May 2015 - openSUSE Security Announce - openSUSE Mailing Lists

[security-announce] SUSE-SU-2015:0878-1: important: Security update for flash-player
by opensuse-security＠opensuse.org 14 May '15

14 May '15

SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0878-1 Rating: important References: #930677 Cross-References: CVE-2015-3044 CVE-2015-3077 CVE-2015-3078 CVE-2015-3079 CVE-2015-3080 CVE-2015-3081 CVE-2015-3082 CVE-2015-3083 CVE-2015-3084 CVE-2015-3085 CVE-2015-3086 CVE-2015-3087 CVE-2015-3088 CVE-2015-3089 CVE-2015-3090 CVE-2015-3091 CVE-2015-3092 CVE-2015-3093 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. Description: The Adobe flash-player package was updated to version 11.2.202.460 to fix several security issues. The following vulnerabilities were fixed (bsc#930677): * APSB15-09, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079, CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087, CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091, CVE-2015-3092, CVE-2015-3093 More information can be found at the Adobe Security Bulletin APSB15-09: https://helpx.adobe.com/security/products/flash-player/apsb15-09.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-197=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-197=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (i586 x86_64): flash-player-11.2.202.460-83.1 flash-player-gnome-11.2.202.460-83.1 - SUSE Linux Enterprise Desktop 12 (i586 x86_64): flash-player-11.2.202.460-83.1 flash-player-gnome-11.2.202.460-83.1 References: https://www.suse.com/security/cve/CVE-2015-3044.html https://www.suse.com/security/cve/CVE-2015-3077.html https://www.suse.com/security/cve/CVE-2015-3078.html https://www.suse.com/security/cve/CVE-2015-3079.html https://www.suse.com/security/cve/CVE-2015-3080.html https://www.suse.com/security/cve/CVE-2015-3081.html https://www.suse.com/security/cve/CVE-2015-3082.html https://www.suse.com/security/cve/CVE-2015-3083.html https://www.suse.com/security/cve/CVE-2015-3084.html https://www.suse.com/security/cve/CVE-2015-3085.html https://www.suse.com/security/cve/CVE-2015-3086.html https://www.suse.com/security/cve/CVE-2015-3087.html https://www.suse.com/security/cve/CVE-2015-3088.html https://www.suse.com/security/cve/CVE-2015-3089.html https://www.suse.com/security/cve/CVE-2015-3090.html https://www.suse.com/security/cve/CVE-2015-3091.html https://www.suse.com/security/cve/CVE-2015-3092.html https://www.suse.com/security/cve/CVE-2015-3093.html https://bugzilla.suse.com/930677 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:0870-1: important: Security update for kvm
by opensuse-security＠opensuse.org 13 May '15

13 May '15

SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0870-1 Rating: important References: #920571 #924018 Cross-References: CVE-2015-1779 Affected Products: SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: This update for KVM fixes an issue in the virtio-blk driver which could result in incorrectly setting its WCE configuration. Under some circumstances, this misconfiguration could cause severe file system corruption, because cache flushes were not generated as they ought to have been. The update also addresses one security vulnerability: * CVE-2015-1779: Insufficient resource limiting in VNC websockets decoder. (bsc#924018) Security Issues: * CVE-2015-1779 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1779> Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kvm=10645 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kvm=10645 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 (i586 s390x x86_64) [New Version: 1.4.2]: kvm-1.4.2-0.22.25.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.4.2]: kvm-1.4.2-0.22.25.1 References: https://www.suse.com/security/cve/CVE-2015-1779.html https://bugzilla.suse.com/920571 https://bugzilla.suse.com/924018 https://download.suse.com/patch/finder/?keywords=5ce7157b96103bdd850e596ab6… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:0868-1: important: Security update for php5
by opensuse-security＠opensuse.org 13 May '15

