April 2012 - openSUSE Updates - openSUSE Mailing Lists

openSUSE-SU-2012:0567-1: moderate: update for MozillaFirefox, MozillaThunderbird, seamonkey, xulrunner
by opensuse-security＠opensuse.org 27 Apr '12

27 Apr '12

openSUSE Security Update: update for MozillaFirefox, MozillaThunderbird, seamonkey, xulrunner ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0567-1 Rating: moderate References: #712224 #714931 #720264 #726758 #728520 #732898 #733002 #744275 #746616 #747328 #749440 #750044 #755060 #758408 Cross-References: CVE-2011-1187 CVE-2011-2985 CVE-2011-2986 CVE-2011-2987 CVE-2011-2988 CVE-2011-2989 CVE-2011-2991 CVE-2011-2992 CVE-2011-3005 CVE-2011-3062 CVE-2011-3232 CVE-2011-3651 CVE-2011-3652 CVE-2011-3654 CVE-2011-3655 CVE-2011-3658 CVE-2011-3660 CVE-2011-3661 CVE-2011-3663 CVE-2012-0445 CVE-2012-0446 CVE-2012-0447 CVE-2012-0451 CVE-2012-0452 CVE-2012-0459 CVE-2012-0460 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0475 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes 38 vulnerabilities is now available. Description: Changes in xulrunner: - update to 12.0 (bnc#758408) * rebased patches * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards * MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange * MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface * MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors * MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite * MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS * MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions * MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues * MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D * MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer * MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by javascript errors * MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running - gcc 4.7 fixes * mozilla-gcc47.patch * disabled crashreporter temporarily for Factory Changes in MozillaFirefox: - update to Firefox 12.0 (bnc#758408) * rebased patches * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards * MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange * MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface * MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors * MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite * MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS * MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions * MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues * MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D * MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer * MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by javascript errors * MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running - gcc 4.7 fixes * mozilla-gcc47.patch * disabled crashreporter temporarily for Factory - recommend libcanberra0 for proper sound notifications Changes in MozillaThunderbird: - update to Thunderbird 12.0 (bnc#758408) * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards * MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange * MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface * MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors * MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite * MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS * MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions * MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues * MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D * MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer * MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by javascript errors * MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - update Enigmail to 1.4.1 - added mozilla-revert_621446.patch - added mozilla-libnotify.patch (bmo#737646) - added mailnew-showalert.patch (bmo#739146) - added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7 - disabled crashreporter temporarily for Factory (gcc 4.7 issue) Changes in seamonkey: - update to Seamonkey 2.9 (bnc#758408) * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards * MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange * MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface * MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors * MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite * MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS * MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions * MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues * MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D * MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer * MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by javascript errors * MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - update to 2.9b4 - added mozilla-sle11.patch and add exceptions to be able to build for SLE11/11.1 - exclude broken gl locale from build - fixed build on 11.2-x86_64 by adding mozilla-revert_621446.patch - added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-254 - openSUSE 11.4: zypper in -t patch openSUSE-2012-254 