openSUSE Security Update: java-1_7_0-openjdk: update to icedtea-2.3.4
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:0199-1
Rating: critical
References: #792951 #798324 #798521
Cross-References: CVE-2012-3174 CVE-2013-0422
Affected Products:
openSUSE 12.2
______________________________________________________________________________
An update that solves two vulnerabilities and has one
errata is now available.
Description:
java-1_7_0-openjdk was updated to icedtea-2.3.4 fixing bugs
and also severe security issues:
* Security fixes
- S8004933, CVE-2012-3174: Improve MethodHandle
interaction with libraries
- S8006017, CVE-2013-0422: Improve lookup resolutions
- S8006125: Update MethodHandles library interactions
* Bug fixes
- S7197906: BlockOffsetArray::power_to_cards_back() needs
to handle > 32 bit shifts
- G422525: Fix building with PaX enabled kernels.
- use gpg-offline to check the validity of icedtea tarball
- use jamvm on %arm
- use icedtea package name instead of protected openjdk for
jamvm builds
- fix armv5 build
- update to java access bridge 1.26.2
* bugfix release, mainly 64bit JNI and JVM support
- fix a segfault in AWT code - (bnc#792951)
* add openjdk-7-src-b147-awt-crasher.patch
- turn pulseaudio off on pre 11.4 distros
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.2:
zypper in -t patch openSUSE-2013-47
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.2 (i586 x86_64):
java-1_7_0-openjdk-1.7.0.6-3.20.1
java-1_7_0-openjdk-debuginfo-1.7.0.6-3.20.1
java-1_7_0-openjdk-debugsource-1.7.0.6-3.20.1
java-1_7_0-openjdk-demo-1.7.0.6-3.20.1
java-1_7_0-openjdk-demo-debuginfo-1.7.0.6-3.20.1
java-1_7_0-openjdk-devel-1.7.0.6-3.20.1
java-1_7_0-openjdk-devel-debuginfo-1.7.0.6-3.20.1
java-1_7_0-openjdk-javadoc-1.7.0.6-3.20.1
java-1_7_0-openjdk-src-1.7.0.6-3.20.1
References:
http://support.novell.com/security/cve/CVE-2012-3174.htmlhttp://support.novell.com/security/cve/CVE-2013-0422.htmlhttps://bugzilla.novell.com/792951https://bugzilla.novell.com/798324https://bugzilla.novell.com/798521
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for pcp
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:0190-1
Rating: important
References: #732763 #775009 #775010 #775011 #775013 #782967
Cross-References: CVE-2012-3418 CVE-2012-3419 CVE-2012-3420
CVE-2012-3421
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 10 SP4
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 10 SP4
SLE SDK 10 SP4
______________________________________________________________________________
An update that solves four vulnerabilities and has two
fixes is now available. It includes two new package
versions.
Description:
pcp was updated to version 3.6.10 which fixes security
issues and also brings a lot of new features.
*
Update to pcp-3.6.10.
o Transition daemons to run under an unprivileged
account. o Fixes for security advisory CVE-2012-5530:
tmpfile flaws; (bnc#782967). o Fix pcp(1) command
short-form pmlogger reporting. o Fix pmdalogger error
handling for directory files. o Fix pmstat handling of odd
corner case in CPU metrics. o Correct the python ctype used
for pmAtomValue 32bit ints. o Add missing RPM spec
dependency for python-ctypes. o Corrections to pmdamysql
metrics units. o Add pmdamysql slave status metrics. o
Improve pmcollectl error messages. o Parameterize
pmcollectl CPU counts in interrupt subsys. o Fix generic
RPM packaging for powerpc builds. o Fix python API use of
reentrant libpcp string routines. o Python code backporting
for RHEL5 in qa and pmcollectl. o Fix edge cases in
capturing interrupt error counts.
