February 2012 - openSUSE Security Announce

[security-announce] openSUSE-SU-2012:0297-1: important: mozilla-xulrunner192: 1.9.2.27
by opensuse-security＠opensuse.org 24 Feb '12

24 Feb '12

openSUSE Security Update: mozilla-xulrunner192: 1.9.2.27 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0297-1 Rating: important References: #747328 Cross-References: CVE-2011-3026 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes 5 new package versions. Description: Mozilla XULRunner was updated to 1.9.2.27 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026), Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch MozillaFirefox-5825 MozillaThunderbird-5826 mozilla-js192-5832 seamonkey-5834 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 1.9.2.27,10.0.2,2.7.2 and 3.1.19]: MozillaFirefox-10.0.2-0.2.1 MozillaFirefox-branding-upstream-10.0.2-0.2.1 MozillaFirefox-buildsymbols-10.0.2-0.2.1 MozillaFirefox-devel-10.0.2-0.2.1 MozillaFirefox-translations-common-10.0.2-0.2.1 MozillaFirefox-translations-other-10.0.2-0.2.1 MozillaThunderbird-3.1.19-0.25.1 MozillaThunderbird-buildsymbols-3.1.19-0.25.1 MozillaThunderbird-devel-3.1.19-0.25.1 MozillaThunderbird-translations-common-3.1.19-0.25.1 MozillaThunderbird-translations-other-3.1.19-0.25.1 enigmail-1.1.2+3.1.19-0.25.1 mozilla-js192-1.9.2.27-0.2.1 mozilla-xulrunner192-1.9.2.27-0.2.1 mozilla-xulrunner192-buildsymbols-1.9.2.27-0.2.1 mozilla-xulrunner192-devel-1.9.2.27-0.2.1 mozilla-xulrunner192-gnome-1.9.2.27-0.2.1 mozilla-xulrunner192-translations-common-1.9.2.27-0.2.1 mozilla-xulrunner192-translations-other-1.9.2.27-0.2.1 seamonkey-2.7.2-0.2.1 seamonkey-dom-inspector-2.7.2-0.2.1 seamonkey-irc-2.7.2-0.2.1 seamonkey-translations-common-2.7.2-0.2.1 seamonkey-translations-other-2.7.2-0.2.1 seamonkey-venkman-2.7.2-0.2.1 - openSUSE 11.4 (x86_64) [New Version: 1.9.2.27]: mozilla-js192-32bit-1.9.2.27-0.2.1 mozilla-xulrunner192-32bit-1.9.2.27-0.2.1 mozilla-xulrunner192-gnome-32bit-1.9.2.27-0.2.1 mozilla-xulrunner192-translations-common-32bit-1.9.2.27-0.2.1 mozilla-xulrunner192-translations-other-32bit-1.9.2.27-0.2.1 References: http://support.novell.com/security/cve/CVE-2011-3026.html https://bugzilla.novell.com/747328 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2012:0122-2: important: Security update for IBM Java 1.4.2
by opensuse-security＠opensuse.org 23 Feb '12

