openSUSE Updates November 2010

updates@lists.opensuse.org

2 participants
41 discussions

openSUSE-SU-2010:0965-2 (important): openssl security update

by opensuse-security＠opensuse.org

openSUSE Security Update: openssl security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0965-2 Rating: important References: #651003 Cross-References: CVE-2010-3864 Affected Products: openSUSE 11.3 openSUSE 11.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Multithreaded OpenSSL servers using the TLS server extension are vulnerable to a buffer overrun attack (CVE-2010-3864). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch libopenssl-devel-3562 - openSUSE 11.2: zypper in -t patch libopenssl-devel-3562 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64): libopenssl-devel-1.0.0-6.3.1 libopenssl0_9_8-0.9.8m-3.1.2 libopenssl1_0_0-1.0.0-6.3.1 openssl-1.0.0-6.3.1 - openSUSE 11.3 (x86_64): libopenssl0_9_8-32bit-0.9.8m-3.1.2 libopenssl1_0_0-32bit-1.0.0-6.3.1 - openSUSE 11.3 (noarch): openssl-doc-1.0.0-6.3.1 - openSUSE 11.2 (i586 x86_64): libopenssl-devel-0.9.8k-3.10.1 libopenssl0_9_8-0.9.8k-3.10.1 openssl-0.9.8k-3.10.1 openssl-doc-0.9.8k-3.10.1 - openSUSE 11.2 (x86_64): libopenssl0_9_8-32bit-0.9.8k-3.10.1 References: http://support.novell.com/security/cve/CVE-2010-3864.html https://bugzilla.novell.com/651003

10 years, 10 months

openSUSE-SU-2010:0965-1 (important): openssl security update

by opensuse-security＠opensuse.org

openSUSE Security Update: openssl security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0965-1 Rating: important References: #651003 Cross-References: CVE-2010-3864 Affected Products: openSUSE 11.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Multithreaded OpenSSL servers using the TLS server extension are vulnerable to a buffer overrun attack. CVE-2010-3864 has been assigned to this issue. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.1: zypper in -t patch libopenssl-devel-3507 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.1 (i586 ppc x86_64): libopenssl-devel-0.9.8h-28.18.1 libopenssl0_9_8-0.9.8h-28.18.1 openssl-0.9.8h-28.18.1 openssl-doc-0.9.8h-28.18.1 - openSUSE 11.1 (x86_64): libopenssl0_9_8-32bit-0.9.8h-28.18.1 - openSUSE 11.1 (ppc): libopenssl0_9_8-64bit-0.9.8h-28.18.1 References: http://support.novell.com/security/cve/CVE-2010-3864.html https://bugzilla.novell.com/651003

10 years, 10 months

openSUSE-RU-2010:0964-1 (moderate): tomcat6: Fix upgrading of tomcat6

by maintenance＠opensuse.org

openSUSE Recommended Update: tomcat6: Fix upgrading of tomcat6 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0964-1 Rating: moderate References: #625415 Affected Products: openSUSE 11.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The previous fix for bnc#650130 changed directory /etc/tomcat6/Catalina into a symlink, which is not supported by rpm This update adds a workaround which enables proper upgrade. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch tomcat6-3530 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (noarch): tomcat6-6.0.24-5.4.1 tomcat6-admin-webapps-6.0.24-5.4.1 tomcat6-docs-webapp-6.0.24-5.4.1 tomcat6-el-1_0-api-6.0.24-5.4.1 tomcat6-javadoc-6.0.24-5.4.1 tomcat6-jsp-2_1-api-6.0.24-5.4.1 tomcat6-lib-6.0.24-5.4.1 tomcat6-servlet-2_5-api-6.0.24-5.4.1 tomcat6-webapps-6.0.24-5.4.1 References: https://bugzilla.novell.com/625415

10 years, 10 months

openSUSE-RU-2010:0963-1 (low): Botan: Fix build issues with monotone

by maintenance＠opensuse.org

openSUSE Recommended Update: Botan: Fix build issues with monotone ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0963-1 Rating: low References: #548110 Affected Products: openSUSE 11.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes libbotan-devel to be compatible with what other projects expect (bnc#548110) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch Botan-3522 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 x86_64): libbotan-1_6_4-1.6.4-4.1.1 libbotan-devel-1.6.4-4.1.1 References: https://bugzilla.novell.com/548110

