openSUSE Updates October 2010

updates@lists.opensuse.org

2 participants
48 discussions

openSUSE-SU-2010:0923-1 (low): dovecot security update
by opensuse-security＠opensuse.org 29 Oct '10

29 Oct '10

openSUSE Security Update: dovecot security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0923-1 Rating: low References: #643715 Cross-References: CVE-2010-3706 CVE-2010-3707 Affected Products: openSUSE 11.3 openSUSE 11.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: dovecot granted admin rights to all owner mailboxes (CVE-2010-3706). When using multiple ACL entries for mailboxes the most specific one was not always applied (CVE-2010-3707). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch dovecot12-3416 - openSUSE 11.2: zypper in -t patch dovecot12-3416 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64): dovecot12-1.2.11-3.3.1 dovecot12-backend-mysql-1.2.11-3.3.1 dovecot12-backend-pgsql-1.2.11-3.3.1 dovecot12-backend-sqlite-1.2.11-3.3.1 dovecot12-devel-1.2.11-3.3.1 dovecot12-fts-lucene-1.2.11-3.3.1 dovecot12-fts-solr-1.2.11-3.3.1 - openSUSE 11.2 (i586 x86_64) [New Version: 1.2.9]: dovecot12-1.2.9-0.5.1 dovecot12-backend-mysql-1.2.9-0.5.1 dovecot12-backend-pgsql-1.2.9-0.5.1 dovecot12-backend-sqlite-1.2.9-0.5.1 dovecot12-devel-1.2.9-0.5.1 dovecot12-fts-lucene-1.2.9-0.5.1 References: http://support.novell.com/security/cve/CVE-2010-3706.html http://support.novell.com/security/cve/CVE-2010-3707.html https://bugzilla.novell.com/643715

1 0

openSUSE-SU-2010:0921-1 (moderate): clamav update to version 0.96.3
by opensuse-security＠opensuse.org 28 Oct '10

28 Oct '10

openSUSE Security Update: clamav update to version 0.96.3 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0921-1 Rating: moderate References: #640812 Cross-References: CVE-2010-3434 Affected Products: openSUSE 11.3 openSUSE 11.2 openSUSE 11.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: clamav version 0.96.3 fixes problems when scanning pdf files (CVE-2010-3434) and also contains numerous other bug fixes. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch clamav-3230 - openSUSE 11.2: zypper in -t patch clamav-3230 - openSUSE 11.1: zypper in -t patch clamav-3230 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64) [New Version: 0.96.3]: clamav-0.96.3-0.1.1 - openSUSE 11.3 (noarch) [New Version: 0.96.3]: clamav-db-0.96.3-0.1.1 - openSUSE 11.2 (i586 x86_64) [New Version: 0.96.3]: clamav-0.96.3-0.1.1 clamav-db-0.96.3-0.1.1 - openSUSE 11.1 (i586 ppc x86_64) [New Version: 0.96.3]: clamav-0.96.3-0.1.1 clamav-db-0.96.3-0.1.1 References: http://support.novell.com/security/cve/CVE-2010-3434.html https://bugzilla.novell.com/640812

1 0

openSUSE-RU-2010:0920-1 (low): kvm: Collective update for kvm
by maintenance＠opensuse.org 28 Oct '10

28 Oct '10

openSUSE Recommended Update: kvm: Collective update for kvm ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0920-1 Rating: low References: #565600 #569337 #598271 #598298 #599095 #603161 #603179 #603523 #610682 #619991 #621793 #637297 #640093 Affected Products: openSUSE 11.2 ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. It includes one version update. Description: The following bugs are fixed by this update: - Bug 569337 - Make dzip not consume endless amounts of ram - Bug 565600 - Make block-tar work for images > 8 GB - Bug 598298 - restoring a KVM guest using Realtek 8139 results broken guest networking - Bug 621793 - sles11-sp1-jeos xen image failed to boot in testdrive - Bug 603161 - 11.3 / FACTORY ISOs don't boot in FACTORY's kvm - Bug 599095 - SLE11SP1 kvm version slows down building dramatically (flushing) - Bug 598271 - kvm not build with libaio/linux-aio support due to missing BuildReq - Bug 637297 - Revert Changed WB behavior - Bug 640093 - Change default memory from 384MB to 512MB, which is in keeping with the default used by vm-install. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch kvm-3407 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 x86_64) [New Version: 0.12.5]: kvm-0.12.5-2.3.1 References: https://bugzilla.novell.com/565600 https://bugzilla.novell.com/569337 https://bugzilla.novell.com/598271 https://bugzilla.novell.com/598298 https://bugzilla.novell.com/599095 https://bugzilla.novell.com/603161 https://bugzilla.novell.com/603179 https://bugzilla.novell.com/603523 https://bugzilla.novell.com/610682 https://bugzilla.novell.com/619991 https://bugzilla.novell.com/621793 https://bugzilla.novell.com/637297 https://bugzilla.novell.com/640093