13 May '15

SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0868-1 Rating: important References: #922022 #922451 #922452 #923946 #924970 #924972 #925109 #928408 #928506 #928511 Cross-References: CVE-2014-9705 CVE-2014-9709 CVE-2015-2301 CVE-2015-2305 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-3330 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has one errata is now available. Description: PHP was updated to fix ten security issues. The following vulnerabilities were fixed: * CVE-2014-9709: A specially crafted GIF file could cause a buffer read overflow in php-gd (bnc#923946) * CVE-2015-2301: Memory was use after it was freed in PHAR (bnc#922022) * CVE-2015-2305: heap overflow vulnerability in regcomp.c (bnc#922452) * CVE-2014-9705: heap buffer overflow in Enchant (bnc#922451) * CVE-2015-2787: use-after-free vulnerability in the process_nested_data function (bnc#924972) * unserialize SoapClient type confusion (bnc#925109) * CVE-2015-2348: move_uploaded_file truncates a pathNAME upon encountering a x00 character (bnc#924970) * CVE-2015-3330: Specially crafted PHAR files could, when executed under Apache httpd 2.4 (apache2handler), allow arbitrary code execution (bnc#928506) * CVE-2015-3329: Specially crafted PHAR data could lead to disclosure of sensitive information due to a buffer overflow (bnc#928506) * CVE-2015-2783: Specially crafted PHAR data could lead to disclosure of sensitive information due to a buffer over-read (bnc#928511) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-192=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2015-192=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-22.1 php5-debugsource-5.5.14-22.1 php5-devel-5.5.14-22.1 - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64): apache2-mod_php5-5.5.14-22.1 apache2-mod_php5-debuginfo-5.5.14-22.1 php5-5.5.14-22.1 php5-bcmath-5.5.14-22.1 php5-bcmath-debuginfo-5.5.14-22.1 php5-bz2-5.5.14-22.1 php5-bz2-debuginfo-5.5.14-22.1 php5-calendar-5.5.14-22.1 php5-calendar-debuginfo-5.5.14-22.1 php5-ctype-5.5.14-22.1 php5-ctype-debuginfo-5.5.14-22.1 php5-curl-5.5.14-22.1 php5-curl-debuginfo-5.5.14-22.1 php5-dba-5.5.14-22.1 php5-dba-debuginfo-5.5.14-22.1 php5-debuginfo-5.5.14-22.1 php5-debugsource-5.5.14-22.1 php5-dom-5.5.14-22.1 php5-dom-debuginfo-5.5.14-22.1 php5-enchant-5.5.14-22.1 php5-enchant-debuginfo-5.5.14-22.1 php5-exif-5.5.14-22.1 php5-exif-debuginfo-5.5.14-22.1 php5-fastcgi-5.5.14-22.1 php5-fastcgi-debuginfo-5.5.14-22.1 php5-fileinfo-5.5.14-22.1 php5-fileinfo-debuginfo-5.5.14-22.1 php5-fpm-5.5.14-22.1 php5-fpm-debuginfo-5.5.14-22.1 php5-ftp-5.5.14-22.1 php5-ftp-debuginfo-5.5.14-22.1 php5-gd-5.5.14-22.1 php5-gd-debuginfo-5.5.14-22.1 php5-gettext-5.5.14-22.1 php5-gettext-debuginfo-5.5.14-22.1 php5-gmp-5.5.14-22.1 