February 2012 - openSUSE Security Announce

[security-announce] SUSE Security Announcement: systemd (SUSE-SA:2012:001)
by krahmer＠suse.de 29 Feb '12

29 Feb '12

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: systemd Announcement ID: SUSE-SA:2012:001 Date: Wed, 29 Feb 2012 16:00:00 +0000 Affected Products: openSUSE 12.1 Vulnerability Type: local privilege escalation CVSS v2 Base Score: 6.6 (AV:L/AC:M/Au:S/C:C/I:C/A:C) SUSE Default Package: yes Cross-References: CVE-2012-0871 Content of This Advisory: 1) Security Vulnerability Resolved: systemd arbitrary file creation Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion systemd-logind, part of the systemd package, keeps track of user logins and sessions. Upon login it creates dedicated files inside the /run/user/ directory in an insecure manner. This allows local attackers to create symlinks inside arbitrary directories. Further exploitation steps allow local attackers to gain root access. CVE-2012-0871 has been assigned to this issue. 2) Solution or Work-Around There is no easy workaround, please install the update packages. 3) Special Instructions and Notes Please reboot the machine after installing the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them. The issue is fixed in our systemd-37-3.8.1 available in the openSUSE 12.1 update channel. ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. opensuse-security-announce(a)opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe(a)opensuse.org>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBT05L/Hey5gA9JdPZAQJrwwf/Vc1vRnWWcl4O82yFZT6/Yq7xVq8+2e/Q +P+zEWyAMcVD/9SoUsGE0/I1FLhECYP8vZmaE9uhRF41LdS1ykhJxrW8X6dnGSbI 9SorcREpZZguP0B9FHyqCAbqAnt+NybKrKSTfWgy3Zbc0CbJattKDRoYNqCjZ4+3 WWmWSbGNd/hda3K4LFDXZuOKQ9vKSN2jbErx+laFMKa7YJCKwr6VxcEGA62KntMe WsDBYpBWUvhkZcUIJv5HzsnWgcOOj1eJdWFTcOFFAZd/IMjYnobYi67xTDQsA9VD 1fUmB47+gJyFefPZL55DnBLliZuAuO8ZBhH5g9oEB7s8vtcKsXzs1A== =LbeK -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2012:0318-1: important: Security update for libpng
by opensuse-security＠opensuse.org 28 Feb '12

