openSUSE Security May 2012

security@lists.opensuse.org

5 participants
4 discussions

[opensuse-security] Re: [security-announce] openSUSE-SU-2012:0655-1: important: update for cobbler
by Ernst Wolf 29 May '12

29 May '12

Unsubscribe Bitte entfernen Sie mich von dieser Liste! Vielen Dank! MfG Ernst From my iPhone 4S Am 29.05.2012 um 15:08 schrieb opensuse-security(a)opensuse.org: > openSUSE Security Update: update for cobbler > ______________________________________________________________________________ > > Announcement ID: openSUSE-SU-2012:0655-1 > Rating: important > References: #763610 > Cross-References: CVE-2012-2395 > Affected Products: > openSUSE 12.1 > openSUSE 11.4 > ______________________________________________________________________________ > > An update that fixes one vulnerability is now available. > > Description: > > The xmlrpc interface of cobbler was prone to command > injectoin > > > Patch Instructions: > > To install this openSUSE Security Update use YaST online_update. > Alternatively you can run the command listed for your product: > > - openSUSE 12.1: > > zypper in -t patch openSUSE-2012-296 > > - openSUSE 11.4: > > zypper in -t patch openSUSE-2012-296 > > To bring your system up-to-date, use "zypper patch". > > > Package List: > > - openSUSE 12.1 (i586 x86_64): > > cobbler-2.2.1-7.13.1 > cobbler-web-2.2.1-7.13.1 > koan-2.2.1-7.13.1 > > - openSUSE 11.4 (i586 x86_64): > > cobbler-2.2.1-45.1 > cobbler-web-2.2.1-45.1 > koan-2.2.1-45.1 > > > References: > > http://support.novell.com/security/cve/CVE-2012-2395.html > https://bugzilla.novell.com/763610 > > -- > To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org > For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org > -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

1 0

[opensuse-security] Antw: [security-announce] SUSE-SU-2012:0602-1: important: Security update for IBM Java 1.6.0
by Ulrich Windl 10 May '12

10 May '12

FYI: The subject talks about Java 1.6, but the contents only mentions Java 1.5... Ulrich >>> <opensuse-security(a)opensuse.org> schrieb am 09.05.2012 um 20:08 in Nachricht <20120509180814.1071232414(a)maintenance.suse.de>: > SUSE Security Update: Security update for IBM Java 1.6.0 > ____________________________________________________________________________ > __ > > Announcement ID: SUSE-SU-2012:0602-1 > Rating: important > References: #755397 #758470 > Cross-References: CVE-2011-3389 CVE-2011-3557 CVE-2011-3560 > CVE-2011-3563 CVE-2012-0498 CVE-2012-0499 > CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 > CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 > > Affected Products: > SUSE Linux Enterprise Server 10 SP4 > SUSE Linux Enterprise Java 10 SP4 > SUSE Linux Enterprise Desktop 10 SP4 > ____________________________________________________________________________ > __ > > An update that fixes 12 vulnerabilities is now available. > > Description: > > > IBM Java 1.5.0 has been updated to SR13-FP1, fixing various > security issues. > > More information can be found on: > > http://www.ibm.com/developerworks/java/jdk/alerts/ > <http://www.ibm.com/developerworks/java/jdk/alerts/> > > Security Issue references: > > * CVE-2012-0502 > <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0502 > > > * CVE-2012-0503 > <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0503 > > > * CVE-2012-0506 > <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0506 > > > * CVE-2012-0507 > <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0507 > > > * CVE-2011-3563 > <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3563 > > > * CVE-2012-0498 > <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0498 > > > * CVE-2012-0499 > <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0499 > > > * CVE-2012-0501 > <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0501 > > > * CVE-2012-0505 > <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0505 > > > > > > Package List: > > - SUSE Linux Enterprise Server 10 SP4 (i586 ppc s390x x86_64): > > java-1_5_0-ibm-1.5.0_sr13.1-0.8.3 > java-1_5_0-ibm-devel-1.5.0_sr13.1-0.8.3 > java-1_5_0-ibm-fonts-1.5.0_sr13.1-0.8.3 > > - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): > > java-1_5_0-ibm-32bit-1.5.0_sr13.1-0.8.3 > java-1_5_0-ibm-devel-32bit-1.5.0_sr13.1-0.8.3 > > - SUSE Linux Enterprise Server 10 SP4 (i586 ppc): > > java-1_5_0-ibm-jdbc-1.5.0_sr13.1-0.8.3 > java-1_5_0-ibm-plugin-1.5.0_sr13.1-0.8.3 > > - SUSE Linux Enterprise Server 10 SP4 (x86_64): > > java-1_5_0-ibm-alsa-32bit-1.5.0_sr13.1-0.8.3 > > - SUSE Linux Enterprise Server 10 SP4 (i586): > > java-1_5_0-ibm-alsa-1.5.0_sr13.1-0.8.3 > > - SUSE Linux Enterprise Server 10 SP4 (ppc): > > java-1_5_0-ibm-64bit-1.5.0_sr13.1-0.8.3 > > - SUSE Linux Enterprise Java 10 SP4 (i586 ppc s390x x86_64): > > java-1_5_0-ibm-1.5.0_sr13.1-0.8.3 > java-1_5_0-ibm-devel-1.5.0_sr13.1-0.8.3 > java-1_5_0-ibm-fonts-1.5.0_sr13.1-0.8.3 > > - SUSE Linux Enterprise Java 10 SP4 (ppc): > > java-1_5_0-ibm-jdbc-1.5.0_sr13.1-0.8.3 > java-1_5_0-ibm-plugin-1.5.0_sr13.1-0.8.3 > > - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): > > java-1_5_0-ibm-1.5.0_sr13.1-0.8.3 > java-1_5_0-ibm-demo-1.5.0_sr13.1-0.8.3 > java-1_5_0-ibm-devel-1.5.0_sr13.1-0.8.3 > java-1_5_0-ibm-fonts-1.5.0_sr13.1-0.8.3 > java-1_5_0-ibm-src-1.5.0_sr13.1-0.8.3 > > - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): > > java-1_5_0-ibm-32bit-1.5.0_sr13.1-0.8.3 > java-1_5_0-ibm-alsa-32bit-1.5.0_sr13.1-0.8.3 > java-1_5_0-ibm-devel-32bit-1.5.0_sr13.1-0.8.3 > > - SUSE Linux Enterprise Desktop 10 SP4 (i586): > > java-1_5_0-ibm-alsa-1.5.0_sr13.1-0.8.3 > java-1_5_0-ibm-jdbc-1.5.0_sr13.1-0.8.3 > java-1_5_0-ibm-plugin-1.5.0_sr13.1-0.8.3 > > > References: > > http://support.novell.com/security/cve/CVE-2011-3389.html > http://support.novell.com/security/cve/CVE-2011-3557.html > http://support.novell.com/security/cve/CVE-2011-3560.html > http://support.novell.com/security/cve/CVE-2011-3563.html > http://support.novell.com/security/cve/CVE-2012-0498.html > http://support.novell.com/security/cve/CVE-2012-0499.html > http://support.novell.com/security/cve/CVE-2012-0501.html > http://support.novell.com/security/cve/CVE-2012-0502.html > http://support.novell.com/security/cve/CVE-2012-0503.html > http://support.novell.com/security/cve/CVE-2012-0505.html > http://support.novell.com/security/cve/CVE-2012-0506.html > http://support.novell.com/security/cve/CVE-2012-0507.html > https://bugzilla.novell.com/755397 > https://bugzilla.novell.com/758470 > > http://download.novell.com/patch/finder/?keywords=37f9fa06a81529e81613e3989… > 55358 -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

