openSUSE Security Announce February 2014

security-announce@lists.opensuse.org

1 participants
18 discussions

[security-announce] SUSE-SU-2014:0290-1: critical: Security update for flash-player

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0290-1 Rating: critical References: #865021 Cross-References: CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes one version update. Description: This update of Adobe Flash Player fixes the following issues: * A stack overflow vulnerability that could have resulted in arbitrary code execution. (CVE-2014-0498) * A memory leak vulnerability that could have been used to defeat memory address layout randomization. (CVE-2014-0499) * A double free vulnerability that could have resulted in arbitrary code execution. (CVE-2014-0502) Security Issue references: * CVE-2014-0498 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0498 > * CVE-2014-0499 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0499 > * CVE-2014-0502 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0502 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-8922 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.341]: flash-player-11.2.202.341-0.3.1 flash-player-gnome-11.2.202.341-0.3.1 flash-player-kde4-11.2.202.341-0.3.1 References: http://support.novell.com/security/cve/CVE-2014-0498.html http://support.novell.com/security/cve/CVE-2014-0499.html http://support.novell.com/security/cve/CVE-2014-0502.html https://bugzilla.novell.com/865021 http://download.novell.com/patch/finder/?keywords=6003a7ba1dd825daf2236b543… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

8 years, 2 months

[security-announce] SUSE-SU-2014:0266-3: important: Security update for IBM Java 6

