openSUSE Updates July 2010

updates@lists.opensuse.org

2 participants
57 discussions

openSUSE-RU-2010:0449-1 (low): build: Version upgrade to build-2010.02.11
by maintenance＠opensuse.org 30 Jul '10

30 Jul '10

openSUSE Recommended Update: build: Version upgrade to build-2010.02.11 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0449-1 Rating: low References: #586176 #591618 Affected Products: openSUSE 11.2 openSUSE 11.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This update brings the build package to the 2010-02-11 version. It contains many fixes for kiwi image building. Furthermore, it fixes the default distribution link which was set to a wrong value with the last update. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch build-2517 - openSUSE 11.1: zypper in -t patch build-2517 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (noarch src) [New Version: 2010.02.11]: build-2010.02.11-0.1.1 - openSUSE 11.1 (noarch src) [New Version: 2010.02.11]: build-2010.02.11-0.1.1 References: https://bugzilla.novell.com/586176 https://bugzilla.novell.com/591618

1 0

openSUSE-RU-2010:0447-1 (low): bundle-lang-common-gnome: Updated to match current update state
by maintenance＠opensuse.org 29 Jul '10

29 Jul '10

openSUSE Recommended Update: bundle-lang-common-gnome: Updated to match current update state ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0447-1 Rating: low References: #593309 Affected Products: openSUSE 11.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update brings new GNOME language bundles to match released updates: - #593309: need to update bundle-lang-common Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch bundle-lang-gnome-2788 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (noarch): bundle-lang-gnome-ar-11.2-20.23.5 bundle-lang-gnome-ca-11.2-20.23.5 bundle-lang-gnome-cs-11.2-20.23.5 bundle-lang-gnome-da-11.2-20.23.5 bundle-lang-gnome-de-11.2-20.23.5 bundle-lang-gnome-en-11.2-20.23.5 bundle-lang-gnome-es-11.2-20.23.5 bundle-lang-gnome-extras-ar-11.2-20.23.1 bundle-lang-gnome-extras-ca-11.2-20.23.1 bundle-lang-gnome-extras-cs-11.2-20.23.1 bundle-lang-gnome-extras-da-11.2-20.23.1 bundle-lang-gnome-extras-de-11.2-20.23.1 bundle-lang-gnome-extras-en-11.2-20.23.1 bundle-lang-gnome-extras-es-11.2-20.23.1 bundle-lang-gnome-extras-fi-11.2-20.23.1 bundle-lang-gnome-extras-fr-11.2-20.23.1 bundle-lang-gnome-extras-hu-11.2-20.23.1 bundle-lang-gnome-extras-it-11.2-20.23.1 bundle-lang-gnome-extras-ja-11.2-20.23.1 bundle-lang-gnome-extras-ko-11.2-20.23.1 bundle-lang-gnome-extras-nb-11.2-20.23.1 bundle-lang-gnome-extras-nl-11.2-20.23.1 bundle-lang-gnome-extras-pl-11.2-20.23.1 bundle-lang-gnome-extras-pt-11.2-20.23.1 bundle-lang-gnome-extras-ru-11.2-20.23.1 bundle-lang-gnome-extras-sv-11.2-20.23.1 bundle-lang-gnome-extras-zh-11.2-20.23.1 bundle-lang-gnome-fi-11.2-20.23.5 bundle-lang-gnome-fr-11.2-20.23.5 bundle-lang-gnome-hu-11.2-20.23.5 bundle-lang-gnome-it-11.2-20.23.5 bundle-lang-gnome-ja-11.2-20.23.5 bundle-lang-gnome-ko-11.2-20.23.5 bundle-lang-gnome-nb-11.2-20.23.5 bundle-lang-gnome-nl-11.2-20.23.5 bundle-lang-gnome-pl-11.2-20.23.5 bundle-lang-gnome-pt-11.2-20.23.5 bundle-lang-gnome-ru-11.2-20.23.5 bundle-lang-gnome-sv-11.2-20.23.5 bundle-lang-gnome-zh-11.2-20.23.5 - openSUSE 11.2 (src): bundle-lang-gnome-11.2-20.23.5 bundle-lang-gnome-extras-11.2-20.23.1 References: https://bugzilla.novell.com/593309