*
Update to pcp-3.6.9.
o Python wrapper for the pmimport API o Make
sar2pcp work with the sysstat versions from RHEL5, RHEL6,
and all recent Fedora versions (which is almost all current
versions of sysstat verified). o Added a number of
additional metrics into the importer for people starting to
use it to analyse sar data from real customer incidents. o
Rework use of C99 "restrict" keyword in pmdalogger (Debian
bug: 689552) o Alot of work on the PCP QA suite, special
thanks to Tomas Dohnalek for all his efforts there. o Win32
build updates o Add "raw" disk active metrics so that
existing tools like iostat can be emulated o Allow sar2pcp
to accept XML input directly (.xml suffix), allowing it to
not have to run on the same platform as the sadc/sadf that
originally generated it. o Add PMI error codes into the
PCP::LogImport perl module. o Fix a typo in pmiUnits man
page synopsis section o Resolve pmdalinux ordering issue in
NUMA/CPU indom setup (Redhat bug: 858384) o Remove unused
pmcollectl imports (Redhat bug: 863210) o Allow event
traces to be used in libpcp interpolate mode
*
Update to pcp-3.6.8.
o Corrects the disk/partition identification for
the MMC driver, which makes disk indom handling correct on
the Raspberry Pi (http://www.raspberrypi.org/) o Several
minor/basic fixes for pmdaoracle. o Improve pmcollectl
compatibility. o Make a few clarifications to pmcollectl.1.
o Improve python API test coverage. o Numerous updates to
the test suite in general. o Allow pmda Install scripts to
specify own dso name again. o Reconcile spec file
differences between PCP flavours. o Fix handling of
multiple contexts with a remote namespace. o Core socket
interface abstractions to support NSS (later). o Fix man
page SYNOPSIS section for pmUnpackEventRecords. o Add
--disable-shared build option for static builds.
*
Update to pcp-3.6.6.
o Added the python PMAPI bindings and an initial
python client in pmcollectl. Separate, new package exists
for python libs for those platforms that split out packages
(rpm, deb). o Added a pcp-testsuite package for those
platforms that might want this (rpm, deb again, mainly) o
Re-introduced the pcp/qa subdirectory in pcp and deprecated
the external pcpqa git tree. o Fix potential buffer
overflow in pmlogger host name handling. o Reworked the
configure --prefix handling to be more like the rest of the
open source world. o Ensure the __pmDecodeText ident
parameter is always set Resolves Red Hat bugzilla bug
#841306.
Security Issue references:
* CVE-2012-3418
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3418
>
* CVE-2012-3419
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3419
>
* CVE-2012-3420
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3420
>
* CVE-2012-3421
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3421
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP2:
zypper in -t patch sdksp2-libpcp3-7221
- SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-libpcp3-7221
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-libpcp3-7221
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-libpcp3-7221
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.6.10]:
libpcp3-3.6.10-0.3.1
pcp-3.6.10-0.3.1
pcp-devel-3.6.10-0.3.1
pcp-import-iostat2pcp-3.6.10-0.3.1
pcp-import-mrtg2pcp-3.6.10-0.3.1
pcp-import-sar2pcp-3.6.10-0.3.1
pcp-import-sheet2pcp-3.6.10-0.3.1
perl-PCP-LogImport-3.6.10-0.3.1
perl-PCP-LogSummary-3.6.10-0.3.1
perl-PCP-MMV-3.6.10-0.3.1
perl-PCP-PMDA-3.6.10-0.3.1
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 2013.1.7]:
permissions-2013.1.7-0.3.1
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2013.1.7]:
permissions-2013.1.7-0.3.1
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 2013.1.7 and 3.6.10]:
libpcp3-3.6.10-0.5.1
pcp-3.6.10-0.5.1
pcp-import-iostat2pcp-3.6.10-0.5.1
pcp-import-mrtg2pcp-3.6.10-0.5.1
pcp-import-sar2pcp-3.6.10-0.5.1
pcp-import-sheet2pcp-3.6.10-0.5.1
perl-PCP-LogImport-3.6.10-0.5.1
perl-PCP-LogSummary-3.6.10-0.5.1
perl-PCP-MMV-3.6.10-0.5.1
perl-PCP-PMDA-3.6.10-0.5.1
permissions-2013.1.7-0.5.1
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 2013.1.7]:
permissions-2013.1.7-0.3.1
- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 2013.1.7]:
permissions-2013.1.7-0.5.1
- SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.6.10]:
libpcp3-3.6.10-0.5.1
pcp-3.6.10-0.5.1
pcp-devel-3.6.10-0.5.1
pcp-import-iostat2pcp-3.6.10-0.5.1
pcp-import-mrtg2pcp-3.6.10-0.5.1
pcp-import-sar2pcp-3.6.10-0.5.1
pcp-import-sheet2pcp-3.6.10-0.5.1
perl-PCP-LogImport-3.6.10-0.5.1
perl-PCP-LogSummary-3.6.10-0.5.1
perl-PCP-MMV-3.6.10-0.5.1
perl-PCP-PMDA-3.6.10-0.5.1
References:
http://support.novell.com/security/cve/CVE-2012-3418.htmlhttp://support.novell.com/security/cve/CVE-2012-3419.htmlhttp://support.novell.com/security/cve/CVE-2012-3420.htmlhttp://support.novell.com/security/cve/CVE-2012-3421.htmlhttps://bugzilla.novell.com/732763https://bugzilla.novell.com/775009https://bugzilla.novell.com/775010https://bugzilla.novell.com/775011https://bugzilla.novell.com/775013https://bugzilla.novell.com/782967http://download.novell.com/patch/finder/?keywords=51012200090dff3a8a3a0cbca…http://download.novell.com/patch/finder/?keywords=86d59a2714828a99a56a3fdba…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: libxml2: fixed buffer overflow during decoding entities
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:0178-1
Rating: important
References: #793334
Cross-References: CVE-2012-5134
Affected Products:
openSUSE 11.4/standard/i586/patchinfo.30
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
A Heap-based buffer underflow in the
xmlParseAttValueComplex function in parser.c in libxml2
allowed remote attackers to cause a denial of service or
possibly execute arbitrary code via crafted entities in an
XML document.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4/standard/i586/patchinfo.30:
zypper in -t patch 2012-19
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4/standard/i586/patchinfo.30 (i586 x86_64):
libxml2-2.7.8-37.1
libxml2-debuginfo-2.7.8-37.1
libxml2-debugsource-2.7.8-37.1
libxml2-devel-2.7.8-37.1
- openSUSE 11.4/standard/i586/patchinfo.30 (x86_64):
libxml2-32bit-2.7.8-37.1
libxml2-debuginfo-32bit-2.7.8-37.1
libxml2-devel-32bit-2.7.8-37.1
- openSUSE 11.4/standard/i586/patchinfo.30 (noarch):
libxml2-doc-2.7.8-37.1
- openSUSE 11.4/standard/i586/patchinfo.30 (ia64):
libxml2-debuginfo-x86-2.7.8-37.1
libxml2-x86-2.7.8-37.1
References:
http://support.novell.com/security/cve/CVE-2012-5134.htmlhttps://bugzilla.novell.com/793334
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: update for bogofilter
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:0166-1
Rating: important
References: #792939
Cross-References: CVE-2010-2494
Affected Products:
openSUSE 11.4/standard/i586/patchinfo.28
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
- Update to version 1.2.3.
* Update configure.ac to avoid autoconf 2.68 warnings, by
(a) quoting the first AC_RUN_IFELSE argument, an
AC_LANG_PROGRAM(), with [ ], and (b) providing an
explicit "true" assumption for Berkeley DB capabilities
to avoid cross-compilation warnings.
* Security bugfix; (bnc#792939), Fix a heap corruption in
base64 decoder on invalid input.
http://bogofilter.sourceforge.net/security/bogofilter-SA-201
2-01
* Added bogofilter-faq-bg.html, a Bulgarian translation
of the FAQ.
* Mark "Berkeley DB 5.1.19: (August 27, 2010)" supported.
- Update to version 1.2.2.
* Use a better PRNG for random sleeps. That is
arc4random() where available, and drand48() elsewhere.
* Assorted fixes for issues found with clang analyzer:
+ Fix a potential NULL deference
+ Fix a potential division by zero
+ Remove dead assignments and increments
* Update Doxyfile and source contrib/bogogrep.c for docs,
too.
* Security bugfix, CVE-2010-2494: Fix a heap corruption
in base64 decoder on invalid input. Analysis and patch
by Julius Plenz <plenz(a)cis.fu-berlin.de>de>. Please
see doc/bogofilter-SA-2010-01 for details.
* Updated sendmail milter contrib/bogofilter-milter.pl to
v1.??????
* Bump supported/minimum SQLite3 versions and warning
threshold. See doc/README.sqlite for details.
* Mark BerkeleyDB 4.8.26 and 5.0.21 supported.
* Make t.maint more robust; ignore .ENCODING token. To
fix test failures on, for instance, FreeBSD with
unicode enabled.
