openSUSE Security Announce October 2012

security-announce@lists.opensuse.org

2 participants
26 discussions

[security-announce] SUSE-SU-2012:1426-1: important: Security update for Mozilla Firefox

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1426-1 Rating: important References: #786522 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes two new package versions. Description: MozillaFirefox was updated to the 10.0.10ESR security release. The following issues have been fixed: * MFSA 2012-90: Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. Details for each of the current fixed issues are below. Thunderbird is only affected by window.location issues through RSS feeds and extensions that load web content. * CVE-2012-4194: Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users. * CVE-2012-4195: Mozilla security researcher moz_bug_r_a4 discovered that the CheckURL function in window.location can be forced to return the wrong calling document and principal, allowing a cross-site scripting (XSS) attack. There is also the possibility of gaining arbitrary code execution if the attacker can take advantage of an add-on that interacts with the page content. * CVE-2012-4196: Security researcher Antoine Delignat-Lavaud of the PROSECCO research team at INRIA Paris reported the ability to use property injection by prototype to bypass security wrapper protections on the Location object, allowing the cross-origin reading of the Location object. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-firefox-201210b-7004 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-firefox-201210b-7004 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-firefox-201210b-7004 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-firefox-201210b-7004 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 4.9.3]: mozilla-nspr-devel-4.9.3-0.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 10.0.10 and 4.9.3]: MozillaFirefox-10.0.10-0.3.1 MozillaFirefox-translations-10.0.10-0.3.1 mozilla-nspr-4.9.3-0.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 4.9.3]: mozilla-nspr-32bit-4.9.3-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.10 and 4.9.3]: MozillaFirefox-10.0.10-0.3.1 MozillaFirefox-translations-10.0.10-0.3.1 mozilla-nspr-4.9.3-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 4.9.3]: mozilla-nspr-32bit-4.9.3-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 4.9.3]: mozilla-nspr-x86-4.9.3-0.2.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 4.9.3]: mozilla-nspr-4.9.3-0.5.1 mozilla-nspr-devel-4.9.3-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x): MozillaFirefox-10.0.10-0.5.2 MozillaFirefox-translations-10.0.10-0.5.2 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 4.9.3]: mozilla-nspr-32bit-4.9.3-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (ia64) [New Version: 4.9.3]: mozilla-nspr-x86-4.9.3-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (ppc) [New Version: 4.9.3]: mozilla-nspr-64bit-4.9.3-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 10.0.10 and 4.9.3]: MozillaFirefox-10.0.10-0.3.1 MozillaFirefox-translations-10.0.10-0.3.1 mozilla-nspr-4.9.3-0.2.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 4.9.3]: mozilla-nspr-32bit-4.9.3-0.2.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 4.9.3]: mozilla-nspr-4.9.3-0.5.1 mozilla-nspr-devel-4.9.3-0.5.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 4.9.3]: mozilla-nspr-32bit-4.9.3-0.5.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586): MozillaFirefox-10.0.10-0.5.2 MozillaFirefox-translations-10.0.10-0.5.2 - SLE SDK 10 SP4 (i586 ia64 ppc s390x): MozillaFirefox-branding-upstream-10.0.10-0.5.2 References: https://bugzilla.novell.com/786522 http://download.novell.com/patch/finder/?keywords=67c3a0325cfb67cf4cabe8f44… http://download.novell.com/patch/finder/?keywords=a779e3f3d65e3943cbd34d5b9… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

8 years, 6 months

[security-announce] openSUSE-SU-2012:1424-1: important: java-1_6_0-openjdk: update to 1.11.5