2 1

[opensuse-security] RE: [security-announce] SUSE-SU-2012:0591-1: important: Security update for Samba
by tedrb＠wellsfargo.com 07 May '12

07 May '12

We don't install the gplv3 packages; they aren't even *on* Pippin. Libnetapi0 and libtdb1 at least are only in our SLES 11 repos. This is n/a. (I don't even know where the 10GPLv3 Extras are.) Ted Rodriguez-Bell Enterprise Virtualization, z/VM and z/Linux, Wells Fargo (415) 477-6891 office (415) 516-7913 cell 201 3rd St., MAC A0187-050, San Francisco, CA 94103 4155167913(a)vtext.com or http://www.vtext.com text paging (but cell is safer) Company policy requires: This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -----Original Message----- From: opensuse-security(a)opensuse.org [mailto:opensuse-security@opensuse.org] Sent: Monday, May 07, 2012 8:08 AM To: opensuse-security-announce(a)opensuse.org Subject: [security-announce] SUSE-SU-2012:0591-1: important: Security update for Samba SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0591-1 Rating: important References: #757080 #757576 Cross-References: CVE-2012-2111 Affected Products: SUSE Linux Enterprise Server 10 GPLv3 Extras ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of Samba fixes the following security issue: * CVE-2012-2111: Ensure that users cannot hand out their own privileges to everyone, only administrators are allowed to do that. Security Issue reference: * CVE-2012-2111 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2111 > Package List: - SUSE Linux Enterprise Server 10 GPLv3 Extras (i586 ia64 ppc s390x x86_64): libnetapi-devel-3.4.3-0.43.1 libnetapi0-3.4.3-0.43.1 libtalloc-devel-3.4.3-0.43.1 libtalloc1-3.4.3-0.43.1 libtdb-devel-3.4.3-0.43.1 libtdb1-3.4.3-0.43.1 libwbclient-devel-3.4.3-0.43.1 libwbclient0-3.4.3-0.43.1 samba-gplv3-3.4.3-0.43.1 samba-gplv3-client-3.4.3-0.43.1 samba-gplv3-krb-printing-3.4.3-0.43.1 samba-gplv3-winbind-3.4.3-0.43.1 - SUSE Linux Enterprise Server 10 GPLv3 Extras (noarch): samba-gplv3-doc-3.4.3-0.43.1 References: http://support.novell.com/security/cve/CVE-2012-2111.html https://bugzilla.novell.com/757080 https://bugzilla.novell.com/757576 http://download.novell.com/patch/finder/?keywords=ef33002197942af3c42590677… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

1 0

[opensuse-security] Undelivered Mail Returned to Sender
by XCQTYGWIOZBD＠spammotel.com 01 May '12

01 May '12

This is the mail system at host spammotel.com. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <XCQTYGWIOZBD(a)spammotel.com>: host mx1.GMX.NET[213.165.64.102] said: 550 5.1.1 <XCQTYGWIOZBD(a)spammotel.com>... User is unknown {mx069} (in reply to RCPT TO command)

1 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security May 2012