). * rt2800: disable DMA after firmware load. * rt2800: radio 3xxx: add channel switch calibration routines (bnc#759805). * rpm/kernel-binary.spec.in: Obsolete ath3k, as it is now in the tree. * floppy: remove floppy-specific O_EXCL handling (bnc#757315). * floppy: convert to delayed work and single-thread wq (bnc#761245). Security Issue references: * CVE-2012-2119 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2119 > * CVE-2012-2136 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2136 > * CVE-2012-2373 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2373 > * CVE-2012-2390 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2390 > * CVE-2012-2375 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2375 > Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kernel-6457 slessp2-kernel-6463 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kernel-6453 slessp2-kernel-6457 slessp2-kernel-6458 slessp2-kernel-6463 slessp2-kernel-6467 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-kernel-6453 sleshasp2-kernel-6457 sleshasp2-kernel-6458 sleshasp2-kernel-6463 sleshasp2-kernel-6467 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kernel-6457 sledsp2-kernel-6463 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.34]: kernel-default-3.0.34-0.7.9 kernel-default-base-3.0.34-0.7.9 kernel-default-devel-3.0.34-0.7.9 kernel-source-3.0.34-0.7.9 kernel-syms-3.0.34-0.7.9 kernel-trace-3.0.34-0.7.9 kernel-trace-base-3.0.34-0.7.9 kernel-trace-devel-3.0.34-0.7.9 kernel-xen-devel-3.0.34-0.7.9 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.34]: kernel-pae-3.0.34-0.7.9 kernel-pae-base-3.0.34-0.7.9 kernel-pae-devel-3.0.34-0.7.9 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.34]: kernel-default-3.0.34-0.7.9 kernel-default-base-3.0.34-0.7.9 kernel-default-devel-3.0.34-0.7.9 kernel-source-3.0.34-0.7.9 kernel-syms-3.0.34-0.7.9 kernel-trace-3.0.34-0.7.9 kernel-trace-base-3.0.34-0.7.9 kernel-trace-devel-3.0.34-0.7.9 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.34]: kernel-ec2-3.0.34-0.7.9 kernel-ec2-base-3.0.34-0.7.9 kernel-ec2-devel-3.0.34-0.7.9 kernel-xen-3.0.34-0.7.9 kernel-xen-base-3.0.34-0.7.9 kernel-xen-devel-3.0.34-0.7.9 - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.34]: kernel-default-man-3.0.34-0.7.9 - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.34]: kernel-ppc64-3.0.34-0.7.9 kernel-ppc64-base-3.0.34-0.7.9 kernel-ppc64-devel-3.0.34-0.7.9 - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.34]: kernel-pae-3.0.34-0.7.9 kernel-pae-base-3.0.34-0.7.9 kernel-pae-devel-3.0.34-0.7.9 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.34_0.7-2.10.30 cluster-network-kmp-trace-1.4_3.0.34_0.7-2.10.30 gfs2-kmp-default-2_3.0.34_0.7-0.7.30 gfs2-kmp-trace-2_3.0.34_0.7-0.7.30 ocfs2-kmp-default-1.6_3.0.34_0.7-0.7.30 ocfs2-kmp-trace-1.6_3.0.34_0.7-0.7.30 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.34_0.7-2.10.30 gfs2-kmp-xen-2_3.0.34_0.7-0.7.30 ocfs2-kmp-xen-1.6_3.0.34_0.7-0.7.30 - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.34_0.7-2.10.30 gfs2-kmp-ppc64-2_3.0.34_0.7-0.7.30 ocfs2-kmp-ppc64-1.6_3.0.34_0.7-0.7.30 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586): cluster-network-kmp-pae-1.4_3.0.34_0.7-2.10.30 gfs2-kmp-pae-2_3.0.34_0.7-0.7.30 ocfs2-kmp-pae-1.6_3.0.34_0.7-0.7.30 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.34]: kernel-default-3.0.34-0.7.9 kernel-default-base-3.0.34-0.7.9 kernel-default-devel-3.0.34-0.7.9 kernel-default-extra-3.0.34-0.7.9 kernel-source-3.0.34-0.7.9 kernel-syms-3.0.34-0.7.9 kernel-trace-3.0.34-0.7.9 kernel-trace-base-3.0.34-0.7.9 kernel-trace-devel-3.0.34-0.7.9 kernel-trace-extra-3.0.34-0.7.9 kernel-xen-3.0.34-0.7.9 kernel-xen-base-3.0.34-0.7.9 kernel-xen-devel-3.0.34-0.7.9 kernel-xen-extra-3.0.34-0.7.9 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.34]: kernel-pae-3.0.34-0.7.9 kernel-pae-base-3.0.34-0.7.9 kernel-pae-devel-3.0.34-0.7.9 kernel-pae-extra-3.0.34-0.7.9 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): ext4-writeable-kmp-default-0_3.0.34_0.7-0.14.11 kernel-default-extra-3.0.34-0.7.9 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.34_0.7-0.14.11 kernel-xen-extra-3.0.34-0.7.9 - SLE 11 SERVER Unsupported Extras (ppc64): ext4-writeable-kmp-ppc64-0_3.0.34_0.7-0.14.11 kernel-ppc64-extra-3.0.34-0.7.9 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.34_0.7-0.14.11 kernel-pae-extra-3.0.34-0.7.9 References: http://support.novell.com/security/cve/CVE-2012-2119.html http://support.novell.com/security/cve/CVE-2012-2136.html http://support.novell.com/security/cve/CVE-2012-2373.html http://support.novell.com/security/cve/CVE-2012-2375.html http://support.novell.com/security/cve/CVE-2012-2390.html https://bugzilla.novell.com/556135 https://bugzilla.novell.com/735909 https://bugzilla.novell.com/743579 https://bugzilla.novell.com/744404 https://bugzilla.novell.com/747404 https://bugzilla.novell.com/754690 https://bugzilla.novell.com/756050 https://bugzilla.novell.com/757315 https://bugzilla.novell.com/758243 https://bugzilla.novell.com/759336 https://bugzilla.novell.com/759545 https://bugzilla.novell.com/759805 https://bugzilla.novell.com/760237 https://bugzilla.novell.com/760806 https://bugzilla.novell.com/761087 https://bugzilla.novell.com/761245 https://bugzilla.novell.com/762991 https://bugzilla.novell.com/762992 https://bugzilla.novell.com/763267 https://bugzilla.novell.com/763307 https://bugzilla.novell.com/763485 https://bugzilla.novell.com/763717 https://bugzilla.novell.com/764091 https://bugzilla.novell.com/764150 https://bugzilla.novell.com/764209 https://bugzilla.novell.com/764500 https://bugzilla.novell.com/764900 https://bugzilla.novell.com/765102 https://bugzilla.novell.com/765253 https://bugzilla.novell.com/765320 https://bugzilla.novell.com/765524 http://download.novell.com/patch/finder/?keywords=1a7682fe55225a6d2fb7535ed… http://download.novell.com/patch/finder/?keywords=31fea157a35016e51d4182b32… http://download.novell.com/patch/finder/?keywords=4011009aab039f02db913a7bc… http://download.novell.com/patch/finder/?keywords=5a7bc846608efdf1aca0d4f66… http://download.novell.com/patch/finder/?keywords=643ef9cef491ee6820b78654f… http://download.novell.com/patch/finder/?keywords=681e25e2cce92c21c5a62ccbf… http://download.novell.com/patch/finder/?keywords=8d123a34ca9f20522bea6195c… http://download.novell.com/patch/finder/?keywords=970acd862c76b234643d06e43… http://download.novell.com/patch/finder/?keywords=e33c406efece164f0fd3b33e3… http://download.novell.com/patch/finder/?keywords=f2bfce4b05959a193517d5099… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2012:0782-1: important: Security update for finch, libpurple and pidgin
by opensuse-security＠opensuse.org 22 Jun '12

