openSUSE Security Announce January 2012

security-announce@lists.opensuse.org

2 participants
28 discussions

[security-announce] SUSE-SU-2012:0122-1: important: Security update for IBM Java 1.4.2

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for IBM Java 1.4.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0122-1 Rating: important References: #739256 Cross-References: CVE-2011-3389 CVE-2011-3545 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3552 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Java 10 SP4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: IBM Java 1.4.2 SR13 FP11 has been released and contains various security fixes. http://www.ibm.com/developerworks/java/jdk/alerts/ http://www.mozilla.org/en-US/firefox/10.0/releasenotes/ <http://www.mozilla.org/en-US/firefox/10.0/releasenotes/> (CVEs fixed: CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3552 CVE-2011-3545 CVE-2011-3556 CVE-2011-3557 CVE-2011-3389 CVE-2011-3560 ) Security Issues: * CVE-2011-3389 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389 > * CVE-2011-3545 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3545 > * CVE-2011-3547 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3547 > * CVE-2011-3548 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3548 > * CVE-2011-3549 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3549 > * CVE-2011-3552 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3552 > * CVE-2011-3556 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3556 > * CVE-2011-3557 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3557 > * CVE-2011-3560 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3560 > Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.11-0.10.1 java-1_4_2-ibm-devel-1.4.2_sr13.11-0.10.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc): java-1_4_2-ibm-jdbc-1.4.2_sr13.11-0.10.1 - SUSE Linux Enterprise Server 10 SP4 (i586): java-1_4_2-ibm-plugin-1.4.2_sr13.11-0.10.1 - SUSE Linux Enterprise Java 10 SP4 (i586 ia64 ppc s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.11-0.10.1 java-1_4_2-ibm-devel-1.4.2_sr13.11-0.10.1 - SUSE Linux Enterprise Java 10 SP4 (i586 ppc): java-1_4_2-ibm-jdbc-1.4.2_sr13.11-0.10.1 - SUSE Linux Enterprise Java 10 SP4 (i586): java-1_4_2-ibm-plugin-1.4.2_sr13.11-0.10.1 References: http://support.novell.com/security/cve/CVE-2011-3389.html http://support.novell.com/security/cve/CVE-2011-3545.html http://support.novell.com/security/cve/CVE-2011-3547.html http://support.novell.com/security/cve/CVE-2011-3548.html http://support.novell.com/security/cve/CVE-2011-3549.html http://support.novell.com/security/cve/CVE-2011-3552.html http://support.novell.com/security/cve/CVE-2011-3556.html http://support.novell.com/security/cve/CVE-2011-3557.html http://support.novell.com/security/cve/CVE-2011-3560.html https://bugzilla.novell.com/739256 http://download.novell.com/patch/finder/?keywords=051986200790170b4eac52e27… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

9 years, 3 months

[security-announce] SUSE-SU-2012:0117-1: important: Security update for libxml2

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0117-1 Rating: important References: #739894 Cross-References: CVE-2011-3919 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A heap-based buffer overflow during decoding of entity references with overly long names has been fixed. CVE-2011-3919 has been assigned. Security Issue reference: * CVE-2011-3919 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3919 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-libxml2-5654 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-libxml2-5654 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-libxml2-5654 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-libxml2-5654 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.13.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.13.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): libxml2-2.7.6-0.13.1 libxml2-doc-2.7.6-0.13.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): libxml2-32bit-2.7.6-0.13.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.13.1 libxml2-doc-2.7.6-0.13.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.13.1 - SUSE Linux Enterprise Server 11 SP1 (ia64): libxml2-x86-2.7.6-0.13.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): libxml2-2.6.23-15.27.1 libxml2-devel-2.6.23-15.27.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): libxml2-32bit-2.6.23-15.27.1 libxml2-devel-32bit-2.6.23-15.27.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): libxml2-x86-2.6.23-15.27.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): libxml2-64bit-2.6.23-15.27.1 libxml2-devel-64bit-2.6.23-15.27.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): libxml2-2.7.6-0.13.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): libxml2-32bit-2.7.6-0.13.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): libxml2-2.6.23-15.27.1 libxml2-devel-2.6.23-15.27.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): libxml2-32bit-2.6.23-15.27.1 libxml2-devel-32bit-2.6.23-15.27.1 References: http://support.novell.com/security/cve/CVE-2011-3919.html https://bugzilla.novell.com/739894 http://download.novell.com/patch/finder/?keywords=2a9a16773f62000d9967a5742… http://download.novell.com/patch/finder/?keywords=bdfcc7d229d9bdc2471a30fac… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

