openSUSE Updates December 2011

updates@lists.opensuse.org

2 participants
12 discussions

openSUSE-RU-2011:1333-1: sudo -i unsets $DISPLAY - but manpage says it doesn't

by maintenance＠opensuse.org

openSUSE Recommended Update: sudo -i unsets $DISPLAY - but manpage says it doesn't ______________________________________________________________________________ Announcement ID: openSUSE-RU-2011:1333-1 Rating: low References: #720181 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update fixes the following issue for sudo: - 720181: manpage-fix sudo -i unsets $DISPLAY Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch sudo-5544 - openSUSE 11.3: zypper in -t patch sudo-5544 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 1.7.6p2]: sudo-1.7.6p2-0.5.1 - openSUSE 11.3 (i586 x86_64) [New Version: 1.7.6p2]: sudo-1.7.6p2-0.5.1 References: https://bugzilla.novell.com/720181

10 years, 5 months

openSUSE-SU-2011:1331-1: moderate: system-config-printer

by opensuse-security＠opensuse.org

openSUSE Security Update: system-config-printer ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1331-1 Rating: moderate References: #733542 #735322 Cross-References: CVE-2011-2899 CVE-2011-4405 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: system-config-printer used an unauthenticated connection when downloading printer drivers from openprinting.org (CVE-2011-4405). This update disables the printer driver download feature. system-config-printer did not properly quote shell meta characters in SMB server or workgroup names when passing them to the shell (CVE-2011-2899). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch python-cupshelpers-5530 - openSUSE 11.3: zypper in -t patch python-cupshelpers-5530 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): python-cupshelpers-1.2.5-5.8.1 system-config-printer-1.2.5-5.8.1 udev-configure-printer-1.2.5-5.8.1 - openSUSE 11.4 (noarch): system-config-printer-lang-1.2.5-5.8.1 - openSUSE 11.3 (i586 x86_64): python-cupshelpers-1.2.0-2.5.1 system-config-printer-1.2.0-2.5.1 udev-configure-printer-1.2.0-2.5.1 - openSUSE 11.3 (noarch): system-config-printer-lang-1.2.0-2.5.1 References: http://support.novell.com/security/cve/CVE-2011-2899.html http://support.novell.com/security/cve/CVE-2011-4405.html https://bugzilla.novell.com/733542 https://bugzilla.novell.com/735322

10 years, 5 months

openSUSE-SU-2011:1328-1: important: jasper

by opensuse-security＠opensuse.org

openSUSE Security Update: jasper ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1328-1 Rating: important References: #725758 Cross-References: CVE-2011-4516 CVE-2011-4517 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: Specially crafted JPEG2000 files could cause a heap buffer overflow in jasper (CVE-2011-4516, CVE-2011-4517) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch jasper-5543 - openSUSE 11.3: zypper in -t patch jasper-5543 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): jasper-1.900.1-146.147.1 libjasper-devel-1.900.1-146.147.1 libjasper1-1.900.1-146.147.1 - openSUSE 11.4 (x86_64): libjasper1-32bit-1.900.1-146.147.1 - openSUSE 11.3 (i586 x86_64): jasper-1.900.1-141.3.1 libjasper-1.900.1-141.3.1 libjasper-devel-1.900.1-141.3.1 - openSUSE 11.3 (x86_64): libjasper-32bit-1.900.1-141.3.1 References: http://support.novell.com/security/cve/CVE-2011-4516.html http://support.novell.com/security/cve/CVE-2011-4517.html https://bugzilla.novell.com/725758

10 years, 5 months

openSUSE-SU-2011:1327-1: moderate: namazu

by opensuse-security＠opensuse.org

openSUSE Security Update: namazu ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1327-1 Rating: moderate References: #732323 Cross-References: CVE-2011-4345 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issues: - 732323: CVE-2011-4345: namazu: XSS flaw by processing HTTP cookies (CVE-2011-4345) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch namazu-5528 - openSUSE 11.3: zypper in -t patch namazu-5528 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): namazu-2.0.20-5.6.1 namazu-cgi-2.0.20-5.6.1 namazu-devel-2.0.20-5.6.1 - openSUSE 11.3 (i586 x86_64): namazu-2.0.20-2.3.1 namazu-cgi-2.0.20-2.3.1 namazu-devel-2.0.20-2.3.1 References: http://support.novell.com/security/cve/CVE-2011-4345.html https://bugzilla.novell.com/732323

10 years, 5 months

openSUSE-RU-2011:1320-1: moderate: qgit: make qgit work with git 1.7.x

by maintenance＠opensuse.org

openSUSE Recommended Update: qgit: make qgit work with git 1.7.x ______________________________________________________________________________ Announcement ID: openSUSE-RU-2011:1320-1 Rating: moderate References: #734180 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update fixes the following issue for qgit: - 734180: make qgit work with git 1.7.x Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch qgit-5514 - openSUSE 11.3: zypper in -t patch qgit-5514 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): qgit-2.4-0.3.1 - openSUSE 11.3 (i586 x86_64) [New Version: 2.4]: qgit-2.4-0.3.1 References: https://bugzilla.novell.com/734180

