openSUSE Security Update: libxml2: fixing heap-based buffer overflow (CVE-2011-3919)
______________________________________________________________________________
Announcement ID: openSUSE-SU-2012:0107-1
Rating: important
References: #739894
Cross-References: CVE-2011-3919
Affected Products:
openSUSE 11.4
openSUSE 11.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
A heap-based buffer overflow during decoding of entity
references with overly long names has been fixed.
CVE-2011-3919 has been assigned.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch libxml2-5659
- openSUSE 11.3:
zypper in -t patch libxml2-5659
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
libxml2-2.7.8-16.21.1
libxml2-devel-2.7.8-16.21.1
- openSUSE 11.4 (x86_64):
libxml2-32bit-2.7.8-16.21.1
libxml2-devel-32bit-2.7.8-16.21.1
- openSUSE 11.4 (noarch):
libxml2-doc-2.7.8-16.21.1
- openSUSE 11.3 (i586 x86_64):
libxml2-2.7.7-4.11.1
libxml2-devel-2.7.7-4.11.1
- openSUSE 11.3 (x86_64):
libxml2-32bit-2.7.7-4.11.1
libxml2-devel-32bit-2.7.7-4.11.1
- openSUSE 11.3 (noarch):
libxml2-doc-2.7.7-4.11.1
References:
http://support.novell.com/security/cve/CVE-2011-3919.htmlhttps://bugzilla.novell.com/739894
openSUSE Security Update: ecryptfs-utils to fix umask of /etc/mtab.tmp
______________________________________________________________________________
Announcement ID: openSUSE-SU-2012:0106-1
Rating: moderate
References: #735342
Cross-References: CVE-2011-3145
Affected Products:
openSUSE 11.4
openSUSE 11.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
mount.ecrpytfs_private did not set correct group ownerships
when it modifies mtab (CVE-2011-3145).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch ecryptfs-utils-5541
- openSUSE 11.3:
zypper in -t patch ecryptfs-utils-5541
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
ecryptfs-utils-83-6.9.1
- openSUSE 11.4 (x86_64):
ecryptfs-utils-32bit-83-6.9.1
- openSUSE 11.3 (i586 x86_64):
ecryptfs-utils-83-3.5.1
- openSUSE 11.3 (x86_64):
ecryptfs-utils-32bit-83-3.5.1
References:
http://support.novell.com/security/cve/CVE-2011-3145.htmlhttps://bugzilla.novell.com/735342
openSUSE Security Update: Fixed apache tomcat hash collision vulnerability (CVE-2011-4858)
______________________________________________________________________________
Announcement ID: openSUSE-SU-2012:0103-1
Rating: moderate
References: #712784 #727543
Cross-References: CVE-2011-4858
Affected Products:
openSUSE 11.4
openSUSE 11.3
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
The apache tomcat was vulnerable to a hash collision attack
which allowed remote attackers to mount DoS attacks.
