openSUSE Security Update: memcached DoS
______________________________________________________________________________
Announcement ID: openSUSE-SU-2010:0303-1
Rating: moderate
References: #595117
Cross-References: CVE-2010-1152
Affected Products:
openSUSE 11.2
openSUSE 11.1
openSUSE 11.0
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Remote attackers that are allowed to connect to memcached
could crash memcached by sending invalid input
(CVE-2010-1152).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.2:
zypper in -t patch memcached-2271
- openSUSE 11.1:
zypper in -t patch memcached-2271
- openSUSE 11.0:
zypper in -t patch memcached-2271
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.2 (i586 src x86_64):
memcached-1.2.8-2.2.1
- openSUSE 11.1 (i586 ppc src x86_64):
memcached-1.2.6-5.8.1
- openSUSE 11.0 (i586 ppc src x86_64):
memcached-1.2.2-49.4
References:
http://support.novell.com/security/cve/CVE-2010-1152.htmlhttps://bugzilla.novell.com/595117
openSUSE Recommended Update: sysconfig: This update improves the handling of huge zebra routing tables
______________________________________________________________________________
Announcement ID: openSUSE-RU-2010:0299-1
Rating: low
References: #572205
Affected Products:
openSUSE 11.2
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update addresses the following sysconfig issue:
#572205: Added route proto filter to ifstatus-route to
evaluate only routes that may have been set by ifup-route
and skip routes added e.g. by zebra to not to waste CPU for
huge zebra routing tables.
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.2:
zypper in -t patch sysconfig-2158
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.2 (i586 src x86_64):
sysconfig-0.72.6-2.6.1
References:
https://bugzilla.novell.com/572205
openSUSE Security Update: Xen: Collective bugfix update (2010/04)
______________________________________________________________________________
Announcement ID: openSUSE-SU-2010:0293-1
Rating: moderate
References: #481592 #529195 #537370 #541945 #542525 #545470
#547590 #548438 #548443 #548852 #550397 #553631
#553633 #555152 #561912 #564750 #572691 #573748
#576832
Cross-References: CVE-2009-3525
Affected Products:
openSUSE 11.1
______________________________________________________________________________
An update that solves one vulnerability and has 18 fixes is
now available. It includes one version update.
Description:
Collective Xen 2010/04 Update, containing fixes for the
following issues:
bnc#576832 - pygrub, reiserfs: Fix on-disk structure
definition bnc#537370 - Xen on SLES 11 does not boot -
endless loop in ATA detection bnc#561912 - xend leaks
memory bnc#564750 - Keyboard Caps Lock key works abnormal
under SLES11 xen guest OS. bnc#548443 - keymap setting not
preserved bnc#555152 - "NAME" column in xentop (SLES11)
output limited to 10 characters unlike SLES10 bnc#553631 -
L3: diskpart will not run on windows 2008 bnc#548852 -
DL585G2 - plug-in PCI cards fail in IO-APIC mode bnc#529195
- xend: disallow ! as a sxp separator bnc#550397 - xend:
bootable flag of VBD not always of type int bnc#545470 -
Xen vifname parameter is ignored when using type=ioemu in
guest configuration file bnc#541945 - xm create -x
command does not work in SLES 10 SP2 or SLES 11
bnc#542525 - VUL-1: xen pygrub vulnerability bnc#481592
and fate#306125 - Virtual machines are not able to boot
from CD to allow upgrade to OES2SP1 (sle10 bug)
bnc#553633 - Update breaks menu access keys in
virt-viewer and still misses some key sequences. (sle10
bug) fate#306720: xen: virt-manager cdrom handling.