23 Feb '12

SUSE Security Update: Security update for IBM Java 1.4.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0122-2 Rating: important References: #739256 Cross-References: CVE-2011-3389 CVE-2011-3545 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3552 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560 Affected Products: SUSE Linux Enterprise for SAP Applications 11 SP1 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Java 11 SP1 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: IBM Java 1.4.2 SR13 FP11 has been released and contains various security fixes. http://www.ibm.com/developerworks/java/jdk/alerts/ http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> (CVEs fixed: CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3552 CVE-2011-3545 CVE-2011-3556 CVE-2011-3557 CVE-2011-3389 CVE-2011-3560 ) Security Issues: * CVE-2011-3389 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389 > * CVE-2011-3545 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3545 > * CVE-2011-3547 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3547 > * CVE-2011-3548 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3548 > * CVE-2011-3549 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3549 > * CVE-2011-3552 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3552 > * CVE-2011-3556 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3556 > * CVE-2011-3557 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3557 > * CVE-2011-3560 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3560 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise for SAP Applications 11 SP1: zypper in -t patch slesapp1-java-1_4_2-ibm-sap-5734 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-java-1_4_2-ibm-5609 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-java-1_4_2-ibm-5609 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-java-1_4_2-ibm-5609 - SUSE Linux Enterprise Java 11 SP1: zypper in -t patch slejsp1-java-1_4_2-ibm-5609 slejsp1-java-1_4_2-ibm-sap-5734 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise for SAP Applications 11 SP1 (x86_64): java-1_4_2-ibm-sap-1.4.2_sr13.11-0.3.1 java-1_4_2-ibm-sap-devel-1.4.2_sr13.11-0.3.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): java-1_4_2-ibm-devel-1.4.2_sr13.11-0.5.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64): java-1_4_2-ibm-1.4.2_sr13.11-0.5.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): java-1_4_2-ibm-1.4.2_sr13.11-0.5.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.11-0.5.1 java-1_4_2-ibm-plugin-1.4.2_sr13.11-0.5.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.11-0.5.1 - SUSE Linux Enterprise Server 11 SP1 (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.11-0.5.1 java-1_4_2-ibm-plugin-1.4.2_sr13.11-0.5.1 - SUSE Linux Enterprise Java 11 SP1 (i586 ia64 ppc64 s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.11-0.5.1 - SUSE Linux Enterprise Java 11 SP1 (x86_64): java-1_4_2-ibm-sap-1.4.2_sr13.11-0.3.1 java-1_4_2-ibm-sap-devel-1.4.2_sr13.11-0.3.1 - SUSE Linux Enterprise Java 11 SP1 (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.11-0.5.1 java-1_4_2-ibm-plugin-1.4.2_sr13.11-0.5.1 References: http://support.novell.com/security/cve/CVE-2011-3389.html http://support.novell.com/security/cve/CVE-2011-3545.html http://support.novell.com/security/cve/CVE-2011-3547.html http://support.novell.com/security/cve/CVE-2011-3548.html http://support.novell.com/security/cve/CVE-2011-3549.html http://support.novell.com/security/cve/CVE-2011-3552.html http://support.novell.com/security/cve/CVE-2011-3556.html http://support.novell.com/security/cve/CVE-2011-3557.html http://support.novell.com/security/cve/CVE-2011-3560.html https://bugzilla.novell.com/739256 http://download.novell.com/patch/finder/?keywords=77471aa6472b33cde43cae36b… http://download.novell.com/patch/finder/?keywords=c0c632466d75a1ac53d2ceaf2… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2012:0287-1: important: No summary available - BOX
by opensuse-security＠opensuse.org 20 Feb '12

20 Feb '12

openSUSE Security Update: No summary available - BOX ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0287-1 Rating: important References: #742804 Cross-References: CVE-2012-0791 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This version upgrade of horde3-dimp to 4.3.11 fixes several issues (including security related flaws, CVE-2012-0791) and adds new features. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch horde3-dimp-5829 horde3-imp-5830 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (noarch): horde3-dimp-1.1.8-0.3.1 horde3-imp-4.3.11-0.3.1 References: http://support.novell.com/security/cve/CVE-2012-0791.html https://bugzilla.novell.com/742804 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2012:0286-1: important: No summary available - BOX
by opensuse-security＠opensuse.org 20 Feb '12

20 Feb '12

openSUSE Security Update: No summary available - BOX ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0286-1 Rating: important References: #742804 Cross-References: CVE-2012-0909 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This version upgrade of horde3 to 3.3.13 fixes several issues (including a security related flaw, CVE-2012-0909) and adds new features. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch horde3-5831 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (noarch): horde3-3.3.13-0.3.2 References: http://support.novell.com/security/cve/CVE-2012-0909.html https://bugzilla.novell.com/742804 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2012:0284-1: important: Security update for Apache2
by opensuse-security＠opensuse.org 18 Feb '12