* Fix several compiler warnings "array subscript has type
'char'", by casting the arguments to unsigned char.
* Split error messages for ENOENT and EINVAL into new
function.
* Avoid divison by zero in robx computation by checking
if there are at least one ham message and one spam
message registered.
* contrib/spamitarium.pl updated to version 0.4.0
* Updated and integrated Ted Phelps's "Patch to prevent
.ENCODING from being discarded by bogoutil -m"
(SourceForge Patch #1743984).
- remove call to suse_update_config (very old work around)
- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4/standard/i586/patchinfo.28:
zypper in -t patch 2012-21
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4/standard/i586/patchinfo.28 (i586 x86_64):
bogofilter-1.2.3-12.1
bogofilter-debuginfo-1.2.3-12.1
bogofilter-debugsource-1.2.3-12.1
References:
http://support.novell.com/security/cve/CVE-2010-2494.htmlhttps://bugzilla.novell.com/792939
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: mariadb to 5.1.66
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:0156-1
Rating: important
References: #779476 #792444
Cross-References: CVE-2012-4414 CVE-2012-5611
Affected Products:
openSUSE 11.4/standard/i586/patchinfo.37
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
MariaDB was updated to 5.1.66:
https://kb.askmonty.org/en/mariadb-5166-release-notes/https://kb.askmonty.org/en/mariadb-5166-changelog/
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4/standard/i586/patchinfo.37:
zypper in -t patch 2013-2
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4/standard/i586/patchinfo.37 (i586 x86_64):
libmariadbclient16-5.1.66-42.1
libmariadbclient16-debuginfo-5.1.66-42.1
libmariadbclient_r16-5.1.66-42.1
libmariadbclient_r16-debuginfo-5.1.66-42.1
mariadb-5.1.66-42.1
mariadb-bench-5.1.66-42.1
mariadb-bench-debuginfo-5.1.66-42.1
mariadb-client-5.1.66-42.1
mariadb-client-debuginfo-5.1.66-42.1
mariadb-debug-5.1.66-42.1
mariadb-debug-debuginfo-5.1.66-42.1
mariadb-debuginfo-5.1.66-42.1
mariadb-debugsource-5.1.66-42.1
mariadb-test-5.1.66-42.1
mariadb-test-debuginfo-5.1.66-42.1
mariadb-tools-5.1.66-42.1
mariadb-tools-debuginfo-5.1.66-42.1
References:
http://support.novell.com/security/cve/CVE-2012-4414.htmlhttp://support.novell.com/security/cve/CVE-2012-5611.htmlhttps://bugzilla.novell.com/779476https://bugzilla.novell.com/792444
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: update for libotr
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:0155-1
Rating: important
References: #789190
Cross-References: CVE-2012-3461
Affected Products:
openSUSE 11.4/standard/i586/patchinfo.12
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update of libotr fixed multiple buffer overflows.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4/standard/i586/patchinfo.12:
zypper in -t patch 2012-8
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4/standard/i586/patchinfo.12 (i586 x86_64):
libotr-debugsource-3.2.1-11.1
libotr-devel-3.2.1-11.1
libotr-tools-3.2.1-11.1
libotr-tools-debuginfo-3.2.1-11.1
libotr2-3.2.1-11.1
libotr2-debuginfo-3.2.1-11.1
References:
http://support.novell.com/security/cve/CVE-2012-3461.htmlhttps://bugzilla.novell.com/789190
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: weechat
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:0150-1
Rating: important
References: #789146 #790217
Cross-References: CVE-2012-5534 CVE-2012-5854
Affected Products:
openSUSE 11.4/standard/i586/patchinfo.15
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
- added weechat-fix-hook_process-shell-injection.patch
which fixes a shell injection vulnerability in the
hook_process function (bnc#790217, CVE-2012-5534)
- added
weechat-fix-buffer-overflow-in-irc-color-decoding.patch
which fixes a heap-based overflow when decoding IRC
colors in strings (bnc#789146, CVE-2012-5854)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4/standard/i586/patchinfo.15:
zypper in -t patch 2012-9
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4/standard/i586/patchinfo.15 (i586 x86_64):
weechat-0.3.3-7.1
weechat-aspell-0.3.3-7.1
weechat-aspell-debuginfo-0.3.3-7.1
weechat-debuginfo-0.3.3-7.1
weechat-debugsource-0.3.3-7.1
weechat-devel-0.3.3-7.1
weechat-lua-0.3.3-7.1
weechat-lua-debuginfo-0.3.3-7.1
weechat-perl-0.3.3-7.1
weechat-perl-debuginfo-0.3.3-7.1