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for IBM Java 6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0266-3 Rating: important References: #862064 Cross-References: CVE-2013-5878 CVE-2013-5884 CVE-2013-5887 CVE-2013-5888 CVE-2013-5889 CVE-2013-5896 CVE-2013-5898 CVE-2013-5899 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0375 CVE-2014-0376 CVE-2014-0387 CVE-2014-0403 CVE-2014-0410 CVE-2014-0411 CVE-2014-0415 CVE-2014-0416 CVE-2014-0417 CVE-2014-0422 CVE-2014-0423 CVE-2014-0424 CVE-2014-0428 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Java 11 SP3 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: IBM Java 6 was updated to version SR15-FP1 which received security and bug fixes. More information at: http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_Ja nuary_14_2014_CPU <http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_J anuary_14_2014_CPU> Security Issue references: * CVE-2014-0428 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0428 > * CVE-2014-0422 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0422 > * CVE-2013-5907 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5907 > * CVE-2014-0417 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0417 > * CVE-2014-0373 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0373 > * CVE-2014-0423 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0423 > * CVE-2014-0376 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0376 > * CVE-2014-0376 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0376 > * CVE-2014-0416 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0416 > * CVE-2014-0368 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0368 > * CVE-2014-0411 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0411 > * CVE-2014-0428 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0428 > * CVE-2014-0422 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0422 > * CVE-2013-5907 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5907 > * CVE-2014-0415 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0415 > * CVE-2014-0410 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0410 > * CVE-2013-5889 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5889 > * CVE-2014-0417 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0417 > * CVE-2014-0387 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0387 > * CVE-2014-0424 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0424 > * CVE-2013-5878 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5878 > * CVE-2014-0373 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0373 > * CVE-2014-0375 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0375 > * CVE-2014-0403 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0403 > * CVE-2014-0423 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0423 > * CVE-2014-0376 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0376 > * CVE-2013-5910 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5910 > * CVE-2013-5884 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5884 > * CVE-2013-5896 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5896 > * CVE-2014-0376 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0376 > * CVE-2013-5899 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5899 > * CVE-2014-0416 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0416 > * CVE-2013-5887 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5887 > * CVE-2014-0368 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0368 > * CVE-2013-5888 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5888 > * CVE-2013-5898 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5898 > * CVE-2014-0411 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0411 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-java-1_6_0-ibm-8896 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-java-1_6_0-ibm-8896 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-java-1_6_0-ibm-8896 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-java-1_6_0-ibm-8901 - SUSE Linux Enterprise Java 11 SP3: zypper in -t patch slejsp3-java-1_6_0-ibm-8896 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-devel-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): java-1_6_0-ibm-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-fonts-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): java-1_6_0-ibm-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-fonts-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-plugin-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586): java-1_6_0-ibm-alsa-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-fonts-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Server 11 SP3 (i586): java-1_6_0-ibm-alsa-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-fonts-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): java-1_5_0-ibm-1.5.0_sr16.5-0.6.1 java-1_5_0-ibm-devel-1.5.0_sr16.5-0.6.1 java-1_5_0-ibm-fonts-1.5.0_sr16.5-0.6.1 java-1_6_0-ibm-1.6.0_sr15.1-0.15.1 java-1_6_0-ibm-devel-1.6.0_sr15.1-0.15.1 java-1_6_0-ibm-fonts-1.6.0_sr15.1-0.15.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.1-0.15.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): java-1_5_0-ibm-32bit-1.5.0_sr16.5-0.6.1 java-1_5_0-ibm-devel-32bit-1.5.0_sr16.5-0.6.1 java-1_6_0-ibm-32bit-1.6.0_sr15.1-0.15.1 java-1_6_0-ibm-devel-32bit-1.6.0_sr15.1-0.15.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr15.1-0.15.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64): java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.5-0.6.1 java-1_6_0-ibm-alsa-32bit-1.6.0_sr15.1-0.15.1 java-1_6_0-ibm-plugin-32bit-1.6.0_sr15.1-0.15.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586): java-1_5_0-ibm-alsa-1.5.0_sr16.5-0.6.1 java-1_5_0-ibm-jdbc-1.5.0_sr16.5-0.6.1 java-1_5_0-ibm-plugin-1.5.0_sr16.5-0.6.1 java-1_6_0-ibm-alsa-1.6.0_sr15.1-0.15.1 - SUSE Linux Enterprise Java 11 SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-devel-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-fonts-1.6.0_sr15.1-0.6.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Java 11 SP3 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr15.1-0.6.1 - SUSE Linux Enterprise Java 11 SP3 (i586): java-1_6_0-ibm-alsa-1.6.0_sr15.1-0.6.1 References: http://support.novell.com/security/cve/CVE-2013-5878.html http://support.novell.com/security/cve/CVE-2013-5884.html http://support.novell.com/security/cve/CVE-2013-5887.html http://support.novell.com/security/cve/CVE-2013-5888.html http://support.novell.com/security/cve/CVE-2013-5889.html http://support.novell.com/security/cve/CVE-2013-5896.html http://support.novell.com/security/cve/CVE-2013-5898.html http://support.novell.com/security/cve/CVE-2013-5899.html http://support.novell.com/security/cve/CVE-2013-5907.html http://support.novell.com/security/cve/CVE-2013-5910.html http://support.novell.com/security/cve/CVE-2014-0368.html http://support.novell.com/security/cve/CVE-2014-0373.html http://support.novell.com/security/cve/CVE-2014-0375.html http://support.novell.com/security/cve/CVE-2014-0376.html http://support.novell.com/security/cve/CVE-2014-0387.html http://support.novell.com/security/cve/CVE-2014-0403.html http://support.novell.com/security/cve/CVE-2014-0410.html http://support.novell.com/security/cve/CVE-2014-0411.html http://support.novell.com/security/cve/CVE-2014-0415.html http://support.novell.com/security/cve/CVE-2014-0416.html http://support.novell.com/security/cve/CVE-2014-0417.html http://support.novell.com/security/cve/CVE-2014-0422.html http://support.novell.com/security/cve/CVE-2014-0423.html http://support.novell.com/security/cve/CVE-2014-0424.html http://support.novell.com/security/cve/CVE-2014-0428.html https://bugzilla.novell.com/862064 http://download.novell.com/patch/finder/?keywords=31bff4adf7f4091ce92bf4450… http://download.novell.com/patch/finder/?keywords=49593e2ab0f92f334869c11ea… http://download.novell.com/patch/finder/?keywords=80342541418cc3f0cde43530f… http://download.novell.com/patch/finder/?keywords=bc9c0f6c8b696630ae6e85a99… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

8 years, 2 months

[security-announce] openSUSE-SU-2014:0278-1: critical: flash-player: update to 11.2.202.341 security release

by opensuse-security＠opensuse.org

openSUSE Security Update: flash-player: update to 11.2.202.341 security release ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0278-1 Rating: critical References: #865021 Cross-References: CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: Adobe Flash Player was updated to 11.2.202.341: (bnc#865021) * APSB14-07, CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 - Contents of flashplayer_11_sa.i386.tar.gz changed back: spec file updated, supplementary script (update.sh) updated. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2014-22 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): flash-player-11.2.202.341-95.1 flash-player-gnome-11.2.202.341-95.1 flash-player-kde4-11.2.202.341-95.1 References: http://support.novell.com/security/cve/CVE-2014-0498.html http://support.novell.com/security/cve/CVE-2014-0499.html http://support.novell.com/security/cve/CVE-2014-0502.html https://bugzilla.novell.com/865021 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

