December 2010 - openSUSE Updates - openSUSE Mailing Lists

openSUSE-RU-2010:1039-1 (important): pidgin: Version update to 2.7.7
by maintenance＠opensuse.org 09 Dec '10

09 Dec '10

openSUSE Recommended Update: pidgin: Version update to 2.7.7 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:1039-1 Rating: important References: #655477 Affected Products: openSUSE 11.3 openSUSE 11.2 openSUSE 11.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: Pidgin was updated to version 2.7.7 to fix various bugs and bring new features. Especially MSN and ICQ support were fixed. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch finch-3670 - openSUSE 11.2: zypper in -t patch finch-3670 - openSUSE 11.1: zypper in -t patch finch-3670 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64) [New Version: 2.7.7]: finch-2.7.7-1.1.1 finch-devel-2.7.7-1.1.1 libpurple-2.7.7-1.1.1 libpurple-devel-2.7.7-1.1.1 libpurple-meanwhile-2.7.7-1.1.1 libpurple-mono-2.7.7-1.1.1 libpurple-tcl-2.7.7-1.1.1 pidgin-2.7.7-1.1.1 pidgin-devel-2.7.7-1.1.1 pidgin-otr-3.2.0-146.1.1 - openSUSE 11.3 (noarch) [New Version: 2.7.7]: libpurple-lang-2.7.7-1.1.1 - openSUSE 11.2 (i586 x86_64) [New Version: 2.7.7]: finch-2.7.7-1.1.2 finch-devel-2.7.7-1.1.2 libpurple-2.7.7-1.1.2 libpurple-devel-2.7.7-1.1.2 libpurple-meanwhile-2.7.7-1.1.2 libpurple-mono-2.7.7-1.1.2 libpurple-tcl-2.7.7-1.1.2 pidgin-2.7.7-1.1.2 pidgin-devel-2.7.7-1.1.2 pidgin-otr-3.2.0-142.4.4 - openSUSE 11.2 (noarch) [New Version: 2.7.7]: libpurple-lang-2.7.7-1.1.2 - openSUSE 11.1 (i586 ppc x86_64) [New Version: 2.7.7]: finch-2.7.7-1.1.3 finch-devel-2.7.7-1.1.3 libpurple-2.7.7-1.1.3 libpurple-devel-2.7.7-1.1.3 libpurple-lang-2.7.7-1.1.3 libpurple-meanwhile-2.7.7-1.1.3 libpurple-mono-2.7.7-1.1.3 pidgin-2.7.7-1.1.3 pidgin-devel-2.7.7-1.1.3 pidgin-otr-3.2.0-1.16.104 References: https://bugzilla.novell.com/655477

1 0

openSUSE-RU-2010:1038-1 (moderate): libtirpc: This updates brings nfs-client to work with portmap
by maintenance＠opensuse.org 09 Dec '10

09 Dec '10

openSUSE Recommended Update: libtirpc: This updates brings nfs-client to work with portmap ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:1038-1 Rating: moderate References: #633007 Affected Products: openSUSE 11.3 openSUSE 11.2 openSUSE 11.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Without this update, RPC applications linked against libtirpc will fail to register themselves on systems that use portmap instead of rpcbind. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch libtirpc-3217 - openSUSE 11.2: zypper in -t patch libtirpc-3217 - openSUSE 11.1: zypper in -t patch libtirpc-3217 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64): libtirpc-devel-0.2.1-4.1.1 libtirpc1-0.2.1-4.1.1 - openSUSE 11.2 (i586 x86_64): libtirpc-devel-0.1.9-5.1.1 libtirpc1-0.1.9-5.1.1 - openSUSE 11.1 (i586 ppc x86_64): libtirpc-devel-0.1.9-4.8.1 libtirpc1-0.1.9-4.8.1 References: https://bugzilla.novell.com/633007

1 0

openSUSE-SU-2010:1036-1 (important): kdelibs: fixing invalid character reference buffer overflow (CVE-2009-1725)
by opensuse-security＠opensuse.org 08 Dec '10