18 Feb '12

SUSE Security Update: Security update for Apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0284-1 Rating: important References: #728876 #738067 #738855 #739783 #741243 #741874 #743743 Cross-References: CVE-2007-6750 CVE-2012-0031 CVE-2012-0053 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. It includes one version update. Description: This update of apache2 and libapr1 fixes regressions and several security problems. * CVE-2012-0031: Fixed a scoreboard corruption (shared mem segment) by child causes crash of privileged parent (invalid free()) during shutdown. * CVE-2012-0053: Fixed an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400". * CVE-2007-6750: The "mod_reqtimeout" module was backported from Apache 2.2.21 to help mitigate the "Slowloris" Denial of Service attack. You need to enable the "mod_reqtimeout" module in your existing apache configuration to make it effective, e.g. in the APACHE_MODULES line in /etc/sysconfig/apache2. For more detailed information, check also the README file. Also the following bugs have been fixed: * Fixed init script action "check-reload" to avoid potential crashes. bnc#728876 * An overlapping memcpy() was replaced by memmove() to make this work with newer glibcs. bnc#738067 bnc#741874 * libapr1: reset errno to zero to not return previous value despite good status of new operation. bnc#739783 Security Issue references: * CVE-2007-6750 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750 > * CVE-2012-0031 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031 > * CVE-2012-0053 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053 > Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-apache2-201202-5760 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-apache2-201202-5760 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-apache2-201202-5760 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.2.12]: apache2-devel-2.2.12-1.30.1 libapr1-devel-1.3.3-11.18.19.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64) [New Version: 2.2.12]: apache2-2.2.12-1.30.1 apache2-doc-2.2.12-1.30.1 apache2-example-pages-2.2.12-1.30.1 apache2-prefork-2.2.12-1.30.1 apache2-utils-2.2.12-1.30.1 apache2-worker-2.2.12-1.30.1 libapr1-1.3.3-11.18.19.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64): libapr1-devel-32bit-1.3.3-11.18.19.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 2.2.12]: apache2-2.2.12-1.30.1 apache2-doc-2.2.12-1.30.1 apache2-example-pages-2.2.12-1.30.1 apache2-prefork-2.2.12-1.30.1 apache2-utils-2.2.12-1.30.1 apache2-worker-2.2.12-1.30.1 libapr1-1.3.3-11.18.19.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.2.12]: apache2-2.2.12-1.30.1 apache2-doc-2.2.12-1.30.1 apache2-example-pages-2.2.12-1.30.1 apache2-prefork-2.2.12-1.30.1 apache2-utils-2.2.12-1.30.1 apache2-worker-2.2.12-1.30.1 libapr1-1.3.3-11.18.19.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64): libapr1-32bit-1.3.3-11.18.19.1 References: http://support.novell.com/security/cve/CVE-2007-6750.html http://support.novell.com/security/cve/CVE-2012-0031.html http://support.novell.com/security/cve/CVE-2012-0053.html https://bugzilla.novell.com/728876 https://bugzilla.novell.com/738067 https://bugzilla.novell.com/738855 https://bugzilla.novell.com/739783 https://bugzilla.novell.com/741243 https://bugzilla.novell.com/741874 https://bugzilla.novell.com/743743 http://download.novell.com/patch/finder/?keywords=26fd37ffcda352499111cd00d… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2012:0280-1: critical: Security update for flash-player
by opensuse-security＠opensuse.org 18 Feb '12

18 Feb '12

SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0280-1 Rating: critical References: #747297 Cross-References: CVE-2012-0751 CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 CVE-2012-0767 Affected Products: SUSE Linux Enterprise Desktop 11 SP1 FOR SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. It includes one version update. Description: flash-player was updated to version 11.1.102.62. It fixes lots of security issues, some already exploited in the wild. Details can be found at: https://www.adobe.com/support/security/bulletins/apsb12-03.h tml <https://www.adobe.com/support/security/bulletins/apsb12-03. html> These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update also resolves a universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message (Internet Explorer on Windows only). Security Issue references: * CVE-2012-0751 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0751 > * CVE-2012-0752 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0752 > * CVE-2012-0753 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0753 > * CVE-2012-0754 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0754 > * CVE-2012-0755 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0755 > * CVE-2012-0756 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0756 > * CVE-2012-0767 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0767 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP1 FOR SP2: zypper in -t patch sledsp1fsp2-flash-player-5817 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-flash-player-5817 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP1 FOR SP2 (i586 x86_64) [New Version: 11.1.102.62]: flash-player-11.1.102.62-0.14.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 11.1.102.62]: flash-player-11.1.102.62-0.14.1 References: http://support.novell.com/security/cve/CVE-2012-0751.html http://support.novell.com/security/cve/CVE-2012-0752.html http://support.novell.com/security/cve/CVE-2012-0753.html http://support.novell.com/security/cve/CVE-2012-0754.html http://support.novell.com/security/cve/CVE-2012-0755.html http://support.novell.com/security/cve/CVE-2012-0756.html http://support.novell.com/security/cve/CVE-2012-0767.html https://bugzilla.novell.com/747297 http://download.novell.com/patch/finder/?keywords=e7839de3d618cfe53b47ab455… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2012:0265-1: critical: flash-player to 11.1.102.62
by opensuse-security＠opensuse.org 17 Feb '12

17 Feb '12

openSUSE Security Update: flash-player to 11.1.102.62 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0265-1 Rating: critical References: #747297 Cross-References: CVE-2012-0751 CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 CVE-2012-0767 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. It includes one version update. Description: flash-player was updated to the security update to 11.1.102.62. It fixes lots of security issues, some already exploited in the wild. Details can be found on: https://www.adobe.com/support/security/bulletins/apsb12-03.h tml These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update also resolves a universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message (Internet Explorer on Windows only). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch flash-player-5812 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 11.1.102.62]: flash-player-11.1.102.62-0.7.1 References: http://support.novell.com/security/cve/CVE-2012-0751.html http://support.novell.com/security/cve/CVE-2012-0752.html http://support.novell.com/security/cve/CVE-2012-0753.html http://support.novell.com/security/cve/CVE-2012-0754.html http://support.novell.com/security/cve/CVE-2012-0755.html http://support.novell.com/security/cve/CVE-2012-0756.html http://support.novell.com/security/cve/CVE-2012-0767.html https://bugzilla.novell.com/747297 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2012:0261-1: critical: Security update for Mozilla Firefox
by opensuse-security＠opensuse.org 16 Feb '12