22 Jun '12

SUSE Security Update: Security update for finch, libpurple and pidgin ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0782-1 Rating: important References: #752275 #760890 #761155 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: Various remote triggerable crashes in pidgin have been fixed: * CVE-2012-1178: In some situations the MSN server sends text that isn't UTF-8 encoded, and Pidgin fails to verify the text's encoding. In some cases this can lead to a crash when attempting to display the text (). * CVE-2012-1178/CVE-2012-2318: Incoming messages with certain characters or character encodings can cause clients to crash. * CVE-2012-2214: A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-finch-6294 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-finch-6294 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-finch-6294 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-finch-6294 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): finch-2.6.6-0.15.1 finch-devel-2.6.6-0.15.1 libpurple-2.6.6-0.15.1 libpurple-devel-2.6.6-0.15.1 libpurple-lang-2.6.6-0.15.1 pidgin-2.6.6-0.15.1 pidgin-devel-2.6.6-0.15.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): finch-2.6.6-0.15.1 finch-devel-2.6.6-0.15.1 libpurple-2.6.6-0.15.1 libpurple-devel-2.6.6-0.15.1 libpurple-lang-2.6.6-0.15.1 pidgin-2.6.6-0.15.1 pidgin-devel-2.6.6-0.15.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): finch-2.6.6-0.15.1 libpurple-2.6.6-0.15.1 libpurple-lang-2.6.6-0.15.1 libpurple-meanwhile-2.6.6-0.15.1 libpurple-tcl-2.6.6-0.15.1 pidgin-2.6.6-0.15.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): finch-2.6.6-0.15.1 libpurple-2.6.6-0.15.1 libpurple-lang-2.6.6-0.15.1 libpurple-meanwhile-2.6.6-0.15.1 libpurple-tcl-2.6.6-0.15.1 pidgin-2.6.6-0.15.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): finch-2.6.6-0.16.1 libpurple-2.6.6-0.16.1 pidgin-2.6.6-0.16.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): finch-2.6.6-0.16.1 finch-devel-2.6.6-0.16.1 libpurple-2.6.6-0.16.1 libpurple-devel-2.6.6-0.16.1 pidgin-2.6.6-0.16.1 pidgin-devel-2.6.6-0.16.1 References: https://bugzilla.novell.com/752275 https://bugzilla.novell.com/760890 https://bugzilla.novell.com/761155 http://download.novell.com/patch/finder/?keywords=1444b130f542f9e056af8af62… http://download.novell.com/patch/finder/?keywords=b0914368d9cc2257e01e528c5… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2012:0765-1: important: Security update for oracle-update
by opensuse-security＠opensuse.org 20 Jun '12

