December 2013 - openSUSE Security Announce

[security-announce] SUSE-SU-2013:1967-1: important: Security update for acroread
by opensuse-security＠opensuse.org 27 Dec '13

27 Dec '13

SUSE Security Update: Security update for acroread ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1967-1 Rating: important References: #843835 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: Adobe has discontinued the support of Adobe Reader for Linux in June 2013. Newer security problems and bugs are no longer fixed. As the Adobe Reader is binary only software and we cannot provide a replacement, SUSE declares the acroread package of Adobe Reader as being out of support and unmaintained. If you do not need Acrobat Reader, we recommend to uninstall the "acroread" package. This update removes the Acrobat Reader PDF plugin to avoid automatic exploitation by clicking on web pages with embedded PDFs. The stand alone "acroread" binary is still available, but again, we do not recommend to use it. Indications: For all Acrobat Reader users. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-acroread-8689 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-acroread-8688 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (noarch): acroread-cmaps-9.4.6-0.4.5.1 acroread-fonts-ja-9.4.6-0.4.5.1 acroread-fonts-ko-9.4.6-0.4.5.1 acroread-fonts-zh_CN-9.4.6-0.4.5.1 acroread-fonts-zh_TW-9.4.6-0.4.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586): acroread-9.5.5-0.5.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch): acroread-cmaps-9.4.6-0.4.5.1 acroread-fonts-ja-9.4.6-0.4.5.1 acroread-fonts-ko-9.4.6-0.4.5.1 acroread-fonts-zh_CN-9.4.6-0.4.5.1 acroread-fonts-zh_TW-9.4.6-0.4.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 9.5.5]: acroread-9.5.5-0.5.5.1 acroread_ja-9.4.2-0.4.1 References: https://bugzilla.novell.com/843835 http://download.novell.com/patch/finder/?keywords=1ba40421128e83afa47923da7… http://download.novell.com/patch/finder/?keywords=622bc5e164e4f99a6b0b90dde… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2013:1961-1: important: Fixes a local vulnerability
by opensuse-security＠opensuse.org 25 Dec '13

25 Dec '13

openSUSE Security Update: Fixes a local vulnerability ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1961-1 Rating: important References: #851116 Cross-References: CVE-2013-3709 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Fixed CVE-2013-3709: make the secret token file (secret_token.rb) readable only for the webyast user to avoid forging the session cookie (bnc#851116) (reported by joernchen of Phenoelit) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2013-1029 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (noarch): webyast-base-0.3.45.1-2.4.1 webyast-base-branding-default-0.3.45.1-2.4.1 webyast-base-testsuite-0.3.45.1-2.4.1 References: http://support.novell.com/security/cve/CVE-2013-3709.html https://bugzilla.novell.com/851116 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2013:1954-1: important: Fixes a local vulnerability
by opensuse-security＠opensuse.org 25 Dec '13

25 Dec '13

openSUSE Security Update: Fixes a local vulnerability ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1954-1 Rating: important References: #851116 Cross-References: CVE-2013-3709 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Fixed CVE-2013-3709: make the secret token file (secret_token.rb) readable only for the webyast user to avoid forging the session cookie (bnc#851116) (reported by joernchen of Phenoelit) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-1027 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (noarch): webyast-base-0.3.19.1-1.8.1 webyast-base-branding-default-0.3.19.1-1.8.1 webyast-base-testsuite-0.3.19.1-1.8.1 References: http://support.novell.com/security/cve/CVE-2013-3709.html https://bugzilla.novell.com/851116 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2013:1952-1: important: Fixes a local vulnerability
by opensuse-security＠opensuse.org 25 Dec '13

25 Dec '13

openSUSE Security Update: Fixes a local vulnerability ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1952-1 Rating: important References: #851116 Cross-References: CVE-2013-3709 Affected Products: openSUSE 12.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Fixed CVE-2013-3709: make the secret token file (secret_token.rb) readable only for the webyast user to avoid forging the session cookie (bnc#851116) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-1028 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (noarch): webyast-base-0.3.43.1-1.4.1 webyast-base-branding-default-0.3.43.1-1.4.1 webyast-base-testsuite-0.3.43.1-1.4.1 References: http://support.novell.com/security/cve/CVE-2013-3709.html https://bugzilla.novell.com/851116 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2013:1920-1: important: Security update for libfreebl3
by opensuse-security＠opensuse.org 19 Dec '13