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): MozillaFirefox-12.0-2.26.1 MozillaFirefox-branding-upstream-12.0-2.26.1 MozillaFirefox-buildsymbols-12.0-2.26.1 MozillaFirefox-debuginfo-12.0-2.26.1 MozillaFirefox-debugsource-12.0-2.26.1 MozillaFirefox-devel-12.0-2.26.1 MozillaFirefox-translations-common-12.0-2.26.1 MozillaFirefox-translations-other-12.0-2.26.1 MozillaThunderbird-12.0-33.20.1 MozillaThunderbird-buildsymbols-12.0-33.20.1 MozillaThunderbird-debuginfo-12.0-33.20.1 MozillaThunderbird-debugsource-12.0-33.20.1 MozillaThunderbird-devel-12.0-33.20.1 MozillaThunderbird-translations-common-12.0-33.20.1 MozillaThunderbird-translations-other-12.0-33.20.1 enigmail-1.4.1+12.0-33.20.1 enigmail-debuginfo-1.4.1+12.0-33.20.1 mozilla-js-12.0-2.26.1 mozilla-js-debuginfo-12.0-2.26.1 seamonkey-2.9-2.18.1 seamonkey-debuginfo-2.9-2.18.1 seamonkey-debugsource-2.9-2.18.1 seamonkey-dom-inspector-2.9-2.18.1 seamonkey-irc-2.9-2.18.1 seamonkey-translations-common-2.9-2.18.1 seamonkey-translations-other-2.9-2.18.1 seamonkey-venkman-2.9-2.18.1 xulrunner-12.0-2.26.1 xulrunner-buildsymbols-12.0-2.26.1 xulrunner-debuginfo-12.0-2.26.1 xulrunner-debugsource-12.0-2.26.1 xulrunner-devel-12.0-2.26.1 xulrunner-devel-debuginfo-12.0-2.26.1 - openSUSE 12.1 (x86_64): mozilla-js-32bit-12.0-2.26.1 mozilla-js-debuginfo-32bit-12.0-2.26.1 xulrunner-32bit-12.0-2.26.1 xulrunner-debuginfo-32bit-12.0-2.26.1 - openSUSE 12.1 (ia64): mozilla-js-debuginfo-x86-12.0-2.26.1 mozilla-js-x86-12.0-2.26.1 xulrunner-debuginfo-x86-12.0-2.26.1 xulrunner-x86-12.0-2.26.1 - openSUSE 11.4 (i586 x86_64): MozillaFirefox-12.0-18.1 MozillaFirefox-branding-upstream-12.0-18.1 MozillaFirefox-buildsymbols-12.0-18.1 MozillaFirefox-debuginfo-12.0-18.1 MozillaFirefox-debugsource-12.0-18.1 MozillaFirefox-devel-12.0-18.1 MozillaFirefox-translations-common-12.0-18.1 MozillaFirefox-translations-other-12.0-18.1 MozillaThunderbird-12.0-18.1 MozillaThunderbird-buildsymbols-12.0-18.1 MozillaThunderbird-debuginfo-12.0-18.1 MozillaThunderbird-debugsource-12.0-18.1 MozillaThunderbird-devel-12.0-18.1 MozillaThunderbird-translations-common-12.0-18.1 MozillaThunderbird-translations-other-12.0-18.1 enigmail-1.4.1+12.0-18.1 enigmail-debuginfo-1.4.1+12.0-18.1 seamonkey-2.9-18.1 seamonkey-debuginfo-2.9-18.1 seamonkey-debugsource-2.9-18.1 seamonkey-dom-inspector-2.9-18.1 seamonkey-irc-2.9-18.1 seamonkey-translations-common-2.9-18.1 seamonkey-translations-other-2.9-18.1 seamonkey-venkman-2.9-18.1 References: http://support.novell.com/security/cve/CVE-2011-1187.html http://support.novell.com/security/cve/CVE-2011-2985.html http://support.novell.com/security/cve/CVE-2011-2986.html http://support.novell.com/security/cve/CVE-2011-2987.html http://support.novell.com/security/cve/CVE-2011-2988.html http://support.novell.com/security/cve/CVE-2011-2989.html http://support.novell.com/security/cve/CVE-2011-2991.html http://support.novell.com/security/cve/CVE-2011-2992.html http://support.novell.com/security/cve/CVE-2011-3005.html http://support.novell.com/security/cve/CVE-2011-3062.html http://support.novell.com/security/cve/CVE-2011-3232.html http://support.novell.com/security/cve/CVE-2011-3651.html http://support.novell.com/security/cve/CVE-2011-3652.html http://support.novell.com/security/cve/CVE-2011-3654.html http://support.novell.com/security/cve/CVE-2011-3655.html http://support.novell.com/security/cve/CVE-2011-3658.html http://support.novell.com/security/cve/CVE-2011-3660.html http://support.novell.com/security/cve/CVE-2011-3661.html http://support.novell.com/security/cve/CVE-2011-3663.html http://support.novell.com/security/cve/CVE-2012-0445.html http://support.novell.com/security/cve/CVE-2012-0446.html http://support.novell.com/security/cve/CVE-2012-0447.html http://support.novell.com/security/cve/CVE-2012-0451.html http://support.novell.com/security/cve/CVE-2012-0452.html http://support.novell.com/security/cve/CVE-2012-0459.html http://support.novell.com/security/cve/CVE-2012-0460.html http://support.novell.com/security/cve/CVE-2012-0467.html http://support.novell.com/security/cve/CVE-2012-0468.html http://support.novell.com/security/cve/CVE-2012-0469.html http://support.novell.com/security/cve/CVE-2012-0470.html http://support.novell.com/security/cve/CVE-2012-0471.html http://support.novell.com/security/cve/CVE-2012-0472.html http://support.novell.com/security/cve/CVE-2012-0473.html http://support.novell.com/security/cve/CVE-2012-0474.html http://support.novell.com/security/cve/CVE-2012-0475.html http://support.novell.com/security/cve/CVE-2012-0477.html http://support.novell.com/security/cve/CVE-2012-0478.html http://support.novell.com/security/cve/CVE-2012-0479.html https://bugzilla.novell.com/712224 https://bugzilla.novell.com/714931 https://bugzilla.novell.com/720264 https://bugzilla.novell.com/726758 https://bugzilla.novell.com/728520 https://bugzilla.novell.com/732898 https://bugzilla.novell.com/733002 https://bugzilla.novell.com/744275 https://bugzilla.novell.com/746616 https://bugzilla.novell.com/747328 https://bugzilla.novell.com/749440 https://bugzilla.novell.com/750044 https://bugzilla.novell.com/755060 https://bugzilla.novell.com/758408