php5-gmp-debuginfo-5.5.14-22.1 php5-iconv-5.5.14-22.1 php5-iconv-debuginfo-5.5.14-22.1 php5-intl-5.5.14-22.1 php5-intl-debuginfo-5.5.14-22.1 php5-json-5.5.14-22.1 php5-json-debuginfo-5.5.14-22.1 php5-ldap-5.5.14-22.1 php5-ldap-debuginfo-5.5.14-22.1 php5-mbstring-5.5.14-22.1 php5-mbstring-debuginfo-5.5.14-22.1 php5-mcrypt-5.5.14-22.1 php5-mcrypt-debuginfo-5.5.14-22.1 php5-mysql-5.5.14-22.1 php5-mysql-debuginfo-5.5.14-22.1 php5-odbc-5.5.14-22.1 php5-odbc-debuginfo-5.5.14-22.1 php5-openssl-5.5.14-22.1 php5-openssl-debuginfo-5.5.14-22.1 php5-pcntl-5.5.14-22.1 php5-pcntl-debuginfo-5.5.14-22.1 php5-pdo-5.5.14-22.1 php5-pdo-debuginfo-5.5.14-22.1 php5-pgsql-5.5.14-22.1 php5-pgsql-debuginfo-5.5.14-22.1 php5-pspell-5.5.14-22.1 php5-pspell-debuginfo-5.5.14-22.1 php5-shmop-5.5.14-22.1 php5-shmop-debuginfo-5.5.14-22.1 php5-snmp-5.5.14-22.1 php5-snmp-debuginfo-5.5.14-22.1 php5-soap-5.5.14-22.1 php5-soap-debuginfo-5.5.14-22.1 php5-sockets-5.5.14-22.1 php5-sockets-debuginfo-5.5.14-22.1 php5-sqlite-5.5.14-22.1 php5-sqlite-debuginfo-5.5.14-22.1 php5-suhosin-5.5.14-22.1 php5-suhosin-debuginfo-5.5.14-22.1 php5-sysvmsg-5.5.14-22.1 php5-sysvmsg-debuginfo-5.5.14-22.1 php5-sysvsem-5.5.14-22.1 php5-sysvsem-debuginfo-5.5.14-22.1 php5-sysvshm-5.5.14-22.1 php5-sysvshm-debuginfo-5.5.14-22.1 php5-tokenizer-5.5.14-22.1 php5-tokenizer-debuginfo-5.5.14-22.1 php5-wddx-5.5.14-22.1 php5-wddx-debuginfo-5.5.14-22.1 php5-xmlreader-5.5.14-22.1 php5-xmlreader-debuginfo-5.5.14-22.1 php5-xmlrpc-5.5.14-22.1 php5-xmlrpc-debuginfo-5.5.14-22.1 php5-xmlwriter-5.5.14-22.1 php5-xmlwriter-debuginfo-5.5.14-22.1 php5-xsl-5.5.14-22.1 php5-xsl-debuginfo-5.5.14-22.1 php5-zip-5.5.14-22.1 php5-zip-debuginfo-5.5.14-22.1 php5-zlib-5.5.14-22.1 php5-zlib-debuginfo-5.5.14-22.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-22.1 References: https://www.suse.com/security/cve/CVE-2014-9705.html https://www.suse.com/security/cve/CVE-2014-9709.html https://www.suse.com/security/cve/CVE-2015-2301.html https://www.suse.com/security/cve/CVE-2015-2305.html https://www.suse.com/security/cve/CVE-2015-2348.html https://www.suse.com/security/cve/CVE-2015-2783.html https://www.suse.com/security/cve/CVE-2015-2787.html https://www.suse.com/security/cve/CVE-2015-3329.html https://www.suse.com/security/cve/CVE-2015-3330.html https://bugzilla.suse.com/922022 https://bugzilla.suse.com/922451 https://bugzilla.suse.com/922452 https://bugzilla.suse.com/923946 https://bugzilla.suse.com/924970 https://bugzilla.suse.com/924972 https://bugzilla.suse.com/925109 https://bugzilla.suse.com/928408 https://bugzilla.suse.com/928506 https://bugzilla.suse.com/928511 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2015:0855-1: important: Security update for php5
by opensuse-security＠opensuse.org 12 May '15

