October 2011 - openSUSE Updates - openSUSE Mailing Lists

openSUSE-SU-2011:1196-1: moderate: java-1_6_0-openjdk: Update to the 1.10.4 release
by opensuse-security＠opensuse.org 28 Oct '11

28 Oct '11

openSUSE Security Update: java-1_6_0-openjdk: Update to the 1.10.4 release ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1196-1 Rating: moderate References: #725167 Cross-References: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. It includes one version update. Description: Oracle/Sun OpenJDK 1.6.0 was updated to the 1.10.4release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct 2011-443431.html for more details. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch java-1_6_0-openjdk-5329 java-1_6_0-sun-5320 - openSUSE 11.3: zypper in -t patch java-1_6_0-openjdk-5329 java-1_6_0-sun-5320 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 1.6.0.u29]: java-1_6_0-openjdk-1.6.0.0_b22.1.10.4-0.3.2 java-1_6_0-openjdk-devel-1.6.0.0_b22.1.10.4-0.3.2 java-1_6_0-sun-1.6.0.u29-0.2.1 java-1_6_0-sun-alsa-1.6.0.u29-0.2.1 java-1_6_0-sun-demo-1.6.0.u29-0.2.1 java-1_6_0-sun-devel-1.6.0.u29-0.2.1 java-1_6_0-sun-jdbc-1.6.0.u29-0.2.1 java-1_6_0-sun-plugin-1.6.0.u29-0.2.1 java-1_6_0-sun-src-1.6.0.u29-0.2.1 - openSUSE 11.4 (noarch): java-1_6_0-openjdk-demo-1.6.0.0_b22.1.10.4-0.3.2 java-1_6_0-openjdk-javadoc-1.6.0.0_b22.1.10.4-0.3.2 java-1_6_0-openjdk-src-1.6.0.0_b22.1.10.4-0.3.2 - openSUSE 11.3 (i586 x86_64) [New Version: 1.6.0.u29]: java-1_6_0-openjdk-1.6.0.0_b22.1.10.4-0.3.2 java-1_6_0-openjdk-devel-1.6.0.0_b22.1.10.4-0.3.2 java-1_6_0-sun-1.6.0.u29-0.2.1 java-1_6_0-sun-alsa-1.6.0.u29-0.2.1 java-1_6_0-sun-devel-1.6.0.u29-0.2.1 java-1_6_0-sun-jdbc-1.6.0.u29-0.2.1 java-1_6_0-sun-plugin-1.6.0.u29-0.2.1 java-1_6_0-sun-src-1.6.0.u29-0.2.1 - openSUSE 11.3 (noarch): java-1_6_0-openjdk-demo-1.6.0.0_b22.1.10.4-0.3.2 java-1_6_0-openjdk-javadoc-1.6.0.0_b22.1.10.4-0.3.2 java-1_6_0-openjdk-src-1.6.0.0_b22.1.10.4-0.3.2 References: http://support.novell.com/security/cve/CVE-2011-3389.html http://support.novell.com/security/cve/CVE-2011-3516.html http://support.novell.com/security/cve/CVE-2011-3521.html http://support.novell.com/security/cve/CVE-2011-3544.html http://support.novell.com/security/cve/CVE-2011-3545.html http://support.novell.com/security/cve/CVE-2011-3546.html http://support.novell.com/security/cve/CVE-2011-3547.html http://support.novell.com/security/cve/CVE-2011-3548.html http://support.novell.com/security/cve/CVE-2011-3549.html http://support.novell.com/security/cve/CVE-2011-3550.html http://support.novell.com/security/cve/CVE-2011-3551.html http://support.novell.com/security/cve/CVE-2011-3552.html http://support.novell.com/security/cve/CVE-2011-3553.html http://support.novell.com/security/cve/CVE-2011-3554.html http://support.novell.com/security/cve/CVE-2011-3555.html http://support.novell.com/security/cve/CVE-2011-3556.html http://support.novell.com/security/cve/CVE-2011-3557.html http://support.novell.com/security/cve/CVE-2011-3558.html http://support.novell.com/security/cve/CVE-2011-3560.html http://support.novell.com/security/cve/CVE-2011-3561.html https://bugzilla.novell.com/725167

1 0

openSUSE-RU-2011:1191-1: important: timezone: Update to 2011m
by maintenance＠opensuse.org 27 Oct '11