28 Feb '12

SUSE Security Update: Security update for libpng ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0318-1 Rating: important References: #747311 Cross-References: CVE-2011-3026 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP1 FOR SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 FOR SP2 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP1 FOR SP2 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A heap-based buffer overflow in libpng was fixed that could potentially be exploited by attackers to execute arbitrary code or cause an application to crash (CVE-2011-3026). Security Issue reference: * CVE-2011-3026 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP1 FOR SP2: zypper in -t patch sdksp1fsp2-libpng-devel-5857 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-libpng-devel-5857 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-libpng-devel-5857 - SUSE Linux Enterprise Server 11 SP1 FOR SP2: zypper in -t patch slessp1fsp2-libpng-devel-5857 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-libpng-devel-5857 - SUSE Linux Enterprise Desktop 11 SP1 FOR SP2: zypper in -t patch sledsp1fsp2-libpng-devel-5857 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-libpng-devel-5857 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP1 FOR SP2 (i586 ia64 ppc64 s390x x86_64): libpng-devel-1.2.31-5.27.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 FOR SP2 (ppc64 s390x x86_64): libpng-devel-32bit-1.2.31-5.27.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): libpng-devel-1.2.31-5.27.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64): libpng-devel-32bit-1.2.31-5.27.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): libpng12-0-1.2.31-5.27.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): libpng12-0-32bit-1.2.31-5.27.1 - SUSE Linux Enterprise Server 11 SP1 FOR SP2 (i586 ia64 ppc64 s390x x86_64): libpng12-0-1.2.31-5.27.1 - SUSE Linux Enterprise Server 11 SP1 FOR SP2 (ppc64 s390x x86_64): libpng12-0-32bit-1.2.31-5.27.1 - SUSE Linux Enterprise Server 11 SP1 FOR SP2 (ia64): libpng12-0-x86-1.2.31-5.27.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): libpng12-0-1.2.31-5.27.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): libpng12-0-32bit-1.2.31-5.27.1 - SUSE Linux Enterprise Server 11 SP1 (ia64): libpng12-0-x86-1.2.31-5.27.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): libpng-1.2.8-19.33.7 libpng-devel-1.2.8-19.33.7 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): libpng-32bit-1.2.8-19.33.7 libpng-devel-32bit-1.2.8-19.33.7 - SUSE Linux Enterprise Server 10 SP4 (ia64): libpng-x86-1.2.8-19.33.7 - SUSE Linux Enterprise Server 10 SP4 (ppc): libpng-64bit-1.2.8-19.33.7 libpng-devel-64bit-1.2.8-19.33.7 - SUSE Linux Enterprise Desktop 11 SP1 FOR SP2 (i586 x86_64): libpng-devel-1.2.31-5.27.1 libpng12-0-1.2.31-5.27.1 - SUSE Linux Enterprise Desktop 11 SP1 FOR SP2 (x86_64): libpng12-0-32bit-1.2.31-5.27.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): libpng-devel-1.2.31-5.27.1 libpng12-0-1.2.31-5.27.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): libpng12-0-32bit-1.2.31-5.27.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): libpng-1.2.8-19.33.7 libpng-devel-1.2.8-19.33.7 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): libpng-32bit-1.2.8-19.33.7 libpng-devel-32bit-1.2.8-19.33.7 References: http://support.novell.com/security/cve/CVE-2011-3026.html https://bugzilla.novell.com/747311 http://download.novell.com/patch/finder/?keywords=2690ba40942c362f70510de20… http://download.novell.com/patch/finder/?keywords=318c86355183d8c29b4dff152… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2012:0316-1: important: libpng12: Fixed a heap based buffer overflow
by opensuse-security＠opensuse.org 28 Feb '12

28 Feb '12

openSUSE Security Update: libpng12: Fixed a heap based buffer overflow ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0316-1 Rating: important References: #747311 Cross-References: CVE-2011-3026 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: A heap-based buffer overflow in libpng was fixed that could potentially be exploited by attackers to execute arbitrary code or cause an application to crash (CVE-2011-3026). libpng 1.2 was updated to 1.2.47 to fix this issue. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch libpng12-5846 libpng14-5847 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 1.2.47]: libpng12-0-1.2.47-0.8.1 libpng12-compat-devel-1.2.47-0.8.1 libpng12-devel-1.2.47-0.8.1 libpng14-14-1.4.4-3.6.1 libpng14-compat-devel-1.4.4-3.6.1 libpng14-devel-1.4.4-3.6.1 - openSUSE 11.4 (x86_64) [New Version: 1.2.47]: libpng12-0-32bit-1.2.47-0.8.1 libpng12-compat-devel-32bit-1.2.47-0.8.1 libpng12-devel-32bit-1.2.47-0.8.1 libpng14-14-32bit-1.4.4-3.6.1 libpng14-compat-devel-32bit-1.4.4-3.6.1 libpng14-devel-32bit-1.4.4-3.6.1 References: http://support.novell.com/security/cve/CVE-2011-3026.html https://bugzilla.novell.com/747311 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2012:0315-1: important: csound: fixed two stack based buffer overflows
by opensuse-security＠opensuse.org 28 Feb '12

28 Feb '12

openSUSE Security Update: csound: fixed two stack based buffer overflows ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0315-1 Rating: important References: #749073 Cross-References: CVE-2012-0270 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of csound fixes two stack-based buffer overflows that could be exploited via malformed hetro and pvoc files (CVE-2012-0270). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch csound-5889 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): csound-5.06.0-139.140.1 References: http://support.novell.com/security/cve/CVE-2012-0270.html https://bugzilla.novell.com/749073 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2012:0314-1: important: apache2: fixed various security bugs
by opensuse-security＠opensuse.org 28 Feb '12