by opensuse-security＠opensuse.org

openSUSE Security Update: java-1_6_0-openjdk: update to 1.11.5 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:1424-1 Rating: important References: #785433 Cross-References: CVE-2012-3216 CVE-2012-4416 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5089 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: java 1.6.0 openjdk / icedtea was updated to 1.11.5 (bnc#785433) * Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7167656, CVE-2012-5077: Multiple Seeders are being created - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector - S7172522, CVE-2012-5072: Improve DomainCombiner checking - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC - S7189103, CVE-2012-5069: Executors needs to maintain state - S7189490: More improvements to DomainCombiner checking - S7189567, CVE-2012-5085: java net obselete protocol - S7192975, CVE-2012-5071: Conditional usage check is wrong - S7195194, CVE-2012-5084: Better data validation for Swing - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved - S7195919, CVE-2012-5079: (sl) ServiceLoader can throw CCE without needing to create instance - S7198296, CVE-2012-5089: Refactor classloader usage - S7158800: Improve storage of symbol tables - S7158801: Improve VM CompileOnly option - S7158804: Improve config file parsing - S7176337: Additional changes needed for 7158801 fix - S7198606, CVE-2012-4416: Improve VM optimization * Backports - S7175845: "jar uf" changes file permissions unexpectedly - S7177216: native2ascii changes file permissions of input file - S7199153: TEST_BUG: try-with-resources syntax pushed to 6-open repo * Bug fixes - PR1194: IcedTea tries to build with /usr/lib/jvm/java-openjdk (now a 1.7 VM) by default Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch openSUSE-2012-755 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b24.1.11.5-21.1 java-1_6_0-openjdk-debuginfo-1.6.0.0_b24.1.11.5-21.1 java-1_6_0-openjdk-debugsource-1.6.0.0_b24.1.11.5-21.1 java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.5-21.1 java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b24.1.11.5-21.1 java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.5-21.1 java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b24.1.11.5-21.1 java-1_6_0-openjdk-javadoc-1.6.0.0_b24.1.11.5-21.1 java-1_6_0-openjdk-src-1.6.0.0_b24.1.11.5-21.1 References: http://support.novell.com/security/cve/CVE-2012-3216.html http://support.novell.com/security/cve/CVE-2012-4416.html http://support.novell.com/security/cve/CVE-2012-5068.html http://support.novell.com/security/cve/CVE-2012-5069.html http://support.novell.com/security/cve/CVE-2012-5071.html http://support.novell.com/security/cve/CVE-2012-5072.html http://support.novell.com/security/cve/CVE-2012-5073.html http://support.novell.com/security/cve/CVE-2012-5075.html http://support.novell.com/security/cve/CVE-2012-5077.html http://support.novell.com/security/cve/CVE-2012-5079.html http://support.novell.com/security/cve/CVE-2012-5081.html http://support.novell.com/security/cve/CVE-2012-5084.html http://support.novell.com/security/cve/CVE-2012-5085.html http://support.novell.com/security/cve/CVE-2012-5086.html http://support.novell.com/security/cve/CVE-2012-5089.html https://bugzilla.novell.com/785433 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

8 years, 6 months

[security-announce] openSUSE-SU-2012:1423-1: important: java-1_6_0-openjdk: update to 1.11.5 icedtea

by opensuse-security＠opensuse.org

openSUSE Security Update: java-1_6_0-openjdk: update to 1.11.5 icedtea ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:1423-1 Rating: important References: #785433 Cross-References: CVE-2012-3216 CVE-2012-4416 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5089 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This version upgrade to 1.11.5 fixed various security and non-security issues. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-754 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b24.1.11.5-16.1 java-1_6_0-openjdk-debuginfo-1.6.0.0_b24.1.11.5-16.1 java-1_6_0-openjdk-debugsource-1.6.0.0_b24.1.11.5-16.1 java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.5-16.1 java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b24.1.11.5-16.1 java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.5-16.1 java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b24.1.11.5-16.1 java-1_6_0-openjdk-javadoc-1.6.0.0_b24.1.11.5-16.1 java-1_6_0-openjdk-src-1.6.0.0_b24.1.11.5-16.1 References: http://support.novell.com/security/cve/CVE-2012-3216.html http://support.novell.com/security/cve/CVE-2012-4416.html http://support.novell.com/security/cve/CVE-2012-5068.html http://support.novell.com/security/cve/CVE-2012-5069.html http://support.novell.com/security/cve/CVE-2012-5071.html http://support.novell.com/security/cve/CVE-2012-5072.html http://support.novell.com/security/cve/CVE-2012-5073.html http://support.novell.com/security/cve/CVE-2012-5075.html http://support.novell.com/security/cve/CVE-2012-5077.html http://support.novell.com/security/cve/CVE-2012-5079.html http://support.novell.com/security/cve/CVE-2012-5081.html http://support.novell.com/security/cve/CVE-2012-5084.html http://support.novell.com/security/cve/CVE-2012-5085.html http://support.novell.com/security/cve/CVE-2012-5086.html http://support.novell.com/security/cve/CVE-2012-5089.html https://bugzilla.novell.com/785433 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