1 0

openSUSE-RU-2010:0446-1 (low): digiKam, gwenview: Failed to rotate image. Fixed by this update.
by maintenance＠opensuse.org 29 Jul '10

29 Jul '10

openSUSE Recommended Update: digiKam, gwenview: Failed to rotate image. Fixed by this update. ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0446-1 Rating: low References: #611983 Affected Products: openSUSE 11.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The lossless JPEG rotate feature was broken by a runtime incompatibility with the new libjpeg8 that is resolved by this patch. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch kipi-plugins-2784 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 src x86_64): kipi-plugins-1.2.0-6.1.1 - openSUSE 11.3 (i586 x86_64): kipi-plugins-acquireimage-1.2.0-6.1.1 kipi-plugins-doc-1.2.0-6.1.1 - openSUSE 11.3 (noarch): kipi-plugins-lang-1.2.0-6.1.1 References: https://bugzilla.novell.com/611983

1 0

openSUSE-RU-2010:0445-1 (low): gtkglext: This update fixes the gtkglext library to not reference non-existing symbols
by maintenance＠opensuse.org 29 Jul '10

29 Jul '10

openSUSE Recommended Update: gtkglext: This update fixes the gtkglext library to not reference non-existing symbols ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0445-1 Rating: low References: #617677 Affected Products: openSUSE 11.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the gtkglext library to not reference non-existing symbols: Can't link gtkglext application: undefined reference to `GTK_WIDGET_REALIZED' Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch gtkglext-2786 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 src x86_64): gtkglext-1.2.0-183.1.1 - openSUSE 11.3 (i586 x86_64): gtkglext-devel-1.2.0-183.1.1 gtkglext-doc-1.2.0-183.1.1 - openSUSE 11.3 (x86_64): gtkglext-32bit-1.2.0-183.1.1 References: https://bugzilla.novell.com/617677

1 0

openSUSE-SU-2010:0430-3 (important): MozillaFirefox: Update to 3.6.8 security release
by opensuse-security＠opensuse.org 29 Jul '10