1 0

openSUSE-RU-2012:0561-2: flash-player: update to 11.2.202.233
by maintenance＠opensuse.org 26 Apr '12

26 Apr '12

openSUSE Recommended Update: flash-player: update to 11.2.202.233 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2012:0561-2 Rating: low References: #757428 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue for flash-player: - 757428: Update to 11.2.202.233 *This release addresses a printing issue that was found in the previous version of Flash Player Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch openSUSE-2012-250 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): flash-player-11.2.202.233-9.1 flash-player-gnome-11.2.202.233-9.1 flash-player-kde4-11.2.202.233-9.1 References: https://bugzilla.novell.com/757428

1 0

openSUSE-RU-2012:0563-1: syslog-ng: update to version 3.3.5
by maintenance＠opensuse.org 26 Apr '12

26 Apr '12

openSUSE Recommended Update: syslog-ng: update to version 3.3.5 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2012:0563-1 Rating: low References: #747871 #757680 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues for syslog-ng: - 757680: update to syslog-ng 3.3.5 which fixes even more memleaks - 747871: Detect if we have to use the new /run/systemd/journal/syslog socket under newer systemd versions, instead of the default _PATH_LOG (/dev/log) socket. Avoids update problems and the need to adopt config before using init=... boot parameter Fixes for 3.3.1 - Fixed set() and subst() rewrite operations to work properly on the value() parameter specified in the configuration even if they are referenced at multiple spots in the configuration file. Earlier the 2nd and subsequent invocation of the rewrite rule changed $MESSAGE. - Fixed csv-parser() to work even if it is invoked at multiple spots in the configuration file. Earlier, the 2nd and subsequent references of the parser rule forgot the list of column names and the input template. - Fixed the processing of condition() parameter in rewrite rules, which was broken if it contained a filter() function call. - Fixed program() destination to properly kill the child process on reload and shutdown. - Fixed a potential division by zero error which could happen for large data rates due to a race in an unlocked region. - Fixed an assertion failure in mongodb destination that happened due to a race condition at high data rates. - Fixed an fd leak in the control socket code, that caused the control connection file descriptors to be leaked. - Fixed a crash problem in the tcp() destination, that occurred at or after a reload happens. - Fixed a segmentation fault on reload when using the same rewrite rule from multiple log paths. - Fixed a segmentation fault when processing a reload request in case an existing tcp() source is removed from the config and there are open connections. - Fixed a possible segmentation fault in the scalable queue implementation, which happens in case a destination is slower to process messages than syslog-ng would like to send them. - Fixed a possible file() destination issue that could cause syslog-ng to omit data or to write garbage to the log file in case the kernel reports that only a smaller portion of the actual write request could be accomplished. - Fixed an "internal error duplicate config element" error during reload due to an invalid bugfix applied for 3.3.1. Older beta versions of 3.3 were not affected. - Fixed a memory leak that causes macro based file destinations to leak their queue when destination files are closed due to time-reap(). - Fixed the handling of the condition() option for rewrite rules. - Fixed a race condition in value-pairs support, potentially causing heap corruption problems when $(format-json) is used in threaded mode. - Fixed a memory leak in value-pairs template function argument parsing, fixing a leak if $(format-json) is used. - Repeated definitions of source, destination, filter, rewrite, parser and block elements are not allowed by default anymore. These are reported as configuration errors unless @define allow-config-dups 1 is specified in the configuration file. - Fixed pdbtool error reporting in "pdbtool test" to make it easier to understand what went wrong. - Added an SQL connection health check in case an INSERT failed. This way syslog-ng handles SQL server timeouts better. - Fixed support for systemd socket activation. Previously such sockets were not set to non-blocking mode, causing syslog-ng to hang. - Fixed the filter() function in the filter expression to work also when used as a part of an AND or OR construct. - Allow the sql() destination to operate even without an indexes() option. That parameter was meant to be optional, but it wasn't. - Fixed compilation issues if no OpenSSL is present. - Fixed a minor memory leak in the usertty() driver that can increase memory usage on every reload. (The username() parameter wasn't properly freed on reload). - Fixed a minor memory leak in the sql() driver that can increase the memory usage on every reload (indexes() parameter wasn't properly freed on reload). + Changes for 3.3.1 - db-parser() automatically sets a tag named '.classifier.unknown' if the message doesn't match. - The use of actions in db-parser() for messages without a correllation context was inconsistently indexing messages. For actions in rules that had correllation @0 was the new message being generated, and @1 was the message that triggered the rule. Without correllation @0 was used for the triggering message, which is greatly inconsistent and unintuitive. This was fixed by changing the behaviour for rules without correllation, now both correllation and non-correllation rules use @0 for the new message, and @1 for the triggering message. This is an incompatible change in the db-parser() format. - The value of the $TAGS macro is added to pdbtool match output. - unix-dgram() and unix-stream() error logging on systemd failures became more detailed for easier troubleshooting. - fix systemd support for openSUSE > 12.1 - update to 3.3.4 - update to the latest 3.3-git - update to 3.3.3 - remove filter patch - fix afsql related warning - remove call to suse_update_config (very old work around) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-253 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): syslog-ng-3.3.5-7.9.1 syslog-ng-debuginfo-3.3.5-7.9.1 syslog-ng-debugsource-3.3.5-7.9.1 syslog-ng-json-3.3.5-7.9.1 syslog-ng-json-debuginfo-3.3.5-7.9.1 syslog-ng-sql-3.3.5-7.9.1 syslog-ng-sql-debuginfo-3.3.5-7.9.1 References: https://bugzilla.novell.com/747871 https://bugzilla.novell.com/757680