28 Feb '12

openSUSE Security Update: apache2: fixed various security bugs ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0314-1 Rating: important References: #728876 #738855 #741243 #743743 Cross-References: CVE-2007-6750 CVE-2012-0031 CVE-2012-0053 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update of apache2 fixes regressions and several security problems: bnc#728876, fix graceful reload bnc#741243, CVE-2012-0031: Fixed a scoreboard corruption (shared mem segment) by child causes crash of privileged parent (invalid free()) during shutdown. bnc#743743, CVE-2012-0053: Fixed an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400". bnc#738855, CVE-2007-6750: The "mod_reqtimeout" module was backported from Apache 2.2.21 to help mitigate the "Slowloris" Denial of Service attack. You need to enable the "mod_reqtimeout" module in your existing apache configuration to make it effective, e.g. in the APACHE_MODULES line in /etc/sysconfig/apache2. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch apache2-201202-5821 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): apache2-2.2.17-4.13.1 apache2-devel-2.2.17-4.13.1 apache2-example-certificates-2.2.17-4.13.1 apache2-example-pages-2.2.17-4.13.1 apache2-itk-2.2.17-4.13.1 apache2-prefork-2.2.17-4.13.1 apache2-utils-2.2.17-4.13.1 apache2-worker-2.2.17-4.13.1 - openSUSE 11.4 (noarch): apache2-doc-2.2.17-4.13.1 References: http://support.novell.com/security/cve/CVE-2007-6750.html http://support.novell.com/security/cve/CVE-2012-0031.html http://support.novell.com/security/cve/CVE-2012-0053.html https://bugzilla.novell.com/728876 https://bugzilla.novell.com/738855 https://bugzilla.novell.com/741243 https://bugzilla.novell.com/743743 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2012:0309-1: important: java-1_6_0-openjdk: Update to iced tea 1.11.1 b24 security release
by opensuse-security＠opensuse.org 27 Feb '12

27 Feb '12

openSUSE Security Update: java-1_6_0-openjdk: Update to iced tea 1.11.1 b24 security release ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0309-1 Rating: important References: #747208 Cross-References: CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: java-1_6_0-openjdk was updated to the b24 release, fixing multiple security issues: * Security fixes - S7082299, CVE-2011-3571: Fix inAtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass - S7110704, CVE-2012-0506: Issues with some method in corba - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing - S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch java-1_6_0-openjdk-5856 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b24.1.11.1-0.3.2 java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.1-0.3.2 - openSUSE 11.4 (i586): java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.1-0.3.2 java-1_6_0-openjdk-javadoc-1.6.0.0_b24.1.11.1-0.3.2 java-1_6_0-openjdk-src-1.6.0.0_b24.1.11.1-0.3.2 References: http://support.novell.com/security/cve/CVE-2011-3563.html http://support.novell.com/security/cve/CVE-2011-3571.html http://support.novell.com/security/cve/CVE-2011-5035.html http://support.novell.com/security/cve/CVE-2012-0497.html http://support.novell.com/security/cve/CVE-2012-0501.html http://support.novell.com/security/cve/CVE-2012-0502.html http://support.novell.com/security/cve/CVE-2012-0503.html http://support.novell.com/security/cve/CVE-2012-0505.html http://support.novell.com/security/cve/CVE-2012-0506.html https://bugzilla.novell.com/747208 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2012:0308-1: important: Security update for Java 1.6.0
by opensuse-security＠opensuse.org 27 Feb '12