weechat-python-0.3.3-7.1
weechat-python-debuginfo-0.3.3-7.1
weechat-ruby-0.3.3-7.1
weechat-ruby-debuginfo-0.3.3-7.1
weechat-tcl-0.3.3-7.1
weechat-tcl-debuginfo-0.3.3-7.1
- openSUSE 11.4/standard/i586/patchinfo.15 (noarch):
weechat-lang-0.3.3-7.1
References:
http://support.novell.com/security/cve/CVE-2012-5534.htmlhttp://support.novell.com/security/cve/CVE-2012-5854.htmlhttps://bugzilla.novell.com/789146https://bugzilla.novell.com/790217
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Mozilla Januarys
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:0149-1
Rating: important
References: #796628
Cross-References: CVE-2012-5829 CVE-2013-0743 CVE-2013-0744
CVE-2013-0745 CVE-2013-0746 CVE-2013-0747
CVE-2013-0748 CVE-2013-0749 CVE-2013-0750
CVE-2013-0751 CVE-2013-0752 CVE-2013-0753
CVE-2013-0754 CVE-2013-0755 CVE-2013-0756
CVE-2013-0757 CVE-2013-0758 CVE-2013-0759
CVE-2013-0760 CVE-2013-0761 CVE-2013-0762
CVE-2013-0763 CVE-2013-0764 CVE-2013-0766
CVE-2013-0767 CVE-2013-0768 CVE-2013-0769
CVE-2013-0770 CVE-2013-0771
Affected Products:
openSUSE 12.2
openSUSE 12.1
______________________________________________________________________________
An update that fixes 29 vulnerabilities is now available.
Description:
The Mozilla January 8th 2013 security release contains
updates:
Mozilla Firefox was updated to version 18.0. Mozilla
Seamonkey was updated to version 2.15. Mozilla Thunderbird
was updated to version 17.0.2. Mozilla XULRunner was
updated to version 17.0.2.
* MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
Miscellaneous memory safety hazards
* MFSA
2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0
767
CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
Use-after-free and buffer overflow issues found using
Address Sanitizer
* MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow
in Canvas
* MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in
addressbar during page loads
* MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free
when displaying table with many columns and column groups
* MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are
shared across iframes
* MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to
handling of SSL on threads
* MFSA 2013-08/CVE-2013-0745 (bmo#794158)
AutoWrapperChanger fails to keep objects alive during
garbage collection
* MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment
mismatch with quickstubs returned values
* MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event
manipulation in plugin handler to bypass same-origin
policy
* MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space
layout leaked in XBL objects
* MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow
in Javascript string concatenation
* MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption
in XBL with XML bindings containing SVG
* MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object
Wrapper (COW) bypass through changing prototype
* MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege
escalation through plugin objects
* MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in
serializeToStream
* MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in
ListenerManager
* MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in
Vibrate
* MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in
Javascript Proxy objects
Mozilla NSPR was updated to 4.9.4, containing some small
bugfixes and new features.
Mozilla NSS was updated to 3.14.1 containing various new
features, security fix and bugfixes:
* MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)
revoke mis-issued intermediate certificates from TURKTRUST
Cryptographic changes done:
* Support for TLS 1.1 (RFC 4346)
* Experimental support for DTLS 1.0 (RFC 4347) and
DTLS-SRTP (RFC 5764)
* Support for AES-CTR, AES-CTS, and AES-GCM
* Support for Keying Material Exporters for TLS (RFC 5705)
* Support for certificate signatures using the MD5 hash
algorithm is now disabled by default
* The NSS license has changed to MPL 2.0. Previous releases
were released under a MPL 1.1/GPL 2.0/LGPL 2.1
tri-license. For more information about MPL 2.0, please
see http://www.mozilla.org/MPL/2.0/FAQ.html. For an
additional explanation on GPL/LGPL compatibility, see
security/nss/COPYING in the source code.
* Export and DES cipher suites are disabled by default.
