openSUSE Updates April 2010

updates@lists.opensuse.org

3 participants
94 discussions

openSUSE-SU-2010:0189-1 (low): tar security update
by opensuse-security＠opensuse.org 30 Apr '10

30 Apr '10

openSUSE Security Update: tar security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0189-1 Rating: low References: #579475 Cross-References: CVE-2010-0624 Affected Products: openSUSE 11.2 openSUSE 11.1 openSUSE 11.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A malicious remote tape server could cause a buffer overflow in tar. In order to exploit that an attacker would have to trick the victim to extract a file that causes tar to open a connection to the rmt server (CVE-2010-0624). It's advisable to always use tar's --force-local local option to avoid such tricks. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch tar-2127 - openSUSE 11.1: zypper in -t patch tar-2127 - openSUSE 11.0: zypper in -t patch tar-2127 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 src x86_64): tar-1.21-4.3.1 - openSUSE 11.2 (noarch): tar-lang-1.21-4.3.1 - openSUSE 11.1 (i586 ppc src x86_64): tar-1.20-23.12.1 - openSUSE 11.0 (i586 ppc src x86_64): tar-1.19-35.2 References: http://support.novell.com/security/cve/CVE-2010-0624.html https://bugzilla.novell.com/579475

1 0

openSUSE-SU-2010:0187-1 (moderate): fuse security update
by opensuse-security＠opensuse.org 30 Apr '10

30 Apr '10

openSUSE Security Update: fuse security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0187-1 Rating: moderate References: #582725 Cross-References: CVE-2010-0789 Affected Products: openSUSE 11.2 openSUSE 11.1 openSUSE 11.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A race condition in fusermount allows non-privileged users to umount any file system (CVE-2010-0789). Note: this is a re-release of the previous update with a better patch. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch fuse-2370 - openSUSE 11.1: zypper in -t patch fuse-2370 - openSUSE 11.0: zypper in -t patch fuse-2370 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 src x86_64): fuse-2.7.4-3.4.1 - openSUSE 11.2 (i586 x86_64): fuse-devel-2.7.4-3.4.1 fuse-devel-static-2.7.4-3.4.1 libfuse2-2.7.4-3.4.1 - openSUSE 11.2 (x86_64): libfuse2-32bit-2.7.4-3.4.1 - openSUSE 11.1 (i586 ppc src x86_64): fuse-2.7.2-61.18.1 - openSUSE 11.1 (i586 ppc x86_64): fuse-devel-2.7.2-61.18.1 libfuse2-2.7.2-61.18.1 - openSUSE 11.0 (i586 ppc src x86_64): fuse-2.7.2-32.4 - openSUSE 11.0 (i586 ppc x86_64): fuse-devel-2.7.2-32.4 libfuse2-2.7.2-32.4 References: http://support.novell.com/security/cve/CVE-2010-0789.html https://bugzilla.novell.com/582725

1 0

openSUSE-SU-2010:0183-1 (moderate): irssi security update
by opensuse-security＠opensuse.org 29 Apr '10

29 Apr '10

openSUSE Security Update: irssi security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0183-1 Rating: moderate References: #596005 Cross-References: CVE-2010-1155 CVE-2010-1156 Affected Products: openSUSE 11.2 openSUSE 11.1 openSUSE 11.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: irssi did not check the identity information of a remote hosts's certificate. Attackers could exploit that for a man-in-the-middle attack (CVE-2010-1155). irssi could crash if someone changed nick while the victim was leaving the channel (CVE-2010-1156). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch irssi-2368 - openSUSE 11.1: zypper in -t patch irssi-2368 - openSUSE 11.0: zypper in -t patch irssi-2368 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 src x86_64): irssi-0.8.13-2.2.1 - openSUSE 11.2 (i586 x86_64): irssi-devel-0.8.13-2.2.1 - openSUSE 11.1 (i586 ppc src x86_64): irssi-0.8.12-30.71.1 - openSUSE 11.1 (i586 ppc x86_64): irssi-devel-0.8.12-30.71.1 - openSUSE 11.0 (i586 ppc src x86_64): irssi-0.8.12-49.4 - openSUSE 11.0 (i586 ppc x86_64): irssi-devel-0.8.12-49.4 References: http://support.novell.com/security/cve/CVE-2010-1155.html http://support.novell.com/security/cve/CVE-2010-1156.html https://bugzilla.novell.com/596005

