February 2012 - openSUSE Updates - openSUSE Mailing Lists

openSUSE-SU-2012:0316-1: important: libpng12: Fixed a heap based buffer overflow
by opensuse-security＠opensuse.org 28 Feb '12

28 Feb '12

openSUSE Security Update: libpng12: Fixed a heap based buffer overflow ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0316-1 Rating: important References: #747311 Cross-References: CVE-2011-3026 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: A heap-based buffer overflow in libpng was fixed that could potentially be exploited by attackers to execute arbitrary code or cause an application to crash (CVE-2011-3026). libpng 1.2 was updated to 1.2.47 to fix this issue. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch libpng12-5846 libpng14-5847 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 1.2.47]: libpng12-0-1.2.47-0.8.1 libpng12-compat-devel-1.2.47-0.8.1 libpng12-devel-1.2.47-0.8.1 libpng14-14-1.4.4-3.6.1 libpng14-compat-devel-1.4.4-3.6.1 libpng14-devel-1.4.4-3.6.1 - openSUSE 11.4 (x86_64) [New Version: 1.2.47]: libpng12-0-32bit-1.2.47-0.8.1 libpng12-compat-devel-32bit-1.2.47-0.8.1 libpng12-devel-32bit-1.2.47-0.8.1 libpng14-14-32bit-1.4.4-3.6.1 libpng14-compat-devel-32bit-1.4.4-3.6.1 libpng14-devel-32bit-1.4.4-3.6.1 References: http://support.novell.com/security/cve/CVE-2011-3026.html https://bugzilla.novell.com/747311

1 0

openSUSE-SU-2012:0315-1: important: csound: fixed two stack based buffer overflows
by opensuse-security＠opensuse.org 28 Feb '12

28 Feb '12

openSUSE Security Update: csound: fixed two stack based buffer overflows ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0315-1 Rating: important References: #749073 Cross-References: CVE-2012-0270 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of csound fixes two stack-based buffer overflows that could be exploited via malformed hetro and pvoc files (CVE-2012-0270). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch csound-5889 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): csound-5.06.0-139.140.1 References: http://support.novell.com/security/cve/CVE-2012-0270.html https://bugzilla.novell.com/749073

1 0

openSUSE-SU-2012:0314-1: important: apache2: fixed various security bugs
by opensuse-security＠opensuse.org 28 Feb '12

28 Feb '12

openSUSE Security Update: apache2: fixed various security bugs ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0314-1 Rating: important References: #728876 #738855 #741243 #743743 Cross-References: CVE-2007-6750 CVE-2012-0031 CVE-2012-0053 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update of apache2 fixes regressions and several security problems: bnc#728876, fix graceful reload bnc#741243, CVE-2012-0031: Fixed a scoreboard corruption (shared mem segment) by child causes crash of privileged parent (invalid free()) during shutdown. bnc#743743, CVE-2012-0053: Fixed an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400". bnc#738855, CVE-2007-6750: The "mod_reqtimeout" module was backported from Apache 2.2.21 to help mitigate the "Slowloris" Denial of Service attack. You need to enable the "mod_reqtimeout" module in your existing apache configuration to make it effective, e.g. in the APACHE_MODULES line in /etc/sysconfig/apache2. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch apache2-201202-5821 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): apache2-2.2.17-4.13.1 apache2-devel-2.2.17-4.13.1 apache2-example-certificates-2.2.17-4.13.1 apache2-example-pages-2.2.17-4.13.1 apache2-itk-2.2.17-4.13.1 apache2-prefork-2.2.17-4.13.1 apache2-utils-2.2.17-4.13.1 apache2-worker-2.2.17-4.13.1 - openSUSE 11.4 (noarch): apache2-doc-2.2.17-4.13.1 References: http://support.novell.com/security/cve/CVE-2007-6750.html http://support.novell.com/security/cve/CVE-2012-0031.html http://support.novell.com/security/cve/CVE-2012-0053.html https://bugzilla.novell.com/728876 https://bugzilla.novell.com/738855 https://bugzilla.novell.com/741243 https://bugzilla.novell.com/743743

1 0

openSUSE-SU-2012:0310-1: moderate: No summary available - BOX
by opensuse-security＠opensuse.org 27 Feb '12