Non-ECC AES and Triple DES cipher suites are enabled by
default
Please see http://www.mozilla.org/security/announce/ for
more information.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.2:
zypper in -t patch openSUSE-2013-17
- openSUSE 12.1:
zypper in -t patch openSUSE-2013-17
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.2 (i586 x86_64):
MozillaFirefox-18.0-2.29.2
MozillaFirefox-branding-upstream-18.0-2.29.2
MozillaFirefox-buildsymbols-18.0-2.29.2
MozillaFirefox-debuginfo-18.0-2.29.2
MozillaFirefox-debugsource-18.0-2.29.2
MozillaFirefox-devel-18.0-2.29.2
MozillaFirefox-translations-common-18.0-2.29.2
MozillaFirefox-translations-other-18.0-2.29.2
MozillaThunderbird-17.0.2-49.27.2
MozillaThunderbird-buildsymbols-17.0.2-49.27.2
MozillaThunderbird-debuginfo-17.0.2-49.27.2
MozillaThunderbird-debugsource-17.0.2-49.27.2
MozillaThunderbird-devel-17.0.2-49.27.2
MozillaThunderbird-devel-debuginfo-17.0.2-49.27.2
MozillaThunderbird-translations-common-17.0.2-49.27.2
MozillaThunderbird-translations-other-17.0.2-49.27.2
enigmail-1.5.0+17.0.2-49.27.2
enigmail-debuginfo-1.5.0+17.0.2-49.27.2
libfreebl3-3.14.1-2.11.2
libfreebl3-debuginfo-3.14.1-2.11.2
libsoftokn3-3.14.1-2.11.2
libsoftokn3-debuginfo-3.14.1-2.11.2
mozilla-js-17.0.2-2.26.1
mozilla-js-debuginfo-17.0.2-2.26.1
mozilla-nspr-4.9.4-1.8.1
mozilla-nspr-debuginfo-4.9.4-1.8.1
mozilla-nspr-debugsource-4.9.4-1.8.1
mozilla-nspr-devel-4.9.4-1.8.1
mozilla-nss-3.14.1-2.11.2
mozilla-nss-certs-3.14.1-2.11.2
mozilla-nss-certs-debuginfo-3.14.1-2.11.2
mozilla-nss-debuginfo-3.14.1-2.11.2
mozilla-nss-debugsource-3.14.1-2.11.2
mozilla-nss-devel-3.14.1-2.11.2
mozilla-nss-sysinit-3.14.1-2.11.2
mozilla-nss-sysinit-debuginfo-3.14.1-2.11.2
mozilla-nss-tools-3.14.1-2.11.2
mozilla-nss-tools-debuginfo-3.14.1-2.11.2
seamonkey-2.15-2.30.1
seamonkey-debuginfo-2.15-2.30.1
seamonkey-debugsource-2.15-2.30.1
seamonkey-dom-inspector-2.15-2.30.1
seamonkey-irc-2.15-2.30.1
seamonkey-translations-common-2.15-2.30.1
seamonkey-translations-other-2.15-2.30.1
seamonkey-venkman-2.15-2.30.1
xulrunner-17.0.2-2.26.1
xulrunner-buildsymbols-17.0.2-2.26.1
xulrunner-debuginfo-17.0.2-2.26.1
xulrunner-debugsource-17.0.2-2.26.1
xulrunner-devel-17.0.2-2.26.1
xulrunner-devel-debuginfo-17.0.2-2.26.1
- openSUSE 12.2 (x86_64):
libfreebl3-32bit-3.14.1-2.11.2
libfreebl3-debuginfo-32bit-3.14.1-2.11.2
libsoftokn3-32bit-3.14.1-2.11.2
libsoftokn3-debuginfo-32bit-3.14.1-2.11.2
mozilla-js-32bit-17.0.2-2.26.1
mozilla-js-debuginfo-32bit-17.0.2-2.26.1
mozilla-nspr-32bit-4.9.4-1.8.1
mozilla-nspr-debuginfo-32bit-4.9.4-1.8.1
mozilla-nss-32bit-3.14.1-2.11.2
mozilla-nss-certs-32bit-3.14.1-2.11.2
mozilla-nss-certs-debuginfo-32bit-3.14.1-2.11.2
mozilla-nss-debuginfo-32bit-3.14.1-2.11.2
mozilla-nss-sysinit-32bit-3.14.1-2.11.2
mozilla-nss-sysinit-debuginfo-32bit-3.14.1-2.11.2
xulrunner-32bit-17.0.2-2.26.1
xulrunner-debuginfo-32bit-17.0.2-2.26.1
- openSUSE 12.1 (i586 x86_64):
MozillaFirefox-18.0-2.58.2