10 years, 10 months

openSUSE-RU-2010:0962-1 (low): aaa_base: Fix hanging boot with custom kernel

by maintenance＠opensuse.org

openSUSE Recommended Update: aaa_base: Fix hanging boot with custom kernel ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0962-1 Rating: low References: #648408 Affected Products: openSUSE 11.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update adds an error message that booting was aborted if the kernel is missing devtmpfs support instead of just silently getting stuck. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch aaa_base-3501 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64): aaa_base-11.3-8.5.1 References: https://bugzilla.novell.com/648408

10 years, 10 months

openSUSE-RU-2010:0959-1 (important): taglib-sharp: update Url to Home Page

by maintenance＠opensuse.org

openSUSE Recommended Update: taglib-sharp: update Url to Home Page ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0959-1 Rating: important References: #648990 Affected Products: openSUSE 11.3 openSUSE 11.2 openSUSE 11.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update fixes an outdated link to the original project home page. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch taglib-sharp-3529 - openSUSE 11.2: zypper in -t patch taglib-sharp-3529 - openSUSE 11.1: zypper in -t patch taglib-sharp-3529 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (noarch): taglib-sharp-2.0.3.7-2.1.1 taglib-sharp-devel-2.0.3.7-2.1.1 - openSUSE 11.2 (noarch): taglib-sharp-2.0.3.3-1.1.3.1 taglib-sharp-devel-2.0.3.3-1.1.3.1 - openSUSE 11.1 (noarch) [New Version: 2.0.3.2]: taglib-sharp-2.0.3.2-0.2.1 References: https://bugzilla.novell.com/648990

10 years, 10 months

openSUSE-SU-2010:0957-1 (important): java-1_6_0-openjdk security update fixing various vulnerabilities

by opensuse-security＠opensuse.org

openSUSE Security Update: java-1_6_0-openjdk security update fixing various vulnerabilities ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0957-1 Rating: important References: #642531 Cross-References: CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 Affected Products: openSUSE 11.3 openSUSE 11.2 openSUSE 11.1 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. Description: Icedtea included in java-1_6_0-openjdk was updated to version 1.7.5/1.8.2/1.9.1 to fix several security issues: * S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation * S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition * S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities * S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free * S6938813, CVE-2010-3557: OpenJDK Swing mutable static * S6957564, CVE-2010-3548: OpenJDK DNS server IP address information leak * S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability * S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution * S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution * S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies * S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage * S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host * S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting) * S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code * S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection * S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts * S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection * S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch java-1_6_0-openjdk-3500 - openSUSE 11.2: zypper in -t patch java-1_6_0-openjdk-3500 - openSUSE 11.1: zypper in -t patch java-1_6_0-openjdk-3500 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b20.1.9.1-0.2.2 java-1_6_0-openjdk-devel-1.6.0.0_b20.1.9.1-0.2.2 java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.1-0.2.2 - openSUSE 11.3 (noarch): java-1_6_0-openjdk-demo-1.6.0.0_b20.1.9.1-0.2.2 java-1_6_0-openjdk-javadoc-1.6.0.0_b20.1.9.1-0.2.2 java-1_6_0-openjdk-src-1.6.0.0_b20.1.9.1-0.2.2 - openSUSE 11.2 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b20.1.9.1-0.2.2 java-1_6_0-openjdk-devel-1.6.0.0_b20.1.9.1-0.2.2 java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.1-0.2.2 - openSUSE 11.2 (noarch): java-1_6_0-openjdk-demo-1.6.0.0_b20.1.9.1-0.2.2 java-1_6_0-openjdk-javadoc-1.6.0.0_b20.1.9.1-0.2.2 java-1_6_0-openjdk-src-1.6.0.0_b20.1.9.1-0.2.2 - openSUSE 11.1 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b20.1.9.1-0.1.3 java-1_6_0-openjdk-demo-1.6.0.0_b20.1.9.1-0.1.3 java-1_6_0-openjdk-devel-1.6.0.0_b20.1.9.1-0.1.3 java-1_6_0-openjdk-javadoc-1.6.0.0_b20.1.9.1-0.1.3 java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.1-0.1.3 java-1_6_0-openjdk-src-1.6.0.0_b20.1.9.1-0.1.3 References: http://support.novell.com/security/cve/CVE-2009-3555.html http://support.novell.com/security/cve/CVE-2010-3541.html http://support.novell.com/security/cve/CVE-2010-3548.html http://support.novell.com/security/cve/CVE-2010-3549.html http://support.novell.com/security/cve/CVE-2010-3551.html http://support.novell.com/security/cve/CVE-2010-3553.html http://support.novell.com/security/cve/CVE-2010-3554.html http://support.novell.com/security/cve/CVE-2010-3557.html http://support.novell.com/security/cve/CVE-2010-3561.html http://support.novell.com/security/cve/CVE-2010-3562.html http://support.novell.com/security/cve/CVE-2010-3564.html http://support.novell.com/security/cve/CVE-2010-3565.html http://support.novell.com/security/cve/CVE-2010-3566.html http://support.novell.com/security/cve/CVE-2010-3567.html http://support.novell.com/security/cve/CVE-2010-3568.html http://support.novell.com/security/cve/CVE-2010-3569.html http://support.novell.com/security/cve/CVE-2010-3573.html http://support.novell.com/security/cve/CVE-2010-3574.html https://bugzilla.novell.com/642531

