openSUSE Recommended Update: flash-player: update to 11.2.202.233
______________________________________________________________________________
Announcement ID: openSUSE-RU-2012:0561-2
Rating: low
References: #757428
Affected Products:
openSUSE 11.4
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issue for flash-player:
- 757428: Update to 11.2.202.233
*This release addresses a printing issue that was found
in the previous version of Flash Player
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch openSUSE-2012-250
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
flash-player-11.2.202.233-9.1
flash-player-gnome-11.2.202.233-9.1
flash-player-kde4-11.2.202.233-9.1
References:
https://bugzilla.novell.com/757428
openSUSE Recommended Update: syslog-ng: update to version 3.3.5
______________________________________________________________________________
Announcement ID: openSUSE-RU-2012:0563-1
Rating: low
References: #747871 #757680
Affected Products:
openSUSE 12.1
______________________________________________________________________________
An update that has two recommended fixes can now be
installed.
Description:
This update fixes the following issues for syslog-ng:
- 757680: update to syslog-ng 3.3.5 which fixes even more
memleaks
- 747871: Detect if we have to use the new
/run/systemd/journal/syslog socket under newer systemd
versions, instead of the default _PATH_LOG (/dev/log)
socket. Avoids update problems and the need to adopt
config before using init=... boot parameter
Fixes for 3.3.1
- Fixed set() and subst() rewrite operations to work
properly on the value() parameter specified in the
configuration even if they are referenced at multiple
spots in the configuration file. Earlier the 2nd and
subsequent invocation of the rewrite rule changed
$MESSAGE.
- Fixed csv-parser() to work even if it is invoked at
multiple spots in the configuration file. Earlier, the
2nd and subsequent references of the parser rule forgot
the list of column names and the input template.
- Fixed the processing of condition() parameter in rewrite
rules, which was broken if it contained a filter()
function call.
- Fixed program() destination to properly kill the child
process on reload and shutdown.
- Fixed a potential division by zero error which could
happen for large data rates due to a race in an unlocked
region.
- Fixed an assertion failure in mongodb destination that
happened due to a race condition at high data rates.
- Fixed an fd leak in the control socket code, that caused
the control connection file descriptors to be leaked.
- Fixed a crash problem in the tcp() destination, that
occurred at or after a reload happens.
- Fixed a segmentation fault on reload when using the same
rewrite rule from multiple log paths.
- Fixed a segmentation fault when processing a reload
request in case an existing tcp() source is removed from
the config and there are open connections.
- Fixed a possible segmentation fault in the scalable queue
implementation, which happens in case a destination is
slower to process messages than syslog-ng would like to
send them.
- Fixed a possible file() destination issue that could
cause syslog-ng to omit data or to write garbage to the
log file in case the kernel reports that only a smaller
portion of the actual write request could be accomplished.
- Fixed an "internal error duplicate config element" error
during reload due to an invalid bugfix applied for
3.3.1. Older beta versions of 3.3 were not affected.
- Fixed a memory leak that causes macro based file
destinations to leak their queue when destination files
are closed due to time-reap().
- Fixed the handling of the condition() option for rewrite
rules.
- Fixed a race condition in value-pairs support,
potentially causing heap corruption problems when
$(format-json) is used in threaded mode.
- Fixed a memory leak in value-pairs template function
argument parsing, fixing a leak if $(format-json) is used.
- Repeated definitions of source, destination, filter,
rewrite, parser and block elements are not allowed by
default anymore. These are reported as configuration
errors unless @define allow-config-dups 1 is specified in
the configuration file.
- Fixed pdbtool error reporting in "pdbtool test" to make
it easier to understand what went wrong.
- Added an SQL connection health check in case an INSERT
failed. This way syslog-ng handles SQL server timeouts
better.
- Fixed support for systemd socket activation. Previously
such sockets were not set to non-blocking mode, causing
syslog-ng to hang.
- Fixed the filter() function in the filter expression to
work also when used as a part of an AND or OR construct.
- Allow the sql() destination to operate even without an
indexes() option. That parameter was meant to be
optional, but it wasn't.
- Fixed compilation issues if no OpenSSL is present.
- Fixed a minor memory leak in the usertty() driver that
can increase memory usage on every reload. (The
username() parameter wasn't properly freed on reload).
- Fixed a minor memory leak in the sql() driver that can
increase the memory usage on every reload (indexes()
parameter wasn't properly freed on reload).
+ Changes for 3.3.1
- db-parser() automatically sets a tag named
'.classifier.unknown' if the message doesn't match.
- The use of actions in db-parser() for messages without a
correllation context was inconsistently indexing
messages. For actions in rules that had correllation @0
was the new message being generated, and @1 was the
message that triggered the rule. Without correllation @0
was used for the triggering message, which is greatly
inconsistent and unintuitive. This was fixed by changing
the behaviour for rules without correllation, now both
correllation and non-correllation rules use @0 for the
new message, and @1 for the triggering message. This is
an incompatible change in the db-parser() format.