08 Dec '10

openSUSE Security Update: kdelibs: fixing invalid character reference buffer overflow (CVE-2009-1725) ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:1036-1 Rating: important References: #512559 #600469 Cross-References: CVE-2009-1725 Affected Products: openSUSE 11.1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: An invalid character reference causing a buffer overflow in khtml has been fixed in the kdelibs package. CVE-2009-1725 has been assigned to this issue. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.1: zypper in -t patch kdelibs4-3451 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.1 (i586 ppc x86_64): kdelibs4-4.1.3-4.12.1 kdelibs4-core-4.1.3-4.12.1 kdelibs4-doc-4.1.3-4.12.1 libkde4-4.1.3-4.12.1 libkde4-devel-4.1.3-4.12.1 libkdecore4-4.1.3-4.12.1 libkdecore4-devel-4.1.3-4.12.1 - openSUSE 11.1 (x86_64): libkde4-32bit-4.1.3-4.12.1 libkdecore4-32bit-4.1.3-4.12.1 References: http://support.novell.com/security/cve/CVE-2009-1725.html https://bugzilla.novell.com/512559 https://bugzilla.novell.com/600469

1 0

openSUSE-SU-2010:1035-1 (important): kdegraphics3: fixing various pointer dereferencing vulnerabilities (CVE-2009-1709 and CVE-2009-0945)
by opensuse-security＠opensuse.org 08 Dec '10

08 Dec '10

openSUSE Security Update: kdegraphics3: fixing various pointer dereferencing vulnerabilities (CVE-2009-1709 and CVE-2009-0945) ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:1035-1 Rating: important References: #512559 #600469 Cross-References: CVE-2009-0945 CVE-2009-1709 Affected Products: openSUSE 11.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: Various pointer dereferencing vulnerabilities in kdegraphics3's KSVG have been fixed. CVE-2009-1709 and CVE-2009-0945 have been assigned to this issue. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.1: zypper in -t patch kdegraphics3-3479 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.1 (i586 ppc x86_64): kdegraphics3-3.5.10-1.66.1 kdegraphics3-3D-3.5.10-1.66.1 kdegraphics3-devel-3.5.10-1.66.1 kdegraphics3-extra-3.5.10-1.66.1 kdegraphics3-fax-3.5.10-1.66.1 kdegraphics3-imaging-3.5.10-1.66.1 kdegraphics3-kamera-3.5.10-1.66.1 kdegraphics3-pdf-3.5.10-1.66.1 kdegraphics3-postscript-3.5.10-1.66.1 kdegraphics3-scan-3.5.10-1.66.1 kdegraphics3-tex-3.5.10-1.66.1 References: http://support.novell.com/security/cve/CVE-2009-0945.html http://support.novell.com/security/cve/CVE-2009-1709.html https://bugzilla.novell.com/512559 https://bugzilla.novell.com/600469

1 0

openSUSE-SU-2010:1034-1 (important): kdelibs3: Fixing khtml vulnerabilities CVE-2009-1690,CVE-2009-1687 and CVE-2009-1698.
by opensuse-security＠opensuse.org 08 Dec '10

08 Dec '10

openSUSE Security Update: kdelibs3: Fixing khtml vulnerabilities CVE-2009-1690,CVE-2009-1687 and CVE-2009-1698. ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:1034-1 Rating: important References: #512559 Cross-References: CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 Affected Products: openSUSE 11.1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: The following vulnerabilities in kdelibs3's khtml subsystem have been fixed: CVE-2009-1690,CVE-2009-1687 and CVE-2009-1698. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.1: zypper in -t patch kdelibs3-3472 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.1 (i586 ppc x86_64): kdelibs3-3.5.10-21.13.1 kdelibs3-arts-3.5.10-21.13.1 kdelibs3-default-style-3.5.10-21.13.1 kdelibs3-devel-3.5.10-21.13.1 kdelibs3-doc-3.5.10-21.13.1 - openSUSE 11.1 (x86_64): kdelibs3-32bit-3.5.10-21.13.1 kdelibs3-arts-32bit-3.5.10-21.13.1 kdelibs3-default-style-32bit-3.5.10-21.13.1 - openSUSE 11.1 (ppc): kdelibs3-64bit-3.5.10-21.13.1 kdelibs3-arts-64bit-3.5.10-21.13.1 kdelibs3-default-style-64bit-3.5.10-21.13.1 References: http://support.novell.com/security/cve/CVE-2009-1687.html http://support.novell.com/security/cve/CVE-2009-1690.html http://support.novell.com/security/cve/CVE-2009-1698.html https://bugzilla.novell.com/512559