20 Jun '12

SUSE Security Update: Security update for oracle-update ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0765-1 Rating: important References: #736238 #757705 #760074 #760660 #763895 #764049 Cross-References: CVE-2012-1675 Affected Products: SUSE Manager 1.2 for SLE 11 SP1 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This package wraps the Oracle Server update process for the Oracle server included in SUSE Manager. On installation of this package it will pull and install the Oracle updates and patches, integrated so that SUSE Manager is correctly stopped, the databases converted and restarted. It contains a security helper script that may adjust the Oracle server listening on all network interfaces to just listen on localhost (CVE-2012-1675). To switch to a configuration that will restrict the listener to localhost only run the following command as root: spacewalk-service stop /opt/apps/db-update/smdba-netswitch localhost spacewalk-service start In case you want to revert to the previous configuration, just run: spacewalk-service stop /opt/apps/db-update/smdba-netswitch worldwide spacewalk-service start Security Issue references: * CVE-2012-1675 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1675 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.2 for SLE 11 SP1: zypper in -t patch sleman12sp1-oracle-update-6368 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.2 for SLE 11 SP1 (x86_64): oracle-update-0.1-0.5.8.1 References: http://support.novell.com/security/cve/CVE-2012-1675.html https://bugzilla.novell.com/736238 https://bugzilla.novell.com/757705 https://bugzilla.novell.com/760074 https://bugzilla.novell.com/760660 https://bugzilla.novell.com/763895 https://bugzilla.novell.com/764049 http://download.novell.com/patch/finder/?keywords=a0b8b5031c3d0c502432381a5… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2012:0762-1: critical: Security update for java-1_6_0-openjdk
by opensuse-security＠opensuse.org 19 Jun '12

19 Jun '12

SUSE Security Update: Security update for java-1_6_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0762-1 Rating: critical References: #766802 Cross-References: CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: java-1_6_0-openjdk was updated to the IcedTea 1.11.3 release, fixing multiple security issues: * S7079902, CVE-2012-1711: Refine CORBA data models * S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. * S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement * S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations * S7143851, CVE-2012-1719: Improve IIOP stub and tie generation in RMIC * S7143872, CVE-2012-1718: Improve certificate extension processing * S7152811, CVE-2012-1723: Issues in client compiler * S7157609, CVE-2012-1724: Issues with loop * S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile Security Issue references: * CVE-2012-1725 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1725 > * CVE-2012-1723 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1723 > * CVE-2012-1713 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1713 > * CVE-2012-1716 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1716 > * CVE-2012-1711 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1711 > * CVE-2012-1724 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1724 > * CVE-2012-1719 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1719 > * CVE-2012-1717 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1717 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-java-1_6_0-openjdk-6437 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-java-1_6_0-openjdk-6437 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b24.1.11.3-0.3.1 java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.3-0.3.1 java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.3-0.3.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b24.1.11.3-0.3.1 java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.3-0.3.1 java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.3-0.3.1 References: http://support.novell.com/security/cve/CVE-2012-1711.html http://support.novell.com/security/cve/CVE-2012-1713.html http://support.novell.com/security/cve/CVE-2012-1716.html http://support.novell.com/security/cve/CVE-2012-1717.html http://support.novell.com/security/cve/CVE-2012-1719.html http://support.novell.com/security/cve/CVE-2012-1723.html http://support.novell.com/security/cve/CVE-2012-1724.html http://support.novell.com/security/cve/CVE-2012-1725.html https://bugzilla.novell.com/766802 http://download.novell.com/patch/finder/?keywords=238a3f3249e53037791e1d822… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2012:0760-1: important: MozillaFirefox, MozillaThunderbird, mozilla-nss, seamonkey, xulrunner: June
by opensuse-security＠opensuse.org 19 Jun '12