27 Feb '12

openSUSE Security Update: No summary available - BOX ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0310-1 Rating: moderate References: #744059 Cross-References: CVE-2012-0804 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A heap-based buffer overflow flaw was found in the way CVS read proxy connection HTTP responses. An attacker could exploit this to cause the application to crash or, potentially, execute arbitrary code in the context of the user running the application (CVE-2012-0804). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch cvs-5861 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): cvs-1.12.12-166.169.1 - openSUSE 11.4 (noarch): cvs-doc-1.12.12-166.169.1 References: http://support.novell.com/security/cve/CVE-2012-0804.html https://bugzilla.novell.com/744059

1 0

openSUSE-SU-2012:0309-1: important: java-1_6_0-openjdk: Update to iced tea 1.11.1 b24 security release
by opensuse-security＠opensuse.org 27 Feb '12

27 Feb '12

openSUSE Security Update: java-1_6_0-openjdk: Update to iced tea 1.11.1 b24 security release ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0309-1 Rating: important References: #747208 Cross-References: CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: java-1_6_0-openjdk was updated to the b24 release, fixing multiple security issues: * Security fixes - S7082299, CVE-2011-3571: Fix inAtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass - S7110704, CVE-2012-0506: Issues with some method in corba - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing - S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch java-1_6_0-openjdk-5856 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b24.1.11.1-0.3.2 java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.1-0.3.2 - openSUSE 11.4 (i586): java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.1-0.3.2 java-1_6_0-openjdk-javadoc-1.6.0.0_b24.1.11.1-0.3.2 java-1_6_0-openjdk-src-1.6.0.0_b24.1.11.1-0.3.2 References: http://support.novell.com/security/cve/CVE-2011-3563.html http://support.novell.com/security/cve/CVE-2011-3571.html http://support.novell.com/security/cve/CVE-2011-5035.html http://support.novell.com/security/cve/CVE-2012-0497.html http://support.novell.com/security/cve/CVE-2012-0501.html http://support.novell.com/security/cve/CVE-2012-0502.html http://support.novell.com/security/cve/CVE-2012-0503.html http://support.novell.com/security/cve/CVE-2012-0505.html http://support.novell.com/security/cve/CVE-2012-0506.html https://bugzilla.novell.com/747208

1 0

openSUSE-SU-2012:0307-1: xorg-x11-server: Fixed boundary checks in the GLX protocol handling
by opensuse-security＠opensuse.org 27 Feb '12

27 Feb '12

openSUSE Security Update: xorg-x11-server: Fixed boundary checks in the GLX protocol handling ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0307-1 Rating: low References: #648287 Cross-References: CVE-2010-4818 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of xorg-x11-server fixes issues that could allow attackers read access to arbitrary memory locations via the GLX protocol (CVE-2010-4818). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch xorg-x11-Xvnc-5766 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): xorg-x11-Xvnc-7.6_1.9.3-15.26.1 xorg-x11-server-7.6_1.9.3-15.26.1 xorg-x11-server-extra-7.6_1.9.3-15.26.1 xorg-x11-server-sdk-7.6_1.9.3-15.26.1 References: http://support.novell.com/security/cve/CVE-2010-4818.html https://bugzilla.novell.com/648287

1 0

openSUSE-RU-2012:0306-1: python-gpgme: Fixed version-check
by maintenance＠opensuse.org 27 Feb '12

27 Feb '12

openSUSE Recommended Update: python-gpgme: Fixed version-check ______________________________________________________________________________ Announcement ID: openSUSE-RU-2012:0306-1 Rating: low References: #745257 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue for python-gpgme: - 745257: fixed error in version-check Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch python-gpgme-5859 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): python-gpgme-0.1-106.107.1 References: https://bugzilla.novell.com/745257

1 0

openSUSE-RU-2012:0305-1: cifs-utils: unable to unmount a cisf share as user in opensuse 11.4
by maintenance＠opensuse.org 27 Feb '12

27 Feb '12

openSUSE Recommended Update: cifs-utils: unable to unmount a cisf share as user in opensuse 11.4 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2012:0305-1 Rating: low References: #679949 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update fixes the following issue for cifs-utils: - 679949: unable to unmount a cisf share as user in opensuse 11.4 - makes cifs-utils userspace more compatible with the in-kernel cifs module Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch cifs-utils-5858 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 4.9]: cifs-utils-4.9-1.3.1 References: https://bugzilla.novell.com/679949

