July 2012 - openSUSE Updates - openSUSE Mailing Lists

openSUSE-RU-2012:0925-1: libreoffice: Update to 3.5.47
by maintenance＠opensuse.org 30 Jul '12

30 Jul '12

openSUSE Recommended Update: libreoffice: Update to 3.5.47 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2012:0925-1 Rating: low References: #325936 #335643 #343673 #413560 #421559 #465252 #471280 #529233 #529404 #551003 #651964 #652364 #693238 #703032 #706138 #714787 #717947 #719989 #719997 #745873 #745930 #747461 #747471 #749960 #750255 #750258 #750838 #751028 #751077 #751573 #753458 #757118 #757419 #757609 #757651 #757840 #757844 #757885 #757905 #757910 #758575 #758883 #758914 #759178 #759212 #759982 #760029 #760294 #760764 #760997 #760999 #762542 #763168 #764005 #765942 #765998 #766477 #766481 #766487 #767452 #769162 #769593 #769793 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that has 63 recommended fixes can now be installed. Description: This update of LibreOffice brings it to 3.5.4.7. It contains a lot of bugfixes. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-467 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): libreoffice-3.5.4.7-4.8.1 libreoffice-base-3.5.4.7-4.8.1 libreoffice-base-debuginfo-3.5.4.7-4.8.1 libreoffice-base-drivers-mysql-3.5.4.7-4.8.1 libreoffice-base-drivers-mysql-debuginfo-3.5.4.7-4.8.1 libreoffice-base-drivers-postgresql-3.5.4.7-4.8.1 libreoffice-base-drivers-postgresql-debuginfo-3.5.4.7-4.8.1 libreoffice-base-extensions-3.5.4.7-4.8.1 libreoffice-calc-3.5.4.7-4.8.1 libreoffice-calc-debuginfo-3.5.4.7-4.8.1 libreoffice-calc-extensions-3.5.4.7-4.8.1 libreoffice-debuginfo-3.5.4.7-4.8.1 libreoffice-debugsource-3.5.4.7-4.8.1 libreoffice-draw-3.5.4.7-4.8.1 libreoffice-draw-extensions-3.5.4.7-4.8.1 libreoffice-draw-extensions-debuginfo-3.5.4.7-4.8.1 libreoffice-filters-optional-3.5.4.7-4.8.1 libreoffice-filters-optional-debuginfo-3.5.4.7-4.8.1 libreoffice-gnome-3.5.4.7-4.8.1 libreoffice-gnome-debuginfo-3.5.4.7-4.8.1 libreoffice-icon-themes-prebuilt-3.5.4.7-4.8.1 libreoffice-impress-3.5.4.7-4.8.1 libreoffice-impress-debuginfo-3.5.4.7-4.8.1 libreoffice-impress-extensions-3.5.4.7-4.8.1 libreoffice-impress-extensions-debuginfo-3.5.4.7-4.8.1 libreoffice-kde-3.5.4.7-4.8.1 libreoffice-kde-debuginfo-3.5.4.7-4.8.1 libreoffice-kde4-3.5.4.7-4.8.1 libreoffice-kde4-debuginfo-3.5.4.7-4.8.1 libreoffice-l10n-prebuilt-3.5.4.7-4.8.1 libreoffice-mailmerge-3.5.4.7-4.8.1 libreoffice-math-3.5.4.7-4.8.1 libreoffice-math-debuginfo-3.5.4.7-4.8.1 libreoffice-officebean-3.5.4.7-4.8.1 libreoffice-officebean-debuginfo-3.5.4.7-4.8.1 libreoffice-pyuno-3.5.4.7-4.8.1 libreoffice-pyuno-debuginfo-3.5.4.7-4.8.1 libreoffice-sdk-3.5.4.7-4.8.1 libreoffice-sdk-debuginfo-3.5.4.7-4.8.1 libreoffice-sdk-doc-3.5.4.7-4.8.1 libreoffice-writer-3.5.4.7-4.8.1 libreoffice-writer-debuginfo-3.5.4.7-4.8.1 libreoffice-writer-extensions-3.5.4.7-4.8.1 - openSUSE 12.1 (noarch): libreoffice-branding-upstream-3.5.4.7-4.8.1 libreoffice-help-cs-3.5.4.7-4.8.1 