29 Jul '10

openSUSE Security Update: MozillaFirefox: Update to 3.6.8 security release ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0430-3 Rating: important References: #622506 Affected Products: openSUSE 11.3 openSUSE 11.2 openSUSE 11.1 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes four new package versions. Description: This update brings Mozilla Firefox to the 3.6.8 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211 / CVE-2010-1212: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the DOM attribute cloning routine where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory. MFSA 2010-36 / CVE-2010-1209: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in Mozilla's implementation of NodeIterator in which a malicious NodeFilter could be created which would detach nodes from the DOM tree while it was being traversed. The use of a detached and subsequently deleted node could result in the execution of attacker-controlled memory. MFSA 2010-37 / CVE-2010-1214: Security researcher J23 reported via TippingPoint's Zero Day Initiative an error in the code used to store the names and values of plugin parameter elements. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integer value counting them. This integer is later used in allocating a memory buffer used to store the plugin parameters. Under such conditions, too small a buffer would be created and attacker-controlled data could be written past the end of the buffer, potentially resulting in code execution. MFSA 2010-38 / CVE-2010-1215: Mozilla security researcher moz_bug_r_a4 reported that when content script which is running in a chrome context accesses a content object via SJOW, the content code can gain access to an object from the chrome scope and use that object to run arbitrary JavaScript with chrome privileges. Firefox 3.5 and other Mozilla products built from Gecko 1.9.1 were not affected by this issue. MFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created. When the array was later populated with CSS values data would be written past the end of the buffer potentially resulting in the execution of attacker-controlled memory. MFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an integer overflow vulnerability in the implementation of the XUL <tree> element's selection attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked selected. When adjustSelection is then called on the bogus range the range is deleted leaving dangling references to the ranges which could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer. MFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are underreported, the Mozilla code responsible for displaying the graphic will allocate too small a memory buffer to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory. MFSA 2010-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites. MFSA 2010-43 / CVE-2010-1207: Mozilla developer Vladimir Vukicevic reported that a canvas element can be used to read data from another site, violating the same-origin policy. The read restriction placed on a canvas element which has had cross-origin data rendered into it can be bypassed by retaining a reference to the canvas element's context and deleting the associated canvas node from the DOM. MFSA 2010-44 / CVE-2010-1210: Security researcher O. Andersen reported that undefined positions within various 8 bit character encodings are mapped to the sequence U+FFFD which when displayed causes the immediately following character to disappear from the text run. This could potentially contribute to XSS problems on sites which expected extra characters to be present within strings being sanitized on the server. MFSA 2010-45 / CVE-2010-1206: Google security researcher Michal Zalewski reported two methods for spoofing the contents of the location bar. The first method works by opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. The second location bar spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded. In either case a user could be mislead as to the correct location of the document they are currently viewing. MFSA 2010-45 / CVE-2010-2751: Security