SUSE Security Update: Security update for acroread
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1967-1
Rating: important
References: #843835
Affected Products:
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________
An update that contains security fixes can now be
installed. It includes one version update.
Description:
Adobe has discontinued the support of Adobe Reader for
Linux in June 2013.
Newer security problems and bugs are no longer fixed.
As the Adobe Reader is binary only software and we cannot
provide a replacement, SUSE declares the acroread package
of Adobe Reader as being out of support and unmaintained.
If you do not need Acrobat Reader, we recommend to
uninstall the "acroread" package.
This update removes the Acrobat Reader PDF plugin to avoid
automatic exploitation by clicking on web pages with
embedded PDFs.
The stand alone "acroread" binary is still available, but
again, we do not recommend to use it.
Indications:
For all Acrobat Reader users.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-acroread-8689
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-acroread-8688
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Desktop 11 SP3 (noarch):
acroread-cmaps-9.4.6-0.4.5.1
acroread-fonts-ja-9.4.6-0.4.5.1
acroread-fonts-ko-9.4.6-0.4.5.1
acroread-fonts-zh_CN-9.4.6-0.4.5.1
acroread-fonts-zh_TW-9.4.6-0.4.5.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586):
acroread-9.5.5-0.5.5.1
- SUSE Linux Enterprise Desktop 11 SP2 (noarch):
acroread-cmaps-9.4.6-0.4.5.1
acroread-fonts-ja-9.4.6-0.4.5.1
acroread-fonts-ko-9.4.6-0.4.5.1
acroread-fonts-zh_CN-9.4.6-0.4.5.1
acroread-fonts-zh_TW-9.4.6-0.4.5.1
- SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 9.5.5]:
acroread-9.5.5-0.5.5.1
acroread_ja-9.4.2-0.4.1
References:
https://bugzilla.novell.com/843835http://download.novell.com/patch/finder/?keywords=1ba40421128e83afa47923da7…http://download.novell.com/patch/finder/?keywords=622bc5e164e4f99a6b0b90dde…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Fixes a local vulnerability
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:1961-1
Rating: important
References: #851116
Cross-References: CVE-2013-3709
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Fixed CVE-2013-3709: make the secret token file
(secret_token.rb) readable only for the webyast user to
avoid forging the session cookie (bnc#851116) (reported by
joernchen of Phenoelit)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2013-1029
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (noarch):
webyast-base-0.3.45.1-2.4.1
webyast-base-branding-default-0.3.45.1-2.4.1
webyast-base-testsuite-0.3.45.1-2.4.1
References:
http://support.novell.com/security/cve/CVE-2013-3709.htmlhttps://bugzilla.novell.com/851116
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Fixes a local vulnerability
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:1954-1
Rating: important
References: #851116
Cross-References: CVE-2013-3709
Affected Products:
openSUSE 12.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Fixed CVE-2013-3709: make the secret token file
(secret_token.rb) readable only for the webyast user to
avoid forging the session cookie (bnc#851116) (reported by
joernchen of Phenoelit)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.2:
zypper in -t patch openSUSE-2013-1027
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.2 (noarch):
webyast-base-0.3.19.1-1.8.1
webyast-base-branding-default-0.3.19.1-1.8.1
webyast-base-testsuite-0.3.19.1-1.8.1
References:
http://support.novell.com/security/cve/CVE-2013-3709.htmlhttps://bugzilla.novell.com/851116
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Fixes a local vulnerability
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:1952-1
Rating: important
References: #851116
Cross-References: CVE-2013-3709
Affected Products:
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Fixed CVE-2013-3709: make the secret token file
(secret_token.rb) readable only for the webyast user to
avoid forging the session cookie (bnc#851116)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.3:
zypper in -t patch openSUSE-2013-1028
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.3 (noarch):
webyast-base-0.3.43.1-1.4.1
webyast-base-branding-default-0.3.43.1-1.4.1
webyast-base-testsuite-0.3.43.1-1.4.1
References:
http://support.novell.com/security/cve/CVE-2013-3709.htmlhttps://bugzilla.novell.com/851116
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for libfreebl3
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1920-1
Rating: important
References: #854367
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________
An update that contains security fixes can now be
installed. It includes one version update.