- The value of the $TAGS macro is added to pdbtool match
output.
- unix-dgram() and unix-stream() error logging on systemd
failures became more detailed for easier troubleshooting.
- fix systemd support for openSUSE > 12.1
- update to 3.3.4
- update to the latest 3.3-git
- update to 3.3.3
- remove filter patch
- fix afsql related warning
- remove call to suse_update_config (very old work around)
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.1:
zypper in -t patch openSUSE-2012-253
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.1 (i586 x86_64):
syslog-ng-3.3.5-7.9.1
syslog-ng-debuginfo-3.3.5-7.9.1
syslog-ng-debugsource-3.3.5-7.9.1
syslog-ng-json-3.3.5-7.9.1
syslog-ng-json-debuginfo-3.3.5-7.9.1
syslog-ng-sql-3.3.5-7.9.1
syslog-ng-sql-debuginfo-3.3.5-7.9.1
References:
https://bugzilla.novell.com/747871https://bugzilla.novell.com/757680
openSUSE Recommended Update: python-bugzilla: fixed connection to novell bugzilla
______________________________________________________________________________
Announcement ID: openSUSE-RU-2012:0562-1
Rating: low
References: #742243
Affected Products:
openSUSE 12.1
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issues for python-bugzilla:
- for 12.1 maint update, the previous set of changes happen
to fix bnc#742243:
- remove basic auth credentials from backtraces
- Novell Bugzilla is the default when using bugzilla
command line tool
- update to openSUSE-1 tag from openSUSE's git branch
* better handling of NovellBugzilla instances
* using HTTP basic auth instead of IChain
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.1:
zypper in -t patch openSUSE-2012-251
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.1 (noarch):
python-bugzilla-0.6.2-2.4.1
References:
https://bugzilla.novell.com/742243
openSUSE Recommended Update: flash-player: update to 11.2.202.233
______________________________________________________________________________
Announcement ID: openSUSE-RU-2012:0561-1
Rating: low
References: #757428
Affected Products:
openSUSE 12.1
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issue for flash-player:
- 757428: Update to 11.2.202.233
*This release addresses a printing issue that was found
in the previous version of Flash Player
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.1:
zypper in -t patch openSUSE-2012-250
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.1 (i586 x86_64):
flash-player-11.2.202.233-15.1
flash-player-gnome-11.2.202.233-15.1
flash-player-kde4-11.2.202.233-15.1
References:
https://bugzilla.novell.com/757428
openSUSE Security Update: update for t1lib
______________________________________________________________________________
Announcement ID: openSUSE-SU-2012:0559-1
Rating: moderate
References: #684802 #757961
Cross-References: CVE-2011-0433 CVE-2011-0764 CVE-2011-1552
CVE-2011-1553 CVE-2011-1554
Affected Products:
openSUSE 12.1
openSUSE 11.4
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
Specially crafted type1 fonts could cause memory
corruptions in t1lib
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.1:
zypper in -t patch openSUSE-2012-249
- openSUSE 11.4:
zypper in -t patch openSUSE-2012-249
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.1 (i586 x86_64):
t1lib-5.1.2-15.7.1
t1lib-debuginfo-5.1.2-15.7.1
t1lib-debugsource-5.1.2-15.7.1
t1lib-devel-5.1.2-15.7.1
- openSUSE 11.4 (i586 x86_64):
t1lib-5.1.2-16.1
t1lib-debuginfo-5.1.2-16.1
t1lib-debugsource-5.1.2-16.1
t1lib-devel-5.1.2-16.1
References:
http://support.novell.com/security/cve/CVE-2011-0433.htmlhttp://support.novell.com/security/cve/CVE-2011-0764.htmlhttp://support.novell.com/security/cve/CVE-2011-1552.htmlhttp://support.novell.com/security/cve/CVE-2011-1553.htmlhttp://support.novell.com/security/cve/CVE-2011-1554.htmlhttps://bugzilla.novell.com/684802https://bugzilla.novell.com/757961
openSUSE Security Update: update for wireshark
______________________________________________________________________________
Announcement ID: openSUSE-SU-2012:0558-1
Rating: moderate
References: #754474 #754476 #754477
Cross-References: CVE-2012-1593 CVE-2012-1595 CVE-2012-1596
Affected Products:
openSUSE 12.1
openSUSE 11.4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
Changes in wireshark:
- update to 1.4.12
- fix bnc#754474, bnc#754476, bnc#754477(fixed upstream)
- Security fixes:
- wnpa-sec-2012-04 The ANSI A dissector could
dereference a NULL pointer and crash. (Bug 6823)
- wnpa-sec-2012-06 The pcap and pcap-ng file parsers
could crash trying to read ERF data. (Bug 6804)
- wnpa-sec-2012-07 The MP2T dissector could try to
allocate too much memory and crash. (Bug 6804)
- The Windows installers now include GnuTLS 1.12.18,
which fixes several vulnerabilities.