27 Feb '12

SUSE Security Update: Security update for Java 1.6.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0308-1 Rating: important References: #747208 Cross-References: CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 Affected Products: SUSE Linux Enterprise Desktop 11 SP1 FOR SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: java-1_6_0-openjdk was updated to the IcedTea 1.11.1 b24 release, fixing multiple security issues: * S7082299, CVE-2011-3571: Fix inAtomicReferenceArray * S7088367, CVE-2011-3563: Fix issues in java sound * S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method * S7110687, CVE-2012-0503: Issues with TimeZone class * S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass * S7110704, CVE-2012-0506: Issues with some method in corba * S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object * S7118283, CVE-2012-0501: Better input parameter checking in zip file processing * S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server Security Issue references: * CVE-2011-3571 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3571 > * CVE-2011-3563 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3563 > * CVE-2012-0502 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0502 > * CVE-2012-0503 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0503 > * CVE-2012-0505 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0505 > * CVE-2012-0506 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0506 > * CVE-2012-0497 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0497 > * CVE-2012-0501 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0501 > * CVE-2011-5035 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5035 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP1 FOR SP2: zypper in -t patch sledsp1fsp2-java-1_6_0-openjdk-5845 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-java-1_6_0-openjdk-5845 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP1 FOR SP2 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b24.1.11.1-0.3.1 java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.1-0.3.1 java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.1-0.3.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b24.1.11.1-0.3.1 java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.1-0.3.1 java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.1-0.3.1 References: http://support.novell.com/security/cve/CVE-2011-3563.html http://support.novell.com/security/cve/CVE-2011-3571.html http://support.novell.com/security/cve/CVE-2011-5035.html http://support.novell.com/security/cve/CVE-2012-0497.html http://support.novell.com/security/cve/CVE-2012-0501.html http://support.novell.com/security/cve/CVE-2012-0502.html http://support.novell.com/security/cve/CVE-2012-0503.html http://support.novell.com/security/cve/CVE-2012-0505.html http://support.novell.com/security/cve/CVE-2012-0506.html https://bugzilla.novell.com/747208 http://download.novell.com/patch/finder/?keywords=99d51f474667bf40a87309fbd… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2012:0303-1: important: Security update for Mozilla Firefox
by opensuse-security＠opensuse.org 27 Feb '12

27 Feb '12

SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0303-1 Rating: important References: #747320 #747328 Cross-References: CVE-2011-3026 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 FOR SP2 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP1 FOR SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: Mozilla Firefox was updated to 10.0.2 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026), Security Issue reference: * CVE-2011-3026 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026 > Special Instructions and Notes: This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-MozillaFirefox-5838 - SUSE Linux Enterprise Server 11 SP1 FOR SP2: zypper in -t patch slessp1fsp2-MozillaFirefox-5838 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-MozillaFirefox-5838 - SUSE Linux Enterprise Desktop 11 SP1 FOR SP2: zypper in -t patch sledsp1fsp2-MozillaFirefox-5838 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-MozillaFirefox-5838 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 10.0.2]: MozillaFirefox-10.0.2-0.4.1 MozillaFirefox-translations-10.0.2-0.4.1 - SUSE Linux Enterprise Server 11 SP1 FOR SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.2]: MozillaFirefox-10.0.2-0.4.1 MozillaFirefox-translations-10.0.2-0.4.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.2]: MozillaFirefox-10.0.2-0.4.1 MozillaFirefox-translations-10.0.2-0.4.1 - SUSE Linux Enterprise Desktop 11 SP1 FOR SP2 (i586 x86_64) [New Version: 10.0.2]: MozillaFirefox-10.0.2-0.4.1 MozillaFirefox-translations-10.0.2-0.4.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 10.0.2]: MozillaFirefox-10.0.2-0.4.1 MozillaFirefox-translations-10.0.2-0.4.1 References: http://support.novell.com/security/cve/CVE-2011-3026.html https://bugzilla.novell.com/747320 https://bugzilla.novell.com/747328 http://download.novell.com/patch/finder/?keywords=0b3170cde26e23e656224d9bf… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2012:0299-1: critical: Security update for flash-player
by opensuse-security＠opensuse.org 27 Feb '12