19 Jun '12

openSUSE Security Update: MozillaFirefox, MozillaThunderbird, mozilla-nss, seamonkey, xulrunner: June ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0760-1 Rating: important References: #765204 Cross-References: CVE-2011-3101 CVE-2012-0441 CVE-2012-1937 CVE-2012-1938 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: Changes in MozillaFirefox: - update to Firefox 13.0 (bnc#765204) * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - require NSS 3.13.4 * MFSA 2012-39/CVE-2012-0441 (bmo#715073) - fix sound notifications when filename/path contains a whitespace (bmo#749739) - fix build on arm - reenabled crashreporter for Factory/12.2 (fix in mozilla-gcc47.patch) Changes in MozillaThunderbird: - update to Thunderbird 13.0 (bnc#765204) * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - require NSS 3.13.4 * MFSA 2012-39/CVE-2012-0441 (bmo#715073) - fix build with system NSPR (mozilla-system-nspr.patch) - add dependentlibs.list for improved XRE startup - update enigmail to 1.4.2 - reenabled crashreporter for Factory/12.2 (fix in mozilla-gcc47.patch) - update to Thunderbird 12.0.1 * fix regressions - POP3 filters (bmo#748090) - Message Body not loaded when using "Fetch Headers Only" (bmo#748865) - Received messages contain parts of other messages with movemail account (bmo#748726) - New mail notification issue (bmo#748997) - crash in nsMsgDatabase::MatchDbName (bmo#748432) - fixed build with gcc 4.7 Changes in seamonkey: - update to Seamonkey 2.10 (bnc#765204) * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - requires NSS 3.13.4 * MFSA 2012-39/CVE-2012-0441 (bmo#715073) - update to Seamonkey 2.9.1 * fix regressions - POP3 filters (bmo#748090) - Message Body not loaded when using "Fetch Headers Only" (bmo#748865) - Received messages contain parts of other messages with movemail account (bmo#748726) - New mail notification issue (bmo#748997) - crash in nsMsgDatabase::MatchDbName (bmo#748432) - fixed build with gcc 4.7 Changes in mozilla-nss: - update to 3.13.5 RTM - update to 3.13.4 RTM * fixed some bugs * fixed cert verification regression in PKIX mode (bmo#737802) introduced in 3.13.2 Changes in xulrunner: - update to 13.0 (bnc#765204) * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - require NSS 3.13.4 * MFSA 2012-39/CVE-2012-0441 (bmo#715073) - reenabled crashreporter for Factory/12.2 (fixed in mozilla-gcc47.patch) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-333 - openSUSE 11.4: zypper in -t patch openSUSE-2012-333 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 ia64 x86_64): mozilla-nss-debugsource-3.13.5-9.16.1 xulrunner-debugsource-13.0-2.29.2 - openSUSE 12.1 (i586 x86_64): MozillaFirefox-13.0-2.30.1 MozillaFirefox-branding-upstream-13.0-2.30.1 MozillaFirefox-buildsymbols-13.0-2.30.1 MozillaFirefox-debuginfo-13.0-2.30.1 MozillaFirefox-debugsource-13.0-2.30.1 MozillaFirefox-devel-13.0-2.30.1 MozillaFirefox-translations-common-13.0-2.30.1 MozillaFirefox-translations-other-13.0-2.30.1 MozillaThunderbird-13.0-33.23.2 MozillaThunderbird-buildsymbols-13.0-33.23.2 MozillaThunderbird-debuginfo-13.0-33.23.2 MozillaThunderbird-debugsource-13.0-33.23.2 MozillaThunderbird-devel-13.0-33.23.2 MozillaThunderbird-translations-common-13.0-33.23.2 MozillaThunderbird-translations-other-13.0-33.23.2 chmsee-1.99.08-2.18.3 chmsee-debuginfo-1.99.08-2.18.3 chmsee-debugsource-1.99.08-2.18.3 enigmail-1.4.2+13.0-33.23.2 enigmail-debuginfo-1.4.2+13.0-33.23.2 libfreebl3-3.13.5-9.16.1 libfreebl3-debuginfo-3.13.5-9.16.1 libsoftokn3-3.13.5-9.16.1 libsoftokn3-debuginfo-3.13.5-9.16.1 mozilla-js-13.0-2.29.2 mozilla-js-debuginfo-13.0-2.29.2 mozilla-nss-3.13.5-9.16.1 mozilla-nss-certs-3.13.5-9.16.1 mozilla-nss-certs-debuginfo-3.13.5-9.16.1 mozilla-nss-debuginfo-3.13.5-9.16.1 mozilla-nss-devel-3.13.5-9.16.1 mozilla-nss-sysinit-3.13.5-9.16.1 mozilla-nss-sysinit-debuginfo-3.13.5-9.16.1 mozilla-nss-tools-3.13.5-9.16.1 mozilla-nss-tools-debuginfo-3.13.5-9.16.1 seamonkey-2.10-2.21.2 seamonkey-debuginfo-2.10-2.21.2 seamonkey-debugsource-2.10-2.21.2 seamonkey-dom-inspector-2.10-2.21.2 seamonkey-irc-2.10-2.21.2 seamonkey-translations-common-2.10-2.21.2 seamonkey-translations-other-2.10-2.21.2 seamonkey-venkman-2.10-2.21.2 xulrunner-13.0-2.29.2 xulrunner-buildsymbols-13.0-2.29.2 xulrunner-debuginfo-13.0-2.29.2 xulrunner-devel-13.0-2.29.2 xulrunner-devel-debuginfo-13.0-2.29.2 - openSUSE 12.1 (x86_64): libfreebl3-32bit-3.13.5-9.16.1 libfreebl3-debuginfo-32bit-3.13.5-9.16.1 libsoftokn3-32bit-3.13.5-9.16.1 