12 May '15

openSUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:0855-1 Rating: important References: #927147 #928408 #928506 #928511 Cross-References: CVE-2015-2783 CVE-2015-3329 CVE-2015-3330 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: PHP was updated to fix three security issues. The following vulnerabilities were fixed: * CVE-2015-3330: Specially crafted PHAR files could, when executed under Apache httpd 2.4 (apache2handler), allow arbitrary code execution (bnc#928506) * CVE-2015-3329: Specially crafted PHAR data could lead to disclosure of sensitive information due to a buffer overflow (bnc#928506) * CVE-2015-2783: Specially crafted PHAR data could lead to disclosure of sensitive information due to a buffer over-read (bnc#928511) On openSUSE 13.2, the following bug was fixed: * boo#927147: php5-fpm did not start correctly Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-352=1 - openSUSE 13.1: zypper in -t patch openSUSE-2015-352=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): apache2-mod_php5-5.6.1-21.1 apache2-mod_php5-debuginfo-5.6.1-21.1 php5-5.6.1-21.1 php5-bcmath-5.6.1-21.1 php5-bcmath-debuginfo-5.6.1-21.1 php5-bz2-5.6.1-21.1 php5-bz2-debuginfo-5.6.1-21.1 php5-calendar-5.6.1-21.1 php5-calendar-debuginfo-5.6.1-21.1 php5-ctype-5.6.1-21.1 php5-ctype-debuginfo-5.6.1-21.1 php5-curl-5.6.1-21.1 php5-curl-debuginfo-5.6.1-21.1 php5-dba-5.6.1-21.1 php5-dba-debuginfo-5.6.1-21.1 php5-debuginfo-5.6.1-21.1 php5-debugsource-5.6.1-21.1 php5-devel-5.6.1-21.1 php5-dom-5.6.1-21.1 php5-dom-debuginfo-5.6.1-21.1 php5-enchant-5.6.1-21.1 php5-enchant-debuginfo-5.6.1-21.1 php5-exif-5.6.1-21.1 php5-exif-debuginfo-5.6.1-21.1 php5-fastcgi-5.6.1-21.1 php5-fastcgi-debuginfo-5.6.1-21.1 php5-fileinfo-5.6.1-21.1 php5-fileinfo-debuginfo-5.6.1-21.1 php5-firebird-5.6.1-21.1 php5-firebird-debuginfo-5.6.1-21.1 php5-fpm-5.6.1-21.1 php5-fpm-debuginfo-5.6.1-21.1 php5-ftp-5.6.1-21.1 php5-ftp-debuginfo-5.6.1-21.1 php5-gd-5.6.1-21.1 php5-gd-debuginfo-5.6.1-21.1 php5-gettext-5.6.1-21.1 php5-gettext-debuginfo-5.6.1-21.1 php5-gmp-5.6.1-21.1 php5-gmp-debuginfo-5.6.1-21.1 php5-iconv-5.6.1-21.1 php5-iconv-debuginfo-5.6.1-21.1 php5-imap-5.6.1-21.1 php5-imap-debuginfo-5.6.1-21.1 php5-intl-5.6.1-21.1 php5-intl-debuginfo-5.6.1-21.1 php5-json-5.6.1-21.1 php5-json-debuginfo-5.6.1-21.1 php5-ldap-5.6.1-21.1 php5-ldap-debuginfo-5.6.1-21.1 php5-mbstring-5.6.1-21.1 php5-mbstring-debuginfo-5.6.1-21.1 php5-mcrypt-5.6.1-21.1 php5-mcrypt-debuginfo-5.6.1-21.1 php5-mssql-5.6.1-21.1 php5-mssql-debuginfo-5.6.1-21.1 php5-mysql-5.6.1-21.1 php5-mysql-debuginfo-5.6.1-21.1 php5-odbc-5.6.1-21.1 php5-odbc-debuginfo-5.6.1-21.1 