9 years, 3 months

[security-announce] SUSE-SU-2012:0114-1: important: Security update for IBM Java

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for IBM Java ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0114-1 Rating: important References: #739248 Cross-References: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560 CVE-2011-3561 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Java 10 SP4 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. Description: IBM Java 1.6.0 SR10 has been released fixing the following CVE's: * CVE-2011-3389 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389 > * CVE-2011-3516 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3516 > * CVE-2011-3521 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3521 > * CVE-2011-3544 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3544 > * CVE-2011-3545 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3545 > * CVE-2011-3546 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3546 > * CVE-2011-3547 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3547 > * CVE-2011-3548 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3548 > * CVE-2011-3549 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3549 > * CVE-2011-3550 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3550 > * CVE-2011-3551 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3551 > * CVE-2011-3552 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3552 > * CVE-2011-3553 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3553 > * CVE-2011-3554 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3554 > * CVE-2011-3556 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3556 > * CVE-2011-3557 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3557 > * CVE-2011-3560 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3560 > * CVE-2011-3561 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3561 > Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ppc s390x x86_64): java-1_6_0-ibm-1.6.0_sr10.0-0.8.1 java-1_6_0-ibm-devel-1.6.0_sr10.0-0.8.1 java-1_6_0-ibm-fonts-1.6.0_sr10.0-0.8.1 java-1_6_0-ibm-jdbc-1.6.0_sr10.0-0.8.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64): java-1_6_0-ibm-plugin-1.6.0_sr10.0-0.8.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): java-1_6_0-ibm-32bit-1.6.0_sr10.0-0.8.1 java-1_6_0-ibm-devel-32bit-1.6.0_sr10.0-0.8.1 - SUSE Linux Enterprise Server 10 SP4 (x86_64): java-1_6_0-ibm-alsa-32bit-1.6.0_sr10.0-0.8.1 java-1_6_0-ibm-plugin-32bit-1.6.0_sr10.0-0.8.1 - SUSE Linux Enterprise Server 10 SP4 (i586): java-1_6_0-ibm-alsa-1.6.0_sr10.0-0.8.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): java-1_6_0-ibm-64bit-1.6.0_sr10.0-0.8.1 - SUSE Linux Enterprise Java 10 SP4 (x86_64): java-1_6_0-ibm-1.6.0_sr10.0-0.8.1 java-1_6_0-ibm-devel-1.6.0_sr10.0-0.8.1 java-1_6_0-ibm-fonts-1.6.0_sr10.0-0.8.1 java-1_6_0-ibm-jdbc-1.6.0_sr10.0-0.8.1 java-1_6_0-ibm-plugin-1.6.0_sr10.0-0.8.1 References: http://support.novell.com/security/cve/CVE-2011-3389.html http://support.novell.com/security/cve/CVE-2011-3516.html http://support.novell.com/security/cve/CVE-2011-3521.html http://support.novell.com/security/cve/CVE-2011-3544.html http://support.novell.com/security/cve/CVE-2011-3545.html http://support.novell.com/security/cve/CVE-2011-3546.html http://support.novell.com/security/cve/CVE-2011-3547.html http://support.novell.com/security/cve/CVE-2011-3548.html http://support.novell.com/security/cve/CVE-2011-3549.html http://support.novell.com/security/cve/CVE-2011-3550.html http://support.novell.com/security/cve/CVE-2011-3551.html http://support.novell.com/security/cve/CVE-2011-3552.html http://support.novell.com/security/cve/CVE-2011-3553.html http://support.novell.com/security/cve/CVE-2011-3554.html http://support.novell.com/security/cve/CVE-2011-3556.html http://support.novell.com/security/cve/CVE-2011-3557.html http://support.novell.com/security/cve/CVE-2011-3560.html http://support.novell.com/security/cve/CVE-2011-3561.html https://bugzilla.novell.com/739248 http://download.novell.com/patch/finder/?keywords=ea376c01db551281b5801fde1… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