8 years, 2 months

[security-announce] openSUSE-SU-2014:0277-1: critical: flash-player: update to 11.2.202.341 security release

by opensuse-security＠opensuse.org

openSUSE Security Update: flash-player: update to 11.2.202.341 security release ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0277-1 Rating: critical References: #865021 Cross-References: CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 Affected Products: openSUSE 13.1:NonFree openSUSE 12.3:NonFree ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: Adobe Flash Player was updated to 11.2.202.341: (bnc#865021) * APSB14-07, CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 - Contents of flashplayer_11_sa.i386.tar.gz changed back: spec file updated, supplementary script (update.sh) updated. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1:NonFree: zypper in -t patch openSUSE-2014-157 - openSUSE 12.3:NonFree: zypper in -t patch openSUSE-2014-157 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1:NonFree (i586 x86_64): flash-player-11.2.202.341-34.1 flash-player-gnome-11.2.202.341-34.1 flash-player-kde4-11.2.202.341-34.1 - openSUSE 12.3:NonFree (i586 x86_64): flash-player-11.2.202.341-2.60.1 flash-player-gnome-11.2.202.341-2.60.1 flash-player-kde4-11.2.202.341-2.60.1 References: http://support.novell.com/security/cve/CVE-2014-0498.html http://support.novell.com/security/cve/CVE-2014-0499.html http://support.novell.com/security/cve/CVE-2014-0502.html https://bugzilla.novell.com/865021 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

8 years, 2 months

[security-announce] SUSE-SU-2014:0266-2: important: Security update for IBM Java 6

by opensuse-security＠opensuse.org

8 years, 2 months

[security-announce] SUSE-SU-2014:0266-1: important: Security update for IBM Java 6

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for IBM Java 6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0266-1 Rating: important References: #862064 Cross-References: CVE-2013-5878 CVE-2013-5884 CVE-2013-5887 CVE-2013-5888 CVE-2013-5889 CVE-2013-5896 CVE-2013-5898 CVE-2013-5899 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0375 CVE-2014-0376 CVE-2014-0387 CVE-2014-0403 CVE-2014-0410 CVE-2014-0411 CVE-2014-0415 CVE-2014-0416 CVE-2014-0417 CVE-2014-0422 CVE-2014-0423 CVE-2014-0424 CVE-2014-0428 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS SUSE CORE 9 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: IBM Java 6 was updated to version SR15-FP1 which received security and bugfixes. This release fixes the following problems: * CVE-2014-0428, CVE-2014-0422, CVE-2013-5907, CVE-2014-0415, * CVE-2014-0410, CVE-2013-5889, CVE-2014-0417, CVE-2014-0387, * CVE-2014-0424, CVE-2013-5878, CVE-2014-0373, CVE-2014-0375, * CVE-2014-0403, CVE-2014-0423, CVE-2014-0376, CVE-2013-5910, * CVE-2013-5884, CVE-2013-5896, CVE-2014-0376, CVE-2013-5899, * CVE-2014-0416, CVE-2013-5887, CVE-2014-0368, CVE-2013-5888, * CVE-2013-5898, CVE-2014-0411 More information at: http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_Ja nuary_14_2014_CPU <http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_J anuary_14_2014_CPU> Security Issue references: * CVE-2014-0428 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0428 > * CVE-2014-0422 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0422 > * CVE-2013-5907 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5907 > * CVE-2014-0417 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0417 > * CVE-2014-0373 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0373 > * CVE-2014-0423 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0423 > * CVE-2014-0376 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0376 > * CVE-2014-0376 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0376 > * CVE-2014-0416 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0416 > * CVE-2014-0368 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0368 > * CVE-2014-0411 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0411 > * CVE-2014-0428 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0428 > * CVE-2014-0422 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0422 > * CVE-2013-5907 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5907 > * CVE-2014-0415 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0415 > * CVE-2014-0410 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0410 > * CVE-2013-5889 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5889 > * CVE-2014-0417 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0417 > * CVE-2014-0387 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0387 > * CVE-2014-0424 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0424 > * CVE-2013-5878 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5878 > * CVE-2014-0373 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0373 > * CVE-2014-0375 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0375 > * CVE-2014-0403 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0403 > * CVE-2014-0423 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0423 > * CVE-2014-0376 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0376 > * CVE-2013-5910 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5910 > * CVE-2013-5884 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5884 > * CVE-2013-5896 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5896 > * CVE-2014-0376 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0376 > * CVE-2013-5899 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5899 > * CVE-2014-0416 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0416 > * CVE-2013-5887 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5887 > * CVE-2014-0368 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0368 > * CVE-2013-5888 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5888 > * CVE-2013-5898 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5898 > * CVE-2014-0411 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0411 > Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): java-1_5_0-ibm-1.5.0_sr16.5-0.6.1 java-1_5_0-ibm-devel-1.5.0_sr16.5-0.6.1 java-1_5_0-ibm-fonts-1.5.0_sr16.5-0.6.1 java-1_6_0-ibm-1.6.0_sr15.1-0.5.1 java-1_6_0-ibm-devel-1.6.0_sr15.1-0.5.1 java-1_6_0-ibm-fonts-1.6.0_sr15.1-0.5.1 java-1_6_0-ibm-jdbc-1.6.0_sr15.1-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): java-1_5_0-ibm-32bit-1.5.0_sr16.5-0.6.1 java-1_5_0-ibm-devel-32bit-1.5.0_sr16.5-0.6.1 java-1_6_0-ibm-32bit-1.6.0_sr15.1-0.5.1 java-1_6_0-ibm-devel-32bit-1.6.0_sr15.1-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr15.1-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (x86_64): java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.5-0.6.1 java-1_6_0-ibm-alsa-32bit-1.6.0_sr15.1-0.5.1 java-1_6_0-ibm-plugin-32bit-1.6.0_sr15.1-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586): java-1_5_0-ibm-alsa-1.5.0_sr16.5-0.6.1 java-1_5_0-ibm-jdbc-1.5.0_sr16.5-0.6.1 java-1_5_0-ibm-plugin-1.5.0_sr16.5-0.6.1 java-1_6_0-ibm-alsa-1.6.0_sr15.1-0.5.1 - SUSE CORE 9 (i586 s390 s390x x86_64): IBMJava5-JRE-1.5.0_sr16.5-0.4 IBMJava5-SDK-1.5.0_sr16.5-0.4 References: http://support.novell.com/security/cve/CVE-2013-5878.html http://support.novell.com/security/cve/CVE-2013-5884.html http://support.novell.com/security/cve/CVE-2013-5887.html http://support.novell.com/security/cve/CVE-2013-5888.html http://support.novell.com/security/cve/CVE-2013-5889.html http://support.novell.com/security/cve/CVE-2013-5896.html http://support.novell.com/security/cve/CVE-2013-5898.html http://support.novell.com/security/cve/CVE-2013-5899.html http://support.novell.com/security/cve/CVE-2013-5907.html http://support.novell.com/security/cve/CVE-2013-5910.html http://support.novell.com/security/cve/CVE-2014-0368.html http://support.novell.com/security/cve/CVE-2014-0373.html http://support.novell.com/security/cve/CVE-2014-0375.html http://support.novell.com/security/cve/CVE-2014-0376.html http://support.novell.com/security/cve/CVE-2014-0387.html http://support.novell.com/security/cve/CVE-2014-0403.html http://support.novell.com/security/cve/CVE-2014-0410.html http://support.novell.com/security/cve/CVE-2014-0411.html http://support.novell.com/security/cve/CVE-2014-0415.html http://support.novell.com/security/cve/CVE-2014-0416.html http://support.novell.com/security/cve/CVE-2014-0417.html http://support.novell.com/security/cve/CVE-2014-0422.html http://support.novell.com/security/cve/CVE-2014-0423.html http://support.novell.com/security/cve/CVE-2014-0424.html http://support.novell.com/security/cve/CVE-2014-0428.html https://bugzilla.novell.com/862064 http://download.novell.com/patch/finder/?keywords=5ac9507194ca11bcd295300c1… http://download.novell.com/patch/finder/?keywords=abb9b287dc1d7479726b01b15… http://download.novell.com/patch/finder/?keywords=b4764fb7eed43ec4dce07d7be… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

