March 2009 - openSUSE Security - openSUSE Mailing Lists

[opensuse-security] clamav freshclam complains
by Carlos E. R. 25 Mar '09

25 Mar '09

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I see these entries in my warning log: Mar 24 20:53:30 nimrodel freshclam[3565]: Your ClamAV installation is OUTDATED! Mar 24 20:53:30 nimrodel freshclam[3565]: Local version: 0.94.2 Recommended version: 0.95 Mar 24 22:53:30 nimrodel freshclam[3565]: Your ClamAV installation is OUTDATED! Mar 24 22:53:30 nimrodel freshclam[3565]: Local version: 0.94.2 Recommended version: 0.95 I want it to shut up. I will not update clamav till Novell pushes the automatic update, so, who cares? I simply don't want to see those entries. How? Patching clamav, perhaps? Stopping service freshclam? Use "--no-warnings"? That would stop the database update, too, and I don't want that. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAknJeHgACgkQtTMYHG2NR9W1lQCdElQfZHVZYoH6wUiD8kubf/GA JEQAnAwfIsPvo7JL2JqdrO5b9eC+TGgz =1S70 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

1 0

[opensuse-security] Release of Fou4s 0.15.0
by Markus Gaugusch 24 Mar '09

24 Mar '09

Hi, I'm glad to announce a new final version of fou4s! This is an important update, especially because one of the last betas doesn't find updates for SuSE 10.x anymore :-( You need to upgrade manually on SuSE 10.x machines using the command rpm -Uvh http://fou4s.gaugusch.at/update/current/rpm/fou4s-0.15.0-3.noarch.rpm Please note, that on SuSE 10.3 the update for hal causes fou4s to hang after applying it. Furthermore, the dbus daemon has to be restarted (rcdbus restart), otherwise the syslog is flooded with errors: console-kit-daemon[1876]: WARNING: Couldn't connect to system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: Connection refused To apply the upgrade, press ctrl-c after fou4s hangs, restart the dbus daemon, and run fou4s again for the other updates. New Features: SuSE 10.1+10.2+10.3+11.0+11.1 support. New option --older-than. Changed default of CheckFou4s to 1. Changed default of RemoveAfterInstall to 1. Don't switch back to buildtime with different version structure (fix wrong downloads when using foreign package sources such as packman) Bugfix: Fix missing updates for 10.3 Bugfix: Fix potential security hole when reading cache files Bugfix: Fix wrong cache content after fou4s updating itself. Bugfix: Don't install packages with different arch than original Bugfix: Fix hang when installing first time on 11.x Bugfix: Fix duplicate display of packages on 11.x when not working from cache Bugfix: Delta RPMs now fully work on 11.x Bugfix: Performance improvements on 11.x Bugfix: List-Mode (-l) now working properly for SuSE 11.x Bugfix: Cache was not properly invalidated for SuSE 11.x. Bugfix: "fou4s line 1120" for SuSE 11.x, reported by Olaf Schreck regards, Markus Gaugusch -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \ -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

1 0

[opensuse-security] Alpha level OVAL descriptions available
by Marcus Meissner 17 Mar '09

17 Mar '09

Hi folks, I have now a working ALPHA quality level generator for OVAL descriptions. These are currently available via: http://www.suse.de/~meissner/oval/ Some things in those files are missing, but they can already be run through the reference OVAL interpreter ("ovaldi"). Sample call: ovaldi -m -a /usr/share/ovaldi/ -o opensuse.11.1.xml (ovaldi is in the buildservice security repo) There is a full.xml but ovaldi takes 6 hours on my PowerMac G5 to run it, so better use the product files. Note that the included identifiers are not stable yet and there is lots of tuning to do. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

1 0

[opensuse-security] Re: [security-announce] SUSE Security Announcement: Mozilla Firefox (SUSE-SA:2009:012)
by Frank Steiner 17 Mar '09

17 Mar '09

Marcus Meissner wrote > ______________________________________________________________________________ > > 1) Problem Description and Brief Discussion > > The Mozilla Firefox browser is updated to version 3.0.7 fixing various > security and stability issues. > > Updates are provided for openSUSE 11.0 and 11.1 currently, backports > for other Mozilla Firefox browsers and Mozilla Suite programs will > follow. I somehow doubt this :-/ Unless my SLED update is broken or I've missed sth. (and I apologize if that's the case), the same was said for the last FF security announcement from Feb 16: > Fixes for older Firefox and other Mozilla versions are being worked on. That's 4 weeks ago and nothing happened. Maybe all those bugs did not hit the 2.0 FF (but then this should be stated clearly). Otherwise it would mean that there haven't been fixes for a "remote code execution" (as stated in the announcement) for the SLES/SLED Firefox for more than 4 weeks now. This isn't acceptable for Enterprise versions! cu, Frank -- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr. 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: +49 89 2180-99-4049 * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. * -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

2 3

[opensuse-security] java-1_6_0-openjdk update fails - 11.0 x64
by Eoin Kirwan 12 Mar '09

12 Mar '09

An update notification popped up this evening for java-1_6_0-openjdk but the update fails. I am running 11.0 x64 OpenSUSE updater fails silently With zypper: # zypper lu Reading installed packages... Patches Repository | Name | Version | Category | Status ----------------------+--------------------+---------+----------+------- openSUSE-11.0-Updates | java-1_6_0-openjdk | 578 | security | Needed # zypper up Reading installed packages... Problem: Solvable java-1_6_0-openjdk-1.4_b14-24.2.i586 conflicts with tzdata-java provided by itself Solution 1: Following actions will be done: deinstallation of java-1_6_0-openjdk-plugin-1.2_b09-9.1.i586 deinstallation of java-1_6_0-openjdk-1.2_b09-9.1.i586 Solution 2: do not install patch:java-1_6_0-openjdk-578.noarch Choose from above solutions by number or cancel [1/2/C]: - I chose cancel. Has anyone else found this problem? As the problem appears to be with the update itself, will there be an updated update? :) Also, Opera 9.64 came out last week with a significant security issue fixed, I was hoping it would be in the opensuse update repositories by now. I would install it manually, but then I'd probably have to apply all Opera updates manually in future, which I don't want. Regards Eoin -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

5 8

[opensuse-security] Re: [security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:2009:010)
by Marcus Meissner 09 Mar '09

09 Mar '09

On Thu, Feb 26, 2009 at 12:03:14PM -0500, Greg Freemyer wrote: > So those of us running wl.ko from pacman on a laptop will lose > wireless with this upgrade until we install a new version. Yes. I think that was the one that had license issues so we could not include it in our distro? Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

5 12

[opensuse-security] OT. Cell phone
by eddie_krack＠yahoo.com 05 Mar '09

05 Mar '09

I need the unsubscribe link please. My cell doesn't show all headers EK Sent via BlackBerry by AT&T -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

2 1