8 years, 6 months

[security-announce] openSUSE-SU-2012:1422-1: important: update for cgit

by opensuse-security＠opensuse.org

openSUSE Security Update: update for cgit ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:1422-1 Rating: important References: #783012 Cross-References: CVE-2012-4465 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Specially-crafted commits could trigger a heap-based buffer overflow Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2012-752 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): cgit-0.9.0.2-14.4.1 cgit-debuginfo-0.9.0.2-14.4.1 cgit-debugsource-0.9.0.2-14.4.1 References: http://support.novell.com/security/cve/CVE-2012-4465.html https://bugzilla.novell.com/783012 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

8 years, 6 months

[security-announce] openSUSE-SU-2012:1421-1: important: update for cgit

by opensuse-security＠opensuse.org

openSUSE Security Update: update for cgit ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:1421-1 Rating: important References: #783012 Cross-References: CVE-2012-4465 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Specially-crafted commits could trigger a heap-based buffer overflow Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-753 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): cgit-0.9.0.2-9.4.1 cgit-debuginfo-0.9.0.2-9.4.1 cgit-debugsource-0.9.0.2-9.4.1 References: http://support.novell.com/security/cve/CVE-2012-4465.html https://bugzilla.novell.com/783012 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

8 years, 6 months

[security-announce] openSUSE-SU-2012:1419-1: important: java-1_7_0-openjdk: Update to icedtea-2.3.3

by opensuse-security＠opensuse.org

openSUSE Security Update: java-1_7_0-openjdk: Update to icedtea-2.3.3 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:1419-1 Rating: important References: #785814 Cross-References: CVE-2012-3216 CVE-2012-4416 CVE-2012-5068 CVE-2012-5069 CVE-2012-5070 CVE-2012-5071 CVE-2012-5073 CVE-2012-5074 CVE-2012-5075 CVE-2012-5076 CVE-2012-5077 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5087 CVE-2012-5088 CVE-2012-5089 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: java-1_7_0-opendjk was updated to icedtea-2.3.3 (bnc#785814) * Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp - S7158807: Revise stack management with volatile call sites - S7163198, CVE-2012-5076: Tightened package accessibility - S7167656, CVE-2012-5077: Multiple Seeders are being created - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types - S7169887, CVE-2012-5074: Tightened package accessibility - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector - S7172522, CVE-2012-5072: Improve DomainCombiner checking - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC - S7189103, CVE-2012-5069: Executors needs to maintain state - S7189490: More improvements to DomainCombiner checking - S7189567, CVE-2012-5085: java net obselete protocol - S7192975, CVE-2012-5071: Issue with JMX reflection - S7195194, CVE-2012-5084: Better data validation for Swing - S7195549, CVE-2012-5087: Better bean object persistence - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved - S7195919, CVE-2012-5079: (sl) ServiceLoader can throw CCE without needing to create instance - S7196190, CVE-2012-5088: Improve method of handling MethodHandles - S7198296, CVE-2012-5089: Refactor classloader usage - S7158800: Improve storage of symbol tables - S7158801: Improve VM CompileOnly option - S7158804: Improve config file parsing - S7198606, CVE-2012-4416: Improve VM optimization * Bug fixes - Remove merge artefact. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2012-749 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): java-1_7_0-openjdk-1.7.0.6-3.16.1 java-1_7_0-openjdk-debuginfo-1.7.0.6-3.16.1 java-1_7_0-openjdk-debugsource-1.7.0.6-3.16.1 java-1_7_0-openjdk-demo-1.7.0.6-3.16.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.6-3.16.1 java-1_7_0-openjdk-devel-1.7.0.6-3.16.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.6-3.16.1 java-1_7_0-openjdk-javadoc-1.7.0.6-3.16.1 java-1_7_0-openjdk-src-1.7.0.6-3.16.1 References: http://support.novell.com/security/cve/CVE-2012-3216.html http://support.novell.com/security/cve/CVE-2012-4416.html http://support.novell.com/security/cve/CVE-2012-5068.html http://support.novell.com/security/cve/CVE-2012-5069.html http://support.novell.com/security/cve/CVE-2012-5070.html http://support.novell.com/security/cve/CVE-2012-5071.html http://support.novell.com/security/cve/CVE-2012-5073.html http://support.novell.com/security/cve/CVE-2012-5074.html http://support.novell.com/security/cve/CVE-2012-5075.html http://support.novell.com/security/cve/CVE-2012-5076.html http://support.novell.com/security/cve/CVE-2012-5077.html http://support.novell.com/security/cve/CVE-2012-5084.html http://support.novell.com/security/cve/CVE-2012-5085.html http://support.novell.com/security/cve/CVE-2012-5086.html http://support.novell.com/security/cve/CVE-2012-5087.html http://support.novell.com/security/cve/CVE-2012-5088.html http://support.novell.com/security/cve/CVE-2012-5089.html https://bugzilla.novell.com/785814 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