1 0

openSUSE-SU-2010:0919-1 (critical): Linux Kernel: security and bugfix update
by opensuse-security＠opensuse.org 28 Oct '10

28 Oct '10

openSUSE Security Update: Linux Kernel: security and bugfix update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0919-1 Rating: critical References: #409504 #441062 #564324 #646045 #647322 #647392 Affected Products: openSUSE 11.2 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: This update of the openSUSE 11.2 Linux kernel fixes two critical security issues and some bugs. Following security issues were fixed: CVE-2010-3904: A local privilege escalation in RDS sockets allowed local attackers to gain root privileges. CVE-2010-2963: A problem in the compat ioctl handling in video4linux allowed local attackers with a video device plugged in to gain root privileges on x86_64 systems. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch kernel-3398 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 x86_64) [New Version: 2.6.31.14]: kernel-debug-2.6.31.14-0.4.1 kernel-debug-base-2.6.31.14-0.4.1 kernel-debug-devel-2.6.31.14-0.4.1 kernel-default-2.6.31.14-0.4.1 kernel-default-base-2.6.31.14-0.4.1 kernel-default-devel-2.6.31.14-0.4.1 kernel-desktop-2.6.31.14-0.4.1 kernel-desktop-base-2.6.31.14-0.4.1 kernel-desktop-devel-2.6.31.14-0.4.1 kernel-syms-2.6.31.14-0.4.1 kernel-trace-2.6.31.14-0.4.1 kernel-trace-base-2.6.31.14-0.4.1 kernel-trace-devel-2.6.31.14-0.4.1 kernel-vanilla-2.6.31.14-0.4.1 kernel-vanilla-base-2.6.31.14-0.4.1 kernel-vanilla-devel-2.6.31.14-0.4.1 kernel-xen-2.6.31.14-0.4.1 kernel-xen-base-2.6.31.14-0.4.1 kernel-xen-devel-2.6.31.14-0.4.1 preload-kmp-default-1.1_2.6.31.14_0.4-6.9.32 preload-kmp-desktop-1.1_2.6.31.14_0.4-6.9.32 - openSUSE 11.2 (noarch) [New Version: 2.6.31.14]: kernel-source-2.6.31.14-0.4.1 kernel-source-vanilla-2.6.31.14-0.4.1 - openSUSE 11.2 (i586) [New Version: 2.6.31.14]: kernel-pae-2.6.31.14-0.4.1 kernel-pae-base-2.6.31.14-0.4.1 kernel-pae-devel-2.6.31.14-0.4.1 References: https://bugzilla.novell.com/409504 https://bugzilla.novell.com/441062 https://bugzilla.novell.com/564324 https://bugzilla.novell.com/646045 https://bugzilla.novell.com/647322 https://bugzilla.novell.com/647392

1 0

openSUSE-RU-2010:0918-1 (low): aaa_base: A broken disabling of swap partitions on LVM is fixed by this update
by maintenance＠opensuse.org 28 Oct '10

28 Oct '10

openSUSE Recommended Update: aaa_base: A broken disabling of swap partitions on LVM is fixed by this update ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0918-1 Rating: low References: #631916 Affected Products: openSUSE 11.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: "boot.swap off" does not disable swap partitions on LVM but only the swap files. Fixed by this update Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch aaa_base-3216 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64): aaa_base-11.3-8.3.1 References: https://bugzilla.novell.com/631916

1 0

openSUSE-SU-2010:0917-1 (important): bind: DNSSEC denial of service via a recursive validating server (CVE-2010-0213)
by opensuse-security＠opensuse.org 28 Oct '10