19 Dec '13

SUSE Security Update: Security update for libfreebl3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1920-1 Rating: important References: #854367 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: Mozilla NSS has been updated to the 3.15.3.1 security release. The update blacklists an intermediate CA that was abused to create man in the middle certificates. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-nss-201312-8648 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-nss-201312-8648 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-nss-201312-8648 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-nss-201312-8648 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.3.1]: mozilla-nss-devel-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.15.3.1]: libfreebl3-3.15.3.1-0.4.2.1 mozilla-nss-3.15.3.1-0.4.2.1 mozilla-nss-tools-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 3.15.3.1]: libfreebl3-32bit-3.15.3.1-0.4.2.1 mozilla-nss-32bit-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.3.1]: libfreebl3-3.15.3.1-0.4.2.1 mozilla-nss-3.15.3.1-0.4.2.1 mozilla-nss-tools-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 3.15.3.1]: libfreebl3-32bit-3.15.3.1-0.4.2.1 mozilla-nss-32bit-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 3.15.3.1]: libfreebl3-x86-3.15.3.1-0.4.2.1 mozilla-nss-x86-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.15.3.1]: libfreebl3-3.15.3.1-0.4.2.1 mozilla-nss-3.15.3.1-0.4.2.1 mozilla-nss-tools-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 3.15.3.1]: libfreebl3-32bit-3.15.3.1-0.4.2.1 mozilla-nss-32bit-3.15.3.1-0.4.2.1 References: https://bugzilla.novell.com/854367 http://download.novell.com/patch/finder/?keywords=a417469719590c5d5345b9512… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2013:1919-1: important: Security update for Mozilla Firefox
by opensuse-security＠opensuse.org 19 Dec '13