bnc#547590 - L3: virt-manager is unable of displaying VNC
console on remote hosts bnc#572691 - libvird segfaults
when trying to create a kvm guest bnc#573748 - L3: Virsh
gives error Device 51712 not connected after updating
libvirt modules bnc#548438 - libcmpiutil / libvirt-cim
does not properly handle CIM_ prefixed bnc#513921 - Xen
doesn't work get an eror when starting the install
processes or starting a pervious installed DomU
bnc#526855 - Cannot set MAC address for PV guest in
vm-install
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.1:
zypper in -t patch xen-201004-2445
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.1 (i586 ppc src x86_64):
libcmpiutil-0.5-15.18.1
libvirt-0.4.6-11.16.26
libvirt-cim-0.5.2-4.22.92
- openSUSE 11.1 (i586 ppc x86_64):
libcmpiutil-devel-0.5-15.18.1
libvirt-devel-0.4.6-11.16.26
libvirt-doc-0.4.6-11.16.26
libvirt-python-0.4.6-11.16.26
- openSUSE 11.1 (i586 src x86_64) [New Version: 0.3.27]:
virt-manager-0.5.3-64.26.26
virt-viewer-0.0.3-3.30.27
vm-install-0.3.27-0.1.13
xen-3.3.1_18546_24-0.4.13
- openSUSE 11.1 (i586 x86_64):
xen-devel-3.3.1_18546_24-0.4.13
xen-doc-html-3.3.1_18546_24-0.4.13
xen-doc-pdf-3.3.1_18546_24-0.4.13
xen-kmp-debug-3.3.1_18546_24_2.6.27.45_0.2-0.4.13
xen-kmp-default-3.3.1_18546_24_2.6.27.45_0.2-0.4.13
xen-kmp-trace-3.3.1_18546_24_2.6.27.45_0.2-0.4.13
xen-libs-3.3.1_18546_24-0.4.13
xen-tools-3.3.1_18546_24-0.4.13
xen-tools-domU-3.3.1_18546_24-0.4.13
- openSUSE 11.1 (x86_64):
xen-libs-32bit-3.3.1_18546_24-0.4.13
- openSUSE 11.1 (i586):
xen-kmp-pae-3.3.1_18546_24_2.6.27.45_0.2-0.4.13
References:
http://support.novell.com/security/cve/CVE-2009-3525.htmlhttps://bugzilla.novell.com/481592https://bugzilla.novell.com/529195https://bugzilla.novell.com/537370https://bugzilla.novell.com/541945https://bugzilla.novell.com/542525https://bugzilla.novell.com/545470https://bugzilla.novell.com/547590https://bugzilla.novell.com/548438https://bugzilla.novell.com/548443https://bugzilla.novell.com/548852https://bugzilla.novell.com/550397https://bugzilla.novell.com/553631https://bugzilla.novell.com/553633https://bugzilla.novell.com/555152https://bugzilla.novell.com/561912https://bugzilla.novell.com/564750https://bugzilla.novell.com/572691https://bugzilla.novell.com/573748https://bugzilla.novell.com/576832
openSUSE Recommended Update: valgrind: Collective fixes
______________________________________________________________________________
Announcement ID: openSUSE-RU-2010:0286-1
Rating: low
References: #558964 #559061 #599585
Affected Products:
openSUSE 11.2
______________________________________________________________________________
An update that has three recommended fixes can now be
installed.
Description:
This update of valgrind contains the following fixes:
- reenable support for register/unregister calls of JIT
compilers (e.g. mono-core)
- handle inotify_init (bnc#558964)
- handle pthreaded apps better (bnc#599585)
- prefer CFI for stack unwinding (bnc#559061)
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.2:
zypper in -t patch valgrind-2431
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.2 (i586 src x86_64):
valgrind-3.5.0-2.2.1
- openSUSE 11.2 (i586 x86_64):
valgrind-devel-3.5.0-2.2.1
References:
https://bugzilla.novell.com/558964https://bugzilla.novell.com/559061https://bugzilla.novell.com/599585
openSUSE Recommended Update: util-linux: This update fixes an error if "mount -a" is used.
______________________________________________________________________________
Announcement ID: openSUSE-RU-2010:0285-1
Rating: low
References: #509082
Affected Products:
openSUSE 11.1
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
mount -a silently fails on /proc with nonzero return value,
might break scripts. This is fixed by this update.
