May 2010 - openSUSE Updates - openSUSE Mailing Lists

openSUSE-SU-2010:0303-1 (moderate): memcached DoS
by opensuse-security＠opensuse.org 27 May '10

27 May '10

openSUSE Security Update: memcached DoS ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0303-1 Rating: moderate References: #595117 Cross-References: CVE-2010-1152 Affected Products: openSUSE 11.2 openSUSE 11.1 openSUSE 11.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Remote attackers that are allowed to connect to memcached could crash memcached by sending invalid input (CVE-2010-1152). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch memcached-2271 - openSUSE 11.1: zypper in -t patch memcached-2271 - openSUSE 11.0: zypper in -t patch memcached-2271 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 src x86_64): memcached-1.2.8-2.2.1 - openSUSE 11.1 (i586 ppc src x86_64): memcached-1.2.6-5.8.1 - openSUSE 11.0 (i586 ppc src x86_64): memcached-1.2.2-49.4 References: http://support.novell.com/security/cve/CVE-2010-1152.html https://bugzilla.novell.com/595117

1 0

openSUSE-RU-2010:0299-1 (low): sysconfig: This update improves the handling of huge zebra routing tables
by maintenance＠opensuse.org 26 May '10

26 May '10

openSUSE Recommended Update: sysconfig: This update improves the handling of huge zebra routing tables ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0299-1 Rating: low References: #572205 Affected Products: openSUSE 11.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update addresses the following sysconfig issue: #572205: Added route proto filter to ifstatus-route to evaluate only routes that may have been set by ifup-route and skip routes added e.g. by zebra to not to waste CPU for huge zebra routing tables. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch sysconfig-2158 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 src x86_64): sysconfig-0.72.6-2.6.1 References: https://bugzilla.novell.com/572205

1 0

openSUSE-SU-2010:0293-1 (moderate): Xen: Collective bugfix update (2010/04)
by opensuse-security＠opensuse.org 25 May '10

25 May '10

openSUSE Security Update: Xen: Collective bugfix update (2010/04) ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0293-1 Rating: moderate References: #481592 #529195 #537370 #541945 #542525 #545470 #547590 #548438 #548443 #548852 #550397 #553631 #553633 #555152 #561912 #564750 #572691 #573748 #576832 Cross-References: CVE-2009-3525 Affected Products: openSUSE 11.1 ______________________________________________________________________________ An update that solves one vulnerability and has 18 fixes is now available. It includes one version update. Description: Collective Xen 2010/04 Update, containing fixes for the following issues: bnc#576832 - pygrub, reiserfs: Fix on-disk structure definition bnc#537370 - Xen on SLES 11 does not boot - endless loop in ATA detection bnc#561912 - xend leaks memory bnc#564750 - Keyboard Caps Lock key works abnormal under SLES11 xen guest OS. bnc#548443 - keymap setting not preserved bnc#555152 - "NAME" column in xentop (SLES11) output limited to 10 characters unlike SLES10 bnc#553631 - L3: diskpart will not run on windows 2008 bnc#548852 - DL585G2 - plug-in PCI cards fail in IO-APIC mode bnc#529195 - xend: disallow ! as a sxp separator bnc#550397 - xend: bootable flag of VBD not always of type int bnc#545470 - Xen vifname parameter is ignored when using type=ioemu in guest configuration file bnc#541945 - xm create -x command does not work in SLES 10 SP2 or SLES 11 bnc#542525 - VUL-1: xen pygrub vulnerability bnc#481592 and fate#306125 - Virtual machines are not able to boot from CD to allow upgrade to OES2SP1 (sle10 bug) bnc#553633 - Update breaks menu access keys in virt-viewer and still misses some key sequences. (sle10 bug) fate#306720: xen: virt-manager cdrom handling. bnc#547590 - L3: virt-manager is unable of displaying VNC console on remote hosts bnc#572691 - libvird segfaults when trying to create a kvm guest bnc#573748 - L3: Virsh gives error Device 51712 not connected after updating libvirt modules bnc#548438 - libcmpiutil / libvirt-cim does not properly handle CIM_ prefixed bnc#513921 - Xen doesn't work get an eror when starting the install processes or starting a pervious installed DomU bnc#526855 - Cannot set MAC address for PV guest in vm-install Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.1: zypper in -t patch xen-201004-2445 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.1 (i586 ppc src x86_64): libcmpiutil-0.5-15.18.1 libvirt-0.4.6-11.16.26 libvirt-cim-0.5.2-4.22.92 - openSUSE 11.1 (i586 ppc x86_64): libcmpiutil-devel-0.5-15.18.1 libvirt-devel-0.4.6-11.16.26 libvirt-doc-0.4.6-11.16.26 libvirt-python-0.4.6-11.16.26 - openSUSE 11.1 (i586 src x86_64) [New Version: 0.3.27]: virt-manager-0.5.3-64.26.26 virt-viewer-0.0.3-3.30.27 vm-install-0.3.27-0.1.13 xen-3.3.1_18546_24-0.4.13 - openSUSE 11.1 (i586 x86_64): xen-devel-3.3.1_18546_24-0.4.13 xen-doc-html-3.3.1_18546_24-0.4.13 xen-doc-pdf-3.3.1_18546_24-0.4.13 xen-kmp-debug-3.3.1_18546_24_2.6.27.45_0.2-0.4.13 xen-kmp-default-3.3.1_18546_24_2.6.27.45_0.2-0.4.13 xen-kmp-trace-3.3.1_18546_24_2.6.27.45_0.2-0.4.13 xen-libs-3.3.1_18546_24-0.4.13 xen-tools-3.3.1_18546_24-0.4.13 xen-tools-domU-3.3.1_18546_24-0.4.13 - openSUSE 11.1 (x86_64): xen-libs-32bit-3.3.1_18546_24-0.4.13 - openSUSE 11.1 (i586): xen-kmp-pae-3.3.1_18546_24_2.6.27.45_0.2-0.4.13 References: http://support.novell.com/security/cve/CVE-2009-3525.html https://bugzilla.novell.com/481592 https://bugzilla.novell.com/529195 https://bugzilla.novell.com/537370 https://bugzilla.novell.com/541945 https://bugzilla.novell.com/542525 https://bugzilla.novell.com/545470 https://bugzilla.novell.com/547590 https://bugzilla.novell.com/548438 https://bugzilla.novell.com/548443 https://bugzilla.novell.com/548852 https://bugzilla.novell.com/550397 https://bugzilla.novell.com/553631 https://bugzilla.novell.com/553633 https://bugzilla.novell.com/555152 https://bugzilla.novell.com/561912 https://bugzilla.novell.com/564750 https://bugzilla.novell.com/572691 https://bugzilla.novell.com/573748 https://bugzilla.novell.com/576832