8 years, 2 months

[security-announce] SUSE-SU-2014:0248-2: important: Security update for Mozilla Firefox

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0248-2 Rating: important References: #859055 #861847 Cross-References: CVE-2014-1477 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. It includes four new package versions. Description: Mozilla Firefox was updated to the 24.3.0ESR security release. The following security issues have been fixed: * MFSA 2014-01: Memory safety bugs fixed in Firefox ESR 24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345) * MFSA 2014-02: Using XBL scopes its possible to steal(clone) native anonymous content (CVE-2014-1479)(bnc#862348) * MFSA 2014-03: Download "open file" dialog delay is too quick, doesn't prevent clickjacking (CVE-2014-1480) * MFSA 2014-04: Image decoding causing FireFox to crash with Goo Create (CVE-2014-1482)(bnc#862356) * MFSA 2014-05: caretPositionFromPoint and elementFromPoint leak information about iframe contents via timing information (CVE-2014-1483)(bnc#862360) * MFSA 2014-06: Fennec leaks profile path to logcat (CVE-2014-1484) * MFSA 2014-07: CSP should block XSLT as script, not as style (CVE-2014-1485) * MFSA 2014-08: imgRequestProxy Use-After-Free Remote Code Execution Vulnerability (CVE-2014-1486) * MFSA 2014-09: Cross-origin information disclosure with error message of Web Workers (CVE-2014-1487) * MFSA 2014-10: settings & history ID bug (CVE-2014-1489) * MFSA 2014-11: Firefox reproducibly crashes when using asm.js code in workers and transferable objects (CVE-2014-1488) * MFSA 2014-12: TOCTOU, potential use-after-free in libssl's session ticket processing (CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH value (CVE-2014-1491)(bnc#862289) * MFSA 2014-13: Inconsistent this value when invoking getters on window (CVE-2014-1481)(bnc#862309) Also Mozilla NSS was updated to 3.15.4 release. * required for Firefox 27 * regular CA root store update (1.96) * some OSCP improvments * other bugfixes Security Issue references: * CVE-2014-1477 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1477 > * CVE-2014-1479 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1479 > * CVE-2014-1480 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1480 > * CVE-2014-1481 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1481 > * CVE-2014-1482 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1482 > * CVE-2014-1483 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1483 > * CVE-2014-1484 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1484 > * CVE-2014-1485 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1485 > * CVE-2014-1486 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1486 > * CVE-2014-1487 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1487 > * CVE-2014-1488 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1488 > * CVE-2014-1489 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1489 > * CVE-2014-1490 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490 > * CVE-2014-1491 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1491 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-firefox-201402-8899 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-firefox-201402-8898 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 24.3.0esr,3.15.4 and 4.10.2]: MozillaFirefox-24.3.0esr-0.4.2.2 MozillaFirefox-branding-SLED-24-0.4.10.4 MozillaFirefox-translations-24.3.0esr-0.4.2.2 firefox-libgcc_s1-4.7.2_20130108-0.16.1 firefox-libstdc++6-4.7.2_20130108-0.16.1 libfreebl3-3.15.4-0.4.2.1 mozilla-nspr-4.10.2-0.3.2 mozilla-nss-3.15.4-0.4.2.1 mozilla-nss-tools-3.15.4-0.4.2.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64) [New Version: 3.15.4 and 4.10.2]: libfreebl3-32bit-3.15.4-0.4.2.1 mozilla-nspr-32bit-4.10.2-0.3.2 mozilla-nss-32bit-3.15.4-0.4.2.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 24,24.3.0esr,3.15.4 and 4.10.2]: MozillaFirefox-24.3.0esr-0.4.2.2 MozillaFirefox-branding-SLED-24-0.4.10.4 MozillaFirefox-translations-24.3.0esr-0.4.2.2 firefox-libgcc_s1-4.7.2_20130108-0.16.1 firefox-libstdc++6-4.7.2_20130108-0.16.1 libfreebl3-3.15.4-0.4.2.1 mozilla-nspr-4.10.2-0.3.2 mozilla-nss-3.15.4-0.4.2.1 mozilla-nss-tools-3.15.4-0.4.2.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 3.15.4 and 4.10.2]: libfreebl3-32bit-3.15.4-0.4.2.1 mozilla-nspr-32bit-4.10.2-0.3.2 mozilla-nss-32bit-3.15.4-0.4.2.1 References: http://support.novell.com/security/cve/CVE-2014-1477.html http://support.novell.com/security/cve/CVE-2014-1479.html http://support.novell.com/security/cve/CVE-2014-1480.html http://support.novell.com/security/cve/CVE-2014-1481.html http://support.novell.com/security/cve/CVE-2014-1482.html http://support.novell.com/security/cve/CVE-2014-1483.html http://support.novell.com/security/cve/CVE-2014-1484.html http://support.novell.com/security/cve/CVE-2014-1485.html http://support.novell.com/security/cve/CVE-2014-1486.html http://support.novell.com/security/cve/CVE-2014-1487.html http://support.novell.com/security/cve/CVE-2014-1488.html http://support.novell.com/security/cve/CVE-2014-1489.html http://support.novell.com/security/cve/CVE-2014-1490.html http://support.novell.com/security/cve/CVE-2014-1491.html https://bugzilla.novell.com/859055 https://bugzilla.novell.com/861847 http://download.novell.com/patch/finder/?keywords=30bede649a43f15d0ae5fd407… http://download.novell.com/patch/finder/?keywords=aba5ed8a4574a80ca797b2dbd… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

8 years, 3 months

[security-announce] SUSE-SU-2014:0248-1: important: Security update for MozillaFirefox