libreoffice-help-da-3.5.4.7-4.8.1 libreoffice-help-de-3.5.4.7-4.8.1 libreoffice-help-en-GB-3.5.4.7-4.8.1 libreoffice-help-en-US-3.5.4.7-4.8.1 libreoffice-help-en-ZA-3.5.4.7-4.8.1 libreoffice-help-es-3.5.4.7-4.8.1 libreoffice-help-et-3.5.4.7-4.8.1 libreoffice-help-fr-3.5.4.7-4.8.1 libreoffice-help-gl-3.5.4.7-4.8.1 libreoffice-help-gu-IN-3.5.4.7-4.8.1 libreoffice-help-hi-IN-3.5.4.7-4.8.1 libreoffice-help-hu-3.5.4.7-4.8.1 libreoffice-help-it-3.5.4.7-4.8.1 libreoffice-help-ja-3.5.4.7-4.8.1 libreoffice-help-km-3.5.4.7-4.8.1 libreoffice-help-ko-3.5.4.7-4.8.1 libreoffice-help-nl-3.5.4.7-4.8.1 libreoffice-help-pl-3.5.4.7-4.8.1 libreoffice-help-pt-3.5.4.7-4.8.1 libreoffice-help-pt-BR-3.5.4.7-4.8.1 libreoffice-help-ru-3.5.4.7-4.8.1 libreoffice-help-sl-3.5.4.7-4.8.1 libreoffice-help-sv-3.5.4.7-4.8.1 libreoffice-help-zh-CN-3.5.4.7-4.8.1 libreoffice-help-zh-TW-3.5.4.7-4.8.1 libreoffice-icon-theme-crystal-3.5.4.7-4.8.1 libreoffice-icon-theme-galaxy-3.5.4.7-4.8.1 libreoffice-icon-theme-hicontrast-3.5.4.7-4.8.1 libreoffice-icon-theme-oxygen-3.5.4.7-4.8.1 libreoffice-icon-theme-tango-3.5.4.7-4.8.1 libreoffice-l10n-af-3.5.4.7-4.8.1 libreoffice-l10n-ar-3.5.4.7-4.8.1 libreoffice-l10n-be-BY-3.5.4.7-4.8.1 libreoffice-l10n-bg-3.5.4.7-4.8.1 libreoffice-l10n-br-3.5.4.7-4.8.1 libreoffice-l10n-ca-3.5.4.7-4.8.1 libreoffice-l10n-cs-3.5.4.7-4.8.1 libreoffice-l10n-cy-3.5.4.7-4.8.1 libreoffice-l10n-da-3.5.4.7-4.8.1 libreoffice-l10n-de-3.5.4.7-4.8.1 libreoffice-l10n-el-3.5.4.7-4.8.1 libreoffice-l10n-en-GB-3.5.4.7-4.8.1 libreoffice-l10n-en-ZA-3.5.4.7-4.8.1 libreoffice-l10n-es-3.5.4.7-4.8.1 libreoffice-l10n-et-3.5.4.7-4.8.1 libreoffice-l10n-fi-3.5.4.7-4.8.1 libreoffice-l10n-fr-3.5.4.7-4.8.1 libreoffice-l10n-ga-3.5.4.7-4.8.1 libreoffice-l10n-gl-3.5.4.7-4.8.1 libreoffice-l10n-gu-IN-3.5.4.7-4.8.1 libreoffice-l10n-he-3.5.4.7-4.8.1 libreoffice-l10n-hi-IN-3.5.4.7-4.8.1 libreoffice-l10n-hr-3.5.4.7-4.8.1 libreoffice-l10n-hu-3.5.4.7-4.8.1 libreoffice-l10n-it-3.5.4.7-4.8.1 libreoffice-l10n-ja-3.5.4.7-4.8.1 libreoffice-l10n-ka-3.5.4.7-4.8.1 libreoffice-l10n-km-3.5.4.7-4.8.1 libreoffice-l10n-ko-3.5.4.7-4.8.1 libreoffice-l10n-lt-3.5.4.7-4.8.1 libreoffice-l10n-mk-3.5.4.7-4.8.1 libreoffice-l10n-nb-3.5.4.7-4.8.1 libreoffice-l10n-nl-3.5.4.7-4.8.1 libreoffice-l10n-nn-3.5.4.7-4.8.1 libreoffice-l10n-nr-3.5.4.7-4.8.1 libreoffice-l10n-pa-IN-3.5.4.7-4.8.1 libreoffice-l10n-pl-3.5.4.7-4.8.1 libreoffice-l10n-pt-3.5.4.7-4.8.1 libreoffice-l10n-pt-BR-3.5.4.7-4.8.1 libreoffice-l10n-ru-3.5.4.7-4.8.1 libreoffice-l10n-rw-3.5.4.7-4.8.1 libreoffice-l10n-sh-3.5.4.7-4.8.1 libreoffice-l10n-sk-3.5.4.7-4.8.1 libreoffice-l10n-sl-3.5.4.7-4.8.1 libreoffice-l10n-sr-3.5.4.7-4.8.1 libreoffice-l10n-ss-3.5.4.7-4.8.1 libreoffice-l10n-st-3.5.4.7-4.8.1 libreoffice-l10n-sv-3.5.4.7-4.8.1 libreoffice-l10n-tg-3.5.4.7-4.8.1 libreoffice-l10n-th-3.5.4.7-4.8.1 libreoffice-l10n-tr-3.5.4.7-4.8.1 libreoffice-l10n-ts-3.5.4.7-4.8.1 libreoffice-l10n-uk-3.5.4.7-4.8.1 libreoffice-l10n-ve-3.5.4.7-4.8.1 libreoffice-l10n-vi-3.5.4.7-4.8.1 