1 0

openSUSE-RU-2012:0562-1: python-bugzilla: fixed connection to novell bugzilla
by maintenance＠opensuse.org 26 Apr '12

26 Apr '12

openSUSE Recommended Update: python-bugzilla: fixed connection to novell bugzilla ______________________________________________________________________________ Announcement ID: openSUSE-RU-2012:0562-1 Rating: low References: #742243 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues for python-bugzilla: - for 12.1 maint update, the previous set of changes happen to fix bnc#742243: - remove basic auth credentials from backtraces - Novell Bugzilla is the default when using bugzilla command line tool - update to openSUSE-1 tag from openSUSE's git branch * better handling of NovellBugzilla instances * using HTTP basic auth instead of IChain Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-251 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (noarch): python-bugzilla-0.6.2-2.4.1 References: https://bugzilla.novell.com/742243

1 0

openSUSE-RU-2012:0561-1: flash-player: update to 11.2.202.233
by maintenance＠opensuse.org 26 Apr '12

26 Apr '12

openSUSE Recommended Update: flash-player: update to 11.2.202.233 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2012:0561-1 Rating: low References: #757428 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue for flash-player: - 757428: Update to 11.2.202.233 *This release addresses a printing issue that was found in the previous version of Flash Player Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-250 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): flash-player-11.2.202.233-15.1 flash-player-gnome-11.2.202.233-15.1 flash-player-kde4-11.2.202.233-15.1 References: https://bugzilla.novell.com/757428

1 0

openSUSE-SU-2012:0559-1: moderate: update for t1lib
by opensuse-security＠opensuse.org 25 Apr '12

25 Apr '12

openSUSE Security Update: update for t1lib ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0559-1 Rating: moderate References: #684802 #757961 Cross-References: CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: Specially crafted type1 fonts could cause memory corruptions in t1lib Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-249 - openSUSE 11.4: zypper in -t patch openSUSE-2012-249 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): t1lib-5.1.2-15.7.1 t1lib-debuginfo-5.1.2-15.7.1 t1lib-debugsource-5.1.2-15.7.1 t1lib-devel-5.1.2-15.7.1 - openSUSE 11.4 (i586 x86_64): t1lib-5.1.2-16.1 t1lib-debuginfo-5.1.2-16.1 t1lib-debugsource-5.1.2-16.1 t1lib-devel-5.1.2-16.1 References: http://support.novell.com/security/cve/CVE-2011-0433.html http://support.novell.com/security/cve/CVE-2011-0764.html http://support.novell.com/security/cve/CVE-2011-1552.html http://support.novell.com/security/cve/CVE-2011-1553.html http://support.novell.com/security/cve/CVE-2011-1554.html https://bugzilla.novell.com/684802 https://bugzilla.novell.com/757961