27 Feb '12

SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0299-1 Rating: critical References: #747297 Cross-References: CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 CVE-2012-0767 Affected Products: SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. It includes one version update. Description: This version upgrade of flash-player fixes multiple security issues that could potentially be exploited to cause a crash or even execute arbitrary code. The following CVE were assigned: CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 CVE-2012-0767 Security Issue references: * CVE-2012-0752 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0752 > * CVE-2012-0753 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0753 > * CVE-2012-0754 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0754 > * CVE-2012-0755 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0755 > * CVE-2012-0756 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0756 > * CVE-2012-0767 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0767 > Package List: - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 10.3.183.15]: flash-player-10.3.183.15-0.6.1 References: http://support.novell.com/security/cve/CVE-2012-0752.html http://support.novell.com/security/cve/CVE-2012-0753.html http://support.novell.com/security/cve/CVE-2012-0754.html http://support.novell.com/security/cve/CVE-2012-0755.html http://support.novell.com/security/cve/CVE-2012-0756.html http://support.novell.com/security/cve/CVE-2012-0767.html https://bugzilla.novell.com/747297 http://download.novell.com/patch/finder/?keywords=c3d08777a2397ababaa7778f2… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2012:0298-1: important: Security update for Mozilla XULrunner
by opensuse-security＠opensuse.org 27 Feb '12