9 years, 3 months

[security-announce] openSUSE 11.3 has reached end of SUSE support

by Marcus Meissner

Hi, (also announced by Benjamin on opensuse-announce) With the release of release-notes-openSUSE on Friday 20th of January SUSE has released the last update for openSUSE 11.3. openSUSE 11.3 is now officially discontinued and out of support by SUSE. Here are some security statistics: openSUSE 11.3 was released on July 15th 2010, making it 18 months of security and bugfix support. Some statistics on the released patches (compared to 11.2): Total updates: 581 (+92) Security: 358 (+41) Recommended: 221 (+49) Optional: 2 (+2) CVE Entries: 1212 (+78) Top issues (compared to 11.2 for issues down to 5) 14 seamonkey (+3) 12 MozillaFirefox (-6) 12 flash-player (+2) 11 MozillaThunderbird (+3) 10 opera (-3) 9 kernel (+4) 7 mozilla-xulrunner191 (+1) 7 libopenssl-devel (+2) 7 java-1_6_0-openjdk (+2) 6 krb5 (-3) 6 bind (+3) 6 acroread (-2) 5 wireshark (+1) 5 tomcat6 (0) 5 exim (+2) 5 dhcp (+4) 5 clamav (0) 5 apache2-mod_php5 (0) And top issues sorted by CVE (Common Vulnerability Enumeration) count down to 5) (compared to 11.2 for the top): 214 libwebkit (+34) 138 seamonkey (+18) 128 kernel (+22) 113 MozillaFirefox (-6) 111 MozillaThunderbird (-16) 96 mozilla-xulrunner191 (+12) 90 java-1_6_0-sun (-4) 86 acroread (-27) 82 flash-player (-1) 54 opera (+27) 51 java-1_6_0-openjdk (-43) 49 apache2-mod_php5 (+4) 32 wireshark (+6) 21 freetype2 (+3) 16 icedtea-web 13 krb5 (-2) 12 OpenOffice_org (0) 12 libopenssl-devel (+6) 11 tomcat6 (0) 10 apache2 (+8) 10 quagga 9 libmariadbclient16 8 rubygem-actionmailer 8 gimp (+2) 8 libmysqlclient-devel (-15) 8 perl (-1) 8 dhcp (+6) 8 libmysqlclusterclient16 8 clamav (-2) 8 bind (+2) 8 libmodplug (+7) 7 libtiff-devel (+2) 7 exim (+2) 7 libsvn_auth_gnome_keyring-1-0 (+4) 7 libvirt (+1) 7 finch (-5) 7 NetworkManager (+5) 6 ecryptfs-utils 6 libpng14 6 puppet (+5) 6 sysconfig (+2) 6 xorg-x11-Xvnc (+4) 6 sudo (0) 6 libpng12 6 python-feedparser (+1) 6 kvm (+5) 5 compat-openssl097g (+4) 5 otrs (+3) 5 glibc (-1) 5 libmoon-devel 5 radvd 5 evince (0) 5 libxml2 (+3) 5 libpcsclite1 (0) 5 cyrus-imapd # security updates by count # grep -l type..secur updateinfo-*|sed -e 's/^updateinfo-//;s/-[0-9]*.xml$//;'|sort|uniq -c|sort -n +0 -r|less # grep CVE- update* |perl -e '%cves=();while (<>) { while (/(CVE-2...-....)/) { $cve{$1}++; s/CVE-2...-....//;} } print join("\n",sort keys %cve)."\n";' | wc -l # for i in updateinfo-* ; do echo -n "$i " ; grep CVE- $i|perl -e '%cves=();while (<>) { while (/(CVE-2...-....)/) { $cve{$1}++; s/CVE-2...-....//;} } print join("\n",sort keys %cve)."\n";' | wc -l ; done |perl -e 'while (<>) { /^updateinfo-(\S*)-\d*.xml (\d*)$/; $cnt{$1}+=$2; } ; foreach (sort { $cnt{$b} <=> $cnt{$a} } keys %cnt) { print "$cnt{$_}\t\t$_\n";} ' -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