1 0

openSUSE-SU-2012:0558-1: moderate: update for wireshark
by opensuse-security＠opensuse.org 25 Apr '12

25 Apr '12

openSUSE Security Update: update for wireshark ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0558-1 Rating: moderate References: #754474 #754476 #754477 Cross-References: CVE-2012-1593 CVE-2012-1595 CVE-2012-1596 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: Changes in wireshark: - update to 1.4.12 - fix bnc#754474, bnc#754476, bnc#754477(fixed upstream) - Security fixes: - wnpa-sec-2012-04 The ANSI A dissector could dereference a NULL pointer and crash. (Bug 6823) - wnpa-sec-2012-06 The pcap and pcap-ng file parsers could crash trying to read ERF data. (Bug 6804) - wnpa-sec-2012-07 The MP2T dissector could try to allocate too much memory and crash. (Bug 6804) - The Windows installers now include GnuTLS 1.12.18, which fixes several vulnerabilities. - Bug fixes: - Some PGM options are not parsed correctly. (Bug 5687) - dumpcap crashes when capturing from pipe to a pcap-ng file (e.g., when passing data from CACE Pilot to Wireshark). (Bug 5939) - No error for UDP/IPv6 packet with zero checksum. (Bug 6232) - packetBB dissector bug: More than 1000000 items in the tree -- possible infinite loop. (Bug 6687) - Ethernet traces in K12 text format sometimes give bogus "malformed frame" errors and other problems. (Bug 6735) - non-IPP packets to or from port 631 are dissected as IPP. (Bug 6765) - IAX2 dissector reads past end of packet for unknown IEs. (Bug 6815) - Pcap-NG files with SHB options longer than 100 bytes aren't recognized as pcap-NG files, and options longer than 100 bytes in other blocks aren't handled either. (Bug 6846) - Patch to fix DTLS decryption. (Bug 6847) - Expression... dialog is crash. (Bug 6891) - ISAKMP : VendorID CheckPoint : Malformed Packet. (Bug 6972) - Radiotap dissector lists a bogus "DBM TX Attenuation" bit. (Bug 7000) - MySQL dissector assertion. (Ask 8649) Updated Protocol Support HTTP, ISAKMP, MySQL, PacketBB, PGM, TCP, UDP New and Updated Capture File Support Endace ERF, Pcap-NG. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-248 - openSUSE 11.4: zypper in -t patch openSUSE-2012-248 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): wireshark-1.4.12-3.8.1 wireshark-debuginfo-1.4.12-3.8.1 wireshark-debugsource-1.4.12-3.8.1 wireshark-devel-1.4.12-3.8.1 - openSUSE 11.4 (i586 x86_64): wireshark-1.4.12-0.10.1 wireshark-debuginfo-1.4.12-0.10.1 wireshark-debugsource-1.4.12-0.10.1 wireshark-devel-1.4.12-0.10.1 References: http://support.novell.com/security/cve/CVE-2012-1593.html http://support.novell.com/security/cve/CVE-2012-1595.html http://support.novell.com/security/cve/CVE-2012-1596.html https://bugzilla.novell.com/754474 https://bugzilla.novell.com/754476 https://bugzilla.novell.com/754477

1 0

openSUSE-SU-2012:0557-1: moderate: update for cobbler
by opensuse-security＠opensuse.org 24 Apr '12

24 Apr '12

openSUSE Security Update: update for cobbler ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0557-1 Rating: moderate References: #757062 #757316 #757479 Cross-References: CVE-2011-4952 CVE-2011-4953 CVE-2011-4954 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: Specially crafted YAML could allow attackers to execute arbitrary code due to the use of yaml.load instead of yaml.safe_load. Cobbler-web was prone to Cross-Site-Request-Forgery (CSRF) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-247 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): cobbler-2.2.1-7.10.1 cobbler-web-2.2.1-7.10.1 koan-2.2.1-7.10.1 References: http://support.novell.com/security/cve/CVE-2011-4952.html http://support.novell.com/security/cve/CVE-2011-4953.html http://support.novell.com/security/cve/CVE-2011-4954.html https://bugzilla.novell.com/757062 https://bugzilla.novell.com/757316 https://bugzilla.novell.com/757479

1 0

openSUSE-SU-2012:0551-1: update for php5
by opensuse-security＠opensuse.org 23 Apr '12