MozillaFirefox-branding-upstream-18.0-2.58.2
MozillaFirefox-buildsymbols-18.0-2.58.2
MozillaFirefox-debuginfo-18.0-2.58.2
MozillaFirefox-debugsource-18.0-2.58.2
MozillaFirefox-devel-18.0-2.58.2
MozillaFirefox-translations-common-18.0-2.58.2
MozillaFirefox-translations-other-18.0-2.58.2
MozillaThunderbird-17.0.2-33.47.2
MozillaThunderbird-buildsymbols-17.0.2-33.47.2
MozillaThunderbird-debuginfo-17.0.2-33.47.2
MozillaThunderbird-debugsource-17.0.2-33.47.2
MozillaThunderbird-devel-17.0.2-33.47.2
MozillaThunderbird-devel-debuginfo-17.0.2-33.47.2
MozillaThunderbird-translations-common-17.0.2-33.47.2
MozillaThunderbird-translations-other-17.0.2-33.47.2
enigmail-1.5.0+17.0.2-33.47.2
enigmail-debuginfo-1.5.0+17.0.2-33.47.2
libfreebl3-3.14.1-9.21.3
libfreebl3-debuginfo-3.14.1-9.21.3
libsoftokn3-3.14.1-9.21.3
libsoftokn3-debuginfo-3.14.1-9.21.3
mozilla-js-17.0.2-2.53.1
mozilla-js-debuginfo-17.0.2-2.53.1
mozilla-nspr-4.9.4-3.11.1
mozilla-nspr-debuginfo-4.9.4-3.11.1
mozilla-nspr-debugsource-4.9.4-3.11.1
mozilla-nspr-devel-4.9.4-3.11.1
mozilla-nss-3.14.1-9.21.3
mozilla-nss-certs-3.14.1-9.21.3
mozilla-nss-certs-debuginfo-3.14.1-9.21.3
mozilla-nss-debuginfo-3.14.1-9.21.3
mozilla-nss-debugsource-3.14.1-9.21.3
mozilla-nss-devel-3.14.1-9.21.3
mozilla-nss-sysinit-3.14.1-9.21.3
mozilla-nss-sysinit-debuginfo-3.14.1-9.21.3
mozilla-nss-tools-3.14.1-9.21.3
mozilla-nss-tools-debuginfo-3.14.1-9.21.3
seamonkey-2.15-2.49.1
seamonkey-debuginfo-2.15-2.49.1
seamonkey-debugsource-2.15-2.49.1
seamonkey-dom-inspector-2.15-2.49.1
seamonkey-irc-2.15-2.49.1
seamonkey-translations-common-2.15-2.49.1
seamonkey-translations-other-2.15-2.49.1
seamonkey-venkman-2.15-2.49.1
xulrunner-17.0.2-2.53.1
xulrunner-buildsymbols-17.0.2-2.53.1
xulrunner-debuginfo-17.0.2-2.53.1
xulrunner-debugsource-17.0.2-2.53.1
xulrunner-devel-17.0.2-2.53.1
xulrunner-devel-debuginfo-17.0.2-2.53.1
- openSUSE 12.1 (x86_64):
libfreebl3-32bit-3.14.1-9.21.3
libfreebl3-debuginfo-32bit-3.14.1-9.21.3
libsoftokn3-32bit-3.14.1-9.21.3
libsoftokn3-debuginfo-32bit-3.14.1-9.21.3
mozilla-js-32bit-17.0.2-2.53.1
mozilla-js-debuginfo-32bit-17.0.2-2.53.1
mozilla-nspr-32bit-4.9.4-3.11.1
mozilla-nspr-debuginfo-32bit-4.9.4-3.11.1
mozilla-nss-32bit-3.14.1-9.21.3
mozilla-nss-certs-32bit-3.14.1-9.21.3
mozilla-nss-certs-debuginfo-32bit-3.14.1-9.21.3
mozilla-nss-debuginfo-32bit-3.14.1-9.21.3
mozilla-nss-sysinit-32bit-3.14.1-9.21.3
mozilla-nss-sysinit-debuginfo-32bit-3.14.1-9.21.3
xulrunner-32bit-17.0.2-2.53.1
xulrunner-debuginfo-32bit-17.0.2-2.53.1
- openSUSE 12.1 (ia64):
libfreebl3-debuginfo-x86-3.14.1-9.21.3
libfreebl3-x86-3.14.1-9.21.3
libsoftokn3-debuginfo-x86-3.14.1-9.21.3
libsoftokn3-x86-3.14.1-9.21.3
mozilla-js-debuginfo-x86-17.0.2-2.53.1
mozilla-js-x86-17.0.2-2.53.1
mozilla-nspr-debuginfo-x86-4.9.4-3.11.1
mozilla-nspr-x86-4.9.4-3.11.1
mozilla-nss-certs-debuginfo-x86-3.14.1-9.21.3
mozilla-nss-certs-x86-3.14.1-9.21.3
mozilla-nss-debuginfo-x86-3.14.1-9.21.3
