openSUSE Recommended Update: sudo -i unsets $DISPLAY - but manpage says it doesn't
______________________________________________________________________________
Announcement ID: openSUSE-RU-2011:1333-1
Rating: low
References: #720181
Affected Products:
openSUSE 11.4
openSUSE 11.3
______________________________________________________________________________
An update that has one recommended fix can now be
installed. It includes one version update.
Description:
This update fixes the following issue for sudo:
- 720181: manpage-fix sudo -i unsets $DISPLAY
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch sudo-5544
- openSUSE 11.3:
zypper in -t patch sudo-5544
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64) [New Version: 1.7.6p2]:
sudo-1.7.6p2-0.5.1
- openSUSE 11.3 (i586 x86_64) [New Version: 1.7.6p2]:
sudo-1.7.6p2-0.5.1
References:
https://bugzilla.novell.com/720181
openSUSE Security Update: system-config-printer
______________________________________________________________________________
Announcement ID: openSUSE-SU-2011:1331-1
Rating: moderate
References: #733542 #735322
Cross-References: CVE-2011-2899 CVE-2011-4405
Affected Products:
openSUSE 11.4
openSUSE 11.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
system-config-printer used an unauthenticated connection
when downloading printer drivers from openprinting.org
(CVE-2011-4405). This update disables the printer driver
download feature.
system-config-printer did not properly quote shell meta
characters in SMB server or workgroup names when passing
them to the shell (CVE-2011-2899).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch python-cupshelpers-5530
- openSUSE 11.3:
zypper in -t patch python-cupshelpers-5530
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
python-cupshelpers-1.2.5-5.8.1
system-config-printer-1.2.5-5.8.1
udev-configure-printer-1.2.5-5.8.1
- openSUSE 11.4 (noarch):
system-config-printer-lang-1.2.5-5.8.1
- openSUSE 11.3 (i586 x86_64):
python-cupshelpers-1.2.0-2.5.1
system-config-printer-1.2.0-2.5.1
udev-configure-printer-1.2.0-2.5.1
- openSUSE 11.3 (noarch):
system-config-printer-lang-1.2.0-2.5.1
References:
http://support.novell.com/security/cve/CVE-2011-2899.htmlhttp://support.novell.com/security/cve/CVE-2011-4405.htmlhttps://bugzilla.novell.com/733542https://bugzilla.novell.com/735322
openSUSE Security Update: jasper
______________________________________________________________________________
Announcement ID: openSUSE-SU-2011:1328-1
Rating: important
References: #725758
Cross-References: CVE-2011-4516 CVE-2011-4517
Affected Products:
openSUSE 11.4
openSUSE 11.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
Specially crafted JPEG2000 files could cause a heap buffer
overflow in jasper (CVE-2011-4516, CVE-2011-4517)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch jasper-5543
- openSUSE 11.3:
zypper in -t patch jasper-5543
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
jasper-1.900.1-146.147.1
libjasper-devel-1.900.1-146.147.1
libjasper1-1.900.1-146.147.1
- openSUSE 11.4 (x86_64):
libjasper1-32bit-1.900.1-146.147.1
- openSUSE 11.3 (i586 x86_64):
jasper-1.900.1-141.3.1
libjasper-1.900.1-141.3.1
libjasper-devel-1.900.1-141.3.1
- openSUSE 11.3 (x86_64):
libjasper-32bit-1.900.1-141.3.1
References:
http://support.novell.com/security/cve/CVE-2011-4516.htmlhttp://support.novell.com/security/cve/CVE-2011-4517.htmlhttps://bugzilla.novell.com/725758
openSUSE Security Update: namazu
______________________________________________________________________________
Announcement ID: openSUSE-SU-2011:1327-1
Rating: moderate
References: #732323
Cross-References: CVE-2011-4345
Affected Products:
openSUSE 11.4
openSUSE 11.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update fixes the following security issues:
- 732323: CVE-2011-4345: namazu: XSS flaw by processing
HTTP cookies (CVE-2011-4345)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch namazu-5528
- openSUSE 11.3:
zypper in -t patch namazu-5528
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
namazu-2.0.20-5.6.1
namazu-cgi-2.0.20-5.6.1
namazu-devel-2.0.20-5.6.1
- openSUSE 11.3 (i586 x86_64):
namazu-2.0.20-2.3.1
namazu-cgi-2.0.20-2.3.1
namazu-devel-2.0.20-2.3.1
References:
http://support.novell.com/security/cve/CVE-2011-4345.htmlhttps://bugzilla.novell.com/732323
openSUSE Recommended Update: qgit: make qgit work with git 1.7.x
______________________________________________________________________________
Announcement ID: openSUSE-RU-2011:1320-1
Rating: moderate
References: #734180
Affected Products:
openSUSE 11.4
openSUSE 11.3
______________________________________________________________________________
An update that has one recommended fix can now be
installed. It includes one version update.