16 Feb '12

SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0261-1 Rating: critical References: #744625 #744629 #746616 Cross-References: CVE-2012-0452 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 FOR SP2 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP1 FOR SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. It includes one version update. Description: MozillaFirefox was updated to 10.0.1 to fix critical bugs and security issue. The following security issue has been fixed: CVE-2012-0452: Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable. Firefox 9 and earlier are not affected by this vulnerability. https://www.mozilla.org/security/announce/2012/mfsa2012-10.h tml <https://www.mozilla.org/security/announce/2012/mfsa2012-10. html> Security Issues: * CVE-2012-0452 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0452 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-MozillaFirefox-5807 - SUSE Linux Enterprise Server 11 SP1 FOR SP2: zypper in -t patch slessp1fsp2-MozillaFirefox-5807 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-MozillaFirefox-5807 - SUSE Linux Enterprise Desktop 11 SP1 FOR SP2: zypper in -t patch sledsp1fsp2-MozillaFirefox-5807 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-MozillaFirefox-5807 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 10.0.1]: MozillaFirefox-10.0.1-0.4.1 MozillaFirefox-translations-10.0.1-0.4.1 - SUSE Linux Enterprise Server 11 SP1 FOR SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.1]: MozillaFirefox-10.0.1-0.4.1 MozillaFirefox-translations-10.0.1-0.4.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.1]: MozillaFirefox-10.0.1-0.4.1 MozillaFirefox-translations-10.0.1-0.4.1 - SUSE Linux Enterprise Desktop 11 SP1 FOR SP2 (i586 x86_64) [New Version: 10.0.1]: MozillaFirefox-10.0.1-0.4.1 MozillaFirefox-translations-10.0.1-0.4.1 mhtml-firefox-0.5-1.47.47.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 10.0.1]: MozillaFirefox-10.0.1-0.4.1 MozillaFirefox-translations-10.0.1-0.4.1 mhtml-firefox-0.5-1.47.47.1 References: http://support.novell.com/security/cve/CVE-2012-0452.html https://bugzilla.novell.com/744625 https://bugzilla.novell.com/744629 https://bugzilla.novell.com/746616 http://download.novell.com/patch/finder/?keywords=0727d8a4f41b1fef19dc1e8e9… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2012:0258-1: critical: MozillaFirefox to 10.0.1
by opensuse-security＠opensuse.org 14 Feb '12

14 Feb '12

openSUSE Security Update: MozillaFirefox to 10.0.1 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0258-1 Rating: critical References: #746616 Cross-References: CVE-2012-0452 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes two new package versions. Description: MozillaFirefox was updated to 10.0.1 to fix critical bugs and security issue. Following security issue was fixed: CVE-2012-0452: Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable. Firefox 9 and earlier are not affected by this vulnerability. https://www.mozilla.org/security/announce/2012/mfsa2012-10.h tml Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch MozillaFirefox-5799 seamonkey-5804 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 10.0.1 and 2.7.1]: MozillaFirefox-10.0.1-0.2.1 MozillaFirefox-branding-upstream-10.0.1-0.2.1 MozillaFirefox-buildsymbols-10.0.1-0.2.1 MozillaFirefox-devel-10.0.1-0.2.1 MozillaFirefox-translations-common-10.0.1-0.2.1 MozillaFirefox-translations-other-10.0.1-0.2.1 seamonkey-2.7.1-0.2.1 seamonkey-dom-inspector-2.7.1-0.2.1 seamonkey-irc-2.7.1-0.2.1 seamonkey-translations-common-2.7.1-0.2.1 seamonkey-translations-other-2.7.1-0.2.1 seamonkey-venkman-2.7.1-0.2.1 References: http://support.novell.com/security/cve/CVE-2012-0452.html https://bugzilla.novell.com/746616 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2012:0237-1: important: VUL-0: nginx: heap overflow
by opensuse-security＠opensuse.org 09 Feb '12

09 Feb '12

openSUSE Security Update: VUL-0: nginx: heap overflow ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0237-1 Rating: important References: #731084 Cross-References: CVE-2011-4315 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A flaw in the custom DNS resolver of nginx could lead to a heap based buffer overflow which could potentially allow attackers to execute arbitrary code or to cause a Denial of Service (bnc#731084, CVE-2011-4315). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch nginx-0.8-5467 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): nginx-0.8-0.8.53-4.9.1 References: http://support.novell.com/security/cve/CVE-2011-4315.html https://bugzilla.novell.com/731084 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0