8 years, 6 months

[security-announce] openSUSE-SU-2012:1412-1: important: Mozilla Suite: Update to 16.0.2

by opensuse-security＠opensuse.org

openSUSE Security Update: Mozilla Suite: Update to 16.0.2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:1412-1 Rating: important References: #786522 Cross-References: CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 Affected Products: openSUSE 12.2 openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: Mozilla Firefox, Thunderbird and XULRunner were updated to 16.0.2. Mozilla Seamonkey was updated to 2.13.2. Tracker bug: bnc#786522 A security issues was fixed: * MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196 (bmo#800666, bmo#793121, bmo#802557) Fixes for Location object issues The update also brings back Obsoletes for libproxy's mozjs plugin for distributions before 12.2 to avoid crashes Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2012-745 - openSUSE 12.1: zypper in -t patch openSUSE-2012-745 - openSUSE 11.4: zypper in -t patch openSUSE-2012-745 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): MozillaFirefox-16.0.2-2.21.1 MozillaFirefox-branding-upstream-16.0.2-2.21.1 MozillaFirefox-buildsymbols-16.0.2-2.21.1 MozillaFirefox-debuginfo-16.0.2-2.21.1 MozillaFirefox-debugsource-16.0.2-2.21.1 MozillaFirefox-devel-16.0.2-2.21.1 MozillaFirefox-translations-common-16.0.2-2.21.1 MozillaFirefox-translations-other-16.0.2-2.21.1 MozillaThunderbird-16.0.2-49.19.1 MozillaThunderbird-buildsymbols-16.0.2-49.19.1 MozillaThunderbird-debuginfo-16.0.2-49.19.1 MozillaThunderbird-debugsource-16.0.2-49.19.1 MozillaThunderbird-devel-16.0.2-49.19.1 MozillaThunderbird-devel-debuginfo-16.0.2-49.19.1 MozillaThunderbird-translations-common-16.0.2-49.19.1 MozillaThunderbird-translations-other-16.0.2-49.19.1 enigmail-1.4.5.+16.0.2-49.19.1 enigmail-debuginfo-1.4.5.+16.0.2-49.19.1 mozilla-js-16.0.2-2.18.1 mozilla-js-debuginfo-16.0.2-2.18.1 seamonkey-2.13.2-2.22.1 seamonkey-debuginfo-2.13.2-2.22.1 seamonkey-debugsource-2.13.2-2.22.1 seamonkey-dom-inspector-2.13.2-2.22.1 seamonkey-irc-2.13.2-2.22.1 seamonkey-translations-common-2.13.2-2.22.1 seamonkey-translations-other-2.13.2-2.22.1 seamonkey-venkman-2.13.2-2.22.1 xulrunner-16.0.2-2.18.1 xulrunner-buildsymbols-16.0.2-2.18.1 xulrunner-debuginfo-16.0.2-2.18.1 xulrunner-debugsource-16.0.2-2.18.1 xulrunner-devel-16.0.2-2.18.1 xulrunner-devel-debuginfo-16.0.2-2.18.1 - openSUSE 12.2 (x86_64): mozilla-js-32bit-16.0.2-2.18.1 mozilla-js-debuginfo-32bit-16.0.2-2.18.1 xulrunner-32bit-16.0.2-2.18.1 xulrunner-debuginfo-32bit-16.0.2-2.18.1 - openSUSE 12.1 (i586 x86_64): MozillaFirefox-16.0.2-2.50.1 MozillaFirefox-branding-upstream-16.0.2-2.50.1 MozillaFirefox-buildsymbols-16.0.2-2.50.1 MozillaFirefox-debuginfo-16.0.2-2.50.1 