php5-opcache-5.6.1-21.1 php5-opcache-debuginfo-5.6.1-21.1 php5-openssl-5.6.1-21.1 php5-openssl-debuginfo-5.6.1-21.1 php5-pcntl-5.6.1-21.1 php5-pcntl-debuginfo-5.6.1-21.1 php5-pdo-5.6.1-21.1 php5-pdo-debuginfo-5.6.1-21.1 php5-pgsql-5.6.1-21.1 php5-pgsql-debuginfo-5.6.1-21.1 php5-phar-5.6.1-21.1 php5-phar-debuginfo-5.6.1-21.1 php5-posix-5.6.1-21.1 php5-posix-debuginfo-5.6.1-21.1 php5-pspell-5.6.1-21.1 php5-pspell-debuginfo-5.6.1-21.1 php5-readline-5.6.1-21.1 php5-readline-debuginfo-5.6.1-21.1 php5-shmop-5.6.1-21.1 php5-shmop-debuginfo-5.6.1-21.1 php5-snmp-5.6.1-21.1 php5-snmp-debuginfo-5.6.1-21.1 php5-soap-5.6.1-21.1 php5-soap-debuginfo-5.6.1-21.1 php5-sockets-5.6.1-21.1 php5-sockets-debuginfo-5.6.1-21.1 php5-sqlite-5.6.1-21.1 php5-sqlite-debuginfo-5.6.1-21.1 php5-suhosin-5.6.1-21.1 php5-suhosin-debuginfo-5.6.1-21.1 php5-sysvmsg-5.6.1-21.1 php5-sysvmsg-debuginfo-5.6.1-21.1 php5-sysvsem-5.6.1-21.1 php5-sysvsem-debuginfo-5.6.1-21.1 php5-sysvshm-5.6.1-21.1 php5-sysvshm-debuginfo-5.6.1-21.1 php5-tidy-5.6.1-21.1 php5-tidy-debuginfo-5.6.1-21.1 php5-tokenizer-5.6.1-21.1 php5-tokenizer-debuginfo-5.6.1-21.1 php5-wddx-5.6.1-21.1 php5-wddx-debuginfo-5.6.1-21.1 php5-xmlreader-5.6.1-21.1 php5-xmlreader-debuginfo-5.6.1-21.1 php5-xmlrpc-5.6.1-21.1 php5-xmlrpc-debuginfo-5.6.1-21.1 php5-xmlwriter-5.6.1-21.1 php5-xmlwriter-debuginfo-5.6.1-21.1 php5-xsl-5.6.1-21.1 php5-xsl-debuginfo-5.6.1-21.1 php5-zip-5.6.1-21.1 php5-zip-debuginfo-5.6.1-21.1 php5-zlib-5.6.1-21.1 php5-zlib-debuginfo-5.6.1-21.1 - openSUSE 13.2 (noarch): php5-pear-5.6.1-21.1 - openSUSE 13.1 (i586 x86_64): apache2-mod_php5-5.4.20-52.1 apache2-mod_php5-debuginfo-5.4.20-52.1 php5-5.4.20-52.1 php5-bcmath-5.4.20-52.1 php5-bcmath-debuginfo-5.4.20-52.1 php5-bz2-5.4.20-52.1 php5-bz2-debuginfo-5.4.20-52.1 php5-calendar-5.4.20-52.1 php5-calendar-debuginfo-5.4.20-52.1 php5-ctype-5.4.20-52.1 php5-ctype-debuginfo-5.4.20-52.1 php5-curl-5.4.20-52.1 php5-curl-debuginfo-5.4.20-52.1 php5-dba-5.4.20-52.1 php5-dba-debuginfo-5.4.20-52.1 php5-debuginfo-5.4.20-52.1 php5-debugsource-5.4.20-52.1 php5-devel-5.4.20-52.1 php5-dom-5.4.20-52.1 php5-dom-debuginfo-5.4.20-52.1 php5-enchant-5.4.20-52.1 php5-enchant-debuginfo-5.4.20-52.1 php5-exif-5.4.20-52.1 php5-exif-debuginfo-5.4.20-52.1 php5-fastcgi-5.4.20-52.1 php5-fastcgi-debuginfo-5.4.20-52.1 php5-fileinfo-5.4.20-52.1 php5-fileinfo-debuginfo-5.4.20-52.1 php5-firebird-5.4.20-52.1 php5-firebird-debuginfo-5.4.20-52.1 php5-fpm-5.4.20-52.1 php5-fpm-debuginfo-5.4.20-52.1 php5-ftp-5.4.20-52.1 php5-ftp-debuginfo-5.4.20-52.1 php5-gd-5.4.20-52.1 php5-gd-debuginfo-5.4.20-52.1 php5-gettext-5.4.20-52.1 