openSUSE Security February 2016

security@lists.opensuse.org

5 participants
3 discussions

[opensuse-security] changing apparmor abstractions
by Malte Gell 09 Feb '16

09 Feb '16

Hi there, after changing apparmor abstractions, do you need to reload all profiles that access these abstractions? Or can you change abstractions any time wo reloading? Thanx -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

2 1

[opensuse-security] OpenSUSE 13.1 Official Security Update Kernel 3.11.10-32.1 misses patches from announcement
by Martin Konold 03 Feb '16

03 Feb '16

Hi there, At Mon, 1 Feb 2016 16:11:19 +0100 (CET) an openSUSE-SU-2016:0301-1 security update for the kernel of openSUSE 13.1 got announced. http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html It mentions that kernel 3.11.10-32.1 fixes these issues. I verified that many updates/fixes including those mentioned in the advisory are already incorporated in the git version as available from http:// download.opensuse.org/repositories/Kernel://openSUSE-13.1/standard/src/kern… source-3.11.10-170.1.g1e76e80.src.rpm But when checking with http://download.opensuse.org/update/13.1/src/kernel-source-3.11.10-32.1.src… which explicitly carries the version which is mentioned in the security announcement and is also from 1 Feb 2016 I noticed that the actual security fixes are missing in this package! You may easily verify the issue by either looking at series.conf in the supposed update package or simply check the changelog. rpm -qpi --changelog kernel-source-3.11.10-170.1.g1e76e80.src.rpm |grep 'Source Timestamp' Source Timestamp: 2016-01-20 15:13:45 +0100 versus rpm -qpi --changelog http://download.opensuse.org/update/13.1/src/kernel-source-3.11.10-32.1.src… |grep 'Source Timestamp' Source Timestamp: 2015-03-05 17:24:00 +0100 The later is definitely outdated. I can only assume that maybe something is wrong with the OBS setup. Maybe Coolo can shed some light on the issue. Kind regards --martin konold -- Dipl.-Physiker Martin Konold e r f r a k o n Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker Registergericht: Amtsgericht Stuttgart PR 126 Firmensitz: Adolfstraße 23, 70469 Stuttgart fon: 0711 67400963 fax: 0711 67400959 email: martin.konold(a)erfrakon.de http://www.erfrakon.de -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

2 1

[opensuse-security] Antw: [security-announce] openSUSE-SU-2016:0263-1: critical: Security update for java-1_8_0-openjdk
by Ulrich Windl 01 Feb '16

01 Feb '16

>>> <opensuse-security(a)opensuse.org> schrieb am 27.01.2016 um 21:11 in Nachricht <20160127201129.7748A3213D(a)maintenance.suse.de>: > openSUSE Security Update: Security update for java-1_8_0-openjdk [...] > java-1_8_0-openjdk was updated to version 7u95 to fix 9 security issues. Is this a typing error? (java 8 being updated to Java 7) Regards, Ulrich -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

2 1

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security February 2016