MozillaFirefox-debugsource-16.0.2-2.50.1 MozillaFirefox-devel-16.0.2-2.50.1 MozillaFirefox-translations-common-16.0.2-2.50.1 MozillaFirefox-translations-other-16.0.2-2.50.1 MozillaThunderbird-16.0.2-33.39.1 MozillaThunderbird-buildsymbols-16.0.2-33.39.1 MozillaThunderbird-debuginfo-16.0.2-33.39.1 MozillaThunderbird-debugsource-16.0.2-33.39.1 MozillaThunderbird-devel-16.0.2-33.39.1 MozillaThunderbird-devel-debuginfo-16.0.2-33.39.1 MozillaThunderbird-translations-common-16.0.2-33.39.1 MozillaThunderbird-translations-other-16.0.2-33.39.1 enigmail-1.4.5.+16.0.2-33.39.1 enigmail-debuginfo-1.4.5.+16.0.2-33.39.1 mozilla-js-16.0.2-2.45.1 mozilla-js-debuginfo-16.0.2-2.45.1 seamonkey-2.13.2-2.41.1 seamonkey-debuginfo-2.13.2-2.41.1 seamonkey-debugsource-2.13.2-2.41.1 seamonkey-dom-inspector-2.13.2-2.41.1 seamonkey-irc-2.13.2-2.41.1 seamonkey-translations-common-2.13.2-2.41.1 seamonkey-translations-other-2.13.2-2.41.1 seamonkey-venkman-2.13.2-2.41.1 xulrunner-16.0.2-2.45.1 xulrunner-buildsymbols-16.0.2-2.45.1 xulrunner-debuginfo-16.0.2-2.45.1 xulrunner-debugsource-16.0.2-2.45.1 xulrunner-devel-16.0.2-2.45.1 xulrunner-devel-debuginfo-16.0.2-2.45.1 - openSUSE 12.1 (x86_64): mozilla-js-32bit-16.0.2-2.45.1 mozilla-js-debuginfo-32bit-16.0.2-2.45.1 xulrunner-32bit-16.0.2-2.45.1 xulrunner-debuginfo-32bit-16.0.2-2.45.1 - openSUSE 12.1 (ia64): mozilla-js-debuginfo-x86-16.0.2-2.45.1 mozilla-js-x86-16.0.2-2.45.1 xulrunner-debuginfo-x86-16.0.2-2.45.1 xulrunner-x86-16.0.2-2.45.1 - openSUSE 11.4 (i586 x86_64): MozillaFirefox-16.0.2-45.1 MozillaFirefox-branding-upstream-16.0.2-45.1 MozillaFirefox-buildsymbols-16.0.2-45.1 MozillaFirefox-debuginfo-16.0.2-45.1 MozillaFirefox-debugsource-16.0.2-45.1 MozillaFirefox-devel-16.0.2-45.1 MozillaFirefox-translations-common-16.0.2-45.1 MozillaFirefox-translations-other-16.0.2-45.1 MozillaThunderbird-16.0.2-37.1 MozillaThunderbird-buildsymbols-16.0.2-37.1 MozillaThunderbird-debuginfo-16.0.2-37.1 MozillaThunderbird-debugsource-16.0.2-37.1 MozillaThunderbird-devel-16.0.2-37.1 MozillaThunderbird-devel-debuginfo-16.0.2-37.1 MozillaThunderbird-translations-common-16.0.2-37.1 MozillaThunderbird-translations-other-16.0.2-37.1 enigmail-1.4.5.+16.0.2-37.1 enigmail-debuginfo-1.4.5.+16.0.2-37.1 seamonkey-2.13.2-41.1 seamonkey-debuginfo-2.13.2-41.1 seamonkey-debugsource-2.13.2-41.1 seamonkey-dom-inspector-2.13.2-41.1 seamonkey-irc-2.13.2-41.1 seamonkey-translations-common-2.13.2-41.1 seamonkey-translations-other-2.13.2-41.1 seamonkey-venkman-2.13.2-41.1 References: http://support.novell.com/security/cve/CVE-2012-4194.html http://support.novell.com/security/cve/CVE-2012-4195.html http://support.novell.com/security/cve/CVE-2012-4196.html https://bugzilla.novell.com/786522 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