10 years, 5 months

openSUSE-SU-2011:1318-1: moderate: dhcp

by opensuse-security＠opensuse.org

openSUSE Security Update: dhcp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1318-1 Rating: moderate References: #735610 Cross-References: CVE-2011-4539 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes two new package versions. Description: Specially crafted requests could crash dhcpd if the server used regular expressions for matching (CVE-2011-4539). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch dhcp-5532 - openSUSE 11.3: zypper in -t patch dhcp-5532 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 4.2.1]: dhcp-4.2.1-0.11.1 dhcp-client-4.2.1-0.11.1 dhcp-devel-4.2.1-0.11.1 dhcp-doc-4.2.1-0.11.1 dhcp-relay-4.2.1-0.11.1 dhcp-server-4.2.1-0.11.1 - openSUSE 11.3 (i586 x86_64) [New Version: 4.1.2.ESV.1]: dhcp-4.1.2.ESV.1-0.12.1 dhcp-client-4.1.2.ESV.1-0.12.1 dhcp-devel-4.1.2.ESV.1-0.12.1 dhcp-doc-4.1.2.ESV.1-0.12.1 dhcp-relay-4.1.2.ESV.1-0.12.1 dhcp-server-4.1.2.ESV.1-0.12.1 References: http://support.novell.com/security/cve/CVE-2011-4539.html https://bugzilla.novell.com/735610

10 years, 5 months

openSUSE-SU-2011:1314-1: moderate: opera

by opensuse-security＠opensuse.org

openSUSE Security Update: opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1314-1 Rating: moderate References: #735045 Cross-References: CVE-2011-4681 CVE-2011-4682 CVE-2011-4683 CVE-2011-4684 CVE-2011-4685 CVE-2011-4686 CVE-2011-4687 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. It includes one version update. Description: opera was updated to version 11.60 to fix several security issues Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch opera-5529 - openSUSE 11.3: zypper in -t patch opera-5529 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 11.60]: opera-11.60-0.2.1 opera-gtk-11.60-0.2.1 opera-kde4-11.60-0.2.1 - openSUSE 11.3 (i586 x86_64) [New Version: 11.60]: opera-11.60-0.2.1 opera-gtk-11.60-0.2.1 opera-kde4-11.60-0.2.1 References: http://support.novell.com/security/cve/CVE-2011-4681.html http://support.novell.com/security/cve/CVE-2011-4682.html http://support.novell.com/security/cve/CVE-2011-4683.html http://support.novell.com/security/cve/CVE-2011-4684.html http://support.novell.com/security/cve/CVE-2011-4685.html http://support.novell.com/security/cve/CVE-2011-4686.html http://support.novell.com/security/cve/CVE-2011-4687.html https://bugzilla.novell.com/735045