libreoffice-l10n-xh-3.5.4.7-4.8.1 libreoffice-l10n-zh-CN-3.5.4.7-4.8.1 libreoffice-l10n-zh-TW-3.5.4.7-4.8.1 libreoffice-l10n-zu-3.5.4.7-4.8.1 libreoffice-languagetool-1.4-3.4.1 libreoffice-languagetool-ca-1.4-3.4.1 libreoffice-languagetool-de-1.4-3.4.1 libreoffice-languagetool-en-1.4-3.4.1 libreoffice-languagetool-es-1.4-3.4.1 libreoffice-languagetool-fr-1.4-3.4.1 libreoffice-languagetool-gl-1.4-3.4.1 libreoffice-languagetool-it-1.4-3.4.1 libreoffice-languagetool-km-1.4-3.4.1 libreoffice-languagetool-nl-1.4-3.4.1 libreoffice-languagetool-pl-1.4-3.4.1 libreoffice-languagetool-ro-1.4-3.4.1 libreoffice-languagetool-ru-1.4-3.4.1 libreoffice-languagetool-sk-1.4-3.4.1 libreoffice-languagetool-sv-1.4-3.4.1 libreoffice-openclipart-3.5-2.4.3 References: https://bugzilla.novell.com/325936 https://bugzilla.novell.com/335643 https://bugzilla.novell.com/343673 https://bugzilla.novell.com/413560 https://bugzilla.novell.com/421559 https://bugzilla.novell.com/465252 https://bugzilla.novell.com/471280 https://bugzilla.novell.com/529233 https://bugzilla.novell.com/529404 https://bugzilla.novell.com/551003 https://bugzilla.novell.com/651964 https://bugzilla.novell.com/652364 https://bugzilla.novell.com/693238 https://bugzilla.novell.com/703032 https://bugzilla.novell.com/706138 https://bugzilla.novell.com/714787 https://bugzilla.novell.com/717947 https://bugzilla.novell.com/719989 https://bugzilla.novell.com/719997 https://bugzilla.novell.com/745873 https://bugzilla.novell.com/745930 https://bugzilla.novell.com/747461 https://bugzilla.novell.com/747471 https://bugzilla.novell.com/749960 https://bugzilla.novell.com/750255 https://bugzilla.novell.com/750258 https://bugzilla.novell.com/750838 https://bugzilla.novell.com/751028 https://bugzilla.novell.com/751077 https://bugzilla.novell.com/751573 https://bugzilla.novell.com/753458 https://bugzilla.novell.com/757118 https://bugzilla.novell.com/757419 https://bugzilla.novell.com/757609 https://bugzilla.novell.com/757651 https://bugzilla.novell.com/757840 https://bugzilla.novell.com/757844 https://bugzilla.novell.com/757885 https://bugzilla.novell.com/757905 https://bugzilla.novell.com/757910 https://bugzilla.novell.com/758575 https://bugzilla.novell.com/758883 https://bugzilla.novell.com/758914 https://bugzilla.novell.com/759178 https://bugzilla.novell.com/759212 https://bugzilla.novell.com/759982 https://bugzilla.novell.com/760029 https://bugzilla.novell.com/760294 https://bugzilla.novell.com/760764 https://bugzilla.novell.com/760997 https://bugzilla.novell.com/760999 https://bugzilla.novell.com/762542 https://bugzilla.novell.com/763168 https://bugzilla.novell.com/764005 https://bugzilla.novell.com/765942 https://bugzilla.novell.com/765998 https://bugzilla.novell.com/766477 https://bugzilla.novell.com/766481 https://bugzilla.novell.com/766487 https://bugzilla.novell.com/767452 https://bugzilla.novell.com/769162 https://bugzilla.novell.com/769593 https://bugzilla.novell.com/769793