8 years, 6 months

[security-announce] openSUSE-SU-2012:1404-1: critical: exim: overflow in DKIM handling fixed

by opensuse-security＠opensuse.org

openSUSE Security Update: exim: overflow in DKIM handling fixed ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:1404-1 Rating: critical References: #670711 #786652 Cross-References: CVE-2011-1764 CVE-2012-5671 Affected Products: openSUSE 12.2 openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes a remotely exploitable overflow in DKIM handling. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2012-738 - openSUSE 12.1: zypper in -t patch openSUSE-2012-738 - openSUSE 11.4: zypper in -t patch openSUSE-2012-738 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): exim-4.80.1-2.4.1 exim-debuginfo-4.80.1-2.4.1 exim-debugsource-4.80.1-2.4.1 eximon-4.80.1-2.4.1 eximon-debuginfo-4.80.1-2.4.1 eximstats-html-4.80.1-2.4.1 - openSUSE 12.1 (i586 x86_64): exim-4.80.1-5.4.1 exim-debuginfo-4.80.1-5.4.1 exim-debugsource-4.80.1-5.4.1 eximon-4.80.1-5.4.1 eximon-debuginfo-4.80.1-5.4.1 eximstats-html-4.80.1-5.4.1 - openSUSE 11.4 (i586 x86_64): exim-4.80.1-23.1 exim-debuginfo-4.80.1-23.1 exim-debugsource-4.80.1-23.1 eximon-4.80.1-23.1 eximon-debuginfo-4.80.1-23.1 eximstats-html-4.80.1-23.1 References: http://support.novell.com/security/cve/CVE-2011-1764.html http://support.novell.com/security/cve/CVE-2012-5671.html https://bugzilla.novell.com/670711 https://bugzilla.novell.com/786652 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

8 years, 6 months

[security-announce] SUSE-SU-2012:1203-2: important: Security update for qemu

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1203-2 Rating: important References: #777084 Cross-References: CVE-2012-3515 Affected Products: SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The qemu vt100 emulation was affected by a problem where specific vt100 sequences could have been used by guest users to affect the host. (CVE-2012-3515 aka XSA-17). This has been fixed. Security Issue reference: * CVE-2012-3515 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515 > Package List: - SLE SDK 10 SP4 (i586 ia64 x86_64): qemu-0.8.2-37.14.1 References: http://support.novell.com/security/cve/CVE-2012-3515.html https://bugzilla.novell.com/777084 http://download.novell.com/patch/finder/?keywords=30f612a13ba8c3e5184ba89d4… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