1 0

openSUSE-SU-2010:0182-1 (important): java-1_6_0-openjdk security update
by opensuse-security＠opensuse.org 29 Apr '10

29 Apr '10

openSUSE Security Update: java-1_6_0-openjdk security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0182-1 Rating: important References: #594415 Cross-References: CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0088 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0840 CVE-2010-0845 CVE-2010-0847 CVE-2010-0848 Affected Products: openSUSE 11.2 openSUSE 11.1 openSUSE 11.0 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: java-1_6_0-openjdk version 1.7.3 fixes serveral security issues: - CVE-2010-0837: JAR 'unpack200' must verify input parameters - CVE-2010-0845: No ClassCastException for HashAttributeSet constructors if run with -Xcomp - CVE-2010-0838: CMM readMabCurveData Buffer Overflow Vulnerability - CVE-2010-0082: Loader-constraint table allows arrays instead of only the base-classes - CVE-2010-0095: Subclasses of InetAddress may incorrectly interpret network addresses - CVE-2010-0085: File TOCTOU deserialization vulnerability - CVE-2010-0091: Unsigned applet can retrieve the dragged information before drop action occurs - CVE-2010-0088: Inflater/Deflater clone issues - CVE-2010-0084: Policy/PolicyFile leak dynamic ProtectionDomains. - CVE-2010-0092: AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error - CVE-2010-0094: Deserialization of RMIConnectionImpl objects should enforce stricter checks - CVE-2010-0093: System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes - CVE-2010-0840: Applet Trusted Methods Chaining Privilege Escalation Vulnerability - CVE-2010-0848: AWT Library Invalid Index Vulnerability - CVE-2010-0847: ImagingLib arbitrary code execution vulnerability - CVE-2009-3555: TLS: MITM attacks via session renegotiation Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch java-1_6_0-openjdk-2362 - openSUSE 11.1: zypper in -t patch java-1_6_0-openjdk-2362 - openSUSE 11.0: zypper in -t patch java-1_6_0-openjdk-2362 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 src x86_64): java-1_6_0-openjdk-1.6.0.0_b17-2.1.1 - openSUSE 11.2 (i586 x86_64): java-1_6_0-openjdk-devel-1.6.0.0_b17-2.1.1 java-1_6_0-openjdk-plugin-1.6.0.0_b17-2.1.1 - openSUSE 11.2 (noarch): java-1_6_0-openjdk-demo-1.6.0.0_b17-2.1.1 java-1_6_0-openjdk-javadoc-1.6.0.0_b17-2.1.1 java-1_6_0-openjdk-src-1.6.0.0_b17-2.1.1 - openSUSE 11.1 (i586 ppc src x86_64): java-1_6_0-openjdk-1.6.0.0_b17-2.3.1 - openSUSE 11.1 (i586 ppc x86_64): java-1_6_0-openjdk-demo-1.6.0.0_b17-2.3.1 java-1_6_0-openjdk-devel-1.6.0.0_b17-2.3.1 java-1_6_0-openjdk-javadoc-1.6.0.0_b17-2.3.1 java-1_6_0-openjdk-plugin-1.6.0.0_b17-2.3.1 java-1_6_0-openjdk-src-1.6.0.0_b17-2.3.1 - openSUSE 11.0 (i586 ppc src x86_64): java-1_6_0-openjdk-1.6.0.0_b17-2.3 - openSUSE 11.0 (i586 ppc x86_64): java-1_6_0-openjdk-demo-1.6.0.0_b17-2.3 java-1_6_0-openjdk-devel-1.6.0.0_b17-2.3 java-1_6_0-openjdk-javadoc-1.6.0.0_b17-2.3 java-1_6_0-openjdk-plugin-1.6.0.0_b17-2.3 java-1_6_0-openjdk-src-1.6.0.0_b17-2.3 References: http://support.novell.com/security/cve/CVE-2009-3555.html http://support.novell.com/security/cve/CVE-2010-0082.html http://support.novell.com/security/cve/CVE-2010-0084.html http://support.novell.com/security/cve/CVE-2010-0085.html http://support.novell.com/security/cve/CVE-2010-0088.html http://support.novell.com/security/cve/CVE-2010-0091.html http://support.novell.com/security/cve/CVE-2010-0092.html http://support.novell.com/security/cve/CVE-2010-0093.html http://support.novell.com/security/cve/CVE-2010-0094.html http://support.novell.com/security/cve/CVE-2010-0095.html http://support.novell.com/security/cve/CVE-2010-0837.html http://support.novell.com/security/cve/CVE-2010-0838.html http://support.novell.com/security/cve/CVE-2010-0840.html http://support.novell.com/security/cve/CVE-2010-0845.html http://support.novell.com/security/cve/CVE-2010-0847.html http://support.novell.com/security/cve/CVE-2010-0848.html https://bugzilla.novell.com/594415