1 0

openSUSE-SU-2012:0924-1: critical: xulrunner to 14.0.1
by opensuse-security＠opensuse.org 30 Jul '12

30 Jul '12

openSUSE Security Update: xulrunner to 14.0.1 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0924-1 Rating: critical References: #771583 Cross-References: CVE-2012-1948 CVE-2012-1949 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. Description: Mozilla XULRunner was updated to 14.0.1, fixing bugs and security issues: Following security issues were fixed: MFSA 2012-42: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. CVE-2012-1949: Brian Smith, Gary Kwong, Christian Holler, Jesse Ruderman, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey reported memory safety problems and crashes that affect Firefox 13. CVE-2012-1948: Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 13. MFSA 2012-43 / CVE-2012-1950: Security researcher Mario Gomes andresearch firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the addressbar by canceling the page load. This causes the address of the previously site entered to be displayed in the addressbar instead of the currently loaded page. This could lead to potential phishing attacks on users. MFSA 2012-44 Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues: two use-after-free problems, one out of bounds read bug, and a bad cast. The first use-after-free problem is caused when an array of nsSMILTimeValueSpec objects is destroyed but attempts are made to call into objects in this array later. The second use-after-free problem is in nsDocument::AdoptNode when it adopts into an empty document and then adopts into another document, emptying the first one. The heap buffer overflow is in ElementAnimations when data is read off of end of an array and then pointers are dereferenced. The bad cast happens when nsTableFrame::InsertFrames is called with frames in aFrameList that are a mix of row group frames and column group frames. AppendFrames is not able to handle this mix. All four of these issues are potentially exploitable. CVE-2012-1951: Heap-use-after-free in nsSMILTimeValueSpec::IsEventBased CVE-2012-1954: Heap-use-after-free in nsDocument::AdoptNode CVE-2012-1953: Out of bounds read in ElementAnimations::EnsureStyleRuleFor CVE-2012-1952: Bad cast in nsTableFrame::InsertFrames MFSA 2012-45 / CVE-2012-1955: Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, calls to history.forward and history.back are used to navigate to a site while displaying the previous site in the addressbar but changing the baseURI to the newer site. This can be used for phishing by allowing the user input form or other data on the newer, attacking, site while appearing to be on the older, displayed site. MFSA 2012-46 / CVE-2012-1966: Mozilla security researcher moz_bug_r_a4 reported a cross-site scripting (XSS) attack through the context menu using a data: URL. In this issue, context menu functionality ("View Image", "Show only this frame", and "View background image") are disallowed in a javascript: URL but allowed in a data: URL, allowing for XSS. This can lead to arbitrary code execution. MFSA 2012-47 / CVE-2012-1957: Security researcher Mario Heiderich reported that javascript could be executed in the HTML feed-view using tag within the RSS . This problem is due to tags not being filtered out during parsing and can lead to a potential cross-site scripting (XSS) attack. The flaw existed in a parser utility class and could affect other parts of the browser or add-ons which rely on that class to sanitize untrusted input. MFSA 2012-48 / CVE-2012-1958: Security researcher Arthur Gerkis used the Address Sanitizer tool to find a use-after-free in nsGlobalWindow::PageHidden when mFocusedContent is released and oldFocusedContent is used afterwards. This use-after-free could possibly allow for remote code execution. MFSA 2012-49 / CVE-2012-1959: Mozilla developer Bobby Holley found that same-compartment security wrappers (SCSW) can be bypassed by passing them to another compartment. Cross-compartment wrappers often do not go through SCSW, but have a filtering policy built into them. When an object is wrapped cross-compartment, the SCSW is stripped off and, when the object is read read back, it is not known that SCSW was previously present, resulting in a bypassing of SCSW. This could result in untrusted content having access to the XBL that implements browser functionality. MFSA 2012-50 / CVE-2012-1960: Google developer Tony Payne reported an out of bounds (OOB) read in QCMS, Mozilla’s color management library. With a carefully crafted color profile portions of a user's memory could be incorporated into a transformed image and possibly deciphered. MFSA 2012-51 / CVE-2012-1961: Bugzilla developer Frédéric Buclin