8 years, 6 months

[security-announce] SUSE-SU-2012:1398-1: important: Security update for OpenJDK

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for OpenJDK ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1398-1 Rating: important References: #785433 Cross-References: CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4416 CVE-2012-4681 CVE-2012-5067 CVE-2012-5068 CVE-2012-5069 CVE-2012-5070 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5074 CVE-2012-5075 CVE-2012-5076 CVE-2012-5077 CVE-2012-5078 CVE-2012-5079 CVE-2012-5080 CVE-2012-5081 CVE-2012-5082 CVE-2012-5083 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5087 CVE-2012-5088 CVE-2012-5089 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes 31 vulnerabilities is now available. Description: java-openjdk was upgraded to version 1.11.5 to fix various security and non-security issues. Security Issue references: * CVE-2012-4681 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4681 > * CVE-2012-5083 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5083 > * CVE-2012-1531 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1531 > * CVE-2012-5086 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5086 > * CVE-2012-5087 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5087 > * CVE-2012-1533 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1533 > * CVE-2012-1532 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1532 > * CVE-2012-5076 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5076 > * CVE-2012-3143 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3143 > * CVE-2012-5088 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5088 > * CVE-2012-5078 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5078 > * CVE-2012-5089 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5089 > * CVE-2012-5084 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5084 > * CVE-2012-5080 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5080 > * CVE-2012-3159 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3159 > * CVE-2012-5068 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5068 > * CVE-2012-4416 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4416 > * CVE-2012-5074 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5074 > * CVE-2012-5071 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5071 > * CVE-2012-5069 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5069 > * CVE-2012-5067 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5067 > * CVE-2012-5070 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5070 > * CVE-2012-5075 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5075 > * CVE-2012-5073 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5073 > * CVE-2012-5079 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5079 > * CVE-2012-5072 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5072 > * CVE-2012-5081 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081 > * CVE-2012-5082 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5082 > * CVE-2012-3216 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3216 > * CVE-2012-5077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5077 > * CVE-2012-5085 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5085 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-java-1_6_0-openjdk-6987 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b24.1.11.5-0.2.1 java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.5-0.2.1 java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.5-0.2.1 References: http://support.novell.com/security/cve/CVE-2012-1531.html http://support.novell.com/security/cve/CVE-2012-1532.html http://support.novell.com/security/cve/CVE-2012-1533.html http://support.novell.com/security/cve/CVE-2012-3143.html http://support.novell.com/security/cve/CVE-2012-3159.html http://support.novell.com/security/cve/CVE-2012-3216.html http://support.novell.com/security/cve/CVE-2012-4416.html http://support.novell.com/security/cve/CVE-2012-4681.html http://support.novell.com/security/cve/CVE-2012-5067.html http://support.novell.com/security/cve/CVE-2012-5068.html http://support.novell.com/security/cve/CVE-2012-5069.html http://support.novell.com/security/cve/CVE-2012-5070.html http://support.novell.com/security/cve/CVE-2012-5071.html http://support.novell.com/security/cve/CVE-2012-5072.html http://support.novell.com/security/cve/CVE-2012-5073.html http://support.novell.com/security/cve/CVE-2012-5074.html http://support.novell.com/security/cve/CVE-2012-5075.html http://support.novell.com/security/cve/CVE-2012-5076.html http://support.novell.com/security/cve/CVE-2012-5077.html http://support.novell.com/security/cve/CVE-2012-5078.html http://support.novell.com/security/cve/CVE-2012-5079.html http://support.novell.com/security/cve/CVE-2012-5080.html http://support.novell.com/security/cve/CVE-2012-5081.html http://support.novell.com/security/cve/CVE-2012-5082.html http://support.novell.com/security/cve/CVE-2012-5083.html http://support.novell.com/security/cve/CVE-2012-5084.html http://support.novell.com/security/cve/CVE-2012-5085.html http://support.novell.com/security/cve/CVE-2012-5086.html http://support.novell.com/security/cve/CVE-2012-5087.html http://support.novell.com/security/cve/CVE-2012-5088.html http://support.novell.com/security/cve/CVE-2012-5089.html https://bugzilla.novell.com/785433 http://download.novell.com/patch/finder/?keywords=c230e2b1023ded8fd1041aa18… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

8 years, 6 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

openSUSE Security Announce October 2012