researcher Jordi Chancel reported that the location bar could be spoofed to look like a secure page when the current document was served via plaintext. The vulnerability is triggered by a server by first redirecting a request for a plaintext resource to another resource behind a valid SSL/TLS certificate. A second request made to the original plaintext resource which is responded to not with a redirect but with JavaScript containing history.back() and history.forward() will result in the plaintext resource being displayed with valid SSL/TLS badging in the location bar. References MFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API. MFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message. MFSA 2010-48 / CVE-2010-2755: Mozilla developer Daniel Holbert reported that the fix to the plugin parameter array crash that was fixed in Firefox 3.6.7 caused a crash showing signs of memory corruption. In certain circumstances, properties in the plugin instance's parameter array could be freed prematurely leaving a dangling pointer that the plugin could execute, potentially calling into attacker-controlled memory. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch MozillaFirefox-2807 mozilla-xulrunner191-2779 - openSUSE 11.2: zypper in -t patch MozillaFirefox-2774 - openSUSE 11.1: zypper in -t patch MozillaFirefox-2774 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 src x86_64) [New Version: 1.9.1.11,1.9.2.8 and 3.6.8]: MozillaFirefox-3.6.8-0.1.1 mozilla-xulrunner191-1.9.1.11-0.1.1 mozilla-xulrunner192-1.9.2.8-0.1.1 - openSUSE 11.3 (i586 x86_64) [New Version: 1.9.1.11,1.9.2.8 and 3.6.8]: MozillaFirefox-branding-upstream-3.6.8-0.1.1 MozillaFirefox-translations-common-3.6.8-0.1.1 MozillaFirefox-translations-other-3.6.8-0.1.1 mozilla-js192-1.9.2.8-0.1.1 mozilla-xulrunner191-devel-1.9.1.11-0.1.1 mozilla-xulrunner191-gnomevfs-1.9.1.11-0.1.1 mozilla-xulrunner191-translations-common-1.9.1.11-0.1.1 mozilla-xulrunner191-translations-other-1.9.1.11-0.1.1 mozilla-xulrunner192-buildsymbols-1.9.2.8-0.1.1 mozilla-xulrunner192-devel-1.9.2.8-0.1.1 mozilla-xulrunner192-gnome-1.9.2.8-0.1.1 mozilla-xulrunner192-translations-common-1.9.2.8-0.1.1 mozilla-xulrunner192-translations-other-1.9.2.8-0.1.1 python-xpcom191-1.9.1.11-0.1.1 - openSUSE 11.3 (x86_64) [New Version: 1.9.1.11 and 1.9.2.8]: mozilla-js192-32bit-1.9.2.8-0.1.1 mozilla-xulrunner191-32bit-1.9.1.11-0.1.1 mozilla-xulrunner191-gnomevfs-32bit-1.9.1.11-0.1.1 mozilla-xulrunner192-32bit-1.9.2.8-0.1.1 mozilla-xulrunner192-gnome-32bit-1.9.2.8-0.1.1 mozilla-xulrunner192-translations-common-32bit-1.9.2.8-0.1.1 mozilla-xulrunner192-translations-other-32bit-1.9.2.8-0.1.1 - openSUSE 11.2 (i586 src x86_64) [New Version: 1.9.1.11 and 3.5.11]: MozillaFirefox-3.5.11-0.1.1 mozilla-xulrunner191-1.9.1.11-0.1.1 - openSUSE 11.2 (i586 x86_64) [New Version: 1.9.1.11 and 3.5.11]: MozillaFirefox-branding-upstream-3.5.11-0.1.1 MozillaFirefox-translations-common-3.5.11-0.1.1 MozillaFirefox-translations-other-3.5.11-0.1.1 mozilla-xulrunner191-devel-1.9.1.11-0.1.1 mozilla-xulrunner191-gnomevfs-1.9.1.11-0.1.1 mozilla-xulrunner191-translations-common-1.9.1.11-0.1.1 mozilla-xulrunner191-translations-other-1.9.1.11-0.1.1 python-xpcom191-1.9.1.11-0.1.1 - openSUSE 11.2 (x86_64) [New Version: 1.9.1.11]: mozilla-xulrunner191-32bit-1.9.1.11-0.1.1 mozilla-xulrunner191-gnomevfs-32bit-1.9.1.11-0.1.1 - openSUSE 11.1 (i586 ppc src x86_64) [New Version: 1.9.1.11 and 3.5.11]: MozillaFirefox-3.5.11-0.1.1 mozilla-xulrunner191-1.9.1.11-0.1.1 - openSUSE 11.1 (i586 ppc x86_64) [New Version: 1.9.1.11 and 3.5.11]: MozillaFirefox-branding-upstream-3.5.11-0.1.1 MozillaFirefox-translations-common-3.5.11-0.1.1 MozillaFirefox-translations-other-3.5.11-0.1.1 mozilla-xulrunner191-devel-1.9.1.11-0.1.1 mozilla-xulrunner191-gnomevfs-1.9.1.11-0.1.1 mozilla-xulrunner191-translations-common-1.9.1.11-0.1.1 mozilla-xulrunner191-translations-other-1.9.1.11-0.1.1 python-xpcom191-1.9.1.11-0.1.1 - openSUSE 11.1 (x86_64) [New Version: 1.9.1.11]: mozilla-xulrunner191-32bit-1.9.1.11-0.1.1 mozilla-xulrunner191-gnomevfs-32bit-1.9.1.11-0.1.1 References: https://bugzilla.novell.com/622506