reported that the "X-Frame-Options header is ignored when the value is duplicated, for example X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This duplication occurs for unknown reasons on some websites and when it occurs results in Mozilla browsers not being protected against possible clickjacking attacks on those pages. MFSA 2012-52 / CVE-2012-1962: Security researcher Bill Keese reported a memory corruption. This is caused by JSDependentString::undepend changing a dependent string into a fixed string when there are additional dependent strings relying on the same base. When the undepend occurs during conversion, the base data is freed, leaving other dependent strings with dangling pointers. This can lead to a potentially exploitable crash. MFSA 2012-53 / CVE-2012-1963: Security researcher Karthikeyan Bhargavan of Prosecco at INRIA reported Content Security Policy (CSP) 1.0 implementation errors. CSP violation reports generated by Firefox and sent to the "report-uri" location include sensitive data within the "blocked-uri" parameter. These include fragment components and query strings even if the "blocked-uri" parameter has a different origin than the protected resource. This can be used to retrieve a user's OAuth 2.0 access tokens and OpenID credentials by malicious sites. MFSA 2012-54 / CVE-2012-1964: Security Researcher Matt McCutchen reported that a clickjacking attack using the certificate warning page. A man-in-the-middle (MITM) attacker can use an iframe to display its own certificate error warning page (about:certerror) with the "Add Exception" button of a real warning page from a malicious site. This can mislead users to adding a certificate exception for a different site than the perceived one. This can lead to compromised communications with the user perceived site through the MITM attack once the certificate exception has been added. MFSA 2012-55 / CVE-2012-1965: Security researchers Mario Gomes and Soroush Dalili reported that since Mozilla allows the pseudo-protocol feed: to prefix any valid URL, it is possible to construct feed:javascript: URLs that will execute scripts in some contexts. On some sites it may be possible to use this to evade output filtering that would otherwise strip javascript: URLs and thus contribute to cross-site scripting (XSS) problems on these sites. MFSA 2012-56 / CVE-2012-1967: Mozilla security researcher moz_bug_r_a4 reported a arbitrary code execution attack using a javascript: URL. The Gecko engine features a JavaScript sandbox utility that allows the browser or add-ons to safely execute script in the context of a web page. In certain cases, javascript: URLs are executed in such a sandbox with insufficient context that can allow those scripts to escape from the sandbox and run with elevated privilege. This can lead to arbitrary code execution. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-465 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): mozilla-js-14.0.1-2.32.2 mozilla-js-debuginfo-14.0.1-2.32.2 xulrunner-14.0.1-2.32.2 xulrunner-buildsymbols-14.0.1-2.32.2 xulrunner-debuginfo-14.0.1-2.32.2 xulrunner-debugsource-14.0.1-2.32.2 xulrunner-devel-14.0.1-2.32.2 xulrunner-devel-debuginfo-14.0.1-2.32.2 - openSUSE 12.1 (x86_64): mozilla-js-32bit-14.0.1-2.32.2 mozilla-js-debuginfo-32bit-14.0.1-2.32.2 xulrunner-32bit-14.0.1-2.32.2 xulrunner-debuginfo-32bit-14.0.1-2.32.2 - openSUSE 12.1 (ia64): mozilla-js-debuginfo-x86-14.0.1-2.32.2 mozilla-js-x86-14.0.1-2.32.2 xulrunner-debuginfo-x86-14.0.1-2.32.2 xulrunner-x86-14.0.1-2.32.2 References: http://support.novell.com/security/cve/CVE-2012-1948.html http://support.novell.com/security/cve/CVE-2012-1949.html http://support.novell.com/security/cve/CVE-2012-1950.html http://support.novell.com/security/cve/CVE-2012-1951.html http://support.novell.com/security/cve/CVE-2012-1952.html http://support.novell.com/security/cve/CVE-2012-1953.html http://support.novell.com/security/cve/CVE-2012-1954.html http://support.novell.com/security/cve/CVE-2012-1955.html http://support.novell.com/security/cve/CVE-2012-1957.html http://support.novell.com/security/cve/CVE-2012-1958.html http://support.novell.com/security/cve/CVE-2012-1959.html http://support.novell.com/security/cve/CVE-2012-1960.html http://support.novell.com/security/cve/CVE-2012-1961.html http://support.novell.com/security/cve/CVE-2012-1962.html http://support.novell.com/security/cve/CVE-2012-1963.html http://support.novell.com/security/cve/CVE-2012-1965.html http://support.novell.com/security/cve/CVE-2012-1966.html http://support.novell.com/security/cve/CVE-2012-1967.html https://bugzilla.novell.com/771583

1 0

openSUSE-RU-2012:0923-1: libroffice: Update to 3.5.4.7
by maintenance＠opensuse.org 30 Jul '12