9 years, 3 months

[security-announce] openSUSE-SU-2012:0107-1: important: libxml2: fixing heap-based buffer overflow (CVE-2011-3919)

by opensuse-security＠opensuse.org

openSUSE Security Update: libxml2: fixing heap-based buffer overflow (CVE-2011-3919) ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0107-1 Rating: important References: #739894 Cross-References: CVE-2011-3919 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A heap-based buffer overflow during decoding of entity references with overly long names has been fixed. CVE-2011-3919 has been assigned. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch libxml2-5659 - openSUSE 11.3: zypper in -t patch libxml2-5659 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): libxml2-2.7.8-16.21.1 libxml2-devel-2.7.8-16.21.1 - openSUSE 11.4 (x86_64): libxml2-32bit-2.7.8-16.21.1 libxml2-devel-32bit-2.7.8-16.21.1 - openSUSE 11.4 (noarch): libxml2-doc-2.7.8-16.21.1 - openSUSE 11.3 (i586 x86_64): libxml2-2.7.7-4.11.1 libxml2-devel-2.7.7-4.11.1 - openSUSE 11.3 (x86_64): libxml2-32bit-2.7.7-4.11.1 libxml2-devel-32bit-2.7.7-4.11.1 - openSUSE 11.3 (noarch): libxml2-doc-2.7.7-4.11.1 References: http://support.novell.com/security/cve/CVE-2011-3919.html https://bugzilla.novell.com/739894 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

9 years, 3 months

[security-announce] SUSE-SU-2012:0097-1: important: Security update for libqt4

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for libqt4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0097-1 Rating: important References: #739904 Cross-References: CVE-2011-3922 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: A stack-based buffer overflow in the glyph handling of libqt4's harfbuzz has been fixed. CVE-2011-3922 has been assigned to this issue. Security Issuereference: * CVE-2011-3922 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3922 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-libQtWebKit-devel-5624 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-libQtWebKit-devel-5624 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-libQtWebKit-devel-5624 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-libQtWebKit-devel-5624 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 4.6.3]: libQtWebKit-devel-4.6.3-5.12.1 libqt4-devel-4.6.3-5.12.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64) [New Version: 4.6.3]: libQtWebKit4-32bit-4.6.3-5.12.1 libqt4-sql-sqlite-32bit-4.6.3-5.12.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ia64) [New Version: 4.6.3]: libQtWebKit4-x86-4.6.3-5.12.1 libqt4-sql-sqlite-x86-4.6.3-5.12.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 4.6.3]: libQtWebKit4-4.6.3-5.12.1 libqt4-4.6.3-5.12.1 libqt4-qt3support-4.6.3-5.12.1 libqt4-sql-4.6.3-5.12.1 libqt4-sql-sqlite-4.6.3-5.12.1 libqt4-x11-4.6.3-5.12.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version: 4.6.3]: libQtWebKit4-32bit-4.6.3-5.12.1 libqt4-32bit-4.6.3-5.12.1 libqt4-qt3support-32bit-4.6.3-5.12.1 libqt4-sql-32bit-4.6.3-5.12.1 libqt4-x11-32bit-4.6.3-5.12.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 4.6.3]: libQtWebKit4-4.6.3-5.12.1 libqt4-4.6.3-5.12.1 libqt4-qt3support-4.6.3-5.12.1 libqt4-sql-4.6.3-5.12.1 libqt4-sql-sqlite-4.6.3-5.12.1 libqt4-x11-4.6.3-5.12.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64) [New Version: 4.6.3]: libQtWebKit4-32bit-4.6.3-5.12.1 libqt4-32bit-4.6.3-5.12.1 libqt4-qt3support-32bit-4.6.3-5.12.1 libqt4-sql-32bit-4.6.3-5.12.1 libqt4-x11-32bit-4.6.3-5.12.1 - SUSE Linux Enterprise Server 11 SP1 (ia64) [New Version: 4.6.3]: libQtWebKit4-x86-4.6.3-5.12.1 libqt4-qt3support-x86-4.6.3-5.12.1 libqt4-sql-x86-4.6.3-5.12.1 libqt4-x11-x86-4.6.3-5.12.1 libqt4-x86-4.6.3-5.12.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 4.6.3]: libQtWebKit4-4.6.3-5.12.1 libqt4-4.6.3-5.12.1 libqt4-qt3support-4.6.3-5.12.1 libqt4-sql-4.6.3-5.12.1 libqt4-sql-sqlite-4.6.3-5.12.1 libqt4-x11-4.6.3-5.12.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 4.6.3]: libQtWebKit4-32bit-4.6.3-5.12.1 libqt4-32bit-4.6.3-5.12.1 libqt4-qt3support-32bit-4.6.3-5.12.1 libqt4-sql-32bit-4.6.3-5.12.1 libqt4-sql-sqlite-32bit-4.6.3-5.12.1 libqt4-x11-32bit-4.6.3-5.12.1 References: http://support.novell.com/security/cve/CVE-2011-3922.html https://bugzilla.novell.com/739904 http://download.novell.com/patch/finder/?keywords=a173a1a6d496f9364a4dbb524… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