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0248-1 Rating: important References: #859055 #861847 Cross-References: CVE-2014-1477 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. It includes two new package versions. Description: This updates the Mozilla Firefox browser to the 24.3.0ESR security release. The Mozilla NSS libraries are now on version 3.15.4. The following security issues have been fixed: * MFSA 2014-01: Memory safety bugs fixed in Firefox ESR 24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345) * MFSA 2014-02: Using XBL scopes its possible to steal(clone) native anonymous content (CVE-2014-1479)(bnc#862348) * MFSA 2014-03: Download "open file" dialog delay is too quick, doesn't prevent clickjacking (CVE-2014-1480) * MFSA 2014-04: Image decoding causing FireFox to crash with Goo Create (CVE-2014-1482)(bnc#862356) * MFSA 2014-05: caretPositionFromPoint and elementFromPoint leak information about iframe contents via timing information (CVE-2014-1483)(bnc#862360) * MFSA 2014-06: Fennec leaks profile path to logcat (CVE-2014-1484) * MFSA 2014-07: CSP should block XSLT as script, not as style (CVE-2014-1485) * MFSA 2014-08: imgRequestProxy Use-After-Free Remote Code Execution Vulnerability (CVE-2014-1486) * MFSA 2014-09: Cross-origin information disclosure with error message of Web Workers (CVE-2014-1487) * MFSA 2014-10: settings & history ID bug (CVE-2014-1489) * MFSA 2014-11: Firefox reproducibly crashes when using asm.js code in workers and transferable objects (CVE-2014-1488) * MFSA 2014-12: TOCTOU, potential use-after-free in libssl's session ticket processing (CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH value (CVE-2014-1491)(bnc#862289) * MFSA 2014-13: Inconsistent this value when invoking getters on window (CVE-2014-1481)(bnc#862309) Security Issue references: * CVE-2014-1477 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1477 > * CVE-2014-1479 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1479 > * CVE-2014-1480 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1480 > * CVE-2014-1481 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1481 > * CVE-2014-1482 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1482 > * CVE-2014-1483 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1483 > * CVE-2014-1484 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1484 > * CVE-2014-1485 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1485 > * CVE-2014-1486 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1486 > * CVE-2014-1487 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1487 > * CVE-2014-1488 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1488 > * CVE-2014-1489 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1489 > * CVE-2014-1490 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490 > * CVE-2014-1491 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1491 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-firefox-201402-8879 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-firefox-201402-8879 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-firefox-201402-8879 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-firefox-201402-8879 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.4]: MozillaFirefox-devel-24.3.0esr-0.8.1 mozilla-nss-devel-3.15.4-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 24.3.0esr and 3.15.4]: MozillaFirefox-24.3.0esr-0.8.1 MozillaFirefox-translations-24.3.0esr-0.8.1 libfreebl3-3.15.4-0.7.1 libsoftokn3-3.15.4-0.7.1 mozilla-nss-3.15.4-0.7.1 mozilla-nss-tools-3.15.4-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.15.4]: libfreebl3-32bit-3.15.4-0.7.1 libsoftokn3-32bit-3.15.4-0.7.1 mozilla-nss-32bit-3.15.4-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 24.3.0esr and 3.15.4]: MozillaFirefox-24.3.0esr-0.8.1 MozillaFirefox-branding-SLED-24-0.7.14 MozillaFirefox-translations-24.3.0esr-0.8.1 libfreebl3-3.15.4-0.7.1 libsoftokn3-3.15.4-0.7.1 mozilla-nss-3.15.4-0.7.1 mozilla-nss-tools-3.15.4-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 3.15.4]: libfreebl3-32bit-3.15.4-0.7.1 libsoftokn3-32bit-3.15.4-0.7.1 mozilla-nss-32bit-3.15.4-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 3.15.4]: libfreebl3-x86-3.15.4-0.7.1 libsoftokn3-x86-3.15.4-0.7.1 mozilla-nss-x86-3.15.4-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 24.3.0esr and 3.15.4]: MozillaFirefox-24.3.0esr-0.8.1 MozillaFirefox-branding-SLED-24-0.7.14 MozillaFirefox-translations-24.3.0esr-0.8.1 libfreebl3-3.15.4-0.7.1 libsoftokn3-3.15.4-0.7.1 mozilla-nss-3.15.4-0.7.1 mozilla-nss-tools-3.15.4-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.15.4]: libfreebl3-32bit-3.15.4-0.7.1 libsoftokn3-32bit-3.15.4-0.7.1 mozilla-nss-32bit-3.15.4-0.7.1 References: http://support.novell.com/security/cve/CVE-2014-1477.html http://support.novell.com/security/cve/CVE-2014-1479.html http://support.novell.com/security/cve/CVE-2014-1480.html http://support.novell.com/security/cve/CVE-2014-1481.html http://support.novell.com/security/cve/CVE-2014-1482.html http://support.novell.com/security/cve/CVE-2014-1483.html http://support.novell.com/security/cve/CVE-2014-1484.html http://support.novell.com/security/cve/CVE-2014-1485.html http://support.novell.com/security/cve/CVE-2014-1486.html http://support.novell.com/security/cve/CVE-2014-1487.html http://support.novell.com/security/cve/CVE-2014-1488.html http://support.novell.com/security/cve/CVE-2014-1489.html http://support.novell.com/security/cve/CVE-2014-1490.html http://support.novell.com/security/cve/CVE-2014-1491.html https://bugzilla.novell.com/859055 https://bugzilla.novell.com/861847 http://download.novell.com/patch/finder/?keywords=b12f5cfd95ec4eca119a488f5… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

