openSUSE Updates December 2012

updates@lists.opensuse.org

2 participants
64 discussions

openSUSE-SU-2012:1702-1: moderate: opera - security and bugfix update
by opensuse-security＠opensuse.org 27 Dec '12

27 Dec '12

openSUSE Security Update: opera - security and bugfix update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:1702-1 Rating: moderate References: #795061 Affected Products: openSUSE 12.2 openSUSE 12.1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: - Update to 12.12 * Fixes and Stability Enhancements - New option 'Delete settings and data for all extensions' option (off by default) in the Delete Private Data dialog - Corrected an issue where using the 'Delete Private Data' dialog could delete extension and settings data - Redesigned the 'Delete Private Data' dialog to be more usable with small screens - Fixed an issue where quitting Opera while in fullscreen mode could cripple the interface on the next start-up - Fixed an issue where malformed GIF images could allow execution of arbitrary code - Fixed an issue where repeated attempts to access a target site could trigger address field spoofing - Fixed an issue where private data could be disclosed to other computer users, or be modified by them * full changelog available at: http://www.opera.com/docs/changelogs/unix/1212 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2012-885 - openSUSE 12.1: zypper in -t patch openSUSE-2012-885 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): opera-12.12-21.1 opera-gtk-12.12-21.1 opera-kde4-12.12-21.1 - openSUSE 12.1 (i586 x86_64): opera-12.12-34.1 opera-gtk-12.12-34.1 opera-kde4-12.12-34.1 References: https://bugzilla.novell.com/795061

1 0

openSUSE-SU-2012:1701-1: moderate: update for tomcat
by opensuse-security＠opensuse.org 27 Dec '12

27 Dec '12

openSUSE Security Update: update for tomcat ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:1701-1 Rating: moderate References: #779538 #789406 #791423 #791424 #791426 #791679 #793391 #793394 Cross-References: CVE-2009-2693 CVE-2009-2901 CVE-2009-2902 CVE-2012-2733 CVE-2012-3546 CVE-2012-4431 CVE-2012-5568 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: - fix bnc#793394 - bypass of security constraints (CVE-2012-3546) * tomcat-CVE-2012-3546.patch http://svn.apache.org/viewvc?view=revision&revision=1377892 - fix bnc#793391 - bypass of CSRF prevention filter (CVE-2012-4431) * tomcat-CVE-2012-4431.patch http://svn.apache.org/viewvc?view=revision&revision=1393088 - document how to protect against slowloris DoS (CVE-2012-5568/bnc#791679) in README.SUSE - fixes bnc#791423 - cnonce tracking weakness (CVE-2012-5885) bnc#791424 - authentication caching weakness (CVE-2012-5886) bnc#791426 - stale nonce weakness (CVE-2012-5887) * tomcat-dont-parse-user-name-twice.patch http://svn.apache.org/viewvc?view=revision&revision=1366723 * tomcat-CVE-2009-2693-CVE-2009-2901-CVE-2009-2902.patch http://svn.apache.org/viewvc?view=revision&revision=1377807 - fix bnc#789406: HTTP NIO connector OOM DoS via a request with large headers (CVE-2012-2733) * http://svn.apache.org/viewvc?view=revision&revision=1350301 - fix bnc#779538 - Tomcat7 default current workdir isn't /usr/share/tomcat Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2012-883 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (noarch): tomcat-7.0.27-2.9.1 tomcat-admin-webapps-7.0.27-2.9.1 tomcat-docs-webapp-7.0.27-2.9.1 tomcat-el-2_2-api-7.0.27-2.9.1 tomcat-javadoc-7.0.27-2.9.1 tomcat-jsp-2_2-api-7.0.27-2.9.1 tomcat-jsvc-7.0.27-2.9.1 tomcat-lib-7.0.27-2.9.1 tomcat-servlet-3_0-api-7.0.27-2.9.1 tomcat-webapps-7.0.27-2.9.1 References: http://support.novell.com/security/cve/CVE-2009-2693.html http://support.novell.com/security/cve/CVE-2009-2901.html http://support.novell.com/security/cve/CVE-2009-2902.html http://support.novell.com/security/cve/CVE-2012-2733.html http://support.novell.com/security/cve/CVE-2012-3546.html http://support.novell.com/security/cve/CVE-2012-4431.html http://support.novell.com/security/cve/CVE-2012-5568.html http://support.novell.com/security/cve/CVE-2012-5885.html http://support.novell.com/security/cve/CVE-2012-5886.html http://support.novell.com/security/cve/CVE-2012-5887.html https://bugzilla.novell.com/779538 https://bugzilla.novell.com/789406 https://bugzilla.novell.com/791423 https://bugzilla.novell.com/791424 https://bugzilla.novell.com/791426 https://bugzilla.novell.com/791679 https://bugzilla.novell.com/793391 https://bugzilla.novell.com/793394

1 0

openSUSE-SU-2012:1700-1: moderate: update for tomcat6
by opensuse-security＠opensuse.org 27 Dec '12