23 Apr '12

openSUSE Security Update: update for php5 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0551-1 Rating: low References: #752030 Cross-References: CVE-2012-1172 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Scripts that accept multiple file uploads in a single request were potentially vulnerable to a directory traversal attack Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-244 - openSUSE 11.4: zypper in -t patch openSUSE-2012-244 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): apache2-mod_php5-5.3.8-4.12.2 apache2-mod_php5-debuginfo-5.3.8-4.12.2 php5-5.3.8-4.12.2 php5-bcmath-5.3.8-4.12.2 php5-bcmath-debuginfo-5.3.8-4.12.2 php5-bz2-5.3.8-4.12.2 php5-bz2-debuginfo-5.3.8-4.12.2 php5-calendar-5.3.8-4.12.2 php5-calendar-debuginfo-5.3.8-4.12.2 php5-ctype-5.3.8-4.12.2 php5-ctype-debuginfo-5.3.8-4.12.2 php5-curl-5.3.8-4.12.2 php5-curl-debuginfo-5.3.8-4.12.2 php5-dba-5.3.8-4.12.2 php5-dba-debuginfo-5.3.8-4.12.2 php5-debuginfo-5.3.8-4.12.2 php5-debugsource-5.3.8-4.12.2 php5-devel-5.3.8-4.12.2 php5-dom-5.3.8-4.12.2 php5-dom-debuginfo-5.3.8-4.12.2 php5-enchant-5.3.8-4.12.2 php5-enchant-debuginfo-5.3.8-4.12.2 php5-exif-5.3.8-4.12.2 php5-exif-debuginfo-5.3.8-4.12.2 php5-fastcgi-5.3.8-4.12.2 php5-fastcgi-debuginfo-5.3.8-4.12.2 php5-fileinfo-5.3.8-4.12.2 php5-fileinfo-debuginfo-5.3.8-4.12.2 php5-fpm-5.3.8-4.12.2 php5-fpm-debuginfo-5.3.8-4.12.2 php5-ftp-5.3.8-4.12.2 php5-ftp-debuginfo-5.3.8-4.12.2 php5-gd-5.3.8-4.12.2 php5-gd-debuginfo-5.3.8-4.12.2 php5-gettext-5.3.8-4.12.2 php5-gettext-debuginfo-5.3.8-4.12.2 php5-gmp-5.3.8-4.12.2 php5-gmp-debuginfo-5.3.8-4.12.2 php5-iconv-5.3.8-4.12.2 php5-iconv-debuginfo-5.3.8-4.12.2 php5-imap-5.3.8-4.12.2 php5-imap-debuginfo-5.3.8-4.12.2 php5-intl-5.3.8-4.12.2 php5-intl-debuginfo-5.3.8-4.12.2 php5-json-5.3.8-4.12.2 php5-json-debuginfo-5.3.8-4.12.2 php5-ldap-5.3.8-4.12.2 php5-ldap-debuginfo-5.3.8-4.12.2 php5-mbstring-5.3.8-4.12.2 php5-mbstring-debuginfo-5.3.8-4.12.2 php5-mcrypt-5.3.8-4.12.2 php5-mcrypt-debuginfo-5.3.8-4.12.2 php5-mssql-5.3.8-4.12.2 php5-mssql-debuginfo-5.3.8-4.12.2 php5-mysql-5.3.8-4.12.2 php5-mysql-debuginfo-5.3.8-4.12.2 php5-odbc-5.3.8-4.12.2 php5-odbc-debuginfo-5.3.8-4.12.2 php5-openssl-5.3.8-4.12.2 php5-openssl-debuginfo-5.3.8-4.12.2 php5-pcntl-5.3.8-4.12.2 php5-pcntl-debuginfo-5.3.8-4.12.2 php5-pdo-5.3.8-4.12.2 php5-pdo-debuginfo-5.3.8-4.12.2 php5-pgsql-5.3.8-4.12.2 php5-pgsql-debuginfo-5.3.8-4.12.2 php5-phar-5.3.8-4.12.2 php5-phar-debuginfo-5.3.8-4.12.2 php5-posix-5.3.8-4.12.2 php5-posix-debuginfo-5.3.8-4.12.2 php5-pspell-5.3.8-4.12.2 php5-pspell-debuginfo-5.3.8-4.12.2 php5-readline-5.3.8-4.12.2 php5-readline-debuginfo-5.3.8-4.12.2 php5-shmop-5.3.8-4.12.2 php5-shmop-debuginfo-5.3.8-4.12.2 php5-snmp-5.3.8-4.12.2 php5-snmp-debuginfo-5.3.8-4.12.2 