8 years, 3 months

[security-announce] SUSE-SU-2014:0246-1: important: Security update for IBM Java

by opensuse-security＠opensuse.org

SUSE Security Update: Security update for IBM Java ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0246-1 Rating: important References: #861782 #862064 Cross-References: CVE-2013-5878 CVE-2013-5884 CVE-2013-5887 CVE-2013-5888 CVE-2013-5889 CVE-2013-5896 CVE-2013-5898 CVE-2013-5899 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0375 CVE-2014-0376 CVE-2014-0387 CVE-2014-0403 CVE-2014-0410 CVE-2014-0411 CVE-2014-0415 CVE-2014-0416 CVE-2014-0417 CVE-2014-0422 CVE-2014-0423 CVE-2014-0424 CVE-2014-0428 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Java 11 SP3 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: This update contains the Oracle January 14 2014 CPU for java-1_7_0-ibm. Find more information at: http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_Ja nuary_14_2014_CPU <http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_J anuary_14_2014_CPU> Security Issue references: * CVE-2014-0428 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0428 > * CVE-2014-0422 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0422 > * CVE-2013-5907 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5907 > * CVE-2014-0415 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0415 > * CVE-2014-0410 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0410 > * CVE-2013-5889 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5889 > * CVE-2014-0417 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0417 > * CVE-2014-0387 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0387 > * CVE-2014-0424 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0424 > * CVE-2013-5878 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5878 > * CVE-2014-0373 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0373 > * CVE-2014-0375 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0375 > * CVE-2014-0403 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0403 > * CVE-2014-0423 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0423 > * CVE-2014-0376 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0376 > * CVE-2013-5910 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5910 > * CVE-2013-5884 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5884 > * CVE-2013-5896 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5896 > * CVE-2014-0376 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0376 > * CVE-2013-5899 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5899 > * CVE-2014-0416 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0416 > * CVE-2013-5887 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5887 > * CVE-2014-0368 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0368 > * CVE-2013-5888 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5888 > * CVE-2013-5898 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5898 > * CVE-2014-0411 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0411 > Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-java-1_7_0-ibm-8878 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-java-1_7_0-ibm-8878 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-java-1_7_0-ibm-8878 - SUSE Linux Enterprise Java 11 SP3: zypper in -t patch slejsp3-java-1_7_0-ibm-8878 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-devel-1.7.0_sr6.1-0.8.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): java-1_7_0-ibm-1.7.0_sr6.1-0.8.1 java-1_7_0-ibm-alsa-1.7.0_sr6.1-0.8.1 java-1_7_0-ibm-jdbc-1.7.0_sr6.1-0.8.1 java-1_7_0-ibm-plugin-1.7.0_sr6.1-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr6.1-0.8.1 java-1_7_0-ibm-jdbc-1.7.0_sr6.1-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr6.1-0.8.1 java-1_7_0-ibm-plugin-1.7.0_sr6.1-0.8.1 - SUSE Linux Enterprise Java 11 SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr6.1-0.8.1 java-1_7_0-ibm-devel-1.7.0_sr6.1-0.8.1 java-1_7_0-ibm-jdbc-1.7.0_sr6.1-0.8.1 - SUSE Linux Enterprise Java 11 SP3 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr6.1-0.8.1 java-1_7_0-ibm-plugin-1.7.0_sr6.1-0.8.1 References: http://support.novell.com/security/cve/CVE-2013-5878.html http://support.novell.com/security/cve/CVE-2013-5884.html http://support.novell.com/security/cve/CVE-2013-5887.html http://support.novell.com/security/cve/CVE-2013-5888.html http://support.novell.com/security/cve/CVE-2013-5889.html http://support.novell.com/security/cve/CVE-2013-5896.html http://support.novell.com/security/cve/CVE-2013-5898.html http://support.novell.com/security/cve/CVE-2013-5899.html http://support.novell.com/security/cve/CVE-2013-5907.html http://support.novell.com/security/cve/CVE-2013-5910.html http://support.novell.com/security/cve/CVE-2014-0368.html http://support.novell.com/security/cve/CVE-2014-0373.html http://support.novell.com/security/cve/CVE-2014-0375.html http://support.novell.com/security/cve/CVE-2014-0376.html http://support.novell.com/security/cve/CVE-2014-0387.html http://support.novell.com/security/cve/CVE-2014-0403.html http://support.novell.com/security/cve/CVE-2014-0410.html http://support.novell.com/security/cve/CVE-2014-0411.html http://support.novell.com/security/cve/CVE-2014-0415.html http://support.novell.com/security/cve/CVE-2014-0416.html http://support.novell.com/security/cve/CVE-2014-0417.html http://support.novell.com/security/cve/CVE-2014-0422.html http://support.novell.com/security/cve/CVE-2014-0423.html http://support.novell.com/security/cve/CVE-2014-0424.html http://support.novell.com/security/cve/CVE-2014-0428.html https://bugzilla.novell.com/861782 https://bugzilla.novell.com/862064 http://download.novell.com/patch/finder/?keywords=4805c1478d9eeaa7d50d2c43a… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