1 0

openSUSE-SU-2010:1031-1 (important): bind security update
by opensuse-security＠opensuse.org 08 Dec '10

08 Dec '10

openSUSE Security Update: bind security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:1031-1 Rating: important References: #657102 #657129 Cross-References: CVE-2010-3613 CVE-2010-3614 Affected Products: openSUSE 11.3 openSUSE 11.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes two new package versions. Description: Adding certain types of signed negative responses to cache doesn't clear any matching RRSIG records already in cache. A subsequent lookup of the cached data can cause named to crash (CVE-2010-3613). bind did not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover (CVE-2010-3614). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch bind-3662 - openSUSE 11.2: zypper in -t patch bind-3662 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64) [New Version: 9.7.1P2]: bind-9.7.1P2-0.4.1 bind-chrootenv-9.7.1P2-0.4.1 bind-devel-9.7.1P2-0.4.1 bind-libs-9.7.1P2-0.4.1 bind-utils-9.7.1P2-0.4.1 - openSUSE 11.3 (x86_64) [New Version: 9.7.1P2]: bind-libs-32bit-9.7.1P2-0.4.1 - openSUSE 11.3 (noarch) [New Version: 9.7.1P2]: bind-doc-9.7.1P2-0.4.1 - openSUSE 11.2 (i586 x86_64) [New Version: 9.6.1P3]: bind-9.6.1P3-1.3.1 bind-chrootenv-9.6.1P3-1.3.1 bind-devel-9.6.1P3-1.3.1 bind-doc-9.6.1P3-1.3.1 bind-libs-9.6.1P3-1.3.1 bind-utils-9.6.1P3-1.3.1 - openSUSE 11.2 (x86_64) [New Version: 9.6.1P3]: bind-libs-32bit-9.6.1P3-1.3.1 References: http://support.novell.com/security/cve/CVE-2010-3613.html http://support.novell.com/security/cve/CVE-2010-3614.html https://bugzilla.novell.com/657102 https://bugzilla.novell.com/657129

1 0

openSUSE-SU-2010:1030-1 (important): acroread security update
by opensuse-security＠opensuse.org 07 Dec '10

07 Dec '10

openSUSE Security Update: acroread security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:1030-1 Rating: important References: #651232 Cross-References: CVE-2010-3654 CVE-2010-4091 Affected Products: openSUSE 11.3 openSUSE 11.2 openSUSE 11.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: This update of acroread fixes two critical vulnerabilities. The first one in referenced by CVE-2010-3654 and exists in the integrated authplay component that may allow remote attackers to take control over a victims system. (CVE-2010-3654: CVSS v2 Base Score: 6.8 (critical) (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)) The other issue was disclosed on full-disclosure to demonstrate a denial of service attack, an extend of this attack to execute arbitrary code could be possible. (CVE-2010-4091: CVSS v2 Base Score: 6.8 (critical) (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch acroread-3653 - openSUSE 11.2: zypper in -t patch acroread-3653 - openSUSE 11.1: zypper in -t patch acroread-3653 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586) [New Version: 9.4.1]: acroread-9.4.1-0.2.1 - openSUSE 11.2 (noarch) [New Version: 9.4.1]: acroread-cmaps-9.4.1-0.2.1 acroread-fonts-ja-9.4.1-0.2.1 acroread-fonts-ko-9.4.1-0.2.1 acroread-fonts-zh_CN-9.4.1-0.2.1 acroread-fonts-zh_TW-9.4.1-0.2.1 - openSUSE 11.2 (i586) [New Version: 9.4.1]: acroread-9.4.1-0.2.1 - openSUSE 11.1 (noarch) [New Version: 9.4.1]: acroread-cmaps-9.4.1-0.2.1 acroread-fonts-ja-9.4.1-0.2.1 acroread-fonts-ko-9.4.1-0.2.1 acroread-fonts-zh_CN-9.4.1-0.2.1 acroread-fonts-zh_TW-9.4.1-0.2.1 - openSUSE 11.1 (i586) [New Version: 9.4.1]: acroread-9.4.1-0.2.1 References: http://support.novell.com/security/cve/CVE-2010-3654.html http://support.novell.com/security/cve/CVE-2010-4091.html https://bugzilla.novell.com/651232