1 0

openSUSE-SU-2010:0181-1 (low): cacti security update
by opensuse-security＠opensuse.org 29 Apr '10

29 Apr '10

openSUSE Security Update: cacti security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0181-1 Rating: low References: #599239 Cross-References: CVE-2010-1431 Affected Products: openSUSE 11.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: Missing input sanitation in the template export feature allowed for SQL injection attacks (CVE-2010-1431). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.0: zypper in -t patch cacti-2365 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.0 (noarch src) [New Version: 0.8.7e]: cacti-0.8.7e-0.3 References: http://support.novell.com/security/cve/CVE-2010-1431.html https://bugzilla.novell.com/599239

1 0

openSUSE-RU-2010:0177-1 (low): timezone: Data update
by maintenance＠opensuse.org 28 Apr '10

28 Apr '10

openSUSE Recommended Update: timezone: Data update ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0177-1 Rating: low References: #583745 Affected Products: openSUSE 11.2 openSUSE 11.1 openSUSE 11.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: Updated tzdata version to 2010h: * DST changes: Asia/Dhaka, Asia/Karachi, Asia/Gaza, Asia/Damascus, Pacific/Apia, Pacific/Fiji, Africa/Tunis America/Santiago, Pacific/Easter, America/Asuncion * New zones: America/Matamoros, America/Ojinaga, America/Santa_Isabel * GMT offset changes: Europe/Samara, Asia/Kamchatka, Asia/Anadyr * Various Antarctica timezone changes * Number of Time Zones used in Russia were reduced to 9 and several regions changed timezones. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch timezone-2276 - openSUSE 11.1: zypper in -t patch timezone-2276 - openSUSE 11.0: zypper in -t patch timezone-2276 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 src x86_64) [New Version: 2010h]: timezone-2010h-1.1.1 - openSUSE 11.1 (i586 ppc src x86_64) [New Version: 2010h]: timezone-2010h-1.1.1 - openSUSE 11.0 (i586 ppc src x86_64) [New Version: 2010h]: timezone-2010h-1.1 References: https://bugzilla.novell.com/583745

1 0

openSUSE-SU-2010:0175-1 (low): dovecot security update
by opensuse-security＠opensuse.org 28 Apr '10

28 Apr '10

openSUSE Security Update: dovecot security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0175-1 Rating: low References: #587356 Cross-References: CVE-2010-0745 Affected Products: openSUSE 11.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: Huge mail headers could cause dovecot to consume excessive amounts of CPU (CVE-2010-0745) dovecot was updated to version 1.2.11 which fixes the problem. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch dovecot12-2363 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 src x86_64) [New Version: 1.2.9]: dovecot12-1.2.9-0.2.1 - openSUSE 11.2 (i586 x86_64) [New Version: 1.2.9]: dovecot12-backend-mysql-1.2.9-0.2.1 dovecot12-backend-pgsql-1.2.9-0.2.1 dovecot12-backend-sqlite-1.2.9-0.2.1 dovecot12-devel-1.2.9-0.2.1 dovecot12-fts-lucene-1.2.9-0.2.1 References: http://support.novell.com/security/cve/CVE-2010-0745.html https://bugzilla.novell.com/587356

1 0

openSUSE-RU-2010:0173-1 (low): evolution-data-server: This update improves the stability of the package.
by maintenance＠opensuse.org 27 Apr '10

27 Apr '10

openSUSE Recommended Update: evolution-data-server: This update improves the stability of the package. ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0173-1 Rating: low References: #595936 Affected Products: openSUSE 11.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: evolution-data-server can abort with a trace. It is fixed by this update. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch evolution-data-server-2334 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (src x86_64) [New Version: 2.28.2]: evolution-data-server-2.28.2-0.2.13 - openSUSE 11.2 (i586 src) [New Version: 2.28.2]: evolution-data-server-2.28.2-0.3.1 - openSUSE 11.2 (x86_64) [New Version: 2.28.2]: evolution-data-server-32bit-2.28.2-0.3.1 evolution-data-server-devel-2.28.2-0.2.13 evolution-data-server-doc-2.28.2-0.2.13 - openSUSE 11.2 (noarch) [New Version: 2.28.2]: evolution-data-server-lang-2.28.2-0.3.1 - openSUSE 11.2 (i586) [New Version: 2.28.2]: evolution-data-server-devel-2.28.2-0.3.1 evolution-data-server-doc-2.28.2-0.3.1 References: https://bugzilla.novell.com/595936