php5-gettext-debuginfo-5.4.20-52.1 php5-gmp-5.4.20-52.1 php5-gmp-debuginfo-5.4.20-52.1 php5-iconv-5.4.20-52.1 php5-iconv-debuginfo-5.4.20-52.1 php5-imap-5.4.20-52.1 php5-imap-debuginfo-5.4.20-52.1 php5-intl-5.4.20-52.1 php5-intl-debuginfo-5.4.20-52.1 php5-json-5.4.20-52.1 php5-json-debuginfo-5.4.20-52.1 php5-ldap-5.4.20-52.1 php5-ldap-debuginfo-5.4.20-52.1 php5-mbstring-5.4.20-52.1 php5-mbstring-debuginfo-5.4.20-52.1 php5-mcrypt-5.4.20-52.1 php5-mcrypt-debuginfo-5.4.20-52.1 php5-mssql-5.4.20-52.1 php5-mssql-debuginfo-5.4.20-52.1 php5-mysql-5.4.20-52.1 php5-mysql-debuginfo-5.4.20-52.1 php5-odbc-5.4.20-52.1 php5-odbc-debuginfo-5.4.20-52.1 php5-openssl-5.4.20-52.1 php5-openssl-debuginfo-5.4.20-52.1 php5-pcntl-5.4.20-52.1 php5-pcntl-debuginfo-5.4.20-52.1 php5-pdo-5.4.20-52.1 php5-pdo-debuginfo-5.4.20-52.1 php5-pgsql-5.4.20-52.1 php5-pgsql-debuginfo-5.4.20-52.1 php5-phar-5.4.20-52.1 php5-phar-debuginfo-5.4.20-52.1 php5-posix-5.4.20-52.1 php5-posix-debuginfo-5.4.20-52.1 php5-pspell-5.4.20-52.1 php5-pspell-debuginfo-5.4.20-52.1 php5-readline-5.4.20-52.1 php5-readline-debuginfo-5.4.20-52.1 php5-shmop-5.4.20-52.1 php5-shmop-debuginfo-5.4.20-52.1 php5-snmp-5.4.20-52.1 php5-snmp-debuginfo-5.4.20-52.1 php5-soap-5.4.20-52.1 php5-soap-debuginfo-5.4.20-52.1 php5-sockets-5.4.20-52.1 php5-sockets-debuginfo-5.4.20-52.1 php5-sqlite-5.4.20-52.1 php5-sqlite-debuginfo-5.4.20-52.1 php5-suhosin-5.4.20-52.1 php5-suhosin-debuginfo-5.4.20-52.1 php5-sysvmsg-5.4.20-52.1 php5-sysvmsg-debuginfo-5.4.20-52.1 php5-sysvsem-5.4.20-52.1 php5-sysvsem-debuginfo-5.4.20-52.1 php5-sysvshm-5.4.20-52.1 php5-sysvshm-debuginfo-5.4.20-52.1 php5-tidy-5.4.20-52.1 php5-tidy-debuginfo-5.4.20-52.1 php5-tokenizer-5.4.20-52.1 php5-tokenizer-debuginfo-5.4.20-52.1 php5-wddx-5.4.20-52.1 php5-wddx-debuginfo-5.4.20-52.1 php5-xmlreader-5.4.20-52.1 php5-xmlreader-debuginfo-5.4.20-52.1 php5-xmlrpc-5.4.20-52.1 php5-xmlrpc-debuginfo-5.4.20-52.1 php5-xmlwriter-5.4.20-52.1 php5-xmlwriter-debuginfo-5.4.20-52.1 php5-xsl-5.4.20-52.1 php5-xsl-debuginfo-5.4.20-52.1 php5-zip-5.4.20-52.1 php5-zip-debuginfo-5.4.20-52.1 php5-zlib-5.4.20-52.1 php5-zlib-debuginfo-5.4.20-52.1 - openSUSE 13.1 (noarch): php5-pear-5.4.20-52.1 References: https://www.suse.com/security/cve/CVE-2015-2783.html https://www.suse.com/security/cve/CVE-2015-3329.html https://www.suse.com/security/cve/CVE-2015-3330.html https://bugzilla.suse.com/927147 https://bugzilla.suse.com/928408 https://bugzilla.suse.com/928506 https://bugzilla.suse.com/928511 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:0839-1: important: Security update for DirectFB
by opensuse-security＠opensuse.org 08 May '15