10 years, 10 months

openSUSE-SU-2010:0952-1 (low): openssl security update

by opensuse-security＠opensuse.org

openSUSE Security Update: openssl security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0952-1 Rating: low References: #608666 #629905 Cross-References: CVE-2010-2939 Affected Products: openSUSE 11.1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: Specially crafted responses from SSL servers could cause a double-free bug in openssl's client implementation. Malicious servers could exploit that to crash programs use openssl for the SSL connection (CVE-2010-2939). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.1: zypper in -t patch libopenssl-devel-3206 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.1 (i586 ppc x86_64): libopenssl-devel-0.9.8h-28.16.1 libopenssl0_9_8-0.9.8h-28.16.1 openssl-0.9.8h-28.16.1 openssl-doc-0.9.8h-28.16.1 - openSUSE 11.1 (x86_64): libopenssl0_9_8-32bit-0.9.8h-28.16.1 - openSUSE 11.1 (ppc): libopenssl0_9_8-64bit-0.9.8h-28.16.1 References: http://support.novell.com/security/cve/CVE-2010-2939.html https://bugzilla.novell.com/608666 https://bugzilla.novell.com/629905

10 years, 10 months

openSUSE-SU-2010:0951-1 (low): openssl security update

by opensuse-security＠opensuse.org

openSUSE Security Update: openssl security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0951-1 Rating: low References: #629905 Cross-References: CVE-2010-2939 Affected Products: openSUSE 11.3 openSUSE 11.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Specially crafted responses from SSL servers could cause a double-free bug in openssl's client implementation. Malicious servers could exploit that to crash programs use openssl for the SSL connection (CVE-2010-2939). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch libopenssl-devel-3214 - openSUSE 11.2: zypper in -t patch libopenssl-devel-3214 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64): libopenssl-devel-1.0.0-6.1.1 libopenssl0_9_8-0.9.8m-3.1.1 libopenssl1_0_0-1.0.0-6.1.1 openssl-1.0.0-6.1.1 - openSUSE 11.3 (x86_64): libopenssl0_9_8-32bit-0.9.8m-3.1.1 libopenssl1_0_0-32bit-1.0.0-6.1.1 - openSUSE 11.3 (noarch): openssl-doc-1.0.0-6.1.1 - openSUSE 11.2 (i586 x86_64): libopenssl-devel-0.9.8k-3.8.1 libopenssl0_9_8-0.9.8k-3.8.1 openssl-0.9.8k-3.8.1 openssl-doc-0.9.8k-3.8.1 - openSUSE 11.2 (x86_64): libopenssl0_9_8-32bit-0.9.8k-3.8.1 References: http://support.novell.com/security/cve/CVE-2010-2939.html https://bugzilla.novell.com/629905

10 years, 10 months

openSUSE-RU-2010:0950-1 (low): emacs-auctex: A not working preview of Latex equations in emacs using the auctex package is fixed by this update.

by maintenance＠opensuse.org

openSUSE Recommended Update: emacs-auctex: A not working preview of Latex equations in emacs using the auctex package is fixed by this update. ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0950-1 Rating: low References: #623719 Affected Products: openSUSE 11.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Previewing Latex equations in emacs using the auctex package does not work. Fixed by this update. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch emacs-auctex-3498 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (noarch): emacs-auctex-11.85-94.3.1 References: https://bugzilla.novell.com/623719

10 years, 10 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

openSUSE Updates November 2010