Description:
Mozilla NSS has been updated to the 3.15.3.1 security
release.
The update blacklists an intermediate CA that was abused to
create man in the middle certificates.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP2:
zypper in -t patch sdksp2-nss-201312-8648
- SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-nss-201312-8648
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-nss-201312-8648
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-nss-201312-8648
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.3.1]:
mozilla-nss-devel-3.15.3.1-0.4.2.1
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.15.3.1]:
libfreebl3-3.15.3.1-0.4.2.1
mozilla-nss-3.15.3.1-0.4.2.1
mozilla-nss-tools-3.15.3.1-0.4.2.1
- SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 3.15.3.1]:
libfreebl3-32bit-3.15.3.1-0.4.2.1
mozilla-nss-32bit-3.15.3.1-0.4.2.1
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.3.1]:
libfreebl3-3.15.3.1-0.4.2.1
mozilla-nss-3.15.3.1-0.4.2.1
mozilla-nss-tools-3.15.3.1-0.4.2.1
- SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 3.15.3.1]:
libfreebl3-32bit-3.15.3.1-0.4.2.1
mozilla-nss-32bit-3.15.3.1-0.4.2.1
- SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 3.15.3.1]:
libfreebl3-x86-3.15.3.1-0.4.2.1
mozilla-nss-x86-3.15.3.1-0.4.2.1
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.15.3.1]:
libfreebl3-3.15.3.1-0.4.2.1
mozilla-nss-3.15.3.1-0.4.2.1
mozilla-nss-tools-3.15.3.1-0.4.2.1
- SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 3.15.3.1]:
libfreebl3-32bit-3.15.3.1-0.4.2.1
mozilla-nss-32bit-3.15.3.1-0.4.2.1
References:
https://bugzilla.novell.com/854367http://download.novell.com/patch/finder/?keywords=a417469719590c5d5345b9512…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for ruby19
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1897-1
Rating: critical
References: #851803
Cross-References: CVE-2013-4164
Affected Products:
SUSE Studio Onsite 1.3
______________________________________________________________________________
An update that fixes one vulnerability is now available. It
includes one version update.
Description:
This update fixes a severe security bug in ruby19:
* CVE-2013-4164: heap overflow in float point parsing
could lead to crashes and code execution
Security Issue reference:
* CVE-2013-4164
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Studio Onsite 1.3:
zypper in -t patch slestso13-ruby19-8620
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Studio Onsite 1.3 (x86_64) [New Version: 1.9.3.p392]:
ruby19-1.9.3.p392-0.17.1
ruby19-devel-1.9.3.p392-0.17.1
ruby19-devel-extra-1.9.3.p392-0.17.1
References:
http://support.novell.com/security/cve/CVE-2013-4164.htmlhttps://bugzilla.novell.com/851803http://download.novell.com/patch/finder/?keywords=3342ac1ab377ae7f16f878523…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for flash-player
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1896-1
Rating: important
References: #854881
Cross-References: CVE-2013-5331 CVE-2013-5332
Affected Products:
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
It includes one version update.
