openSUSE Security Update: openssl security update
______________________________________________________________________________
Announcement ID: openSUSE-SU-2010:0965-2
Rating: important
References: #651003
Cross-References: CVE-2010-3864
Affected Products:
openSUSE 11.3
openSUSE 11.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Multithreaded OpenSSL servers using the TLS server
extension are vulnerable to a buffer overrun attack
(CVE-2010-3864).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.3:
zypper in -t patch libopenssl-devel-3562
- openSUSE 11.2:
zypper in -t patch libopenssl-devel-3562
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.3 (i586 x86_64):
libopenssl-devel-1.0.0-6.3.1
libopenssl0_9_8-0.9.8m-3.1.2
libopenssl1_0_0-1.0.0-6.3.1
openssl-1.0.0-6.3.1
- openSUSE 11.3 (x86_64):
libopenssl0_9_8-32bit-0.9.8m-3.1.2
libopenssl1_0_0-32bit-1.0.0-6.3.1
- openSUSE 11.3 (noarch):
openssl-doc-1.0.0-6.3.1
- openSUSE 11.2 (i586 x86_64):
libopenssl-devel-0.9.8k-3.10.1
libopenssl0_9_8-0.9.8k-3.10.1
openssl-0.9.8k-3.10.1
openssl-doc-0.9.8k-3.10.1
- openSUSE 11.2 (x86_64):
libopenssl0_9_8-32bit-0.9.8k-3.10.1
References:
http://support.novell.com/security/cve/CVE-2010-3864.htmlhttps://bugzilla.novell.com/651003
openSUSE Security Update: openssl security update
______________________________________________________________________________
Announcement ID: openSUSE-SU-2010:0965-1
Rating: important
References: #651003
Cross-References: CVE-2010-3864
Affected Products:
openSUSE 11.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Multithreaded OpenSSL servers using the TLS server
extension are vulnerable to a buffer overrun attack.
CVE-2010-3864 has been assigned to this issue.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.1:
zypper in -t patch libopenssl-devel-3507
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.1 (i586 ppc x86_64):
libopenssl-devel-0.9.8h-28.18.1
libopenssl0_9_8-0.9.8h-28.18.1
openssl-0.9.8h-28.18.1
openssl-doc-0.9.8h-28.18.1
- openSUSE 11.1 (x86_64):
libopenssl0_9_8-32bit-0.9.8h-28.18.1
- openSUSE 11.1 (ppc):
libopenssl0_9_8-64bit-0.9.8h-28.18.1
References:
http://support.novell.com/security/cve/CVE-2010-3864.htmlhttps://bugzilla.novell.com/651003
openSUSE Recommended Update: tomcat6: Fix upgrading of tomcat6
______________________________________________________________________________
Announcement ID: openSUSE-RU-2010:0964-1
Rating: moderate
References: #625415
Affected Products:
openSUSE 11.3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
The previous fix for bnc#650130 changed directory
/etc/tomcat6/Catalina into a symlink, which is not
supported by rpm
This update adds a workaround which enables proper upgrade.
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.3:
zypper in -t patch tomcat6-3530
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.3 (noarch):
tomcat6-6.0.24-5.4.1
tomcat6-admin-webapps-6.0.24-5.4.1
tomcat6-docs-webapp-6.0.24-5.4.1
tomcat6-el-1_0-api-6.0.24-5.4.1
tomcat6-javadoc-6.0.24-5.4.1
tomcat6-jsp-2_1-api-6.0.24-5.4.1
tomcat6-lib-6.0.24-5.4.1
tomcat6-servlet-2_5-api-6.0.24-5.4.1
tomcat6-webapps-6.0.24-5.4.1
References:
https://bugzilla.novell.com/625415
openSUSE Recommended Update: Botan: Fix build issues with monotone
______________________________________________________________________________
Announcement ID: openSUSE-RU-2010:0963-1
Rating: low
References: #548110
Affected Products:
openSUSE 11.2
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes libbotan-devel to be compatible with what
other projects expect (bnc#548110)
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.2:
zypper in -t patch Botan-3522
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.2 (i586 x86_64):
libbotan-1_6_4-1.6.4-4.1.1
libbotan-devel-1.6.4-4.1.1
References:
https://bugzilla.novell.com/548110
openSUSE Recommended Update: aaa_base: Fix hanging boot with custom kernel
______________________________________________________________________________
Announcement ID: openSUSE-RU-2010:0962-1
Rating: low
References: #648408
Affected Products:
openSUSE 11.3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update adds an error message that booting was aborted
if the kernel is missing devtmpfs support instead of just
silently getting stuck.