27 Feb '12

SUSE Security Update: Security update for Mozilla XULrunner ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0298-1 Rating: important References: #747328 Cross-References: CVE-2011-3026 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP1 FOR SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 FOR SP2 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP1 FOR SP2 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes two new package versions. Description: Mozilla XULRunner was updated to 1.9.2.27 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026), Security Issue reference: * CVE-2011-3026 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP1 FOR SP2: zypper in -t patch sdksp1fsp2-mozilla-xulrunner192-5840 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-mozilla-xulrunner192-5840 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-mozilla-xulrunner192-5840 - SUSE Linux Enterprise Server 11 SP1 FOR SP2: zypper in -t patch slessp1fsp2-mozilla-xulrunner192-5840 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-mozilla-xulrunner192-5840 - SUSE Linux Enterprise Desktop 11 SP1 FOR SP2: zypper in -t patch sledsp1fsp2-mozilla-xulrunner192-5840 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-mozilla-xulrunner192-5840 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP1 FOR SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.9.2.27]: mozilla-xulrunner192-devel-1.9.2.27-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 FOR SP2 (ppc64 s390x x86_64) [New Version: 1.9.2.27]: mozilla-xulrunner192-gnome-32bit-1.9.2.27-0.2.1 mozilla-xulrunner192-translations-32bit-1.9.2.27-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 FOR SP2 (ia64) [New Version: 1.9.2.27]: mozilla-xulrunner192-gnome-x86-1.9.2.27-0.2.1 mozilla-xulrunner192-translations-x86-1.9.2.27-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.9.2.27]: mozilla-xulrunner192-devel-1.9.2.27-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64) [New Version: 1.9.2.27]: mozilla-xulrunner192-gnome-32bit-1.9.2.27-0.2.1 mozilla-xulrunner192-translations-32bit-1.9.2.27-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ia64) [New Version: 1.9.2.27]: mozilla-xulrunner192-gnome-x86-1.9.2.27-0.2.1 mozilla-xulrunner192-translations-x86-1.9.2.27-0.2.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 1.9.2.27]: mozilla-xulrunner192-1.9.2.27-0.2.1 mozilla-xulrunner192-gnome-1.9.2.27-0.2.1 mozilla-xulrunner192-translations-1.9.2.27-0.2.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version: 1.9.2.27]: mozilla-xulrunner192-32bit-1.9.2.27-0.2.1 - SUSE Linux Enterprise Server 11 SP1 FOR SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.9.2.27]: mozilla-xulrunner192-1.9.2.27-0.2.1 mozilla-xulrunner192-gnome-1.9.2.27-0.2.1 mozilla-xulrunner192-translations-1.9.2.27-0.2.1 - SUSE Linux Enterprise Server 11 SP1 FOR SP2 (ppc64 s390x x86_64) [New Version: 1.9.2.27]: mozilla-xulrunner192-32bit-1.9.2.27-0.2.1 - SUSE Linux Enterprise Server 11 SP1 FOR SP2 (ia64) [New Version: 1.9.2.27]: mozilla-xulrunner192-x86-1.9.2.27-0.2.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.9.2.27]: mozilla-xulrunner192-1.9.2.27-0.2.1 mozilla-xulrunner192-gnome-1.9.2.27-0.2.1 mozilla-xulrunner192-translations-1.9.2.27-0.2.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64) [New Version: 1.9.2.27]: mozilla-xulrunner192-32bit-1.9.2.27-0.2.1 - SUSE Linux Enterprise Server 11 SP1 (ia64) [New Version: 1.9.2.27]: mozilla-xulrunner192-x86-1.9.2.27-0.2.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 1.9.2.27]: mozilla-xulrunner192-1.9.2.27-0.5.6 mozilla-xulrunner192-gnome-1.9.2.27-0.5.6 mozilla-xulrunner192-translations-1.9.2.27-0.5.6 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x) [New Version: 3.6.27]: MozillaFirefox-3.6.27-0.5.4 MozillaFirefox-translations-3.6.27-0.5.4 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 1.9.2.27]: mozilla-xulrunner192-32bit-1.9.2.27-0.5.6 mozilla-xulrunner192-gnome-32bit-1.9.2.27-0.5.6 mozilla-xulrunner192-translations-32bit-1.9.2.27-0.5.6 - SUSE Linux Enterprise Desktop 11 SP1 FOR SP2 (i586 x86_64) [New Version: 1.9.2.27]: mozilla-xulrunner192-1.9.2.27-0.2.1 mozilla-xulrunner192-gnome-1.9.2.27-0.2.1 mozilla-xulrunner192-translations-1.9.2.27-0.2.1 - SUSE Linux Enterprise Desktop 11 SP1 FOR SP2 (x86_64) [New Version: 1.9.2.27]: mozilla-xulrunner192-32bit-1.9.2.27-0.2.1 mozilla-xulrunner192-gnome-32bit-1.9.2.27-0.2.1 mozilla-xulrunner192-translations-32bit-1.9.2.27-0.2.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 1.9.2.27]: mozilla-xulrunner192-1.9.2.27-0.2.1 mozilla-xulrunner192-gnome-1.9.2.27-0.2.1 mozilla-xulrunner192-translations-1.9.2.27-0.2.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 1.9.2.27]: mozilla-xulrunner192-32bit-1.9.2.27-0.2.1 mozilla-xulrunner192-gnome-32bit-1.9.2.27-0.2.1 mozilla-xulrunner192-translations-32bit-1.9.2.27-0.2.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 1.9.2.27]: mozilla-xulrunner192-1.9.2.27-0.5.6 mozilla-xulrunner192-gnome-1.9.2.27-0.5.6 mozilla-xulrunner192-translations-1.9.2.27-0.5.6 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 1.9.2.27]: mozilla-xulrunner192-32bit-1.9.2.27-0.5.6 mozilla-xulrunner192-gnome-32bit-1.9.2.27-0.5.6 mozilla-xulrunner192-translations-32bit-1.9.2.27-0.5.6 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 3.6.27]: MozillaFirefox-3.6.27-0.5.4 MozillaFirefox-translations-3.6.27-0.5.4 - SLE SDK 10 SP4 (i586 ia64 ppc s390x): MozillaFirefox-branding-upstream-3.6.27-0.5.4 References: http://support.novell.com/security/cve/CVE-2011-3026.html https://bugzilla.novell.com/747328 http://download.novell.com/patch/finder/?keywords=2c23debb2e4e3a09d318252e0… http://download.novell.com/patch/finder/?keywords=4513d87a4d6a69221d7fe51d3… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0