mozilla-nss-sysinit-debuginfo-x86-3.14.1-9.21.3
mozilla-nss-sysinit-x86-3.14.1-9.21.3
mozilla-nss-x86-3.14.1-9.21.3
xulrunner-debuginfo-x86-17.0.2-2.53.1
xulrunner-x86-17.0.2-2.53.1
References:
http://support.novell.com/security/cve/CVE-2012-5829.htmlhttp://support.novell.com/security/cve/CVE-2013-0743.htmlhttp://support.novell.com/security/cve/CVE-2013-0744.htmlhttp://support.novell.com/security/cve/CVE-2013-0745.htmlhttp://support.novell.com/security/cve/CVE-2013-0746.htmlhttp://support.novell.com/security/cve/CVE-2013-0747.htmlhttp://support.novell.com/security/cve/CVE-2013-0748.htmlhttp://support.novell.com/security/cve/CVE-2013-0749.htmlhttp://support.novell.com/security/cve/CVE-2013-0750.htmlhttp://support.novell.com/security/cve/CVE-2013-0751.htmlhttp://support.novell.com/security/cve/CVE-2013-0752.htmlhttp://support.novell.com/security/cve/CVE-2013-0753.htmlhttp://support.novell.com/security/cve/CVE-2013-0754.htmlhttp://support.novell.com/security/cve/CVE-2013-0755.htmlhttp://support.novell.com/security/cve/CVE-2013-0756.htmlhttp://support.novell.com/security/cve/CVE-2013-0757.htmlhttp://support.novell.com/security/cve/CVE-2013-0758.htmlhttp://support.novell.com/security/cve/CVE-2013-0759.htmlhttp://support.novell.com/security/cve/CVE-2013-0760.htmlhttp://support.novell.com/security/cve/CVE-2013-0761.htmlhttp://support.novell.com/security/cve/CVE-2013-0762.htmlhttp://support.novell.com/security/cve/CVE-2013-0763.htmlhttp://support.novell.com/security/cve/CVE-2013-0764.htmlhttp://support.novell.com/security/cve/CVE-2013-0766.htmlhttp://support.novell.com/security/cve/CVE-2013-0767.htmlhttp://support.novell.com/security/cve/CVE-2013-0768.htmlhttp://support.novell.com/security/cve/CVE-2013-0769.htmlhttp://support.novell.com/security/cve/CVE-2013-0770.htmlhttp://support.novell.com/security/cve/CVE-2013-0771.htmlhttps://bugzilla.novell.com/796628
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Opera - security update to 12.11
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:0148-1
Rating: important
References: #783934 #790500
Affected Products:
openSUSE 11.4/standard/i586/patchinfo.19
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
Opera 12.11 is a recommended upgrade offering security and
stability enhancements:
-fixed an issue where HTTP response heap buffer overflow
could allow execution of arbitrary code;
-fixed an issue where error pages could be used to guess
local file paths; see our advisory
-fixed several issues related to SPDY
-gmail: Fixed an issue that could cause Gmail not to load
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4/standard/i586/patchinfo.19:
zypper in -t patch 2012-12
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4/standard/i586/patchinfo.19 (i586 x86_64):
opera-12.11-40.1
opera-gtk-12.11-40.1
opera-kde4-12.11-40.1
References:
https://bugzilla.novell.com/783934https://bugzilla.novell.com/790500
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org