27 Oct '11

openSUSE Recommended Update: timezone: Update to 2011m ______________________________________________________________________________ Announcement ID: openSUSE-RU-2011:1191-1 Rating: important References: #726162 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides 2011m which provides the following important changes: * All Ukrainian timezones are going back to winter time on Oct 30th, 2011 * Adding Tiraspol to the zone.tab * America/Bahia switched to DST on Oct 16th, 2011 * West Bank ended DST 2011-09-30 already * Fiji enters DST on October 23th 2011 * Palestine suspends DST during Ramadan in 2011; Gaza and Hebron split in 2011, leading to a new Asia/Hebron zone (thanks to Steffen Thorsen and Alexander Krivenshev). * Belarus adopts permanent DST in 2011 (thanks to Yauhen Kharuzhy, Alexander Bokovoy, Alexander Krivenyshev, and Kirill A. Shutemov). * "Russia" rules changed to reflect end of use in 2010. * "FET" used as abbreviation for Belarus, Ukraine, and western Russia Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch timezone-2011m-5325 - openSUSE 11.3: zypper in -t patch timezone-2011m-5325 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 2011m]: timezone-2011m-0.2.1 - openSUSE 11.4 (noarch) [New Version: 2011m]: timezone-java-2011m-0.2.1 - openSUSE 11.3 (i586 x86_64) [New Version: 2011m]: timezone-2011m-0.2.1 - openSUSE 11.3 (noarch) [New Version: 2011m]: timezone-java-2011m-0.2.1 References: https://bugzilla.novell.com/726162

1 0

openSUSE-SU-2011:1190-1: moderate: puppet (CVE-2011-3848)
by opensuse-security＠opensuse.org 27 Oct '11

27 Oct '11

openSUSE Security Update: puppet (CVE-2011-3848) ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1190-1 Rating: moderate References: #721139 Cross-References: CVE-2011-3848 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A directory traversal vulnerability in puppet allowed unauthenticated remote attackers to upload x.509 certificate signing requests to arbitrary locations (CVE-2011-3848) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch puppet-5243 - openSUSE 11.3: zypper in -t patch puppet-5243 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): puppet-2.6.4-4.7.1 puppet-server-2.6.4-4.7.1 - openSUSE 11.3 (i586 x86_64): puppet-0.25.4-4.3.1 puppet-server-0.25.4-4.3.1 References: http://support.novell.com/security/cve/CVE-2011-3848.html https://bugzilla.novell.com/721139

1 0

openSUSE-RU-2011:1182-1: kdebase4: fix create new directory in subdirectory
by maintenance＠opensuse.org 25 Oct '11

25 Oct '11

openSUSE Recommended Update: kdebase4: fix create new directory in subdirectory ______________________________________________________________________________ Announcement ID: openSUSE-RU-2011:1182-1 Rating: low References: #677973 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes a bug in Dolphin where it was unable to create new directory in subdirectory from context menu. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch dolphin-5302 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): dolphin-4.6.0-6.10.1 kdebase4-4.6.0-6.10.1 kdebase4-libkonq-4.6.0-6.10.1 kdebase4-nsplugin-4.6.0-6.10.1 kdepasswd-4.6.0-6.10.1 kdialog-4.6.0-6.10.1 keditbookmarks-4.6.0-6.10.1 kfind-4.6.0-6.10.1 konqueror-4.6.0-6.10.1 konsole-4.6.0-6.10.1 kwrite-4.6.0-6.10.1 libkonq-devel-4.6.0-6.10.1 libkonq5-4.6.0-6.10.1 - openSUSE 11.4 (x86_64): libkonq5-32bit-4.6.0-6.10.1 References: https://bugzilla.novell.com/677973

1 0

openSUSE-RU-2011:1181-1: ddclient: Make sure all necessary dependencies are installed with the package
by maintenance＠opensuse.org 25 Oct '11

25 Oct '11

openSUSE Recommended Update: ddclient: Make sure all necessary dependencies are installed with the package ______________________________________________________________________________ Announcement ID: openSUSE-RU-2011:1181-1 Rating: low References: #267306 #723688 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This patch fixes two problems in ddclient: - #723688: not all necessary dependencies are installed with the package - #267306: /etc/init.d/ddclient can't see ddclient running Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch ddclient-5300 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): ddclient-3.8.0-13.14.1 References: https://bugzilla.novell.com/267306 https://bugzilla.novell.com/723688

1 0

openSUSE-SU-2011:1177-1: moderate: clamav: fixing recursion level crash (CVE-2011-3627)
by opensuse-security＠opensuse.org 24 Oct '11