Description:
This update fixes the following security issues with
flash-player:
* bnc#854881: flash-plugin: multiple code execution
flaws (APSB13-28) o These updates resolve a type confusion
vulnerability that could lead to code execution
(CVE-2013-5331). o These updates resolve a memory
corruption vulnerability that could lead to code execution
(CVE-2013-5332). o Ref:
http://helpx.adobe.com/security/products/flash-player/apsb13
-28.html
<http://helpx.adobe.com/security/products/flash-player/apsb1
3-28.html>
Security Issue references:
* CVE-2013-5332
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5332
>
* CVE-2013-5331
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5331
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-flash-player-8640
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-flash-player-8639
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.332]:
flash-player-11.2.202.332-0.3.1
flash-player-gnome-11.2.202.332-0.3.1
flash-player-kde4-11.2.202.332-0.3.1
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.332]:
flash-player-11.2.202.332-0.3.1
flash-player-gnome-11.2.202.332-0.3.1
flash-player-kde4-11.2.202.332-0.3.1
References:
http://support.novell.com/security/cve/CVE-2013-5331.htmlhttp://support.novell.com/security/cve/CVE-2013-5332.htmlhttps://bugzilla.novell.com/854881http://download.novell.com/patch/finder/?keywords=30b48eee51a4727df3b225e69…http://download.novell.com/patch/finder/?keywords=efb10711c30d7edc97e58e5d7…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for nginx
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1895-1
Rating: important
References: #851295
Cross-References: CVE-2013-4547
Affected Products:
WebYaST 1.3
SUSE Studio Onsite 1.3
SUSE Lifecycle Management Server 1.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update fixes the following security issue:
* CVE-2013-4547: nginx: security restriction bypass
flaw due to whitespace parsing
Security Issue reference:
* CVE-2013-4547
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- WebYaST 1.3:
zypper in -t patch slewyst13-nginx-1.0-8600
- SUSE Studio Onsite 1.3:
zypper in -t patch slestso13-nginx-1.0-8600
- SUSE Lifecycle Management Server 1.3:
zypper in -t patch sleslms13-nginx-1.0-8600
To bring your system up-to-date, use "zypper patch".
Package List:
- WebYaST 1.3 (i586 ia64 ppc64 s390x x86_64):
nginx-1.0-1.0.15-0.8.1
- SUSE Studio Onsite 1.3 (x86_64):
nginx-1.0-1.0.15-0.8.1
- SUSE Lifecycle Management Server 1.3 (x86_64):
nginx-1.0-1.0.15-0.8.1
References:
http://support.novell.com/security/cve/CVE-2013-4547.htmlhttps://bugzilla.novell.com/851295http://download.novell.com/patch/finder/?keywords=d44506fa33f4c8fa0a43e48a7…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for webyast
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1894-1
Rating: important
References: #851116
Cross-References: CVE-2013-3709
Affected Products:
WebYaST 1.3
SUSE Studio Onsite 1.3
SUSE Lifecycle Management Server 1.3
______________________________________________________________________________
An update that fixes one vulnerability is now available. It
includes one version update.
Description:
The following security issue has been fixed:
* CVE-2013-3709: webyast: local privilege escalation
via secret rails tokens execution. This vulnerability was
reported by joernchen of Phenoelit.
Security Issue reference:
* CVE-2013-3709
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3709
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- WebYaST 1.3:
zypper in -t patch slewyst13-webyast-base-8608
- SUSE Studio Onsite 1.3:
zypper in -t patch slestso13-webyast-base-8608
- SUSE Lifecycle Management Server 1.3:
zypper in -t patch sleslms13-webyast-base-8608
To bring your system up-to-date, use "zypper patch".
Package List:
- WebYaST 1.3 (noarch) [New Version: 0.3.43.1]:
webyast-base-0.3.43.1-0.5.1
webyast-base-branding-default-0.3.43.1-0.5.1
- SUSE Studio Onsite 1.3 (noarch) [New Version: 0.3.43.1]:
webyast-base-0.3.43.1-0.5.1
webyast-base-branding-default-0.3.43.1-0.5.1
- SUSE Lifecycle Management Server 1.3 (noarch) [New Version: 0.3.43.1]:
webyast-base-0.3.43.1-0.5.1
webyast-base-branding-default-0.3.43.1-0.5.1
References:
http://support.novell.com/security/cve/CVE-2013-3709.htmlhttps://bugzilla.novell.com/851116http://download.novell.com/patch/finder/?keywords=e33808e1f7a924a2aecffd6c2…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org