08 May '15

SUSE Security Update: Security update for DirectFB ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0839-1 Rating: important References: #878345 #878349 Cross-References: CVE-2014-2977 CVE-2014-2978 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: DirectFB was updated to fix two security issues. The following vulnerabilities were fixed: * CVE-2014-2977: Multiple integer signedness errors could allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow. * CVE-2014-2978: Remote attackers could cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-185=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-185=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-185=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-185=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libdirectfb-1_7-1-32bit-1.7.1-4.1 libdirectfb-1_7-1-debuginfo-32bit-1.7.1-4.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): DirectFB-debuginfo-1.7.1-4.1 DirectFB-debugsource-1.7.1-4.1 DirectFB-devel-1.7.1-4.1 lib++dfb-devel-1.7.1-4.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): DirectFB-1.7.1-4.1 DirectFB-debuginfo-1.7.1-4.1 DirectFB-debugsource-1.7.1-4.1 lib++dfb-1_7-1-1.7.1-4.1 lib++dfb-1_7-1-debuginfo-1.7.1-4.1 libdirectfb-1_7-1-1.7.1-4.1 libdirectfb-1_7-1-debuginfo-1.7.1-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): DirectFB-1.7.1-4.1 DirectFB-debuginfo-1.7.1-4.1 DirectFB-debugsource-1.7.1-4.1 lib++dfb-1_7-1-1.7.1-4.1 lib++dfb-1_7-1-debuginfo-1.7.1-4.1 libdirectfb-1_7-1-1.7.1-4.1 libdirectfb-1_7-1-32bit-1.7.1-4.1 libdirectfb-1_7-1-debuginfo-1.7.1-4.1 libdirectfb-1_7-1-debuginfo-32bit-1.7.1-4.1 References: https://www.suse.com/security/cve/CVE-2014-2977.html https://www.suse.com/security/cve/CVE-2014-2978.html https://bugzilla.suse.com/878345 https://bugzilla.suse.com/878349 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:0833-1: critical: Security update for java-1_7_0-openjdk
by opensuse-security＠opensuse.org 07 May '15