1 0

openSUSE-SU-2010:0292-1 (moderate): krb5: security update for remote denial-of-service vulnerability
by opensuse-security＠opensuse.org 25 May '10

25 May '10

openSUSE Security Update: krb5: security update for remote denial-of-service vulnerability ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0292-1 Rating: moderate References: #596826 Cross-References: CVE-2010-1321 Affected Products: openSUSE 11.2 openSUSE 11.1 openSUSE 11.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes a denial-of-service vulnerability in kadmind. A remote attack can send a malformed GSS-API token that triggers a NULL pointer dereference. (CVE-2010-1321: CVSS v2 Base Score: 6.8 (MEDIUM) (AV:N/AC:L/Au:S/C:N/I:N/A:C)) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch krb5-2443 - openSUSE 11.1: zypper in -t patch krb5-2443 - openSUSE 11.0: zypper in -t patch krb5-2443 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 src x86_64): krb5-1.7-6.6.1 - openSUSE 11.2 (i586 x86_64): krb5-apps-clients-1.7-6.6.1 krb5-apps-servers-1.7-6.6.1 krb5-client-1.7-6.6.1 krb5-devel-1.7-6.6.1 krb5-plugin-kdb-ldap-1.7-6.6.1 krb5-plugin-preauth-pkinit-1.7-6.6.1 krb5-server-1.7-6.6.1 - openSUSE 11.2 (x86_64): krb5-32bit-1.7-6.6.1 krb5-devel-32bit-1.7-6.6.1 - openSUSE 11.1 (i586 ppc src x86_64): krb5-1.6.3-132.8.1 - openSUSE 11.1 (i586 ppc x86_64): krb5-apps-clients-1.6.3-132.8.1 krb5-apps-servers-1.6.3-132.8.1 krb5-client-1.6.3-132.8.1 krb5-devel-1.6.3-132.8.1 krb5-plugin-kdb-ldap-1.6.3-132.8.1 krb5-plugin-preauth-pkinit-1.6.3-132.8.1 krb5-server-1.6.3-132.8.1 - openSUSE 11.1 (x86_64): krb5-32bit-1.6.3-132.8.1 krb5-devel-32bit-1.6.3-132.8.1 - openSUSE 11.1 (src): krb5-plugins-1.6.3-132.8.1 - openSUSE 11.1 (ppc): krb5-64bit-1.6.3-132.8.1 krb5-devel-64bit-1.6.3-132.8.1 - openSUSE 11.0 (i586 ppc src x86_64): krb5-1.6.3-50.11 - openSUSE 11.0 (i586 ppc x86_64): krb5-apps-clients-1.6.3-50.11 krb5-apps-servers-1.6.3-50.11 krb5-client-1.6.3-50.11 krb5-devel-1.6.3-50.11 krb5-plugin-kdb-ldap-1.6.3-9.8 krb5-plugin-preauth-pkinit-1.6.3-9.8 krb5-server-1.6.3-50.11 - openSUSE 11.0 (x86_64): krb5-32bit-1.6.3-50.11 krb5-devel-32bit-1.6.3-50.11 - openSUSE 11.0 (src): krb5-plugins-1.6.3-9.8 - openSUSE 11.0 (ppc): krb5-64bit-1.6.3-50.11 krb5-devel-64bit-1.6.3-50.11 References: http://support.novell.com/security/cve/CVE-2010-1321.html https://bugzilla.novell.com/596826