libsoftokn3-debuginfo-32bit-3.13.5-9.16.1 mozilla-js-32bit-13.0-2.29.2 mozilla-js-debuginfo-32bit-13.0-2.29.2 mozilla-nss-32bit-3.13.5-9.16.1 mozilla-nss-certs-32bit-3.13.5-9.16.1 mozilla-nss-certs-debuginfo-32bit-3.13.5-9.16.1 mozilla-nss-debuginfo-32bit-3.13.5-9.16.1 mozilla-nss-sysinit-32bit-3.13.5-9.16.1 mozilla-nss-sysinit-debuginfo-32bit-3.13.5-9.16.1 xulrunner-32bit-13.0-2.29.2 xulrunner-debuginfo-32bit-13.0-2.29.2 - openSUSE 12.1 (ia64): libfreebl3-debuginfo-x86-3.13.5-9.16.1 libfreebl3-debuginfo-x86-debuginfo-3.13.5-9.16.1 libfreebl3-x86-3.13.5-9.16.1 libsoftokn3-debuginfo-x86-3.13.5-9.16.1 libsoftokn3-debuginfo-x86-debuginfo-3.13.5-9.16.1 libsoftokn3-x86-3.13.5-9.16.1 mozilla-js-debuginfo-x86-13.0-2.29.2 mozilla-js-debuginfo-x86-debuginfo-13.0-2.29.2 mozilla-js-x86-13.0-2.29.2 mozilla-nss-certs-debuginfo-x86-3.13.5-9.16.1 mozilla-nss-certs-debuginfo-x86-debuginfo-3.13.5-9.16.1 mozilla-nss-certs-x86-3.13.5-9.16.1 mozilla-nss-debuginfo-x86-3.13.5-9.16.1 mozilla-nss-debuginfo-x86-debuginfo-3.13.5-9.16.1 mozilla-nss-sysinit-debuginfo-x86-3.13.5-9.16.1 mozilla-nss-sysinit-debuginfo-x86-debuginfo-3.13.5-9.16.1 mozilla-nss-sysinit-x86-3.13.5-9.16.1 mozilla-nss-x86-3.13.5-9.16.1 xulrunner-debuginfo-x86-13.0-2.29.2 xulrunner-debuginfo-x86-debuginfo-13.0-2.29.2 xulrunner-x86-13.0-2.29.2 - openSUSE 11.4 (i586 ia64 x86_64): mozilla-nss-debugsource-3.13.5-44.1 - openSUSE 11.4 (i586 x86_64): MozillaFirefox-13.0-25.2 MozillaFirefox-branding-upstream-13.0-25.2 MozillaFirefox-buildsymbols-13.0-25.2 MozillaFirefox-debuginfo-13.0-25.2 MozillaFirefox-debugsource-13.0-25.2 MozillaFirefox-devel-13.0-25.2 MozillaFirefox-translations-common-13.0-25.2 MozillaFirefox-translations-other-13.0-25.2 MozillaThunderbird-13.0-21.2 MozillaThunderbird-buildsymbols-13.0-21.2 MozillaThunderbird-debuginfo-13.0-21.2 MozillaThunderbird-debugsource-13.0-21.2 MozillaThunderbird-devel-13.0-21.2 MozillaThunderbird-translations-common-13.0-21.2 MozillaThunderbird-translations-other-13.0-21.2 enigmail-1.4.2+13.0-21.2 enigmail-debuginfo-1.4.2+13.0-21.2 libfreebl3-3.13.5-44.1 libfreebl3-debuginfo-3.13.5-44.1 libsoftokn3-3.13.5-44.1 libsoftokn3-debuginfo-3.13.5-44.1 mozilla-nss-3.13.5-44.1 mozilla-nss-certs-3.13.5-44.1 mozilla-nss-certs-debuginfo-3.13.5-44.1 mozilla-nss-debuginfo-3.13.5-44.1 mozilla-nss-devel-3.13.5-44.1 mozilla-nss-sysinit-3.13.5-44.1 mozilla-nss-sysinit-debuginfo-3.13.5-44.1 mozilla-nss-tools-3.13.5-44.1 mozilla-nss-tools-debuginfo-3.13.5-44.1 seamonkey-2.10-21.2 seamonkey-debuginfo-2.10-21.2 seamonkey-debugsource-2.10-21.2 seamonkey-dom-inspector-2.10-21.2 seamonkey-irc-2.10-21.2 seamonkey-translations-common-2.10-21.2 seamonkey-translations-other-2.10-21.2 seamonkey-venkman-2.10-21.2 - openSUSE 11.4 (x86_64): libfreebl3-32bit-3.13.5-44.1 libfreebl3-debuginfo-32bit-3.13.5-44.1 libsoftokn3-32bit-3.13.5-44.1 libsoftokn3-debuginfo-32bit-3.13.5-44.1 mozilla-nss-32bit-3.13.5-44.1 mozilla-nss-certs-32bit-3.13.5-44.1 mozilla-nss-certs-debuginfo-32bit-3.13.5-44.1 mozilla-nss-debuginfo-32bit-3.13.5-44.1 mozilla-nss-sysinit-32bit-3.13.5-44.1 mozilla-nss-sysinit-debuginfo-32bit-3.13.5-44.1 - openSUSE 11.4 (ia64): libfreebl3-debuginfo-x86-3.13.5-44.1 libfreebl3-debuginfo-x86-debuginfo-3.13.5-44.1 libfreebl3-x86-3.13.5-44.1 libsoftokn3-debuginfo-x86-3.13.5-44.1 libsoftokn3-debuginfo-x86-debuginfo-3.13.5-44.1 libsoftokn3-x86-3.13.5-44.1 mozilla-nss-certs-debuginfo-x86-3.13.5-44.1 mozilla-nss-certs-debuginfo-x86-debuginfo-3.13.5-44.1 mozilla-nss-certs-x86-3.13.5-44.1 mozilla-nss-debuginfo-x86-3.13.5-44.1 mozilla-nss-debuginfo-x86-debuginfo-3.13.5-44.1 mozilla-nss-sysinit-debuginfo-x86-3.13.5-44.1 mozilla-nss-sysinit-debuginfo-x86-debuginfo-3.13.5-44.1 mozilla-nss-sysinit-x86-3.13.5-44.1 mozilla-nss-x86-3.13.5-44.1 References: http://support.novell.com/security/cve/CVE-2011-3101.html http://support.novell.com/security/cve/CVE-2012-0441.html http://support.novell.com/security/cve/CVE-2012-1937.html http://support.novell.com/security/cve/CVE-2012-1938.html http://support.novell.com/security/cve/CVE-2012-1940.html http://support.novell.com/security/cve/CVE-2012-1941.html http://support.novell.com/security/cve/CVE-2012-1944.html http://support.novell.com/security/cve/CVE-2012-1945.html http://support.novell.com/security/cve/CVE-2012-1946.html http://support.novell.com/security/cve/CVE-2012-1947.html https://bugzilla.novell.com/765204 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2012:0741-4: important: Security update for bind
by opensuse-security＠opensuse.org 18 Jun '12