php5-soap-5.3.8-4.12.2 php5-soap-debuginfo-5.3.8-4.12.2 php5-sockets-5.3.8-4.12.2 php5-sockets-debuginfo-5.3.8-4.12.2 php5-sqlite-5.3.8-4.12.2 php5-sqlite-debuginfo-5.3.8-4.12.2 php5-suhosin-5.3.8-4.12.2 php5-suhosin-debuginfo-5.3.8-4.12.2 php5-sysvmsg-5.3.8-4.12.2 php5-sysvmsg-debuginfo-5.3.8-4.12.2 php5-sysvsem-5.3.8-4.12.2 php5-sysvsem-debuginfo-5.3.8-4.12.2 php5-sysvshm-5.3.8-4.12.2 php5-sysvshm-debuginfo-5.3.8-4.12.2 php5-tidy-5.3.8-4.12.2 php5-tidy-debuginfo-5.3.8-4.12.2 php5-tokenizer-5.3.8-4.12.2 php5-tokenizer-debuginfo-5.3.8-4.12.2 php5-wddx-5.3.8-4.12.2 php5-wddx-debuginfo-5.3.8-4.12.2 php5-xmlreader-5.3.8-4.12.2 php5-xmlreader-debuginfo-5.3.8-4.12.2 php5-xmlrpc-5.3.8-4.12.2 php5-xmlrpc-debuginfo-5.3.8-4.12.2 php5-xmlwriter-5.3.8-4.12.2 php5-xmlwriter-debuginfo-5.3.8-4.12.2 php5-xsl-5.3.8-4.12.2 php5-xsl-debuginfo-5.3.8-4.12.2 php5-zip-5.3.8-4.12.2 php5-zip-debuginfo-5.3.8-4.12.2 php5-zlib-5.3.8-4.12.2 php5-zlib-debuginfo-5.3.8-4.12.2 - openSUSE 12.1 (noarch): php5-pear-5.3.8-4.12.2 - openSUSE 11.4 (i586 x86_64): apache2-mod_php5-5.3.5-5.329.1 apache2-mod_php5-debuginfo-5.3.5-5.329.1 php5-5.3.5-5.329.1 php5-bcmath-5.3.5-5.329.1 php5-bcmath-debuginfo-5.3.5-5.329.1 php5-bz2-5.3.5-5.329.1 php5-bz2-debuginfo-5.3.5-5.329.1 php5-calendar-5.3.5-5.329.1 php5-calendar-debuginfo-5.3.5-5.329.1 php5-ctype-5.3.5-5.329.1 php5-ctype-debuginfo-5.3.5-5.329.1 php5-curl-5.3.5-5.329.1 php5-curl-debuginfo-5.3.5-5.329.1 php5-dba-5.3.5-5.329.1 php5-dba-debuginfo-5.3.5-5.329.1 php5-debuginfo-5.3.5-5.329.1 php5-debugsource-5.3.5-5.329.1 php5-devel-5.3.5-5.329.1 php5-dom-5.3.5-5.329.1 php5-dom-debuginfo-5.3.5-5.329.1 php5-enchant-5.3.5-5.329.1 php5-enchant-debuginfo-5.3.5-5.329.1 php5-exif-5.3.5-5.329.1 php5-exif-debuginfo-5.3.5-5.329.1 php5-fastcgi-5.3.5-5.329.1 php5-fastcgi-debuginfo-5.3.5-5.329.1 php5-fileinfo-5.3.5-5.329.1 php5-fileinfo-debuginfo-5.3.5-5.329.1 php5-fpm-5.3.5-5.329.1 php5-fpm-debuginfo-5.3.5-5.329.1 php5-ftp-5.3.5-5.329.1 php5-ftp-debuginfo-5.3.5-5.329.1 php5-gd-5.3.5-5.329.1 php5-gd-debuginfo-5.3.5-5.329.1 php5-gettext-5.3.5-5.329.1 php5-gettext-debuginfo-5.3.5-5.329.1 php5-gmp-5.3.5-5.329.1 php5-gmp-debuginfo-5.3.5-5.329.1 php5-hash-5.3.5-5.329.1 php5-hash-debuginfo-5.3.5-5.329.1 php5-iconv-5.3.5-5.329.1 php5-iconv-debuginfo-5.3.5-5.329.1 php5-imap-5.3.5-5.329.1 php5-imap-debuginfo-5.3.5-5.329.1 php5-intl-5.3.5-5.329.1 php5-intl-debuginfo-5.3.5-5.329.1 php5-json-5.3.5-5.329.1 php5-json-debuginfo-5.3.5-5.329.1 php5-ldap-5.3.5-5.329.1 php5-ldap-debuginfo-5.3.5-5.329.1 php5-mbstring-5.3.5-5.329.1 php5-mbstring-debuginfo-5.3.5-5.329.1 php5-mcrypt-5.3.5-5.329.1 php5-mcrypt-debuginfo-5.3.5-5.329.1 php5-mysql-5.3.5-5.329.1 php5-mysql-debuginfo-5.3.5-5.329.1 php5-odbc-5.3.5-5.329.1 