28 Oct '10

openSUSE Security Update: bind: DNSSEC denial of service via a recursive validating server (CVE-2010-0213) ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0917-1 Rating: important References: #644907 Cross-References: CVE-2010-0213 Affected Products: openSUSE 11.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: A DoS vulnerability in bind's DNSSEC code has been fixed which occured while recursively validating a server. CVE-2010-0213 has been assigned to this issue. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch bind-3403 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64) [New Version: 9.7.1P2]: bind-9.7.1P2-0.2.1 bind-chrootenv-9.7.1P2-0.2.1 bind-devel-9.7.1P2-0.2.1 bind-libs-9.7.1P2-0.2.1 bind-utils-9.7.1P2-0.2.1 - openSUSE 11.3 (x86_64) [New Version: 9.7.1P2]: bind-libs-32bit-9.7.1P2-0.2.1 - openSUSE 11.3 (noarch) [New Version: 9.7.1P2]: bind-doc-9.7.1P2-0.2.1 References: http://support.novell.com/security/cve/CVE-2010-0213.html https://bugzilla.novell.com/644907

1 0

openSUSE-SU-2010:0914-1 (important): glibc: Security update to fix various security problems and bugs
by opensuse-security＠opensuse.org 28 Oct '10

28 Oct '10

openSUSE Security Update: glibc: Security update to fix various security problems and bugs ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0914-1 Rating: important References: #375315 #445636 #513961 #534828 #537315 #538067 #541773 #569091 #572188 #585879 #592941 #594263 #615556 #646960 Cross-References: CVE-2008-1391 CVE-2010-0015 CVE-2010-0296 CVE-2010-0830 CVE-2010-3847 CVE-2010-3856 Affected Products: openSUSE 11.1 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 8 fixes is now available. Description: This update of glibc fixes various bugs and security issues: CVE-2010-3847: Decoding of the $ORIGIN special value in various LD_ environment variables allowed local attackers to execute code in context of e.g. setuid root programs, elevating privileges. This issue does not affect SUSE as an assertion triggers before the respective code is executed. The bug was fixed nevertheless. CVE-2010-3856: The LD_AUDIT environment was not pruned during setuid root execution and could load shared libraries from standard system library paths. This could be used by local attackers to inject code into setuid root programs and so elevated privileges. CVE-2010-0830: Integer overflow causing arbitrary code execution in ld.so --verify mode could be induced by a specially crafted binary. CVE-2010-0296: The addmntent() function would not escape the newline character properly, allowing the user to insert arbitrary newlines to the /etc/mtab; if the addmntent() is run by a setuid mount binary that does not do extra input checking, this would allow custom entries to be inserted in /etc/mtab. CVE-2008-1391: The strfmon() function contains an integer overflow vulnerability in width specifiers handling that could be triggered by an attacker that can control the format string passed to strfmon(). CVE-2010-0015: Some setups (mainly Solaris-based legacy setups) include shadow information (password hashes) as so-called "adjunct passwd" table, mangling it with the rest of passwd columns instead of keeping it in the shadow table. Normally, Solaris will disclose this information only to clients bound to a priviledged port, but when nscd is deployed on the client, getpwnam() would disclose the password hashes to all users. New mode "adjunct as shadow" can now be enabled in /etc/default/nss that will move the password hashes from the world-readable passwd table to emulated shadow table (that is not cached by nscd). Some invalid behaviour, crashes and memory leaks were fixed: - statfs64() would not function properly on IA64 in ia32el emulation mode. - memcpy() and memset() on power6 would erroneously use a 64-bit instruction within 32-bit code in certain corner cases. - nscd would not load /etc/host.conf properly before performing host resolution - most importantly, `multi on` in /etc/host.conf would be ignored when nscd was used, breaking e.g. resolving records in /etc/hosts where single name would point at multiple addresses - Removed mapping from lowercase sharp s to uppercase sharp S; uppercase S is not a standardly used letter and causes problems for ISO encodings. Some other minor issues were fixed: - glibc-locale now better coexists with sap-locale on upgrades by regenerating the locale/gconv indexes properly. - Ports 623 and 664 may not be allocated by RPC code automatically anymore since that may clash with ports used on some IPMI network cards. - On x86_64, backtrace of a static destructor would stop in the _fini() glibc pseudo-routine, making it difficult to find out what originally triggered the program termination. The routine now has unwind information attached. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.1: zypper in -t patch glibc-3399 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.1 (i586 i686 ppc x86_64): glibc-2.9-2.13.1 glibc-devel-2.9-2.13.1 glibc-html-2.9-2.13.1 glibc-i18ndata-2.9-2.13.1 glibc-info-2.9-2.13.1 glibc-locale-2.9-2.13.1 glibc-obsolete-2.9-2.13.1 glibc-profile-2.9-2.13.1 nscd-2.9-2.13.1 - openSUSE 11.1 (x86_64): glibc-32bit-2.9-2.13.1 glibc-devel-32bit-2.9-2.13.1 glibc-locale-32bit-2.9-2.13.1 glibc-profile-32bit-2.9-2.13.1 - openSUSE 11.1 (ppc): glibc-64bit-2.9-2.13.1 glibc-devel-64bit-2.9-2.13.1 glibc-locale-64bit-2.9-2.13.1 glibc-profile-64bit-2.9-2.13.1 References: http://support.novell.com/security/cve/CVE-2008-1391.html http://support.novell.com/security/cve/CVE-2010-0015.html http://support.novell.com/security/cve/CVE-2010-0296.html http://support.novell.com/security/cve/CVE-2010-0830.html http://support.novell.com/security/cve/CVE-2010-3847.html http://support.novell.com/security/cve/CVE-2010-3856.html https://bugzilla.novell.com/375315 https://bugzilla.novell.com/445636 https://bugzilla.novell.com/513961 https://bugzilla.novell.com/534828 https://bugzilla.novell.com/537315 https://bugzilla.novell.com/538067 https://bugzilla.novell.com/541773 https://bugzilla.novell.com/569091 https://bugzilla.novell.com/572188 https://bugzilla.novell.com/585879 https://bugzilla.novell.com/592941 https://bugzilla.novell.com/594263 https://bugzilla.novell.com/615556 https://bugzilla.novell.com/646960