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.1:
zypper in -t patch util-linux-2421
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.1 (i586 ppc src x86_64):
util-linux-2.14.1-10.3.1
- openSUSE 11.1 (i586 ppc x86_64):
util-linux-lang-2.14.1-10.3.1
References:
https://bugzilla.novell.com/509082
openSUSE Recommended Update: fail2ban: This update fixes the init script which can't restart the service
______________________________________________________________________________
Announcement ID: openSUSE-RU-2010:0284-1
Rating: low
References: #606238
Affected Products:
openSUSE 11.2
______________________________________________________________________________
An update that has one recommended fix can now be
installed. It includes one version update.
Description:
This update of fail2ban fixes the following bug:
- fail2ban's init script fails to restart the service
(bnc#606238)
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.2:
zypper in -t patch fail2ban-2432
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.2 (i586 src x86_64) [New Version: 0.8.4]:
fail2ban-0.8.4-1.2.1
References:
https://bugzilla.novell.com/606238
openSUSE Recommended Update: tree: Fixed 2GB size and larger files display
______________________________________________________________________________
Announcement ID: openSUSE-RU-2010:0282-1
Rating: low
References: #601779
Affected Products:
openSUSE 11.2
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
The following bug was fixed in the tree file browser:
- bnc#601779: 32bit 'tree' doesn't show files 2GB and larger
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.2:
zypper in -t patch tree-2428
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.2 (i586 src x86_64):
tree-1.5.2.2-2.2.1
References:
https://bugzilla.novell.com/601779
openSUSE Recommended Update: libgnomesu: Translation is fixed when gnome prompts root password.
______________________________________________________________________________
Announcement ID: openSUSE-RU-2010:0278-1
Rating: low
References: #477638 #562162 #582085
Affected Products:
openSUSE 11.2
______________________________________________________________________________
An update that has three recommended fixes can now be
installed.
Description:
This update fixes two issues:
- #562162: wrong label shown for details when gnome prompts
root password in Italian language
- Some texts were not translatable.
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.2:
zypper in -t patch libgnomesu-2425
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.2 (i586 src x86_64):
libgnomesu-1.0.0-314.6.1
- openSUSE 11.2 (i586 x86_64):
libgnomesu-devel-1.0.0-314.6.1
libgnomesu0-1.0.0-314.6.1
- openSUSE 11.2 (noarch):
libgnomesu-lang-1.0.0-314.6.1
References:
https://bugzilla.novell.com/477638https://bugzilla.novell.com/562162https://bugzilla.novell.com/582085
openSUSE Security Update: seamonkey: 1.1.19 security update
______________________________________________________________________________
Announcement ID: openSUSE-SU-2010:0273-1
Rating: important
References: #590499
Cross-References: CVE-2009-0689 CVE-2009-2463 CVE-2009-3072
CVE-2009-3075 CVE-2009-3077 CVE-2009-3376
CVE-2009-3385 CVE-2009-3983 CVE-2010-0161
CVE-2010-0163
Affected Products:
openSUSE 11.1
openSUSE 11.0
______________________________________________________________________________
An update that fixes 10 vulnerabilities is now available.
It includes one version update.
Description:
This update brings Mozilla Seamonkey to 1.1.19 fixing
various bugs and security issues.
Following security issues are fixed: MFSA 2010-07: Mozilla
developers took fixes from previously fixed memory safety
bugs in newer Mozilla-based products and ported them to the
Mozilla 1.8.1 branch so they can be utilized by Thunderbird
2 and SeaMonkey 1.1.
Paul Fisher reported a crash when joined to an Active
Directory server under Vista or Windows 7 and using SSPI
authentication. (CVE-2010-0161) Ludovic Hirlimann reported
a crash indexing some messages with attachments
(CVE-2010-0163) Carsten Book reported a crash in the
JavaScript engine (CVE-2009-3075) Josh Soref reported a
crash in the BinHex decoder used on non-Mac platforms.
(CVE-2009-3072) monarch2000 reported an integer overflow in
a base64 decoding function (CVE-2009-2463)
MFSA 2009-68 / CVE-2009-3983: Security researcher Takehiro
Takahashi of the IBM X-Force reported that Mozilla's NTLM
implementation was vulnerable to reflection attacks in
which NTLM credentials from one application could be
forwarded to another arbitary application via the browser.