19 Dec '13

SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1919-1 Rating: important References: #854367 #854370 Cross-References: CVE-2013-5609 CVE-2013-5610 CVE-2013-5611 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-5619 CVE-2013-6671 CVE-2013-6672 CVE-2013-6673 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. It includes two new package versions. Description: MozillaFirefox has been updated to the 24.2.0 ESR security release. This is a major upgrade from the 17 ESR release branch. Security issues fixed: * CVE-2013-5611 Application Installation doorhanger persists on navigation (MFSA 2013-105) * CVE-2013-5609 Miscellaneous memory safety hazards (rv:24.2) (MFSA 2013-104) * CVE-2013-5610 Miscellaneous memory safety hazards (rv:26.0) (MFSA 2013-104) * CVE-2013-5612 Character encoding cross-origin XSS attack (MFSA 2013-106) * CVE-2013-5614 Sandbox restrictions not applied to nested object elements (MFSA 2013-107) * CVE-2013-5616 Use-after-free in event listeners (MFSA 2013-108) * CVE-2013-5619 Potential overflow in JavaScript binary search algorithms (MFSA 2013-110) * CVE-2013-6671 Segmentation violation when replacing ordered list elements (MFSA 2013-111) * CVE-2013-6673 Trust settings for built-in roots ignored during EV certificate validation (MFSA 2013-113) * CVE-2013-5613 Use-after-free in synthetic mouse movement (MFSA 2013-114) * CVE-2013-5615 GetElementIC typed array stubs can be generated outside observed typesets (MFSA 2013-115) * CVE-2013-6672 Linux clipboard information disclosure though selection paste (MFSA 2013-112) * CVE-2013-5618 Use-after-free during Table Editing (MFSA 2013-109) Security Issue references: * CVE-2013-5609 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5609 > * CVE-2013-5610 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5610 > * CVE-2013-5611 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5611 > * CVE-2013-5612 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612 > * CVE-2013-5613 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5613 > * CVE-2013-5614 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5614 > * CVE-2013-5615 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5615 > * CVE-2013-5616 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5616 > * CVE-2013-5618 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5618 > * CVE-2013-5619 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5619 > * CVE-2013-6671 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6671 > * CVE-2013-6672 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6672 > * CVE-2013-6673 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6673 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-firefox24-201312-8657 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-firefox24-201312-8657 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-firefox24-201312-8657 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-firefox24-201312-8657 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.3.1]: MozillaFirefox-devel-24.2.0esr-0.7.1 mozilla-nss-devel-3.15.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 24.2.0esr and 3.15.3.1]: MozillaFirefox-24.2.0esr-0.7.1 MozillaFirefox-translations-24.2.0esr-0.7.1 libfreebl3-3.15.3.1-0.7.1 libsoftokn3-3.15.3.1-0.7.1 mozilla-nss-3.15.3.1-0.7.1 mozilla-nss-tools-3.15.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.15.3.1]: libfreebl3-32bit-3.15.3.1-0.7.1 libsoftokn3-32bit-3.15.3.1-0.7.1 mozilla-nss-32bit-3.15.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 24.2.0esr and 3.15.3.1]: MozillaFirefox-24.2.0esr-0.7.1 MozillaFirefox-branding-SLED-24-0.7.4 MozillaFirefox-translations-24.2.0esr-0.7.1 libfreebl3-3.15.3.1-0.7.1 libsoftokn3-3.15.3.1-0.7.1 mozilla-nss-3.15.3.1-0.7.1 mozilla-nss-tools-3.15.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 3.15.3.1]: libfreebl3-32bit-3.15.3.1-0.7.1 libsoftokn3-32bit-3.15.3.1-0.7.1 mozilla-nss-32bit-3.15.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 3.15.3.1]: libfreebl3-x86-3.15.3.1-0.7.1 libsoftokn3-x86-3.15.3.1-0.7.1 mozilla-nss-x86-3.15.3.1-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 24.2.0esr and 3.15.3.1]: MozillaFirefox-24.2.0esr-0.7.1 MozillaFirefox-branding-SLED-24-0.7.4 MozillaFirefox-translations-24.2.0esr-0.7.1 libfreebl3-3.15.3.1-0.7.1 libsoftokn3-3.15.3.1-0.7.1 mozilla-nss-3.15.3.1-0.7.1 mozilla-nss-tools-3.15.3.1-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.15.3.1]: libfreebl3-32bit-3.15.3.1-0.7.1 libsoftokn3-32bit-3.15.3.1-0.7.1 mozilla-nss-32bit-3.15.3.1-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-5609.html http://support.novell.com/security/cve/CVE-2013-5610.html http://support.novell.com/security/cve/CVE-2013-5611.html http://support.novell.com/security/cve/CVE-2013-5612.html http://support.novell.com/security/cve/CVE-2013-5613.html http://support.novell.com/security/cve/CVE-2013-5614.html http://support.novell.com/security/cve/CVE-2013-5615.html http://support.novell.com/security/cve/CVE-2013-5616.html http://support.novell.com/security/cve/CVE-2013-5618.html http://support.novell.com/security/cve/CVE-2013-5619.html http://support.novell.com/security/cve/CVE-2013-6671.html http://support.novell.com/security/cve/CVE-2013-6672.html http://support.novell.com/security/cve/CVE-2013-6673.html https://bugzilla.novell.com/854367 https://bugzilla.novell.com/854370 http://download.novell.com/patch/finder/?keywords=b65ba217110f17441675bc6fc… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2013:1897-1: critical: Security update for ruby19
by opensuse-security＠opensuse.org 16 Dec '13

16 Dec '13

SUSE Security Update: Security update for ruby19 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1897-1 Rating: critical References: #851803 Cross-References: CVE-2013-4164 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This update fixes a severe security bug in ruby19: * CVE-2013-4164: heap overflow in float point parsing could lead to crashes and code execution Security Issue reference: * CVE-2013-4164 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-ruby19-8620 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64) [New Version: 1.9.3.p392]: ruby19-1.9.3.p392-0.17.1 ruby19-devel-1.9.3.p392-0.17.1 ruby19-devel-extra-1.9.3.p392-0.17.1 References: http://support.novell.com/security/cve/CVE-2013-4164.html https://bugzilla.novell.com/851803 http://download.novell.com/patch/finder/?keywords=3342ac1ab377ae7f16f878523… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2013:1896-1: important: Security update for flash-player
by opensuse-security＠opensuse.org 16 Dec '13

