openSUSE Security October 2015

security@lists.opensuse.org

7 participants
3 discussions

[opensuse-security] Xen Critical vulnerability CVE-2015-7835 unpatched in Opensuse/Xen packages
by PGNet Dev 31 Oct '15

31 Oct '15

(posted this already to opensuse-virtual ML; was suggested that I post it here as well) I run latest Xen from d.o.o's Virtualization/openSUSE_13.2 repo rpm -qa | grep -i ^xen | sort xen-4.5.1_10-390.1.x86_64 xen-libs-4.5.1_10-390.1.x86_64 xen-tools-4.5.1_10-390.1.x86_64 Xen's now made public it's latest critical advisory http://arstechnica.com/security/2015/10/xen-patches-7-year-old-bug-that-sha… "Xen patches 7-year-old bug that shattered hypervisor security. Critical vulnerability allowed some guests to access underlying operating system." http://xenbits.xen.org/xsa/advisory-148.html Advisory XSA-148 Public release 2015-10-29 11:59 ... CVE(s) CVE-2015-7835 Title x86: Uncontrolled creation of large page mappings by PV guests The advisory instructs patching to resolve RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa148.patch xen-unstable, Xen 4.6.x xsa148-4.5.patch Xen 4.5.x xsa148-4.4.patch Xen 4.4.x, Xen 4.3.x Checking installed Xen's changelog rpm -q --changelog xen | egrep "CVE-2015-7835|xsa148" (empty) it's not been applied. Or, afaict from obs, even submitted. Where's this security patch in the package tree? -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

2 4

[opensuse-security] Features for Leap on Wiki
by Douglas DeMaio 23 Oct '15

23 Oct '15

Hi all, it's that time of the year and we need to rally the Geekos to tell the world all the great things you have done this past year that are now in Leap. Please take the time to update the features page on the openSUSE wiki - https://en.opensuse.org/Features Please add the current information, new and relevant information related to Leap. We highly is appreciated. If you haven't read already, we are having a Wikithon (https://news.opensuse.org/2015/10/19/weekend-wikithon-to-refresh-content/) this weekend to refresh the wiki and add new features to our newest release. Without your help, it won't be possible. Please help where you can and try to win one of the four hats we are awarding to the people with the most contributions. v/r Doug -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

1 1

[opensuse-security] Re: [security-announce] openSUSE-SU-2015:1658-1: important: Security update for MozillaFirefox
by Rob Janssen 04 Oct '15

04 Oct '15

opensuse-security(a)opensuse.org wrote: > openSUSE Security Update: Security update for MozillaFirefox > ______________________________________________________________________________ > > Announcement ID: openSUSE-SU-2015:1658-1 > Rating: important > References: #947003 > Cross-References: CVE-2015-4476 CVE-2015-4500 CVE-2015-4501 > CVE-2015-4502 CVE-2015-4503 CVE-2015-4504 > CVE-2015-4505 CVE-2015-4506 CVE-2015-4507 > CVE-2015-4508 CVE-2015-4509 CVE-2015-4510 > CVE-2015-4511 CVE-2015-4512 CVE-2015-4516 > CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 > CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 > CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 > CVE-2015-7178 CVE-2015-7179 CVE-2015-7180 > > Affected Products: > openSUSE 13.2 > openSUSE 13.1 > ______________________________________________________________________________ > > An update that fixes 27 vulnerabilities is now available. > Why are the updates for Firefox and Chromium tracked continuously, while Seamonkey is updated only very occasionally? The version on openSUSE 13.1 is still 2.33.1 and Seamonkey complains it is outdated. Regards, Rob Janssen -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

4 6

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security October 2015