18 Jun '12

1 0

[security-announce] SUSE-SU-2012:0741-3: important: Security update for bind
by opensuse-security＠opensuse.org 16 Jun '12

16 Jun '12

SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0741-3 Rating: important References: #765315 Cross-References: CVE-2012-1667 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: The following issue has been fixed: * Records with zero length rdata field could have crashed named or disclosed portions of memory to clients (CVE-2012-1667). Security Issue references: * CVE-2012-1667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667 > Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 9.6ESVR7P1]: bind-9.6ESVR7P1-0.10.1 bind-chrootenv-9.6ESVR7P1-0.10.1 bind-devel-9.6ESVR7P1-0.10.1 bind-doc-9.6ESVR7P1-0.10.1 bind-libs-9.6ESVR7P1-0.10.1 bind-utils-9.6ESVR7P1-0.10.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 9.6ESVR7P1]: bind-libs-32bit-9.6ESVR7P1-0.10.1 - SUSE Linux Enterprise Server 10 SP4 (ia64) [New Version: 9.6ESVR7P1]: bind-libs-x86-9.6ESVR7P1-0.10.1 - SUSE Linux Enterprise Server 10 SP4 (ppc) [New Version: 9.6ESVR7P1]: bind-devel-64bit-9.6ESVR7P1-0.10.1 bind-libs-64bit-9.6ESVR7P1-0.10.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 9.6ESVR7P1]: bind-libs-9.6ESVR7P1-0.10.1 bind-utils-9.6ESVR7P1-0.10.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 9.6ESVR7P1]: bind-libs-32bit-9.6ESVR7P1-0.10.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 9.6ESVR7P1]: bind-9.6ESVR7P1-0.10.1 bind-chrootenv-9.6ESVR7P1-0.10.1 bind-devel-9.6ESVR7P1-0.10.1 bind-doc-9.6ESVR7P1-0.10.1 - SLE SDK 10 SP4 (ppc) [New Version: 9.6ESVR7P1]: bind-devel-64bit-9.6ESVR7P1-0.10.1 References: http://support.novell.com/security/cve/CVE-2012-1667.html https://bugzilla.novell.com/765315 http://download.novell.com/patch/finder/?keywords=4328ed71a96bc49951a61a9a0… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2012:0746-1: important: Security update for Mozilla Firefox
by opensuse-security＠opensuse.org 15 Jun '12