If an attacker could get a user to visit a web page he
controlled he could force NTLM authenticated requests to be
forwarded to another application on behalf of the user.
MFSA 2009-62 / CVE-2009-3376: Mozilla security researchers
Jesse Ruderman and Sid Stamm reported that when downloading
a file containing a right-to-left override character (RTL)
in the filename, the name displayed in the dialog title bar
conflicts with the name of the file shown in the dialog
body. An attacker could use this vulnerability to obfuscate
the name and file extension of a file to be downloaded and
opened, potentially causing a user to run an executable
file when they expected to open a non-executable file.
MFSA 2009-59 / CVE-2009-0689: Security researcher Alin Rad
Pop of Secunia Research reported a heap-based buffer
overflow in Mozilla's string to floating point number
conversion routines. Using this vulnerability an attacker
could craft some malicious JavaScript code containing a
very long string to be converted to a floating point number
which would result in improper memory allocation and the
execution of an arbitrary memory location. This
vulnerability could thus be leveraged by the attacker to
run arbitrary code on a victim's computer.
Update: The underlying flaw in the dtoa routines used by
Mozilla appears to be essentially the same as that reported
against the libc gdtoa routine by Maksymilian Arciemowicz.
MFSA 2010-06 / CVE-2009-3385: Security researcher Georgi
Guninski reported that scriptable plugin content, such as
Flash objects, could be loaded and executed in SeaMonkey
mail messages by embedding the content in an iframe inside
the message. If a user were to reply to or forward such a
message, malicious JavaScript embedded in the plugin
content could potentially steal the contents of the message
or files from the local filesystem.
MFSA 2009-49 / CVE-2009-3077: An anonymous security
researcher, via TippingPoint's Zero Day Initiative,
reported that the columns of a XUL tree element could be
manipulated in a particular way which would leave a pointer
owned by the column pointing to freed memory. An attacker
could potentially use this vulnerability to crash a
victim's browser and run arbitrary code on the victim's
computer.
Please see
http://www.mozilla.org/security/known-vulnerabilities/seamon
key11.html
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.1:
zypper in -t patch seamonkey-2388
- openSUSE 11.0:
zypper in -t patch seamonkey-2388
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.1 (i586 ppc src x86_64) [New Version: 1.1.19]:
seamonkey-1.1.19-0.1.1
- openSUSE 11.1 (i586 ppc x86_64) [New Version: 1.1.19]:
seamonkey-dom-inspector-1.1.19-0.1.1
seamonkey-irc-1.1.19-0.1.1
seamonkey-mail-1.1.19-0.1.1
seamonkey-spellchecker-1.1.19-0.1.1
seamonkey-venkman-1.1.19-0.1.1
- openSUSE 11.0 (i586 ppc src x86_64) [New Version: 1.1.19]:
seamonkey-1.1.19-0.1
- openSUSE 11.0 (i586 ppc x86_64) [New Version: 1.1.19]:
seamonkey-dom-inspector-1.1.19-0.1
seamonkey-irc-1.1.19-0.1
seamonkey-mail-1.1.19-0.1
seamonkey-spellchecker-1.1.19-0.1
seamonkey-venkman-1.1.19-0.1
References:
http://support.novell.com/security/cve/CVE-2009-0689.htmlhttp://support.novell.com/security/cve/CVE-2009-2463.htmlhttp://support.novell.com/security/cve/CVE-2009-3072.htmlhttp://support.novell.com/security/cve/CVE-2009-3075.htmlhttp://support.novell.com/security/cve/CVE-2009-3077.htmlhttp://support.novell.com/security/cve/CVE-2009-3376.htmlhttp://support.novell.com/security/cve/CVE-2009-3385.htmlhttp://support.novell.com/security/cve/CVE-2009-3983.htmlhttp://support.novell.com/security/cve/CVE-2010-0161.htmlhttp://support.novell.com/security/cve/CVE-2010-0163.htmlhttps://bugzilla.novell.com/590499