30 Jul '12

openSUSE Recommended Update: libroffice: Update to 3.5.4.7 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2012:0923-1 Rating: low References: #769593 #769793 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update brings Libreoffice to 3.5.4.7 and contains lots of bugfixes. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch openSUSE-2012-466 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): libreoffice-3.5.4.7-100.1 libreoffice-base-3.5.4.7-100.1 libreoffice-base-debuginfo-3.5.4.7-100.1 libreoffice-base-drivers-mysql-3.5.4.7-100.1 libreoffice-base-drivers-mysql-debuginfo-3.5.4.7-100.1 libreoffice-base-drivers-postgresql-3.5.4.7-100.1 libreoffice-base-drivers-postgresql-debuginfo-3.5.4.7-100.1 libreoffice-base-extensions-3.5.4.7-100.1 libreoffice-calc-3.5.4.7-100.1 libreoffice-calc-debuginfo-3.5.4.7-100.1 libreoffice-calc-extensions-3.5.4.7-100.1 libreoffice-debuginfo-3.5.4.7-100.1 libreoffice-debugsource-3.5.4.7-100.1 libreoffice-draw-3.5.4.7-100.1 libreoffice-draw-extensions-3.5.4.7-100.1 libreoffice-draw-extensions-debuginfo-3.5.4.7-100.1 libreoffice-filters-optional-3.5.4.7-100.1 libreoffice-filters-optional-debuginfo-3.5.4.7-100.1 libreoffice-gnome-3.5.4.7-100.1 libreoffice-gnome-debuginfo-3.5.4.7-100.1 libreoffice-icon-themes-prebuilt-3.5.4.7-100.1 libreoffice-impress-3.5.4.7-100.1 libreoffice-impress-debuginfo-3.5.4.7-100.1 libreoffice-impress-extensions-3.5.4.7-100.1 libreoffice-impress-extensions-debuginfo-3.5.4.7-100.1 libreoffice-kde-3.5.4.7-100.1 libreoffice-kde-debuginfo-3.5.4.7-100.1 libreoffice-kde4-3.5.4.7-100.1 libreoffice-kde4-debuginfo-3.5.4.7-100.1 libreoffice-l10n-prebuilt-3.5.4.7-100.1 libreoffice-mailmerge-3.5.4.7-100.1 libreoffice-math-3.5.4.7-100.1 libreoffice-math-debuginfo-3.5.4.7-100.1 libreoffice-officebean-3.5.4.7-100.1 libreoffice-officebean-debuginfo-3.5.4.7-100.1 libreoffice-pyuno-3.5.4.7-100.1 libreoffice-pyuno-debuginfo-3.5.4.7-100.1 libreoffice-sdk-3.5.4.7-100.1 libreoffice-sdk-debuginfo-3.5.4.7-100.1 libreoffice-sdk-doc-3.5.4.7-100.1 libreoffice-writer-3.5.4.7-100.1 libreoffice-writer-debuginfo-3.5.4.7-100.1 libreoffice-writer-extensions-3.5.4.7-100.1 - openSUSE 11.4 (noarch): libreoffice-branding-upstream-3.5.4.7-100.1 libreoffice-help-cs-3.5.4.7-100.1 libreoffice-help-da-3.5.4.7-100.1 libreoffice-help-de-3.5.4.7-100.1 libreoffice-help-en-GB-3.5.4.7-100.1 libreoffice-help-en-US-3.5.4.7-100.1 libreoffice-help-en-ZA-3.5.4.7-100.1 libreoffice-help-es-3.5.4.7-100.1 libreoffice-help-et-3.5.4.7-100.1 libreoffice-help-fr-3.5.4.7-100.1 libreoffice-help-gl-3.5.4.7-100.1 libreoffice-help-gu-IN-3.5.4.7-100.1 libreoffice-help-hi-IN-3.5.4.7-100.1 libreoffice-help-hu-3.5.4.7-100.1 libreoffice-help-it-3.5.4.7-100.1 libreoffice-help-ja-3.5.4.7-100.1 libreoffice-help-km-3.5.4.7-100.1 libreoffice-help-ko-3.5.4.7-100.1 libreoffice-help-nl-3.5.4.7-100.1 libreoffice-help-pl-3.5.4.7-100.1 libreoffice-help-pt-3.5.4.7-100.1 libreoffice-help-pt-BR-3.5.4.7-100.1 libreoffice-help-ru-3.5.4.7-100.1 libreoffice-help-sl-3.5.4.7-100.1 libreoffice-help-sv-3.5.4.7-100.1 