Description:
This update fixes the following issue for qgit:
- 734180: make qgit work with git 1.7.x
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch qgit-5514
- openSUSE 11.3:
zypper in -t patch qgit-5514
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
qgit-2.4-0.3.1
- openSUSE 11.3 (i586 x86_64) [New Version: 2.4]:
qgit-2.4-0.3.1
References:
https://bugzilla.novell.com/734180
openSUSE Security Update: dhcp
______________________________________________________________________________
Announcement ID: openSUSE-SU-2011:1318-1
Rating: moderate
References: #735610
Cross-References: CVE-2011-4539
Affected Products:
openSUSE 11.4
openSUSE 11.3
______________________________________________________________________________
An update that fixes one vulnerability is now available. It
includes two new package versions.
Description:
Specially crafted requests could crash dhcpd if the server
used regular expressions for matching (CVE-2011-4539).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch dhcp-5532
- openSUSE 11.3:
zypper in -t patch dhcp-5532
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64) [New Version: 4.2.1]:
dhcp-4.2.1-0.11.1
dhcp-client-4.2.1-0.11.1
dhcp-devel-4.2.1-0.11.1
dhcp-doc-4.2.1-0.11.1
dhcp-relay-4.2.1-0.11.1
dhcp-server-4.2.1-0.11.1
- openSUSE 11.3 (i586 x86_64) [New Version: 4.1.2.ESV.1]:
dhcp-4.1.2.ESV.1-0.12.1
dhcp-client-4.1.2.ESV.1-0.12.1
dhcp-devel-4.1.2.ESV.1-0.12.1
dhcp-doc-4.1.2.ESV.1-0.12.1
dhcp-relay-4.1.2.ESV.1-0.12.1
dhcp-server-4.1.2.ESV.1-0.12.1
References:
http://support.novell.com/security/cve/CVE-2011-4539.htmlhttps://bugzilla.novell.com/735610
openSUSE Security Update: xorg-x11-libs
______________________________________________________________________________
Announcement ID: openSUSE-SU-2011:1299-1
Rating: important
References: #709851
Cross-References: CVE-2011-2895
Affected Products:
openSUSE 11.4
openSUSE 11.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Specially crafted font files could cause a buffer overflow
in applications that use libXfont to load such files
(CVE-2011-2895).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch libpciaccess0-5102
- openSUSE 11.3:
zypper in -t patch libpciaccess0-5102
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
libpciaccess0-7.6-17.18.1
libpciaccess0-devel-7.6-17.18.1
xorg-x11-devel-7.6-17.18.1
xorg-x11-libs-7.6-17.18.1
- openSUSE 11.4 (x86_64):
libpciaccess0-32bit-7.6-17.18.1
xorg-x11-devel-32bit-7.6-17.18.1
xorg-x11-libs-32bit-7.6-17.18.1
- openSUSE 11.3 (i586 x86_64):
libpciaccess0-7.5-4.3.1
libpciaccess0-devel-7.5-4.3.1
xorg-x11-devel-7.5-4.3.1
xorg-x11-libs-7.5-4.3.1
- openSUSE 11.3 (x86_64):
libpciaccess0-32bit-7.5-4.3.1
xorg-x11-devel-32bit-7.5-4.3.1
xorg-x11-libs-32bit-7.5-4.3.1
References:
http://support.novell.com/security/cve/CVE-2011-2895.htmlhttps://bugzilla.novell.com/709851
openSUSE Recommended Update: This update fixes an issue for libmsn
______________________________________________________________________________
Announcement ID: openSUSE-RU-2011:1297-1
Rating: low
References: #729478
Affected Products:
openSUSE 11.4
openSUSE 11.3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issue for libmsn:
- 729478: Can't connect to MSN
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch libmsn-5447
- openSUSE 11.3:
zypper in -t patch libmsn-5447
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
libmsn-devel-4.1-6.9.1
libmsn0_3-4.1-6.9.1
- openSUSE 11.3 (i586 x86_64):
libmsn-devel-4.1-3.5.1
libmsn0_3-4.1-3.5.1
References:
https://bugzilla.novell.com/729478