1 0

openSUSE-RU-2010:0286-1 (low): valgrind: Collective fixes
by maintenance＠opensuse.org 25 May '10

25 May '10

openSUSE Recommended Update: valgrind: Collective fixes ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0286-1 Rating: low References: #558964 #559061 #599585 Affected Products: openSUSE 11.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update of valgrind contains the following fixes: - reenable support for register/unregister calls of JIT compilers (e.g. mono-core) - handle inotify_init (bnc#558964) - handle pthreaded apps better (bnc#599585) - prefer CFI for stack unwinding (bnc#559061) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch valgrind-2431 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 src x86_64): valgrind-3.5.0-2.2.1 - openSUSE 11.2 (i586 x86_64): valgrind-devel-3.5.0-2.2.1 References: https://bugzilla.novell.com/558964 https://bugzilla.novell.com/559061 https://bugzilla.novell.com/599585

1 0

openSUSE-RU-2010:0285-1 (low): util-linux: This update fixes an error if "mount -a" is used.
by maintenance＠opensuse.org 25 May '10

25 May '10

openSUSE Recommended Update: util-linux: This update fixes an error if "mount -a" is used. ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0285-1 Rating: low References: #509082 Affected Products: openSUSE 11.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: mount -a silently fails on /proc with nonzero return value, might break scripts. This is fixed by this update. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.1: zypper in -t patch util-linux-2421 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.1 (i586 ppc src x86_64): util-linux-2.14.1-10.3.1 - openSUSE 11.1 (i586 ppc x86_64): util-linux-lang-2.14.1-10.3.1 References: https://bugzilla.novell.com/509082

1 0

openSUSE-RU-2010:0284-1 (low): fail2ban: This update fixes the init script which can't restart the service
by maintenance＠opensuse.org 25 May '10

25 May '10

openSUSE Recommended Update: fail2ban: This update fixes the init script which can't restart the service ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0284-1 Rating: low References: #606238 Affected Products: openSUSE 11.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update of fail2ban fixes the following bug: - fail2ban's init script fails to restart the service (bnc#606238) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch fail2ban-2432 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 src x86_64) [New Version: 0.8.4]: fail2ban-0.8.4-1.2.1 References: https://bugzilla.novell.com/606238

1 0

openSUSE-RU-2010:0282-1 (low): tree: Fixed 2GB size and larger files display
by maintenance＠opensuse.org 25 May '10

25 May '10

openSUSE Recommended Update: tree: Fixed 2GB size and larger files display ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0282-1 Rating: low References: #601779 Affected Products: openSUSE 11.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The following bug was fixed in the tree file browser: - bnc#601779: 32bit 'tree' doesn't show files 2GB and larger Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch tree-2428 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 src x86_64): tree-1.5.2.2-2.2.1 References: https://bugzilla.novell.com/601779

1 0

openSUSE-RU-2010:0278-1 (low): libgnomesu: Translation is fixed when gnome prompts root password.
by maintenance＠opensuse.org 20 May '10

20 May '10

openSUSE Recommended Update: libgnomesu: Translation is fixed when gnome prompts root password. ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0278-1 Rating: low References: #477638 #562162 #582085 Affected Products: openSUSE 11.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes two issues: - #562162: wrong label shown for details when gnome prompts root password in Italian language - Some texts were not translatable. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch libgnomesu-2425 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 src x86_64): libgnomesu-1.0.0-314.6.1 - openSUSE 11.2 (i586 x86_64): libgnomesu-devel-1.0.0-314.6.1 libgnomesu0-1.0.0-314.6.1 - openSUSE 11.2 (noarch): libgnomesu-lang-1.0.0-314.6.1 References: https://bugzilla.novell.com/477638 https://bugzilla.novell.com/562162 https://bugzilla.novell.com/582085

1 0

openSUSE-SU-2010:0273-1 (important): seamonkey: 1.1.19 security update
by opensuse-security＠opensuse.org 19 May '10