libreoffice-help-zh-CN-3.5.4.7-100.1 libreoffice-help-zh-TW-3.5.4.7-100.1 libreoffice-icon-theme-crystal-3.5.4.7-100.1 libreoffice-icon-theme-galaxy-3.5.4.7-100.1 libreoffice-icon-theme-hicontrast-3.5.4.7-100.1 libreoffice-icon-theme-oxygen-3.5.4.7-100.1 libreoffice-icon-theme-tango-3.5.4.7-100.1 libreoffice-l10n-af-3.5.4.7-100.1 libreoffice-l10n-ar-3.5.4.7-100.1 libreoffice-l10n-be-BY-3.5.4.7-100.1 libreoffice-l10n-bg-3.5.4.7-100.1 libreoffice-l10n-br-3.5.4.7-100.1 libreoffice-l10n-ca-3.5.4.7-100.1 libreoffice-l10n-cs-3.5.4.7-100.1 libreoffice-l10n-cy-3.5.4.7-100.1 libreoffice-l10n-da-3.5.4.7-100.1 libreoffice-l10n-de-3.5.4.7-100.1 libreoffice-l10n-el-3.5.4.7-100.1 libreoffice-l10n-en-GB-3.5.4.7-100.1 libreoffice-l10n-en-ZA-3.5.4.7-100.1 libreoffice-l10n-es-3.5.4.7-100.1 libreoffice-l10n-et-3.5.4.7-100.1 libreoffice-l10n-fi-3.5.4.7-100.1 libreoffice-l10n-fr-3.5.4.7-100.1 libreoffice-l10n-ga-3.5.4.7-100.1 libreoffice-l10n-gl-3.5.4.7-100.1 libreoffice-l10n-gu-IN-3.5.4.7-100.1 libreoffice-l10n-he-3.5.4.7-100.1 libreoffice-l10n-hi-IN-3.5.4.7-100.1 libreoffice-l10n-hr-3.5.4.7-100.1 libreoffice-l10n-hu-3.5.4.7-100.1 libreoffice-l10n-it-3.5.4.7-100.1 libreoffice-l10n-ja-3.5.4.7-100.1 libreoffice-l10n-ka-3.5.4.7-100.1 libreoffice-l10n-km-3.5.4.7-100.1 libreoffice-l10n-ko-3.5.4.7-100.1 libreoffice-l10n-lt-3.5.4.7-100.1 libreoffice-l10n-mk-3.5.4.7-100.1 libreoffice-l10n-nb-3.5.4.7-100.1 libreoffice-l10n-nl-3.5.4.7-100.1 libreoffice-l10n-nn-3.5.4.7-100.1 libreoffice-l10n-nr-3.5.4.7-100.1 libreoffice-l10n-pa-IN-3.5.4.7-100.1 libreoffice-l10n-pl-3.5.4.7-100.1 libreoffice-l10n-pt-3.5.4.7-100.1 libreoffice-l10n-pt-BR-3.5.4.7-100.1 libreoffice-l10n-ru-3.5.4.7-100.1 libreoffice-l10n-rw-3.5.4.7-100.1 libreoffice-l10n-sh-3.5.4.7-100.1 libreoffice-l10n-sk-3.5.4.7-100.1 libreoffice-l10n-sl-3.5.4.7-100.1 libreoffice-l10n-sr-3.5.4.7-100.1 libreoffice-l10n-ss-3.5.4.7-100.1 libreoffice-l10n-st-3.5.4.7-100.1 libreoffice-l10n-sv-3.5.4.7-100.1 libreoffice-l10n-tg-3.5.4.7-100.1 libreoffice-l10n-th-3.5.4.7-100.1 libreoffice-l10n-tr-3.5.4.7-100.1 libreoffice-l10n-ts-3.5.4.7-100.1 libreoffice-l10n-uk-3.5.4.7-100.1 libreoffice-l10n-ve-3.5.4.7-100.1 libreoffice-l10n-vi-3.5.4.7-100.1 libreoffice-l10n-xh-3.5.4.7-100.1 libreoffice-l10n-zh-CN-3.5.4.7-100.1 libreoffice-l10n-zh-TW-3.5.4.7-100.1 libreoffice-l10n-zu-3.5.4.7-100.1 libreoffice-languagetool-1.4-37.1 libreoffice-languagetool-ca-1.4-37.1 libreoffice-languagetool-de-1.4-37.1 libreoffice-languagetool-en-1.4-37.1 libreoffice-languagetool-es-1.4-37.1 libreoffice-languagetool-fr-1.4-37.1 libreoffice-languagetool-gl-1.4-37.1 libreoffice-languagetool-it-1.4-37.1 libreoffice-languagetool-km-1.4-37.1 libreoffice-languagetool-nl-1.4-37.1 libreoffice-languagetool-pl-1.4-37.1 libreoffice-languagetool-ro-1.4-37.1 libreoffice-languagetool-ru-1.4-37.1 libreoffice-languagetool-sk-1.4-37.1 libreoffice-languagetool-sv-1.4-37.1 libreoffice-openclipart-3.5-6.3 References: http://support.novell.com/security/cve/CVE-2012-2665.html https://bugzilla.novell.com/769593 https://bugzilla.novell.com/769793