16 Dec '13

SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1896-1 Rating: important References: #854881 Cross-References: CVE-2013-5331 CVE-2013-5332 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: This update fixes the following security issues with flash-player: * bnc#854881: flash-plugin: multiple code execution flaws (APSB13-28) o These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2013-5331). o These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2013-5332). o Ref: http://helpx.adobe.com/security/products/flash-player/apsb13 -28.html <http://helpx.adobe.com/security/products/flash-player/apsb1 3-28.html> Security Issue references: * CVE-2013-5332 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5332 > * CVE-2013-5331 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5331 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-8640 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-flash-player-8639 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.332]: flash-player-11.2.202.332-0.3.1 flash-player-gnome-11.2.202.332-0.3.1 flash-player-kde4-11.2.202.332-0.3.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.332]: flash-player-11.2.202.332-0.3.1 flash-player-gnome-11.2.202.332-0.3.1 flash-player-kde4-11.2.202.332-0.3.1 References: http://support.novell.com/security/cve/CVE-2013-5331.html http://support.novell.com/security/cve/CVE-2013-5332.html https://bugzilla.novell.com/854881 http://download.novell.com/patch/finder/?keywords=30b48eee51a4727df3b225e69… http://download.novell.com/patch/finder/?keywords=efb10711c30d7edc97e58e5d7… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2013:1895-1: important: Security update for nginx
by opensuse-security＠opensuse.org 16 Dec '13

16 Dec '13

SUSE Security Update: Security update for nginx ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1895-1 Rating: important References: #851295 Cross-References: CVE-2013-4547 Affected Products: WebYaST 1.3 SUSE Studio Onsite 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue: * CVE-2013-4547: nginx: security restriction bypass flaw due to whitespace parsing Security Issue reference: * CVE-2013-4547 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.3: zypper in -t patch slewyst13-nginx-1.0-8600 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-nginx-1.0-8600 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-nginx-1.0-8600 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.3 (i586 ia64 ppc64 s390x x86_64): nginx-1.0-1.0.15-0.8.1 - SUSE Studio Onsite 1.3 (x86_64): nginx-1.0-1.0.15-0.8.1 - SUSE Lifecycle Management Server 1.3 (x86_64): nginx-1.0-1.0.15-0.8.1 References: http://support.novell.com/security/cve/CVE-2013-4547.html https://bugzilla.novell.com/851295 http://download.novell.com/patch/finder/?keywords=d44506fa33f4c8fa0a43e48a7… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2013:1894-1: important: Security update for webyast
by opensuse-security＠opensuse.org 16 Dec '13

16 Dec '13

SUSE Security Update: Security update for webyast ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1894-1 Rating: important References: #851116 Cross-References: CVE-2013-3709 Affected Products: WebYaST 1.3 SUSE Studio Onsite 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: The following security issue has been fixed: * CVE-2013-3709: webyast: local privilege escalation via secret rails tokens execution. This vulnerability was reported by joernchen of Phenoelit. Security Issue reference: * CVE-2013-3709 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3709 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.3: zypper in -t patch slewyst13-webyast-base-8608 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-webyast-base-8608 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-webyast-base-8608 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.3 (noarch) [New Version: 0.3.43.1]: webyast-base-0.3.43.1-0.5.1 webyast-base-branding-default-0.3.43.1-0.5.1 - SUSE Studio Onsite 1.3 (noarch) [New Version: 0.3.43.1]: webyast-base-0.3.43.1-0.5.1 webyast-base-branding-default-0.3.43.1-0.5.1 - SUSE Lifecycle Management Server 1.3 (noarch) [New Version: 0.3.43.1]: webyast-base-0.3.43.1-0.5.1 webyast-base-branding-default-0.3.43.1-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-3709.html https://bugzilla.novell.com/851116 http://download.novell.com/patch/finder/?keywords=e33808e1f7a924a2aecffd6c2… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0