19 May '10

openSUSE Security Update: seamonkey: 1.1.19 security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0273-1 Rating: important References: #590499 Cross-References: CVE-2009-0689 CVE-2009-2463 CVE-2009-3072 CVE-2009-3075 CVE-2009-3077 CVE-2009-3376 CVE-2009-3385 CVE-2009-3983 CVE-2010-0161 CVE-2010-0163 Affected Products: openSUSE 11.1 openSUSE 11.0 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. It includes one version update. Description: This update brings Mozilla Seamonkey to 1.1.19 fixing various bugs and security issues. Following security issues are fixed: MFSA 2010-07: Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey 1.1. Paul Fisher reported a crash when joined to an Active Directory server under Vista or Windows 7 and using SSPI authentication. (CVE-2010-0161) Ludovic Hirlimann reported a crash indexing some messages with attachments (CVE-2010-0163) Carsten Book reported a crash in the JavaScript engine (CVE-2009-3075) Josh Soref reported a crash in the BinHex decoder used on non-Mac platforms. (CVE-2009-3072) monarch2000 reported an integer overflow in a base64 decoding function (CVE-2009-2463) MFSA 2009-68 / CVE-2009-3983: Security researcher Takehiro Takahashi of the IBM X-Force reported that Mozilla's NTLM implementation was vulnerable to reflection attacks in which NTLM credentials from one application could be forwarded to another arbitary application via the browser. If an attacker could get a user to visit a web page he controlled he could force NTLM authenticated requests to be forwarded to another application on behalf of the user. MFSA 2009-62 / CVE-2009-3376: Mozilla security researchers Jesse Ruderman and Sid Stamm reported that when downloading a file containing a right-to-left override character (RTL) in the filename, the name displayed in the dialog title bar conflicts with the name of the file shown in the dialog body. An attacker could use this vulnerability to obfuscate the name and file extension of a file to be downloaded and opened, potentially causing a user to run an executable file when they expected to open a non-executable file. MFSA 2009-59 / CVE-2009-0689: Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla's string to floating point number conversion routines. Using this vulnerability an attacker could craft some malicious JavaScript code containing a very long string to be converted to a floating point number which would result in improper memory allocation and the execution of an arbitrary memory location. This vulnerability could thus be leveraged by the attacker to run arbitrary code on a victim's computer. Update: The underlying flaw in the dtoa routines used by Mozilla appears to be essentially the same as that reported against the libc gdtoa routine by Maksymilian Arciemowicz. MFSA 2010-06 / CVE-2009-3385: Security researcher Georgi Guninski reported that scriptable plugin content, such as Flash objects, could be loaded and executed in SeaMonkey mail messages by embedding the content in an iframe inside the message. If a user were to reply to or forward such a message, malicious JavaScript embedded in the plugin content could potentially steal the contents of the message or files from the local filesystem. MFSA 2009-49 / CVE-2009-3077: An anonymous security researcher, via TippingPoint's Zero Day Initiative, reported that the columns of a XUL tree element could be manipulated in a particular way which would leave a pointer owned by the column pointing to freed memory. An attacker could potentially use this vulnerability to crash a victim's browser and run arbitrary code on the victim's computer. Please see http://www.mozilla.org/security/known-vulnerabilities/seamon key11.html Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.1: zypper in -t patch seamonkey-2388 - openSUSE 11.0: zypper in -t patch seamonkey-2388 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.1 (i586 ppc src x86_64) [New Version: 1.1.19]: seamonkey-1.1.19-0.1.1 - openSUSE 11.1 (i586 ppc x86_64) [New Version: 1.1.19]: seamonkey-dom-inspector-1.1.19-0.1.1 seamonkey-irc-1.1.19-0.1.1 seamonkey-mail-1.1.19-0.1.1 seamonkey-spellchecker-1.1.19-0.1.1 seamonkey-venkman-1.1.19-0.1.1 - openSUSE 11.0 (i586 ppc src x86_64) [New Version: 1.1.19]: seamonkey-1.1.19-0.1 - openSUSE 11.0 (i586 ppc x86_64) [New Version: 1.1.19]: seamonkey-dom-inspector-1.1.19-0.1 seamonkey-irc-1.1.19-0.1 seamonkey-mail-1.1.19-0.1 seamonkey-spellchecker-1.1.19-0.1 seamonkey-venkman-1.1.19-0.1 References: http://support.novell.com/security/cve/CVE-2009-0689.html http://support.novell.com/security/cve/CVE-2009-2463.html http://support.novell.com/security/cve/CVE-2009-3072.html http://support.novell.com/security/cve/CVE-2009-3075.html http://support.novell.com/security/cve/CVE-2009-3077.html http://support.novell.com/security/cve/CVE-2009-3376.html http://support.novell.com/security/cve/CVE-2009-3385.html http://support.novell.com/security/cve/CVE-2009-3983.html http://support.novell.com/security/cve/CVE-2010-0161.html http://support.novell.com/security/cve/CVE-2010-0163.html https://bugzilla.novell.com/590499

1 0