15 Jun '12

SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0746-1 Rating: important References: #765204 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes three new package versions. Description: MozillaFirefox has been updated to 10.0.5ESR fixing various bugs and security issues. * MFSA 2012-34 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy reported memory safety problems and crashes that affect Firefox 12.(CVE-2012-1938) Christian Holler reported a memory safety problem that affects Firefox ESR. (CVE-2012-1939) Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman reported memory safety problems and crashes that affect Firefox ESR and Firefox 13. (CVE-2012-1937) Ken Russell of Google reported a bug in NVIDIA graphics drivers that they needed to work around in the Chromium WebGL implementation. Mozilla has done the same in Firefox 13 and ESR 10.0.5. (CVE-2011-3101) * MFSA 2012-35 Security researcher James Forshaw of Context Information Security found two issues with the Mozilla updater and the Mozilla updater service introduced in Firefox 12 for Windows. The first issue allows Mozilla's updater to load a local DLL file in a privileged context. The updater can be called by the Updater Service or independently on systems that do not use the service. The second of these issues allows for the updater service to load an arbitrary local DLL file, which can then be run with the same system privileges used by the service. Both of these issues require local file system access to be exploitable. Possible Arbitrary Code Execution by Update Service (CVE-2012-1942) Updater.exe loads wsock32.dll from application directory (CVE-2012-1943) * MFSA 2012-36 Security researcher Adam Barth found that inline event handlers, such as onclick, were no longer blocked by Content Security Policy's (CSP) inline-script blocking feature. Web applications relying on this feature of CSP to protect against cross-site scripting (XSS) were not fully protected. (CVE-2012-1944) * MFSA 2012-37 Security researcher Paul Stone reported an attack where an HTML page hosted on a Windows share and then loaded could then load Windows shortcut files (.lnk) in the same share. These shortcut files could then link to arbitrary locations on the local file system of the individual loading the HTML page. That page could show the contents of these linked files or directories from the local file system in an iframe, causing information disclosure. This issue could potentially affect Linux machines with samba shares enabled. (CVE-2012-1945) * MFSA 2012-38 Security researcher Arthur Gerkis used the Address Sanitizer tool to find a use-after-free while replacing/inserting a node in a document. This use-after-free could possibly allow for remote code execution. (CVE-2012-1946) * MFSA 2012-39 Security researcher Kaspar Brand found a flaw in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. Effects of this issue depend on the field. One known symptom is an unexploitable crash in handling OCSP responses. NSS also mishandles zero-length basic constraints, assuming default values for some types that should be rejected as malformed. These issues have been addressed in NSS 3.13.4, which is now being used by Mozilla. (CVE-2012-0441) * MFSA 2012-40 Security researcher Abhishek Arya of Google used the Address Sanitizer tool to uncover several issues: two heap buffer overflow bugs and a use-after-free problem. The first heap buffer overflow was found in conversion from unicode to native character sets when the function fails. The use-after-free occurs in nsFrameList when working with column layout with absolute positioning in a container that changes size. The second buffer overflow occurs in nsHTMLReflowState when a window is resized on a page with nested columns and a combination of absolute and relative positioning. All three of these issues are potentially exploitable. Heap-buffer-overflow in utf16_to_isolatin1 (CVE-2012-1947) Heap-use-after-free in nsFrameList::FirstChild (CVE-2012-1940) Heap-buffer-overflow in nsHTMLReflowState::CalculateHypotheticalBox, with nested multi-column, relative position, and absolute position (CVE-2012-1941) More information on security issues can be found on: http://www.mozilla.org/security/announce/ <http://www.mozilla.org/security/announce/> Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-MozillaFirefox-6425 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-MozillaFirefox-6425 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-MozillaFirefox-6425 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-MozillaFirefox-6425 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-MozillaFirefox-6425 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-MozillaFirefox-6425 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-MozillaFirefox-6425 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.13.5 and 4.9.1]: mozilla-nspr-devel-4.9.1-0.5.1 mozilla-nss-devel-3.13.5-0.4.2 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.13.5 and 4.9.1]: mozilla-nspr-devel-4.9.1-0.5.1 mozilla-nss-devel-3.13.5-0.4.2 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.5,3.13.5 and 4.9.1]: MozillaFirefox-10.0.5-0.3.6 MozillaFirefox-translations-10.0.5-0.3.6 libfreebl3-3.13.5-0.4.2 mozilla-nspr-4.9.1-0.5.1 mozilla-nss-3.13.5-0.4.2 mozilla-nss-tools-3.13.5-0.4.2 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 3.13.5 and 4.9.1]: libfreebl3-32bit-3.13.5-0.4.2 mozilla-nspr-32bit-4.9.1-0.5.1 mozilla-nss-32bit-3.13.5-0.4.2 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 3.13.5 and 4.9.1]: libfreebl3-x86-3.13.5-0.4.2 mozilla-nspr-x86-4.9.1-0.5.1 mozilla-nss-x86-3.13.5-0.4.2 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 10.0.5,3.13.5 and 4.9.1]: MozillaFirefox-10.0.5-0.3.6 MozillaFirefox-translations-10.0.5-0.3.6 libfreebl3-3.13.5-0.4.2 mozilla-nspr-4.9.1-0.5.1 mozilla-nss-3.13.5-0.4.2 mozilla-nss-tools-3.13.5-0.4.2 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version: 3.13.5 and 4.9.1]: libfreebl3-32bit-3.13.5-0.4.2 mozilla-nspr-32bit-4.9.1-0.5.1 mozilla-nss-32bit-3.13.5-0.4.2 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.5,3.13.5 and 4.9.1]: MozillaFirefox-10.0.5-0.3.6 MozillaFirefox-translations-10.0.5-0.3.6 libfreebl3-3.13.5-0.4.2 mozilla-nspr-4.9.1-0.5.1 mozilla-nss-3.13.5-0.4.2 mozilla-nss-tools-3.13.5-0.4.2 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64) [New Version: 3.13.5 and 4.9.1]: libfreebl3-32bit-3.13.5-0.4.2 mozilla-nspr-32bit-4.9.1-0.5.1 mozilla-nss-32bit-3.13.5-0.4.2 - SUSE Linux Enterprise Server 11 SP1 (ia64) [New Version: 3.13.5 and 4.9.1]: libfreebl3-x86-3.13.5-0.4.2 mozilla-nspr-x86-4.9.1-0.5.1 mozilla-nss-x86-3.13.5-0.4.2 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.13.5 and 4.9.1]: mozilla-nspr-4.9.1-0.8.1 mozilla-nspr-devel-4.9.1-0.8.1 mozilla-nss-3.13.5-0.7.2 mozilla-nss-devel-3.13.5-0.7.2 mozilla-nss-tools-3.13.5-0.7.2 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x): MozillaFirefox-10.0.5-0.8.4 MozillaFirefox-translations-10.0.5-0.8.4 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 3.13.5 and 4.9.1]: mozilla-nspr-32bit-4.9.1-0.8.1 mozilla-nss-32bit-3.13.5-0.7.2 - SUSE Linux Enterprise Server 10 SP4 (ia64) [New Version: 3.13.5 and 4.9.1]: mozilla-nspr-x86-4.9.1-0.8.1 mozilla-nss-x86-3.13.5-0.7.2 - SUSE Linux Enterprise Server 10 SP4 (ppc) [New Version: 3.13.5 and 4.9.1]: mozilla-nspr-64bit-4.9.1-0.8.1 mozilla-nss-64bit-3.13.5-0.7.2 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 10.0.5,3.13.5 and 4.9.1]: MozillaFirefox-10.0.5-0.3.6 MozillaFirefox-translations-10.0.5-0.3.6 libfreebl3-3.13.5-0.4.2 mozilla-nspr-4.9.1-0.5.1 mozilla-nss-3.13.5-0.4.2 mozilla-nss-tools-3.13.5-0.4.2 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 3.13.5 and 4.9.1]: libfreebl3-32bit-3.13.5-0.4.2 mozilla-nspr-32bit-4.9.1-0.5.1 mozilla-nss-32bit-3.13.5-0.4.2 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 10.0.5,3.13.5 and 4.9.1]: MozillaFirefox-10.0.5-0.3.6 MozillaFirefox-translations-10.0.5-0.3.6 libfreebl3-3.13.5-0.4.2 mozilla-nspr-4.9.1-0.5.1 mozilla-nss-3.13.5-0.4.2 mozilla-nss-tools-3.13.5-0.4.2 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 3.13.5 and 4.9.1]: libfreebl3-32bit-3.13.5-0.4.2 mozilla-nspr-32bit-4.9.1-0.5.1 mozilla-nss-32bit-3.13.5-0.4.2 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 3.13.5 and 4.9.1]: mozilla-nspr-4.9.1-0.8.1 mozilla-nspr-devel-4.9.1-0.8.1 mozilla-nss-3.13.5-0.7.2 mozilla-nss-devel-3.13.5-0.7.2 mozilla-nss-tools-3.13.5-0.7.2 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 3.13.5 and 4.9.1]: mozilla-nspr-32bit-4.9.1-0.8.1 mozilla-nss-32bit-3.13.5-0.7.2 - SUSE Linux Enterprise Desktop 10 SP4 (i586): MozillaFirefox-10.0.5-0.8.4 MozillaFirefox-translations-10.0.5-0.8.4 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.13.5]: mozilla-nss-tools-3.13.5-0.7.2 - SLE SDK 10 SP4 (i586 ia64 ppc s390x): MozillaFirefox-branding-upstream-10.0.5-0.8.4 References: https://bugzilla.novell.com/765204 http://download.novell.com/patch/finder/?keywords=07d017248ab36079da2d7b88d… http://download.novell.com/patch/finder/?keywords=17a6ba181710949a9ded0279e… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2012:0741-2: important: Security update for bind
by opensuse-security＠opensuse.org 15 Jun '12