27 Dec '12

openSUSE Security Update: update for tomcat6 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:1700-1 Rating: moderate References: #789406 #791423 #791424 #791426 #791679 #793391 #793394 Cross-References: CVE-2009-2693 CVE-2009-2901 CVE-2009-2902 CVE-2012-2733 CVE-2012-3546 CVE-2012-4431 CVE-2012-5568 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: - fix bnc#793394 - bypass of security constraints (CVE-2012-3546) * apache-tomcat-CVE-2012-3546.patch http://svn.apache.org/viewvc?view=revision&revision=1381035 - fix bnc#793391 - bypass of CSRF prevention filter (CVE-2012-4431) * apache-tomcat-CVE-2012-4431.patch http://svn.apache.org/viewvc?view=revision&revision=1394456 - document how to protect against slowloris DoS (CVE-2012-5568/bnc#791679) in README.SUSE - fixes bnc#791423 - cnonce tracking weakness (CVE-2012-5885) bnc#791424 - authentication caching weakness (CVE-2012-5886) bnc#791426 - stale nonce weakness (CVE-2012-5887) * apache-tomcat-CVE-2009-2693-CVE-2009-2901-CVE-2009-2902.patc h http://svn.apache.org/viewvc?view=revision&revision=1380829 - fix bnc#789406 - HTTP NIO connector OOM DoS via a request with large headers (CVE-2012-2733) * http://svn.apache.org/viewvc?view=revision&revision=1356208 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-884 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): libtcnative-1-0-1.3.3-3.7.1 libtcnative-1-0-debuginfo-1.3.3-3.7.1 libtcnative-1-0-debugsource-1.3.3-3.7.1 libtcnative-1-0-devel-1.3.3-3.7.1 - openSUSE 12.1 (noarch): tomcat6-6.0.33-3.7.1 tomcat6-admin-webapps-6.0.33-3.7.1 tomcat6-docs-webapp-6.0.33-3.7.1 tomcat6-el-1_0-api-6.0.33-3.7.1 tomcat6-javadoc-6.0.33-3.7.1 tomcat6-jsp-2_1-api-6.0.33-3.7.1 tomcat6-lib-6.0.33-3.7.1 tomcat6-servlet-2_5-api-6.0.33-3.7.1 tomcat6-webapps-6.0.33-3.7.1 References: http://support.novell.com/security/cve/CVE-2009-2693.html http://support.novell.com/security/cve/CVE-2009-2901.html http://support.novell.com/security/cve/CVE-2009-2902.html http://support.novell.com/security/cve/CVE-2012-2733.html http://support.novell.com/security/cve/CVE-2012-3546.html http://support.novell.com/security/cve/CVE-2012-4431.html http://support.novell.com/security/cve/CVE-2012-5568.html http://support.novell.com/security/cve/CVE-2012-5885.html http://support.novell.com/security/cve/CVE-2012-5886.html http://support.novell.com/security/cve/CVE-2012-5887.html https://bugzilla.novell.com/789406 https://bugzilla.novell.com/791423 https://bugzilla.novell.com/791424 https://bugzilla.novell.com/791426 https://bugzilla.novell.com/791679 https://bugzilla.novell.com/793391 https://bugzilla.novell.com/793394

1 0

openSUSE-RU-2012:1699-1: OpenLP: Updated to 2.0
by maintenance＠opensuse.org 27 Dec '12

27 Dec '12

openSUSE Recommended Update: OpenLP: Updated to 2.0 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2012:1699-1 Rating: low References: #793458 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue for OpenLP: - bnc#793458: Updated to 2.0 * Stable release of OpenLP 2.0 * Includes performance improvements * Includes bugfixes for imports, presentations and VLC Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2012-871 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (noarch): OpenLP-2.0-1.14.1 References: https://bugzilla.novell.com/793458

1 0

openSUSE-RU-2012:1698-1: llvm: Fix llvm-config --libdir output on x86-64
by maintenance＠opensuse.org 27 Dec '12

27 Dec '12

openSUSE Recommended Update: llvm: Fix llvm-config --libdir output on x86-64 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2012:1698-1 Rating: low References: #770956 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue for llvm: - bnc#770956: Fix llvm-config --libdir output on x86-64 Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2012-879 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): llvm-3.1-2.6.1 llvm-clang-3.1-2.6.1 llvm-clang-debuginfo-3.1-2.6.1 llvm-clang-devel-3.1-2.6.1 llvm-clang-devel-debuginfo-3.1-2.6.1 llvm-devel-3.1-2.6.1 llvm-doc-3.1-2.6.1 llvm-vim-plugins-3.1-2.6.1 References: https://bugzilla.novell.com/770956

1 0

openSUSE-RU-2012:1697-1: gstreamer-0_10: Don't set locale in gst_init()
by maintenance＠opensuse.org 27 Dec '12