24 Oct '11

openSUSE Security Update: clamav: fixing recursion level crash (CVE-2011-3627) ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1177-1 Rating: moderate References: #724856 Cross-References: CVE-2011-3627 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This version update of clamav fixes a recursion level crash. CVE-2011-3627 was assigned to this issue. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch clamav-5308 - openSUSE 11.3: zypper in -t patch clamav-5308 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 0.97.3]: clamav-0.97.3-0.2.1 - openSUSE 11.4 (noarch) [New Version: 0.97.3]: clamav-db-0.97.3-0.2.1 - openSUSE 11.3 (i586 x86_64) [New Version: 0.97.3]: clamav-0.97.3-0.2.1 - openSUSE 11.3 (noarch) [New Version: 0.97.3]: clamav-db-0.97.3-0.2.1 References: http://support.novell.com/security/cve/CVE-2011-3627.html https://bugzilla.novell.com/724856

1 0

openSUSE-SU-2011:1176-1: moderate: etherape: Update to 0.9.12 to fix a remote crash
by opensuse-security＠opensuse.org 24 Oct '11

24 Oct '11

openSUSE Security Update: etherape: Update to 0.9.12 to fix a remote crash ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1176-1 Rating: moderate References: #719086 Cross-References: CVE-2011-3369 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: Etherape was updated to 0.9.12 to fix a security issue (CVE-2011-3369) and various bugs. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch etherape-5318 - openSUSE 11.3: zypper in -t patch etherape-5318 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): etherape-0.9.12-2.3.1 - openSUSE 11.3 (i586 x86_64) [New Version: 0.9.12]: etherape-0.9.12-2.3.1 References: http://support.novell.com/security/cve/CVE-2011-3369.html https://bugzilla.novell.com/719086

1 0

openSUSE-SU-2011:1175-1: moderate: fail2ban
by opensuse-security＠opensuse.org 24 Oct '11

24 Oct '11

openSUSE Security Update: fail2ban ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1175-1 Rating: moderate References: #690853 Cross-References: CVE-2009-5023 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: fail2ban IP used insecure temporary files when unbanning an IP address (CVE-2009-5023). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch fail2ban-5301 - openSUSE 11.3: zypper in -t patch fail2ban-5301 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (noarch): fail2ban-0.8.4-11.12.1 - openSUSE 11.3 (noarch): fail2ban-0.8.4-5.3.1 References: http://support.novell.com/security/cve/CVE-2009-5023.html https://bugzilla.novell.com/690853

1 0

openSUSE-SU-2011:1172-1: important: opera: Release 11.52 to fix memory corruption via SVG content
by opensuse-security＠opensuse.org 24 Oct '11

24 Oct '11

openSUSE Security Update: opera: Release 11.52 to fix memory corruption via SVG content ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1172-1 Rating: important References: #724754 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: This update of Opera fixes a memory flaw in the code that processes SVG content which could be exploited by attackers to execute arbitrary code through specially crafted websites. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch opera-5314 - openSUSE 11.3: zypper in -t patch opera-5314 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 11.52]: opera-11.52-0.2.1 opera-gtk-11.52-0.2.1 opera-kde4-11.52-0.2.1 - openSUSE 11.3 (i586 x86_64) [New Version: 11.52]: opera-11.52-0.2.1 opera-gtk-11.52-0.2.1 opera-kde4-11.52-0.2.1 References: https://bugzilla.novell.com/724754

1 0

openSUSE-SU-2011:1170-1: moderate: Fix a Cyrus IMAPd nntpd authentication bypass and a DoS (CVE-2011-3372, CVE-2011-3481)
by opensuse-security＠opensuse.org 24 Oct '11

24 Oct '11

openSUSE Security Update: Fix a Cyrus IMAPd nntpd authentication bypass and a DoS (CVE-2011-3372, CVE-2011-3481) ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1170-1 Rating: moderate References: #719998 Cross-References: CVE-2011-3372 CVE-2011-3481 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: An authentication bypass (CVE-2011-3372) and a DoS vulnerability (CVE-2011-3481) have been fixed in the Cyrus IMAPd nntpd. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch cyrus-imapd-5240 - openSUSE 11.3: zypper in -t patch cyrus-imapd-5240 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): cyrus-imapd-2.3.16-16.21.1 cyrus-imapd-devel-2.3.16-16.21.1 perl-Cyrus-IMAP-2.3.16-16.21.1 perl-Cyrus-SIEVE-managesieve-2.3.16-16.21.1 - openSUSE 11.3 (i586 x86_64): cyrus-imapd-2.3.16-8.9.1 cyrus-imapd-devel-2.3.16-8.9.1 perl-Cyrus-IMAP-2.3.16-8.9.1 perl-Cyrus-SIEVE-managesieve-2.3.16-8.9.1 References: http://support.novell.com/security/cve/CVE-2011-3372.html http://support.novell.com/security/cve/CVE-2011-3481.html https://bugzilla.novell.com/719998

1 0