CVE-2011-4858 has been assigned to this issue.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch tomcat6-5619
- openSUSE 11.3:
zypper in -t patch tomcat6-5619
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (noarch):
tomcat6-6.0.32-7.12.1
tomcat6-admin-webapps-6.0.32-7.12.1
tomcat6-docs-webapp-6.0.32-7.12.1
tomcat6-el-1_0-api-6.0.32-7.12.1
tomcat6-javadoc-6.0.32-7.12.1
tomcat6-jsp-2_1-api-6.0.32-7.12.1
tomcat6-lib-6.0.32-7.12.1
tomcat6-servlet-2_5-api-6.0.32-7.12.1
tomcat6-webapps-6.0.32-7.12.1
- openSUSE 11.3 (noarch):
tomcat6-6.0.24-5.16.1
tomcat6-admin-webapps-6.0.24-5.16.1
tomcat6-docs-webapp-6.0.24-5.16.1
tomcat6-el-1_0-api-6.0.24-5.16.1
tomcat6-javadoc-6.0.24-5.16.1
tomcat6-jsp-2_1-api-6.0.24-5.16.1
tomcat6-lib-6.0.24-5.16.1
tomcat6-servlet-2_5-api-6.0.24-5.16.1
tomcat6-webapps-6.0.24-5.16.1
References:
http://support.novell.com/security/cve/CVE-2011-4858.htmlhttps://bugzilla.novell.com/712784https://bugzilla.novell.com/727543
openSUSE Security Update: squid
______________________________________________________________________________
Announcement ID: openSUSE-SU-2012:0102-1
Rating: moderate
References: #587375
Cross-References: CVE-2010-0639
Affected Products:
openSUSE 11.4
openSUSE 11.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update fixes the following security issues:
- 587375: NULL deref via HTCP request (CVE-2010-0639)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch squid-5580
- openSUSE 11.3:
zypper in -t patch squid-5580
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
squid-2.7.STABLE6-10.11.1
- openSUSE 11.3 (i586 x86_64):
squid-2.7.STABLE6-7.3.1
References:
http://support.novell.com/security/cve/CVE-2010-0639.htmlhttps://bugzilla.novell.com/587375
openSUSE Security Update: NetworkManager-gnome
______________________________________________________________________________
Announcement ID: openSUSE-SU-2012:0101-1
Rating: moderate
References: #574266 #732700
Affected Products:
openSUSE 11.4
openSUSE 11.3
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
NetworkManager did not pin a certificate's subject to an
ESSID. A rogue access point could therefore be used to
conduct MITM attacks by using any other valid certificate
issued by same CA as used in the original network
(CVE-2006-7246).
Please note that existing WPA2 Enterprise connections need
to be deleted and re-created to take advantage of the new
security checks.
This is a re-release of the previous update to also enable
the checks for EAP-TLS.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch NetworkManager-gnome-5627
- openSUSE 11.3:
zypper in -t patch NetworkManager-gnome-5627
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
NetworkManager-gnome-0.8.2-9.16.1
- openSUSE 11.4 (noarch):
NetworkManager-gnome-lang-0.8.2-9.16.1
- openSUSE 11.3 (i586 x86_64):
NetworkManager-gnome-0.8-6.7.2
References:
https://bugzilla.novell.com/574266https://bugzilla.novell.com/732700
openSUSE Security Update: icu (CVE-2011-4599, CVE-2010-4409)
______________________________________________________________________________
Announcement ID: openSUSE-SU-2012:0100-1
Rating: moderate
References: #657910 #736146
Cross-References: CVE-2010-4409 CVE-2011-4599
Affected Products:
openSUSE 11.4
openSUSE 11.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
Specially crafted strings could cause a buffer overflow in
icu (CVE-2011-4599).
An integer overflow in the getSymbol() function could crash
applications using icu (CVE-2010-4409)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch icu-5658
- openSUSE 11.3:
zypper in -t patch icu-5658
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
icu-4.4.2-4.5.1
icu-data-4.4.2-4.5.1
libicu-4.4.2-4.5.1
libicu-devel-4.4.2-4.5.1
libicu-doc-4.4.2-4.5.1
- openSUSE 11.4 (x86_64):
libicu-32bit-4.4.2-4.5.1
libicu-devel-32bit-4.4.2-4.5.1
- openSUSE 11.3 (i586 x86_64):
icu-4.2-7.3.1
icu-data-4.2-7.3.1
libicu-4.2-7.3.1
libicu-devel-4.2-7.3.1
libicu-doc-4.2-7.3.1
- openSUSE 11.3 (x86_64):
libicu-32bit-4.2-7.3.1
libicu-devel-32bit-4.2-7.3.1
References:
http://support.novell.com/security/cve/CVE-2010-4409.htmlhttp://support.novell.com/security/cve/CVE-2011-4599.htmlhttps://bugzilla.novell.com/657910https://bugzilla.novell.com/736146
openSUSE Security Update: libqt4: fixed stack-based buffer overflow in glyph handling (CVE-2011-3922)
______________________________________________________________________________
Announcement ID: openSUSE-SU-2012:0091-1
Rating: important
References: #739904
Cross-References: CVE-2011-3922
Affected Products:
openSUSE 11.4
openSUSE 11.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
A stack-based buffer overflow in the glyph handling of
libqt4's harfbuzz has been fixed. CVE-2011-3922 has been
assigned to this issue.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch libQtWebKit-devel-5628
- openSUSE 11.3:
zypper in -t patch libQtWebKit-devel-5628
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
libQtWebKit-devel-4.7.1-8.17.1
libQtWebKit4-4.7.1-8.17.1
libqt4-4.7.1-8.17.1
libqt4-devel-4.7.1-8.17.1
libqt4-qt3support-4.7.1-8.17.1
libqt4-sql-4.7.1-8.17.1
libqt4-sql-sqlite-4.7.1-8.17.1
libqt4-x11-4.7.1-8.17.1
- openSUSE 11.4 (x86_64):
libQtWebKit4-32bit-4.7.1-8.17.1
libqt4-32bit-4.7.1-8.17.1
libqt4-qt3support-32bit-4.7.1-8.17.1
libqt4-sql-32bit-4.7.1-8.17.1
libqt4-sql-sqlite-32bit-4.7.1-8.17.1
libqt4-x11-32bit-4.7.1-8.17.1
- openSUSE 11.3 (i586 x86_64):
libQtWebKit-devel-4.6.3-2.7.1
libQtWebKit4-4.6.3-2.7.1
libqt4-4.6.3-2.7.1
libqt4-devel-4.6.3-2.7.1
libqt4-qt3support-4.6.3-2.7.1
libqt4-sql-4.6.3-2.7.1
libqt4-sql-sqlite-4.6.3-2.7.1
libqt4-x11-4.6.3-2.7.1
- openSUSE 11.3 (x86_64):
libQtWebKit4-32bit-4.6.3-2.7.1
libqt4-32bit-4.6.3-2.7.1
libqt4-qt3support-32bit-4.6.3-2.7.1
libqt4-sql-32bit-4.6.3-2.7.1
libqt4-sql-sqlite-32bit-4.6.3-2.7.1
libqt4-x11-32bit-4.6.3-2.7.1
References:
http://support.novell.com/security/cve/CVE-2011-3922.htmlhttps://bugzilla.novell.com/739904
openSUSE Recommended Update: atftpd: Sorcerer's Apprentice Syndrome
______________________________________________________________________________
Announcement ID: openSUSE-RU-2012:0090-1
Rating: moderate
References: #727843
Affected Products:
openSUSE 11.4
openSUSE 11.3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issue for atftp:
- 727843: provides stability enhancements for tftp usage in
packet loss situations ("Sorcerer's Apprentice Syndrome")
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch atftp-5483
- openSUSE 11.3:
zypper in -t patch atftp-5483
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
atftp-0.7.0-143.146.1
- openSUSE 11.3 (i586 x86_64):
atftp-0.7.0-137.3.1
References:
https://bugzilla.novell.com/727843
openSUSE Recommended Update: mawk: mawk RE matching can return invalid results causing unexpected behavior and crashes
______________________________________________________________________________
Announcement ID: openSUSE-RU-2012:0089-1
Rating: low
References: #740484
Affected Products:
openSUSE 11.4
openSUSE 11.3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issue for mawk:
- 740484: mawk RE matching can return invalid results
causing unexpected behavior and crashes
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch mawk-5644
- openSUSE 11.3:
zypper in -t patch mawk-5644
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
mawk-1.3.4-7.8.1
- openSUSE 11.3 (i586 x86_64):
mawk-1.3.4-4.3.1
References:
https://bugzilla.novell.com/740484
openSUSE Recommended Update: xarchiver: thunar-plugin-archive doesn't package a file with spaces in its name
______________________________________________________________________________
Announcement ID: openSUSE-RU-2012:0088-1
Rating: low
References: #723170
Affected Products:
openSUSE 11.4
openSUSE 11.3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issue for xarchiver:
- 723170: thunar-plugin-archive doesn't package a file with
spaces in its name
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch xarchiver-5647
- openSUSE 11.3:
zypper in -t patch xarchiver-5647
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
xarchiver-0.5.2+20090319-9.14.1
- openSUSE 11.3 (i586 x86_64):
xarchiver-0.5.2+20090319-2.3.1
References:
https://bugzilla.novell.com/723170