07 May '15

SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0833-1 Rating: critical References: #927591 Cross-References: CVE-2015-0458 CVE-2015-0459 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0484 CVE-2015-0488 CVE-2015-0491 CVE-2015-0492 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. It includes one version update. Description: OpenJDK was updated to version 2.5.5 - OpenJDK 7u79 to fix security issues and bugs. The following vulnerabilities have been fixed: * CVE-2015-0458: Deployment: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0459: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0460: Hotspot: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0469: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0477: Beans: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols * CVE-2015-0478: JCE: unauthenticated remote attackers could read some JAVA accessible data via multiple protocols * CVE-2015-0480: Tools: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols and cause a partial denial of service (partial DOS) * CVE-2015-0484: JavaFX: unauthenticated remote attackers could read, update, insert or delete access some Java accessible data via multiple protocols and cause a partial denial of service (partial DOS). * CVE-2015-0488: JSSE: unauthenticated remote attackers could cause a partial denial of service (partial DOS). * CVE-2015-0491: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0492: JavaFX: unauthenticated remote attackers could execute arbitrary code via multiple protocols. Security Issues: * CVE-2015-0458 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0458> * CVE-2015-0459 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0459> * CVE-2015-0460 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460> * CVE-2015-0469 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469> * CVE-2015-0477 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477> * CVE-2015-0478 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478> * CVE-2015-0480 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480> * CVE-2015-0484 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0484> * CVE-2015-0488 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488> * CVE-2015-0491 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0491> * CVE-2015-0492 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0492> Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-java-1_7_0-openjdk=10621 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.7.0.75]: java-1_7_0-openjdk-1.7.0.75-0.9.1 java-1_7_0-openjdk-demo-1.7.0.75-0.9.1 java-1_7_0-openjdk-devel-1.7.0.75-0.9.1 References: https://www.suse.com/security/cve/CVE-2015-0458.html https://www.suse.com/security/cve/CVE-2015-0459.html https://www.suse.com/security/cve/CVE-2015-0460.html https://www.suse.com/security/cve/CVE-2015-0469.html https://www.suse.com/security/cve/CVE-2015-0477.html https://www.suse.com/security/cve/CVE-2015-0478.html https://www.suse.com/security/cve/CVE-2015-0480.html https://www.suse.com/security/cve/CVE-2015-0484.html https://www.suse.com/security/cve/CVE-2015-0488.html https://www.suse.com/security/cve/CVE-2015-0491.html https://www.suse.com/security/cve/CVE-2015-0492.html https://bugzilla.suse.com/927591 https://download.suse.com/patch/finder/?keywords=2082b6af65787f83584579a017… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2015:0832-1: important: Security update for kgraft-patch-SLE12_Update_1, kgraft-patch-SLE12_Update_2
by opensuse-security＠opensuse.org 07 May '15

07 May '15

SUSE Security Update: Security update for kgraft-patch-SLE12_Update_1, kgraft-patch-SLE12_Update_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0832-1 Rating: important References: #920633 #922004 Cross-References: CVE-2015-1421 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update supplies kgraft patches to fix one security vulnerability. CVE-2015-1421: A use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel allowed remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. This patch supplies kgraft patches for the first kernel update and the second kernel update published for SUSE Linux Enterprise Server 12. The third kernel update contains the patch already. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-183=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_32-33-default-2-3.1 kgraft-patch-3_12_32-33-xen-2-3.1 kgraft-patch-3_12_36-38-default-2-3.1 kgraft-patch-3_12_36-38-xen-2-3.1 References: https://www.suse.com/security/cve/CVE-2015-1421.html https://bugzilla.suse.com/920633 https://bugzilla.suse.com/922004 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2015:0813-1: important: Security update for wpa_supplicant
by opensuse-security＠opensuse.org 01 May '15

01 May '15

openSUSE Security Update: Security update for wpa_supplicant ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:0813-1 Rating: important References: #927558 Cross-References: CVE-2015-1863 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The wireless network encryption and authentication daemon wpa_supplicant was updated to fix a security issue. The following vulnerability was fixed: * CVE-2015-1863: A buffer overflow in handling SSIDs in P2P management frames allowed attackers in radio range to crash, expose memory content or potentially execute arbitrary code. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-341=1 - openSUSE 13.1: zypper in -t patch openSUSE-2015-341=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): wpa_supplicant-2.2-5.4.1 wpa_supplicant-debuginfo-2.2-5.4.1 wpa_supplicant-debugsource-2.2-5.4.1 wpa_supplicant-gui-2.2-5.4.1 wpa_supplicant-gui-debuginfo-2.2-5.4.1 - openSUSE 13.1 (i586 x86_64): wpa_supplicant-2.0-3.11.1 wpa_supplicant-debuginfo-2.0-3.11.1 wpa_supplicant-debugsource-2.0-3.11.1 wpa_supplicant-gui-2.0-3.11.1 wpa_supplicant-gui-debuginfo-2.0-3.11.1 References: https://www.suse.com/security/cve/CVE-2015-1863.html https://bugzilla.suse.com/927558 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0