10 years, 5 months

openSUSE-SU-2011:1305-1: moderate: VUL-0: ruby on rails multiple vulnerabilities

by opensuse-security＠opensuse.org

openSUSE Security Update: VUL-0: ruby on rails multiple vulnerabilities ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1305-1 Rating: moderate References: #668817 #712057 #712058 #712062 Cross-References: CVE-2010-3933 CVE-2011-0446 CVE-2011-0447 CVE-2011-0448 CVE-2011-0449 CVE-2011-2930 CVE-2011-2931 CVE-2011-3186 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. It includes two new package versions. Description: This update of rails fixes the following security issues: CVE-2011-2930 - SQL-injection in quote_table_name function via specially crafted column names (bnc#712062) CVE-2011-2931 - Cross-Site Scripting (XSS) in the strip_tags helper (bnc#712057) CVE-2011-3186 - Response Splitting (bnc#712058) CVE-2010-3933 - Arbitrary modification of records via specially crafted form parameters (bnc#712058) CVE-2011-0446 - Cross-Site Scripting (XSS) in the mail_to helper (bnc#668817) CVE-2011-0447 - Improper validation of 'X-Requested-With' header (bnc#668817) CVE-2011-0448 - SQL-injection caused by improperly sanitized arguments to the limit function (bnc#668817) CVE-2011-0449 - Bypass of access restrictions via specially crafted action names (bnc#668817) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch rubygem-actionmailer-5440 - openSUSE 11.3: zypper in -t patch rubygem-actionmailer-5440 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): rubygem-actionmailer-2_3-2.3.14-0.3.1 rubygem-actionmailer-2_3-doc-2.3.14-0.3.1 rubygem-actionmailer-2_3-testsuite-2.3.14-0.3.1 rubygem-actionpack-2_3-2.3.14-0.3.1 rubygem-actionpack-2_3-doc-2.3.14-0.3.1 rubygem-actionpack-2_3-testsuite-2.3.14-0.3.1 rubygem-activerecord-2_3-2.3.14-0.3.1 rubygem-activerecord-2_3-doc-2.3.14-0.3.1 rubygem-activerecord-2_3-testsuite-2.3.14-0.3.1 rubygem-activeresource-2_3-2.3.14-0.3.1 rubygem-activeresource-2_3-doc-2.3.14-0.3.1 rubygem-activeresource-2_3-testsuite-2.3.14-0.3.1 rubygem-activesupport-2_3-2.3.14-0.3.1 rubygem-activesupport-2_3-doc-2.3.14-0.3.1 rubygem-rack-1.1.2-0.3.1 rubygem-rails-2_3-2.3.14-0.3.1 rubygem-rails-2_3-doc-2.3.14-0.3.1 - openSUSE 11.4 (noarch): rubygem-actionmailer-2.3.14-0.3.1 rubygem-actionpack-2.3.14-0.3.1 rubygem-activerecord-2.3.14-0.3.1 rubygem-activeresource-2.3.14-0.3.1 rubygem-activesupport-2.3.14-0.3.1 rubygem-rails-2.3.14-0.3.1 - openSUSE 11.3 (i586 x86_64) [New Version: 1.1.2 and 2.3.14]: rubygem-actionmailer-2_3-2.3.14-0.3.1 rubygem-actionpack-2_3-2.3.14-0.2.1 rubygem-activerecord-2_3-2.3.14-0.3.1 rubygem-activeresource-2_3-2.3.14-0.3.1 rubygem-activesupport-2_3-2.3.14-0.3.1 rubygem-rack-1.1.2-0.3.1 rubygem-rails-2_3-2.3.14-0.3.1 - openSUSE 11.3 (noarch) [New Version: 2.3.14]: rubygem-actionmailer-2.3.14-0.3.1 rubygem-actionpack-2.3.14-0.3.1 rubygem-activerecord-2.3.14-0.3.1 rubygem-activeresource-2.3.14-0.3.1 rubygem-activesupport-2.3.14-0.3.1 rubygem-rails-2.3.14-0.3.1 References: http://support.novell.com/security/cve/CVE-2010-3933.html http://support.novell.com/security/cve/CVE-2011-0446.html http://support.novell.com/security/cve/CVE-2011-0447.html http://support.novell.com/security/cve/CVE-2011-0448.html http://support.novell.com/security/cve/CVE-2011-0449.html http://support.novell.com/security/cve/CVE-2011-2930.html http://support.novell.com/security/cve/CVE-2011-2931.html http://support.novell.com/security/cve/CVE-2011-3186.html https://bugzilla.novell.com/668817 https://bugzilla.novell.com/712057 https://bugzilla.novell.com/712058 https://bugzilla.novell.com/712062

10 years, 5 months

openSUSE-SU-2011:1299-1: important: xorg-x11-libs

by opensuse-security＠opensuse.org

openSUSE Security Update: xorg-x11-libs ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1299-1 Rating: important References: #709851 Cross-References: CVE-2011-2895 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Specially crafted font files could cause a buffer overflow in applications that use libXfont to load such files (CVE-2011-2895). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch libpciaccess0-5102 - openSUSE 11.3: zypper in -t patch libpciaccess0-5102 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): libpciaccess0-7.6-17.18.1 libpciaccess0-devel-7.6-17.18.1 xorg-x11-devel-7.6-17.18.1 xorg-x11-libs-7.6-17.18.1 - openSUSE 11.4 (x86_64): libpciaccess0-32bit-7.6-17.18.1 xorg-x11-devel-32bit-7.6-17.18.1 xorg-x11-libs-32bit-7.6-17.18.1 - openSUSE 11.3 (i586 x86_64): libpciaccess0-7.5-4.3.1 libpciaccess0-devel-7.5-4.3.1 xorg-x11-devel-7.5-4.3.1 xorg-x11-libs-7.5-4.3.1 - openSUSE 11.3 (x86_64): libpciaccess0-32bit-7.5-4.3.1 xorg-x11-devel-32bit-7.5-4.3.1 xorg-x11-libs-32bit-7.5-4.3.1 References: http://support.novell.com/security/cve/CVE-2011-2895.html https://bugzilla.novell.com/709851

10 years, 5 months

openSUSE-RU-2011:1297-1: This update fixes an issue for libmsn

by maintenance＠opensuse.org

openSUSE Recommended Update: This update fixes an issue for libmsn ______________________________________________________________________________ Announcement ID: openSUSE-RU-2011:1297-1 Rating: low References: #729478 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue for libmsn: - 729478: Can't connect to MSN Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch libmsn-5447 - openSUSE 11.3: zypper in -t patch libmsn-5447 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): libmsn-devel-4.1-6.9.1 libmsn0_3-4.1-6.9.1 - openSUSE 11.3 (i586 x86_64): libmsn-devel-4.1-3.5.1 libmsn0_3-4.1-3.5.1 References: https://bugzilla.novell.com/729478

10 years, 5 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

openSUSE Updates December 2011