9 years, 3 months

[security-announce] openSUSE-SU-2012:0091-1: important: libqt4: fixed stack-based buffer overflow in glyph handling (CVE-2011-3922)

by opensuse-security＠opensuse.org

openSUSE Security Update: libqt4: fixed stack-based buffer overflow in glyph handling (CVE-2011-3922) ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0091-1 Rating: important References: #739904 Cross-References: CVE-2011-3922 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A stack-based buffer overflow in the glyph handling of libqt4's harfbuzz has been fixed. CVE-2011-3922 has been assigned to this issue. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch libQtWebKit-devel-5628 - openSUSE 11.3: zypper in -t patch libQtWebKit-devel-5628 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): libQtWebKit-devel-4.7.1-8.17.1 libQtWebKit4-4.7.1-8.17.1 libqt4-4.7.1-8.17.1 libqt4-devel-4.7.1-8.17.1 libqt4-qt3support-4.7.1-8.17.1 libqt4-sql-4.7.1-8.17.1 libqt4-sql-sqlite-4.7.1-8.17.1 libqt4-x11-4.7.1-8.17.1 - openSUSE 11.4 (x86_64): libQtWebKit4-32bit-4.7.1-8.17.1 libqt4-32bit-4.7.1-8.17.1 libqt4-qt3support-32bit-4.7.1-8.17.1 libqt4-sql-32bit-4.7.1-8.17.1 libqt4-sql-sqlite-32bit-4.7.1-8.17.1 libqt4-x11-32bit-4.7.1-8.17.1 - openSUSE 11.3 (i586 x86_64): libQtWebKit-devel-4.6.3-2.7.1 libQtWebKit4-4.6.3-2.7.1 libqt4-4.6.3-2.7.1 libqt4-devel-4.6.3-2.7.1 libqt4-qt3support-4.6.3-2.7.1 libqt4-sql-4.6.3-2.7.1 libqt4-sql-sqlite-4.6.3-2.7.1 libqt4-x11-4.6.3-2.7.1 - openSUSE 11.3 (x86_64): libQtWebKit4-32bit-4.6.3-2.7.1 libqt4-32bit-4.6.3-2.7.1 libqt4-qt3support-32bit-4.6.3-2.7.1 libqt4-sql-32bit-4.6.3-2.7.1 libqt4-sql-sqlite-32bit-4.6.3-2.7.1 libqt4-x11-32bit-4.6.3-2.7.1 References: http://support.novell.com/security/cve/CVE-2011-3922.html https://bugzilla.novell.com/739904 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

9 years, 3 months

[security-announce] openSUSE-SU-2012:0087-1: important: acroread

by opensuse-security＠opensuse.org

openSUSE Security Update: acroread ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0087-1 Rating: important References: #735275 Cross-References: CVE-2011-2462 CVE-2011-4369 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: Acrobat Reader was updated to version 9.4.7 to fix security issues (CVE-2011-2462, CVE-2011-4369) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch acroread-5650 - openSUSE 11.3: zypper in -t patch acroread-5650 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586) [New Version: 9.4.7]: acroread-9.4.7-0.3.1 - openSUSE 11.3 (i586) [New Version: 9.4.7]: acroread-9.4.7-0.3.1 References: http://support.novell.com/security/cve/CVE-2011-2462.html http://support.novell.com/security/cve/CVE-2011-4369.html https://bugzilla.novell.com/735275 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

9 years, 3 months

[security-announce] SUSE-SU-2012:0086-1: important: Security update for Acrobat Reader

