openSUSE Security July 2015

security@lists.opensuse.org

6 participants
5 discussions

[opensuse-security] Security updates for 13.2
by Stefan Seyfried 11 Jul '15

11 Jul '15

(crossposted to opensuse-kernel and opensuse-security, because I'm really not sure who is in charge of this) Hi all, I just noticed that security updates have been released for mainline 3.10, 3.14, 4.0 and 4.1 series. The latest released kernel update for 13.2 is almost 3 months old. What is the advised way to keep a 13.2 installation secure? Or do all those problems of older and newer mainline kernels not affect the openSUSE kenrel? Best regards -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

3 3

[opensuse-security] Re: [security-announce] openSUSE not affected by OpenSSL CVE-2015-1793
by Carlos E. R. 10 Jul '15

10 Jul '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-07-10 10:45, Marcus Meissner wrote: > On Thu, Jul 09, 2015 at 06:33:29PM +0200, Carlos E. R. wrote: >> What about 11.4? Does evergreen 11.4 need an update? > > No. Thanks :-) - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlWfuDkACgkQja8UbcUWM1y60gEAlclnSHdM/K5RJMhdLdxRlERM UtwO4/BeQGT9uK2d4jEA+gIweHHzcksDVfSGEYJUwFQ1dKkBdBVeC6MTYWzDsXTv =rJZY -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

1 0

[opensuse-security] Re: [security-announce] openSUSE-SU-2015:1207-1: critical: Security update for flash-player
by Andreas Stieger 10 Jul '15

10 Jul '15

Hello, On 07/10/2015 05:30 AM, Uzair Shamim wrote: > On 07/08/2015 11:08 AM, opensuse-security(a)opensuse.org wrote: >> openSUSE Security Update: Security update for flash-player >> ______________________________________________________________________________ > >> Announcement ID: openSUSE-SU-2015:1207-1 >> Rating: critical >> References: #937339 >> Cross-References: CVE-2015-5119 >> Affected Products: >> openSUSE 13.2:NonFree >> openSUSE 13.1:NonFree [...] > Stupid question, will this be available in tumbleweed? I dont see this in my repos, even after a refresh. There was a problem syncing openSUSE:Factory:NonFree to Tumbleweed which is now resolved. This was only discovered after MozillaFirefox started blocking the vulnerable version. 11.2.202.481 is available in openSUSE-Tumbleweed-Update. Andreas -- Andreas Stieger <astieger(a)suse.com> Project Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg)

1 0

[opensuse-security] Re: openSUSE not affected by OpenSSL CVE-2015-1793
by Andreas Stieger 10 Jul '15

10 Jul '15

Hello, On 07/09/2015 06:33 PM, Carlos E. R. wrote: > On 2015-07-09 16:07, Andreas Stieger wrote: > >> The OpenSSL versions shipped in openSUSE 13.1 and 13.2 are not >> affected. > > What about 11.4? Does evergreen 11.4 need an update? No, as can be seen by comparing the OpenSSL library versions against the details I gave. Andreas -- Andreas Stieger <astieger(a)suse.com> Project Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg)

1 0

[opensuse-security] Re: [security-announce] openSUSE not affected by OpenSSL CVE-2015-1793
by Thomas Biege 09 Jul '15

09 Jul '15

sehr gut! Thomas On 07/09/2015 04:07 PM, Andreas Stieger wrote: > Dear openSUSE users, > > The OpenSSL Project recently pre-announced [1], and how has released [2] > an advisory for a security issue with a severity rated "high". This was > picked up in various news articles [3] [4]. A detail which was not known > to the general public at the time when these were written was that the > issue affects 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o specifically. The fixed > releases are 1.0.1p and 1.0.2d, and CVE-2015-1793 was assigned to the issue. > > The OpenSSL versions shipped in openSUSE 13.1 and 13.2 are not affected. > The openSUSE Tumbleweed distribution never received a vulnerable version > and was never affected. The next submission into Factory will skip any > vulnerable versions. > > We have updated the Bugzilla entry [5] and CVE page [6] to that effect. > > [1] https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html > [2] https://www.openssl.org/news/secadv_20150709.txt > [3] > http://www.heise.de/security/meldung/Kritischer-OpenSSL-Patch-voraus-273980… > [4] > http://www.securityweek.com/openssl-preparing-updates-patch-high-severity-v… > [5] https://bugzilla.opensuse.org/show_bug.cgi?id=CVE-2015-1793 > [6] https://www.suse.com/security/cve/CVE-2015-1793.html > > On behalf of the SUSE Security team, > Andreas Stieger > -- Thomas Biege <thomas(a)suse.de>, Team Leader MaintenanceSecurity, CSSLP SUSE Linux GmbH, GF: Felix Imendoerffer, Jane Smithard, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nuernberg) -- Wer aufhoert besser werden zu wollen, hoert auf gut zu sein. -- Marie von Ebner-Eschenbach

1 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security July 2015