php5-odbc-debuginfo-5.3.5-5.329.1 php5-openssl-5.3.5-5.329.1 php5-openssl-debuginfo-5.3.5-5.329.1 php5-pcntl-5.3.5-5.329.1 php5-pcntl-debuginfo-5.3.5-5.329.1 php5-pdo-5.3.5-5.329.1 php5-pdo-debuginfo-5.3.5-5.329.1 php5-pgsql-5.3.5-5.329.1 php5-pgsql-debuginfo-5.3.5-5.329.1 php5-phar-5.3.5-5.329.1 php5-phar-debuginfo-5.3.5-5.329.1 php5-posix-5.3.5-5.329.1 php5-posix-debuginfo-5.3.5-5.329.1 php5-pspell-5.3.5-5.329.1 php5-pspell-debuginfo-5.3.5-5.329.1 php5-readline-5.3.5-5.329.1 php5-readline-debuginfo-5.3.5-5.329.1 php5-shmop-5.3.5-5.329.1 php5-shmop-debuginfo-5.3.5-5.329.1 php5-snmp-5.3.5-5.329.1 php5-snmp-debuginfo-5.3.5-5.329.1 php5-soap-5.3.5-5.329.1 php5-soap-debuginfo-5.3.5-5.329.1 php5-sockets-5.3.5-5.329.1 php5-sockets-debuginfo-5.3.5-5.329.1 php5-sqlite-5.3.5-5.329.1 php5-sqlite-debuginfo-5.3.5-5.329.1 php5-suhosin-5.3.5-5.329.1 php5-suhosin-debuginfo-5.3.5-5.329.1 php5-sysvmsg-5.3.5-5.329.1 php5-sysvmsg-debuginfo-5.3.5-5.329.1 php5-sysvsem-5.3.5-5.329.1 php5-sysvsem-debuginfo-5.3.5-5.329.1 php5-sysvshm-5.3.5-5.329.1 php5-sysvshm-debuginfo-5.3.5-5.329.1 php5-tidy-5.3.5-5.329.1 php5-tidy-debuginfo-5.3.5-5.329.1 php5-tokenizer-5.3.5-5.329.1 php5-tokenizer-debuginfo-5.3.5-5.329.1 php5-wddx-5.3.5-5.329.1 php5-wddx-debuginfo-5.3.5-5.329.1 php5-xmlreader-5.3.5-5.329.1 php5-xmlreader-debuginfo-5.3.5-5.329.1 php5-xmlrpc-5.3.5-5.329.1 php5-xmlrpc-debuginfo-5.3.5-5.329.1 php5-xmlwriter-5.3.5-5.329.1 php5-xmlwriter-debuginfo-5.3.5-5.329.1 php5-xsl-5.3.5-5.329.1 php5-xsl-debuginfo-5.3.5-5.329.1 php5-zip-5.3.5-5.329.1 php5-zip-debuginfo-5.3.5-5.329.1 php5-zlib-5.3.5-5.329.1 php5-zlib-debuginfo-5.3.5-5.329.1 - openSUSE 11.4 (noarch): php5-pear-5.3.5-5.329.1 References: http://support.novell.com/security/cve/CVE-2012-1172.html https://bugzilla.novell.com/752030

1 0

openSUSE-SU-2012:0550-1: moderate: update for csound
by opensuse-security＠opensuse.org 23 Apr '12

23 Apr '12

openSUSE Security Update: update for csound ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0550-1 Rating: moderate References: #757254 #757255 #757256 Cross-References: CVE-2012-2106 CVE-2012-2107 CVE-2012-2108 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: specially crafted files could cause buffer overflows in csound Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-246 - openSUSE 11.4: zypper in -t patch openSUSE-2012-246 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): csound-5.06.0-142.6.1 - openSUSE 11.4 (i586 x86_64): csound-5.06.0-139.144.1 References: http://support.novell.com/security/cve/CVE-2012-2106.html http://support.novell.com/security/cve/CVE-2012-2107.html http://support.novell.com/security/cve/CVE-2012-2108.html https://bugzilla.novell.com/757254 https://bugzilla.novell.com/757255 https://bugzilla.novell.com/757256

1 0