1 0

openSUSE-SU-2010:1029-1 (moderate): mercurial: security update
by opensuse-security＠opensuse.org 06 Dec '10

06 Dec '10

openSUSE Security Update: mercurial: security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:1029-1 Rating: moderate References: #645293 Cross-References: CVE-2010-4237: Affected Products: openSUSE 11.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of mercurial improves the SSL certificate validation process. CVE-2010-4237: CVSS v2 Base Score: 4.3 (moderate) (AV:N/AC:M/Au:N/C:N/I:P/A:N) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch mercurial-3642 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64): mercurial-1.5-4.3.1 References: http://support.novell.com/security/cve/CVE-2010-4237:.html https://bugzilla.novell.com/645293

1 0

openSUSE-SU-2010:1028-1 (low): encfs: security update
by opensuse-security＠opensuse.org 06 Dec '10

06 Dec '10

openSUSE Security Update: encfs: security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:1028-1 Rating: low References: #637286 Cross-References: CVE-2010-3073 CVE-2010-3074 Affected Products: openSUSE 11.3 openSUSE 11.2 openSUSE 11.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update of encfs fixes: - CVE-2010-3073: CVSS v2 Base Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N): Cryptographic Issues (CWE-310): encfs Only 32 bit of file IV used - CVE-2010-3074: CVSS v2 Base Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N): Cryptographic Issues (CWE-310): encfs Watermarking attack The patch for CVE-2010-3075 (Last block with single byte is insecure) was not applied because upstream disabled it by default, expect for expert mode. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch encfs-3641 - openSUSE 11.2: zypper in -t patch encfs-3641 - openSUSE 11.1: zypper in -t patch encfs-3641 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64): encfs-1.6.0-2.3.1 - openSUSE 11.2 (i586 x86_64): encfs-1.5.0-4.3.1 - openSUSE 11.1 (i586 ppc x86_64): encfs-1.5.0-1.17.1 References: http://support.novell.com/security/cve/CVE-2010-3073.html http://support.novell.com/security/cve/CVE-2010-3074.html https://bugzilla.novell.com/637286

1 0

openSUSE-SU-2010:1027-1 (moderate): epiphany security update
by opensuse-security＠opensuse.org 06 Dec '10

06 Dec '10

openSUSE Security Update: epiphany security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:1027-1 Rating: moderate References: #640090 Cross-References: CVE-2010-3312 Affected Products: openSUSE 11.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: epiphany does not support verification of ssl certificates. It nevertheless displayed all https connections as secure (CVE-2010-3312). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch epiphany-3309 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 x86_64) [New Version: 2.28.2]: epiphany-2.28.2-0.2.1 epiphany-branding-upstream-2.28.2-0.2.1 epiphany-devel-2.28.2-0.2.1 epiphany-doc-2.28.2-0.2.1 - openSUSE 11.2 (noarch) [New Version: 2.28.2]: epiphany-lang-2.28.2-0.2.1 References: http://support.novell.com/security/cve/CVE-2010-3312.html https://bugzilla.novell.com/640090

1 0