15 Jun '12

SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0741-2 Rating: important References: #765315 Cross-References: CVE-2012-1667 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: The following issue has been fixed: * Records with zero length rdata field could have crashed named or disclose portions of memory to clients (CVE-2012-1667). Security Issue reference: * CVE-2012-1667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-bind-6382 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-bind-6382 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-bind-6382 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-bind-6382 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.6ESVR7P1]: bind-devel-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64) [New Version: 9.6ESVR7P1]: bind-devel-32bit-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 9.6ESVR7P1]: bind-9.6ESVR7P1-0.5.1 bind-chrootenv-9.6ESVR7P1-0.5.1 bind-doc-9.6ESVR7P1-0.5.1 bind-libs-9.6ESVR7P1-0.5.1 bind-utils-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 9.6ESVR7P1]: bind-libs-32bit-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.6ESVR7P1]: bind-9.6ESVR7P1-0.5.1 bind-chrootenv-9.6ESVR7P1-0.5.1 bind-doc-9.6ESVR7P1-0.5.1 bind-libs-9.6ESVR7P1-0.5.1 bind-utils-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 9.6ESVR7P1]: bind-libs-32bit-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 9.6ESVR7P1]: bind-libs-x86-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 9.6ESVR7P1]: bind-libs-9.6ESVR7P1-0.5.1 bind-utils-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 9.6ESVR7P1]: bind-libs-32bit-9.6ESVR7P1-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-1667.html https://bugzilla.novell.com/765315 http://download.novell.com/patch/finder/?keywords=6c613f6b4f6b9ab1c13907a84… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

openSUSE Security Announce June 2012