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.3:
zypper in -t patch aaa_base-3501
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.3 (i586 x86_64):
aaa_base-11.3-8.5.1
References:
https://bugzilla.novell.com/648408
openSUSE Recommended Update: taglib-sharp: update Url to Home Page
______________________________________________________________________________
Announcement ID: openSUSE-RU-2010:0959-1
Rating: important
References: #648990
Affected Products:
openSUSE 11.3
openSUSE 11.2
openSUSE 11.1
______________________________________________________________________________
An update that has one recommended fix can now be
installed. It includes one version update.
Description:
This update fixes an outdated link to the original project
home page.
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.3:
zypper in -t patch taglib-sharp-3529
- openSUSE 11.2:
zypper in -t patch taglib-sharp-3529
- openSUSE 11.1:
zypper in -t patch taglib-sharp-3529
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.3 (noarch):
taglib-sharp-2.0.3.7-2.1.1
taglib-sharp-devel-2.0.3.7-2.1.1
- openSUSE 11.2 (noarch):
taglib-sharp-2.0.3.3-1.1.3.1
taglib-sharp-devel-2.0.3.3-1.1.3.1
- openSUSE 11.1 (noarch) [New Version: 2.0.3.2]:
taglib-sharp-2.0.3.2-0.2.1
References:
https://bugzilla.novell.com/648990
openSUSE Security Update: openssl security update
______________________________________________________________________________
Announcement ID: openSUSE-SU-2010:0952-1
Rating: low
References: #608666 #629905
Cross-References: CVE-2010-2939
Affected Products:
openSUSE 11.1
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
Specially crafted responses from SSL servers could cause a
double-free bug in openssl's client implementation.
Malicious servers could exploit that to crash programs use
openssl for the SSL connection (CVE-2010-2939).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.1:
zypper in -t patch libopenssl-devel-3206
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.1 (i586 ppc x86_64):
libopenssl-devel-0.9.8h-28.16.1
libopenssl0_9_8-0.9.8h-28.16.1
openssl-0.9.8h-28.16.1
openssl-doc-0.9.8h-28.16.1
- openSUSE 11.1 (x86_64):
libopenssl0_9_8-32bit-0.9.8h-28.16.1
- openSUSE 11.1 (ppc):
libopenssl0_9_8-64bit-0.9.8h-28.16.1
References:
http://support.novell.com/security/cve/CVE-2010-2939.htmlhttps://bugzilla.novell.com/608666https://bugzilla.novell.com/629905
openSUSE Security Update: openssl security update
______________________________________________________________________________
Announcement ID: openSUSE-SU-2010:0951-1
Rating: low
References: #629905
Cross-References: CVE-2010-2939
Affected Products:
openSUSE 11.3
openSUSE 11.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Specially crafted responses from SSL servers could cause a
double-free bug in openssl's client implementation.
Malicious servers could exploit that to crash programs use
openssl for the SSL connection (CVE-2010-2939).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.3:
zypper in -t patch libopenssl-devel-3214
- openSUSE 11.2:
zypper in -t patch libopenssl-devel-3214
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.3 (i586 x86_64):
libopenssl-devel-1.0.0-6.1.1
libopenssl0_9_8-0.9.8m-3.1.1
libopenssl1_0_0-1.0.0-6.1.1
openssl-1.0.0-6.1.1
- openSUSE 11.3 (x86_64):
libopenssl0_9_8-32bit-0.9.8m-3.1.1
libopenssl1_0_0-32bit-1.0.0-6.1.1
- openSUSE 11.3 (noarch):
openssl-doc-1.0.0-6.1.1
- openSUSE 11.2 (i586 x86_64):
libopenssl-devel-0.9.8k-3.8.1
libopenssl0_9_8-0.9.8k-3.8.1
openssl-0.9.8k-3.8.1
openssl-doc-0.9.8k-3.8.1
- openSUSE 11.2 (x86_64):
libopenssl0_9_8-32bit-0.9.8k-3.8.1
References:
http://support.novell.com/security/cve/CVE-2010-2939.htmlhttps://bugzilla.novell.com/629905
openSUSE Recommended Update: emacs-auctex: A not working preview of Latex equations in emacs using the auctex package is fixed by this update.
______________________________________________________________________________
Announcement ID: openSUSE-RU-2010:0950-1
Rating: low
References: #623719
Affected Products:
openSUSE 11.3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
Previewing Latex equations in emacs using the auctex
package does not work. Fixed by this update.
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.3:
zypper in -t patch emacs-auctex-3498
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.3 (noarch):
emacs-auctex-11.85-94.3.1
References:
https://bugzilla.novell.com/623719