1 0

openSUSE-SU-2010:0913-1 (important): glibc: Security update to fix various security problems and bugs
by opensuse-security＠opensuse.org 28 Oct '10

28 Oct '10

1 0

openSUSE-SU-2010:0912-1 (important): glibc: Security update to fix security problems
by opensuse-security＠opensuse.org 27 Oct '10

27 Oct '10

openSUSE Security Update: glibc: Security update to fix security problems ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0912-1 Rating: important References: #572188 #646960 Cross-References: CVE-2010-3847 CVE-2010-3856 Affected Products: openSUSE 11.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update of glibc fixes two bugs and security issues: CVE-2010-3847: Decoding of the $ORIGIN special value in various LD_ environment variables allowed local attackers to execute code in context of e.g. setuid root programs, elevating privileges. This issue does not affect SUSE as an assertion triggers before the respective code is executed. The bug was fixed nevertheless. CVE-2010-3856: The LD_AUDIT environment was not pruned during setuid root execution and could load shared libraries from standard system library paths. This could be used by local attackers to inject code into setuid root programs and so elevated privileges. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch glibc-3401 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 i686 x86_64): glibc-2.11.2-3.3.1 glibc-devel-2.11.2-3.3.1 - openSUSE 11.3 (i586 x86_64): glibc-html-2.11.2-3.3.1 glibc-i18ndata-2.11.2-3.3.1 glibc-info-2.11.2-3.3.1 glibc-locale-2.11.2-3.3.1 glibc-obsolete-2.11.2-3.3.1 glibc-profile-2.11.2-3.3.1 nscd-2.11.2-3.3.1 - openSUSE 11.3 (x86_64): glibc-32bit-2.11.2-3.3.1 glibc-devel-32bit-2.11.2-3.3.1 glibc-locale-32bit-2.11.2-3.3.1 glibc-profile-32bit-2.11.2-3.3.1 References: http://support.novell.com/security/cve/CVE-2010-3847.html http://support.novell.com/security/cve/CVE-2010-3856.html https://bugzilla.novell.com/572188 https://bugzilla.novell.com/646960

1 0

openSUSE-SU-2010:0909-1 (moderate): php5-pear-mail security update
by opensuse-security＠opensuse.org 27 Oct '10

27 Oct '10

openSUSE Security Update: php5-pear-mail security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0909-1 Rating: moderate References: #558259 #630334 Cross-References: CVE-2009-4023 CVE-2009-4111 Affected Products: openSUSE 11.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: Passing specially crafted $from and $recepient arguments to php5-pear-mail's sendmail.php allowed attackers to inject shell code (CVE-2009-4023, CVE-2009-4111). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.1: zypper in -t patch php5-pear-mail-3379 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.1 (noarch): php5-pear-mail-1.1.14-1.135.1 References: http://support.novell.com/security/cve/CVE-2009-4023.html http://support.novell.com/security/cve/CVE-2009-4111.html https://bugzilla.novell.com/558259 https://bugzilla.novell.com/630334

1 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

openSUSE Updates October 2010