1 0

openSUSE-RU-2010:0442-1 (low): k3b: Update to 2.0 final
by maintenance＠opensuse.org 27 Jul '10

27 Jul '10

openSUSE Recommended Update: k3b: Update to 2.0 final ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0442-1 Rating: low References: #619731 #623399 Affected Products: openSUSE 11.3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: Update to 2.0 final. It updates only translations and fixes some bugs. - Fix freeze while ripping CD audio (bko#235466) - Fix drag and drop from file managers to k3b project (bko#242745) - Install app icons in hicolor - Fixing missing icon when Oxygen icons not used for desktop (bnc#619731) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch k3b-2785 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 src x86_64) [New Version: 2.0.0]: k3b-2.0.0-1.1.1 - openSUSE 11.3 (i586 x86_64) [New Version: 2.0.0]: k3b-devel-2.0.0-1.1.1 - openSUSE 11.3 (noarch) [New Version: 2.0.0]: k3b-lang-2.0.0-1.1.1 References: https://bugzilla.novell.com/619731 https://bugzilla.novell.com/623399

1 0

openSUSE-RU-2010:0441-1 (low): wine: Update from 1.2-rc6 to 1.2 release
by maintenance＠opensuse.org 27 Jul '10

27 Jul '10

openSUSE Recommended Update: wine: Update from 1.2-rc6 to 1.2 release ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0441-1 Rating: low References: #623394 Affected Products: openSUSE 11.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update brings Wine from the 1.2 release candidate 6 to the final 1.2 release. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch wine-2756 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 src x86_64): wine-1.2-0.1.1 - openSUSE 11.3 (i586 x86_64): wine-devel-1.2-0.1.1 - openSUSE 11.3 (i586): wine-32bit-1.2-0.1.1 References: https://bugzilla.novell.com/623394

1 0

openSUSE-SU-2010:0430-2 (important): MozillaThunderbird: Update to 3.0.6 security release
by opensuse-security＠opensuse.org 27 Jul '10

27 Jul '10

openSUSE Security Update: MozillaThunderbird: Update to 3.0.6 security release ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0430-2 Rating: important References: #622506 Affected Products: openSUSE 11.3 openSUSE 11.2 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes two new package versions. Description: This update brings Mozilla Thunderbird to the 3.0.6 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. MFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created. When the array was later populated with CSS values data would be written past the end of the buffer potentially resulting in the execution of attacker-controlled memory. MFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an integer overflow vulnerability in the implementation of the XUL <tree> element's selection attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked selected. When adjustSelection is then called on the bogus range the range is deleted leaving dangling references to the ranges which could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer. MFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are underreported, the Mozilla code responsible for displaying the graphic will allocate too small a memory buffer to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory. MFSA 2011-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites. MFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API. MFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch MozillaThunderbird-2755 - openSUSE 11.2: zypper in -t patch MozillaThunderbird-2755 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 src x86_64) [New Version: 3.0.6]: MozillaThunderbird-3.0.6-0.1.1 - openSUSE 11.3 (i586 x86_64) [New Version: 3.0.6]: MozillaThunderbird-devel-3.0.6-0.1.1 MozillaThunderbird-translations-common-3.0.6-0.1.1 MozillaThunderbird-translations-other-3.0.6-0.1.1 enigmail-1.0.1-3.1.1 - openSUSE 11.2 (i586 src x86_64) [New Version: 3.0.6]: MozillaThunderbird-3.0.6-0.1.1 - openSUSE 11.2 (i586 x86_64) [New Version: 1.0.1 and 3.0.6]: MozillaThunderbird-devel-3.0.6-0.1.1 MozillaThunderbird-translations-common-3.0.6-0.1.1 MozillaThunderbird-translations-other-3.0.6-0.1.1 enigmail-1.0.1-1.1.1 References: https://bugzilla.novell.com/622506

1 0

openSUSE-SU-2010:0439-1 (moderate): bogofilter: heap corruption overrun in bogofilter/bogolexer
by opensuse-security＠opensuse.org 26 Jul '10

26 Jul '10

openSUSE Security Update: bogofilter: heap corruption overrun in bogofilter/bogolexer ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0439-1 Rating: moderate References: #619847 Cross-References: CVE-2010-2494 Affected Products: openSUSE 11.2 openSUSE 11.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of bogofilter/bogolexer fixes a heap based buffer underflow vulnerability which could be exploited to cause a denial of service or potentially execute arbitrary code (CVE-2010-2494). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch bogofilter-2668 - openSUSE 11.1: zypper in -t patch bogofilter-2668 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 src x86_64): bogofilter-1.2.0-2.5.1 - openSUSE 11.1 (i586 ppc src x86_64): bogofilter-1.1.1-174.18.1 References: http://support.novell.com/security/cve/CVE-2010-2494.html https://bugzilla.novell.com/619847

1 0

openSUSE-RU-2010:0438-1 (moderate): unscd: Fixed unscd does not start issue
by maintenance＠opensuse.org 26 Jul '10

26 Jul '10

openSUSE Recommended Update: unscd: Fixed unscd does not start issue ______________________________________________________________________________ Announcement ID: openSUSE-RU-2010:0438-1 Rating: moderate References: #622910 Affected Products: openSUSE 11.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes a non starting unscd issue. - bnc#622910: unscd does not start, rpm verify does not show error :-( Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch unscd-2752 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 src x86_64): unscd-0.45-6.1.1 References: https://bugzilla.novell.com/622910

1 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

openSUSE Updates July 2010