27 Dec '12

openSUSE Recommended Update: gstreamer-0_10: Don't set locale in gst_init() ______________________________________________________________________________ Announcement ID: openSUSE-RU-2012:1697-1 Rating: low References: #779426 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue for gstreamer-0_10: -bnc#779426, bgo#685650: Don't set locale in gst_init() Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2012-880 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): gstreamer-0_10-0.10.36-3.4.1 gstreamer-0_10-debuginfo-0.10.36-3.4.1 gstreamer-0_10-debugsource-0.10.36-3.4.1 gstreamer-0_10-devel-0.10.36-3.4.1 gstreamer-0_10-doc-0.10.36-3.4.1 gstreamer-0_10-utils-0.10.36-3.4.1 gstreamer-0_10-utils-debuginfo-0.10.36-3.4.1 gstreamer-utils-0.10.36-3.4.1 gstreamer-utils-debuginfo-0.10.36-3.4.1 libgstreamer-0_10-0-0.10.36-3.4.1 libgstreamer-0_10-0-debuginfo-0.10.36-3.4.1 typelib-1_0-Gst-0_10-0.10.36-3.4.1 - openSUSE 12.2 (x86_64): gstreamer-0_10-32bit-0.10.36-3.4.1 gstreamer-0_10-debuginfo-32bit-0.10.36-3.4.1 libgstreamer-0_10-0-32bit-0.10.36-3.4.1 libgstreamer-0_10-0-debuginfo-32bit-0.10.36-3.4.1 - openSUSE 12.2 (noarch): gstreamer-0_10-lang-0.10.36-3.4.1 References: https://bugzilla.novell.com/779426

1 0

openSUSE-RU-2012:1696-1: smartmontools: Update to the latest version
by maintenance＠opensuse.org 27 Dec '12

27 Dec '12

openSUSE Recommended Update: smartmontools: Update to the latest version ______________________________________________________________________________ Announcement ID: openSUSE-RU-2012:1696-1 Rating: low References: #789204 #790044 Affected Products: openSUSE 12.2 openSUSE 12.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues for smartmontools: - bnc#789204: provide many new drives, SSD disks and USB bridges to the database - bnc#790044: make YaST sysconfig Editor working with systemd, and fixes SMARTD_SAVESTATES, SMARTD_ATTRLOG and SMARTD_EXTRA_OPTS sysconfig variables with sysv5 init Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2012-877 - openSUSE 12.1: zypper in -t patch openSUSE-2012-877 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): smartmontools-6.0-8.4.1 smartmontools-debuginfo-6.0-8.4.1 smartmontools-debugsource-6.0-8.4.1 - openSUSE 12.1 (i586 x86_64): smartmontools-6.0-1.5.1 smartmontools-debuginfo-6.0-1.5.1 smartmontools-debugsource-6.0-1.5.1 References: https://bugzilla.novell.com/789204 https://bugzilla.novell.com/790044

1 0

openSUSE-RU-2012:1695-1: important: collectl: update to fix init script
by maintenance＠opensuse.org 27 Dec '12

27 Dec '12

openSUSE Recommended Update: collectl: update to fix init script ______________________________________________________________________________ Announcement ID: openSUSE-RU-2012:1695-1 Rating: important References: #793027 Affected Products: openSUSE 12.2 openSUSE 12.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue for collectl: - bnc#793027: resolves an issue with the init script that prevents the collectl service from starting/stopping Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2012-872 - openSUSE 12.1: zypper in -t patch openSUSE-2012-872 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (noarch): collectl-3.4.3-10.4.1 - openSUSE 12.1 (noarch): collectl-3.4.3-7.4.1 References: https://bugzilla.novell.com/793027

1 0

openSUSE-RU-2012:1694-1: SuSEfirewall2: just CT instead of NOTRACK
by maintenance＠opensuse.org 27 Dec '12

27 Dec '12

openSUSE Recommended Update: SuSEfirewall2: just CT instead of NOTRACK ______________________________________________________________________________ Announcement ID: openSUSE-RU-2012:1694-1 Rating: low References: #793459 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue for SuSEfirewall2: - bnc#793459: Use CT rule instead of NOTRACK Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2012-878 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (noarch): SuSEfirewall2-3.6.295-1.10.1 References: https://bugzilla.novell.com/793459

1 0

openSUSE-RU-2012:1693-1: usbip: Updated userspace tools and library to version 1.1.1
by maintenance＠opensuse.org 27 Dec '12

27 Dec '12

openSUSE Recommended Update: usbip: Updated userspace tools and library to version 1.1.1 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2012:1693-1 Rating: low References: #734752 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue for usbip: - bnc#734752: Updated usbip userspace tools and library to version 1.1.1 Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-881 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): usbip-1.1.1-16.4.1 usbip-debuginfo-1.1.1-16.4.1 usbip-debugsource-1.1.1-16.4.1 usbip-devel-1.1.1-16.4.1 References: https://bugzilla.novell.com/734752

1 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

openSUSE Updates December 2012