1 0

openSUSE-SU-2010:0166-1 (important): systemtap: fix for remote code execution and denial of service
by opensuse-security＠opensuse.org 26 Apr '10

26 Apr '10

openSUSE Security Update: systemtap: fix for remote code execution and denial of service ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0166-1 Rating: important References: #574243 Cross-References: CVE-2009-4273 CVE-2010-0411 Affected Products: openSUSE 11.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: This updates systemtap to version 1.0. The version update was required to fix two issues; a shell meta.character injection vulnerability that allowed remote users to execute arbitrary commands () with the privileges of the stap-server. (CVE-2009-4273: CVSS v2 Base Score: 7.9 (important) (AV:A/AC:M/Au:N/C:C/I:C/A:C)) and a remote denial of service bug in the __get_argv() function (CVE-2010-0411: CVSS v2 Base Score: 4.9 (MEDIUM) (AV:L/AC:L/Au:N/C:N/I:N/A:C)). Version 1.0 is also subject to advisory CVE-2009-2911 fixing three denial of service issues when using unprivileged mode. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch systemtap-2088 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 src x86_64) [New Version: 1.0]: systemtap-1.0-1.1.1 - openSUSE 11.2 (i586 x86_64) [New Version: 1.0]: systemtap-client-1.0-1.1.1 systemtap-runtime-1.0-1.1.1 systemtap-sdt-devel-1.0-1.1.1 systemtap-server-1.0-1.1.1 References: http://support.novell.com/security/cve/CVE-2009-4273.html http://support.novell.com/security/cve/CVE-2010-0411.html https://bugzilla.novell.com/574243

1 0

openSUSE-SU-2010:0165-1 (low): apache2 security update
by opensuse-security＠opensuse.org 26 Apr '10

26 Apr '10

openSUSE Security Update: apache2 security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0165-1 Rating: low References: #570127 #586572 Cross-References: CVE-2010-0408 CVE-2010-0434 Affected Products: openSUSE 11.2 openSUSE 11.1 openSUSE 11.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: When using a multithreaded MPM apache could leak memory of requests handled by a different thread when processing subrequests (CVE-2010-0434). Specially crafted requests could crash mod_proxy_ajp (CVE-2010-0408). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch apache2-2292 - openSUSE 11.1: zypper in -t patch apache2-2292 - openSUSE 11.0: zypper in -t patch apache2-2292 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 src x86_64): apache2-2.2.13-2.4.1 - openSUSE 11.2 (i586 x86_64): apache2-devel-2.2.13-2.4.1 apache2-doc-2.2.13-2.4.1 apache2-example-certificates-2.2.13-2.4.1 apache2-example-pages-2.2.13-2.4.1 apache2-itk-2.2.13-2.4.1 apache2-prefork-2.2.13-2.4.1 apache2-utils-2.2.13-2.4.1 apache2-worker-2.2.13-2.4.1 - openSUSE 11.1 (i586 ppc src x86_64): apache2-2.2.10-2.9.1 - openSUSE 11.1 (i586 ppc x86_64): apache2-devel-2.2.10-2.9.1 apache2-doc-2.2.10-2.9.1 apache2-example-pages-2.2.10-2.9.1 apache2-prefork-2.2.10-2.9.1 apache2-utils-2.2.10-2.9.1 apache2-worker-2.2.10-2.9.1 - openSUSE 11.0 (i586 ppc src x86_64): apache2-2.2.8-28.10 - openSUSE 11.0 (i586 ppc x86_64): apache2-devel-2.2.8-28.10 apache2-doc-2.2.8-28.10 apache2-example-pages-2.2.8-28.10 apache2-prefork-2.2.8-28.10 apache2-utils-2.2.8-28.10 apache2-worker-2.2.8-28.10 References: http://support.novell.com/security/cve/CVE-2010-0408.html http://support.novell.com/security/cve/CVE-2010-0434.html https://bugzilla.novell.com/570127 https://bugzilla.novell.com/586572

1 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

openSUSE Updates April 2010