1 0

openSUSE-SU-2012:0297-1: important: mozilla-xulrunner192: 1.9.2.27
by opensuse-security＠opensuse.org 24 Feb '12

24 Feb '12

openSUSE Security Update: mozilla-xulrunner192: 1.9.2.27 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0297-1 Rating: important References: #747328 Cross-References: CVE-2011-3026 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes 5 new package versions. Description: Mozilla XULRunner was updated to 1.9.2.27 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026), Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch MozillaFirefox-5825 MozillaThunderbird-5826 mozilla-js192-5832 seamonkey-5834 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 1.9.2.27,10.0.2,2.7.2 and 3.1.19]: MozillaFirefox-10.0.2-0.2.1 MozillaFirefox-branding-upstream-10.0.2-0.2.1 MozillaFirefox-buildsymbols-10.0.2-0.2.1 MozillaFirefox-devel-10.0.2-0.2.1 MozillaFirefox-translations-common-10.0.2-0.2.1 MozillaFirefox-translations-other-10.0.2-0.2.1 MozillaThunderbird-3.1.19-0.25.1 MozillaThunderbird-buildsymbols-3.1.19-0.25.1 MozillaThunderbird-devel-3.1.19-0.25.1 MozillaThunderbird-translations-common-3.1.19-0.25.1 MozillaThunderbird-translations-other-3.1.19-0.25.1 enigmail-1.1.2+3.1.19-0.25.1 mozilla-js192-1.9.2.27-0.2.1 mozilla-xulrunner192-1.9.2.27-0.2.1 mozilla-xulrunner192-buildsymbols-1.9.2.27-0.2.1 mozilla-xulrunner192-devel-1.9.2.27-0.2.1 mozilla-xulrunner192-gnome-1.9.2.27-0.2.1 mozilla-xulrunner192-translations-common-1.9.2.27-0.2.1 mozilla-xulrunner192-translations-other-1.9.2.27-0.2.1 seamonkey-2.7.2-0.2.1 seamonkey-dom-inspector-2.7.2-0.2.1 seamonkey-irc-2.7.2-0.2.1 seamonkey-translations-common-2.7.2-0.2.1 seamonkey-translations-other-2.7.2-0.2.1 seamonkey-venkman-2.7.2-0.2.1 - openSUSE 11.4 (x86_64) [New Version: 1.9.2.27]: mozilla-js192-32bit-1.9.2.27-0.2.1 mozilla-xulrunner192-32bit-1.9.2.27-0.2.1 mozilla-xulrunner192-gnome-32bit-1.9.2.27-0.2.1 mozilla-xulrunner192-translations-common-32bit-1.9.2.27-0.2.1 mozilla-xulrunner192-translations-other-32bit-1.9.2.27-0.2.1 References: http://support.novell.com/security/cve/CVE-2011-3026.html https://bugzilla.novell.com/747328

1 0

openSUSE-SU-2012:0295-1: moderate: wireshark to 1.4.11
by opensuse-security＠opensuse.org 23 Feb '12

23 Feb '12

openSUSE Security Update: wireshark to 1.4.11 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0295-1 Rating: moderate References: #741187 #741188 #741190 Cross-References: CVE-2012-0041 CVE-2012-0042 CVE-2012-0043 CVE-2012-0066 CVE-2012-0067 CVE-2012-0068 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. It includes one version update. Description: This update fixes the following security issues: - 741187: multiple file parser vulnerabilities (CVE-2012-0041) - 741188: RLC dissector buffer overflow (CVE-2012-0043) - 741190: NULL pointer vulnerabilities (CVE-2012-0042) - CVE-2012-0066: DoS due to too large buffer alloc request - CVE-2012-0067: DoS due to integer underflow and too large buffer alloc. request - CVE-2012-0068: memory corruption due to buffer underflow Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch wireshark-5742 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 1.4.11]: wireshark-1.4.11-0.2.3 wireshark-devel-1.4.11-0.2.3 References: http://support.novell.com/security/cve/CVE-2012-0041.html http://support.novell.com/security/cve/CVE-2012-0042.html http://support.novell.com/security/cve/CVE-2012-0043.html http://support.novell.com/security/cve/CVE-2012-0066.html http://support.novell.com/security/cve/CVE-2012-0067.html http://support.novell.com/security/cve/CVE-2012-0068.html https://bugzilla.novell.com/741187 https://bugzilla.novell.com/741188 https://bugzilla.novell.com/741190

1 0