- Bug fixes:
- Some PGM options are not parsed correctly. (Bug 5687)
- dumpcap crashes when capturing from pipe to a pcap-ng
file (e.g., when passing data from CACE Pilot to
Wireshark). (Bug 5939)
- No error for UDP/IPv6 packet with zero checksum. (Bug
6232)
- packetBB dissector bug: More than 1000000 items in
the tree -- possible infinite loop. (Bug 6687)
- Ethernet traces in K12 text format sometimes give
bogus "malformed frame" errors and other problems. (Bug
6735)
- non-IPP packets to or from port 631 are dissected as
IPP. (Bug 6765)
- IAX2 dissector reads past end of packet for unknown
IEs. (Bug 6815)
- Pcap-NG files with SHB options longer than 100 bytes
aren't recognized as pcap-NG files, and options longer than
100 bytes in other blocks aren't handled either. (Bug 6846)
- Patch to fix DTLS decryption. (Bug 6847)
- Expression... dialog is crash. (Bug 6891)
- ISAKMP : VendorID CheckPoint : Malformed Packet. (Bug
6972)
- Radiotap dissector lists a bogus "DBM TX Attenuation"
bit. (Bug 7000)
- MySQL dissector assertion. (Ask 8649) Updated
Protocol Support HTTP, ISAKMP, MySQL, PacketBB, PGM, TCP,
UDP New and Updated Capture File Support Endace ERF,
Pcap-NG.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.1:
zypper in -t patch openSUSE-2012-248
- openSUSE 11.4:
zypper in -t patch openSUSE-2012-248
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.1 (i586 x86_64):
wireshark-1.4.12-3.8.1
wireshark-debuginfo-1.4.12-3.8.1
wireshark-debugsource-1.4.12-3.8.1
wireshark-devel-1.4.12-3.8.1
- openSUSE 11.4 (i586 x86_64):
wireshark-1.4.12-0.10.1
wireshark-debuginfo-1.4.12-0.10.1
wireshark-debugsource-1.4.12-0.10.1
wireshark-devel-1.4.12-0.10.1
References:
http://support.novell.com/security/cve/CVE-2012-1593.htmlhttp://support.novell.com/security/cve/CVE-2012-1595.htmlhttp://support.novell.com/security/cve/CVE-2012-1596.htmlhttps://bugzilla.novell.com/754474https://bugzilla.novell.com/754476https://bugzilla.novell.com/754477
openSUSE Security Update: update for cobbler
______________________________________________________________________________
Announcement ID: openSUSE-SU-2012:0557-1
Rating: moderate
References: #757062 #757316 #757479
Cross-References: CVE-2011-4952 CVE-2011-4953 CVE-2011-4954
Affected Products:
openSUSE 12.1
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
Specially crafted YAML could allow attackers to execute
arbitrary code due to the use of yaml.load instead of
yaml.safe_load.
Cobbler-web was prone to Cross-Site-Request-Forgery (CSRF)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.1:
zypper in -t patch openSUSE-2012-247
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.1 (i586 x86_64):
cobbler-2.2.1-7.10.1
cobbler-web-2.2.1-7.10.1
koan-2.2.1-7.10.1
References:
http://support.novell.com/security/cve/CVE-2011-4952.htmlhttp://support.novell.com/security/cve/CVE-2011-4953.htmlhttp://support.novell.com/security/cve/CVE-2011-4954.htmlhttps://bugzilla.novell.com/757062https://bugzilla.novell.com/757316https://bugzilla.novell.com/757479
openSUSE Security Update: update for csound
______________________________________________________________________________
Announcement ID: openSUSE-SU-2012:0550-1
Rating: moderate
References: #757254 #757255 #757256
Cross-References: CVE-2012-2106 CVE-2012-2107 CVE-2012-2108
Affected Products:
openSUSE 12.1
openSUSE 11.4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
specially crafted files could cause buffer overflows in
csound
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.1:
zypper in -t patch openSUSE-2012-246
- openSUSE 11.4:
zypper in -t patch openSUSE-2012-246
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.1 (i586 x86_64):
csound-5.06.0-142.6.1
- openSUSE 11.4 (i586 x86_64):
csound-5.06.0-139.144.1
References:
http://support.novell.com/security/cve/CVE-2012-2106.htmlhttp://support.novell.com/security/cve/CVE-2012-2107.htmlhttp://support.novell.com/security/cve/CVE-2012-2108.htmlhttps://bugzilla.novell.com/757254https://bugzilla.novell.com/757255https://bugzilla.novell.com/757256