8 years, 3 months

[security-announce] openSUSE-SU-2014:0243-1: important: chromium to 32.0.1700.102

by opensuse-security＠opensuse.org

openSUSE Security Update: chromium to 32.0.1700.102 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0243-1 Rating: important References: #861013 Cross-References: CVE-2013-6641 CVE-2013-6643 CVE-2013-6644 CVE-2013-6645 CVE-2013-6646 CVE-2013-6649 CVE-2013-6650 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: Chromium was updated to version 32.0.1700.102: Stable channel update: - Security Fixes: * CVE-2013-6649: Use-after-free in SVG images * CVE-2013-6650: Memory corruption in V8 * and 12 other fixes - Other: * Mouse Pointer disappears after exiting full-screen mode * Drag and drop files into Chromium may not work properly * Quicktime Plugin crashes in Chromium * Chromium becomes unresponsive * Trackpad users may not be able to scroll horizontally * Scrolling does not work in combo box * Chromium does not work with all CSS minifiers such as whitespace around a media query's `and` keyword - Update to Chromium 32.0.1700.77 Stable channel update: - Security fixes: * CVE-2013-6646: Use-after-free in web workers * CVE-2013-6641: Use-after-free related to forms * CVE-2013-6643: Unprompted sync with an attacker’s Google account * CVE-2013-6645: Use-after-free related to speech input elements * CVE-2013-6644: Various fixes from internal audits, fuzzing and other initiatives - Other: * Tab indicators for sound, webcam and casting * Automatically blocking malware files * Lots of under the hood changes for stability and performance - Remove patch chromium-fix-chromedriver-build.diff as that chromedriver is fixed upstream - Updated ExcludeArch to exclude aarch64, ppc, ppc64 and ppc64le. This is based on missing build requires (valgrind, v8, etc) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-135 - openSUSE 12.3: zypper in -t patch openSUSE-2014-135 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): chromedriver-32.0.1700.102-17.2 chromedriver-debuginfo-32.0.1700.102-17.2 chromium-32.0.1700.102-17.2 chromium-debuginfo-32.0.1700.102-17.2 chromium-debugsource-32.0.1700.102-17.2 chromium-desktop-gnome-32.0.1700.102-17.2 chromium-desktop-kde-32.0.1700.102-17.2 chromium-ffmpegsumo-32.0.1700.102-17.2 chromium-ffmpegsumo-debuginfo-32.0.1700.102-17.2 chromium-suid-helper-32.0.1700.102-17.2 chromium-suid-helper-debuginfo-32.0.1700.102-17.2 - openSUSE 12.3 (i586 x86_64): chromedriver-32.0.1700.102-1.25.2 chromedriver-debuginfo-32.0.1700.102-1.25.2 chromium-32.0.1700.102-1.25.2 chromium-debuginfo-32.0.1700.102-1.25.2 chromium-debugsource-32.0.1700.102-1.25.2 chromium-desktop-gnome-32.0.1700.102-1.25.2 chromium-desktop-kde-32.0.1700.102-1.25.2 chromium-ffmpegsumo-32.0.1700.102-1.25.2 chromium-ffmpegsumo-debuginfo-32.0.1700.102-1.25.2 chromium-suid-helper-32.0.1700.102-1.25.2 chromium-suid-helper-debuginfo-32.0.1700.102-1.25.2 References: http://support.novell.com/security/cve/CVE-2013-6641.html http://support.novell.com/security/cve/CVE-2013-6643.html http://support.novell.com/security/cve/CVE-2013-6644.html http://support.novell.com/security/cve/CVE-2013-6645.html http://support.novell.com/security/cve/CVE-2013-6646.html http://support.novell.com/security/cve/CVE-2013-6649.html http://support.novell.com/security/cve/CVE-2013-6650.html https://bugzilla.novell.com/861013 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

8 years, 3 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

openSUSE Security Announce February 2014