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for Acrobat Reader ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0086-1 Rating: important References: #735275 Cross-References: CVE-2011-2462 CVE-2011-4369 Affected Products: SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes two new package versions. Description: Acrobat Reader was updated to version 9.4.7 to fix two security issues (CVE-2011-2462, CVE-2011-4369) Security Issue references: * CVE-2011-4369 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4369 > * CVE-2011-2462 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2462 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-acroread-5649 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP1 (noarch) [New Version: 9.4.6]: acroread-cmaps-9.4.6-0.4.2.2 acroread-fonts-ja-9.4.6-0.4.2.2 acroread-fonts-ko-9.4.6-0.4.2.2 acroread-fonts-zh_CN-9.4.6-0.4.2.2 acroread-fonts-zh_TW-9.4.6-0.4.2.2 - SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 9.4.7]: acroread-9.4.7-0.2.2.1 - SUSE Linux Enterprise Desktop 10 SP4 (noarch) [New Version: 9.4.6]: acroread-cmaps-9.4.6-0.5.9 acroread-fonts-ja-9.4.6-0.5.9 acroread-fonts-ko-9.4.6-0.5.9 acroread-fonts-zh_CN-9.4.6-0.5.9 acroread-fonts-zh_TW-9.4.6-0.5.9 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 9.4.7]: acroread-9.4.7-0.5.1 References: http://support.novell.com/security/cve/CVE-2011-2462.html http://support.novell.com/security/cve/CVE-2011-4369.html https://bugzilla.novell.com/735275 http://download.novell.com/patch/finder/?keywords=b7032f742fda7a15dea6b1561… http://download.novell.com/patch/finder/?keywords=c4cebcc03c1219adc40eac640… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

9 years, 4 months

[security-announce] SUSE-SU-2012:0084-1: important: Security update for OpenSSL

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0084-1 Rating: important References: #739719 Cross-References: CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. It includes one version update. Description: Various security vulnerabilities have been fixed in OpenSSL: * DTLS plaintext recovery attack (CVE-2011-4108) * double-free in Policy Checks (CVE-2011-4109) * uninitialized SSL 3.0 padding (CVE-2011-4576) * malformed RFC 3779 data can cause assertion failures (CVE-2011-4577) * SGC restart DoS attack (CVE-2011-4619) Security Issue references: * CVE-2011-4108 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108 > * CVE-2011-4109 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109 > * CVE-2011-4576 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576 > * CVE-2011-4577 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4577 > * CVE-2011-4619 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-libopenssl-devel-5635 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-libopenssl-devel-5635 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-libopenssl-devel-5635 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-libopenssl-devel-5635 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl-devel-0.9.8j-0.26.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-0.9.8j-0.26.1 openssl-0.9.8j-0.26.1 openssl-doc-0.9.8j-0.26.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.26.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-0.9.8j-0.26.1 openssl-0.9.8j-0.26.1 openssl-doc-0.9.8j-0.26.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.26.1 - SUSE Linux Enterprise Server 11 SP1 (ia64) [New Version: 0.9.8j]: libopenssl0_9_8-x86-0.9.8j-0.26.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): openssl-0.9.8a-18.56.3 openssl-devel-0.9.8a-18.56.3 openssl-doc-0.9.8a-18.56.3 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): openssl-32bit-0.9.8a-18.56.3 openssl-devel-32bit-0.9.8a-18.56.3 - SUSE Linux Enterprise Server 10 SP4 (ia64): openssl-x86-0.9.8a-18.56.3 - SUSE Linux Enterprise Server 10 SP4 (ppc): openssl-64bit-0.9.8a-18.56.3 openssl-devel-64bit-0.9.8a-18.56.3 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-0.9.8j-0.26.1 openssl-0.9.8j-0.26.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.26.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): openssl-0.9.8a-18.56.3 openssl-devel-0.9.8a-18.56.3 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): openssl-32bit-0.9.8a-18.56.3 openssl-devel-32bit-0.9.8a-18.56.3 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): openssl-doc-0.9.8a-18.56.3 References: http://support.novell.com/security/cve/CVE-2011-4108.html http://support.novell.com/security/cve/CVE-2011-4109.html http://support.novell.com/security/cve/CVE-2011-4576.html http://support.novell.com/security/cve/CVE-2011-4577.html http://support.novell.com/security/cve/CVE-2011-4619.html https://bugzilla.novell.com/739719 http://download.novell.com/patch/finder/?keywords=00effca53ebc7841a642ba4e7… http://download.novell.com/patch/finder/?keywords=16f27ddd5506ebb38dc001550… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

9 years, 4 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

openSUSE Security Announce January 2012