1 0

openSUSE-RU-2012:0922-1: site-config: Fix libexecdir and cross compilation
by maintenance＠opensuse.org 30 Jul '12

30 Jul '12

openSUSE Recommended Update: site-config: Fix libexecdir and cross compilation ______________________________________________________________________________ Announcement ID: openSUSE-RU-2012:0922-1 Rating: low References: #736143 #758947 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes two problems for site-config: - hardcoded libexecdir ignoring --libexecdir argument of configure (bnc#758947) - bad platform guess for cross compilation (bnc#736143) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-449 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): site-config-0.2-3.4.1 References: https://bugzilla.novell.com/736143 https://bugzilla.novell.com/758947

1 0

openSUSE-SU-2012:0918-1: rocksndiamonds: Fixed world writable ~/.rocksndiamonds/
by opensuse-security＠opensuse.org 27 Jul '12

27 Jul '12

openSUSE Security Update: rocksndiamonds: Fixed world writable ~/.rocksndiamonds/ ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0918-1 Rating: low References: #736261 Cross-References: CVE-2011-4606 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The game rocksndiamonds created ~/.rocksndiamonds/ world writeable, allowing other users to save files in there or corrupt your game state. This was fixed. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-448 - openSUSE 11.4: zypper in -t patch openSUSE-2012-448 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): rocksndiamonds-3.3.0.1-84.4.1 rocksndiamonds-debuginfo-3.3.0.1-84.4.1 rocksndiamonds-debugsource-3.3.0.1-84.4.1 - openSUSE 11.4 (i586 x86_64): rocksndiamonds-3.2.4-94.2 rocksndiamonds-debuginfo-3.2.4-94.2 rocksndiamonds-debugsource-3.2.4-94.2 References: http://support.novell.com/security/cve/CVE-2011-4606.html https://bugzilla.novell.com/736261

1 0

openSUSE-SU-2012:0917-1: important: MozillaThunderbird: update to Thunderbird 14.0
by opensuse-security＠opensuse.org 27 Jul '12

27 Jul '12

openSUSE Security Update: MozillaThunderbird: update to Thunderbird 14.0 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0917-1 Rating: important References: #771583 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: Mozilla Thunderbird was updated to version 14.0 (bnc#771583) * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1 952 Gecko memory corruption * MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue with location * MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper filtering of javascript in HTML feed-view * MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free in nsGlobalWindow::PageHidden * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) Same-compartment Security Wrappers can be bypassed * MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds read in QCMS * MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options header ignored when duplicated * MFSA 2012-52/CVE-2012-1962 (bmo#764296) JSDependentString::undepend string conversion results in memory corruption * MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content Security Policy 1.0 implementation errors cause data leakage * MFSA 2012-56/CVE-2012-1967 (bmo#758344) Code execution through javascript: URLs * relicensed to MPL-2.0 - update Enigmail to 1.4.3 - no crashreport on %arm, fixing build Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-443 - openSUSE 11.4: zypper in -t patch openSUSE-2012-443 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (x86_64): MozillaThunderbird-14.0-33.26.1 MozillaThunderbird-buildsymbols-14.0-33.26.1 MozillaThunderbird-debuginfo-14.0-33.26.1 MozillaThunderbird-debugsource-14.0-33.26.1 MozillaThunderbird-devel-14.0-33.26.1 MozillaThunderbird-devel-debuginfo-14.0-33.26.1 MozillaThunderbird-translations-common-14.0-33.26.1 MozillaThunderbird-translations-other-14.0-33.26.1 enigmail-1.4.3+14.0-33.26.1 enigmail-debuginfo-1.4.3+14.0-33.26.1 - openSUSE 12.1 (i586): MozillaThunderbird-14.0-33.26.2 MozillaThunderbird-buildsymbols-14.0-33.26.2 MozillaThunderbird-debuginfo-14.0-33.26.2 MozillaThunderbird-debugsource-14.0-33.26.2 MozillaThunderbird-devel-14.0-33.26.2 MozillaThunderbird-devel-debuginfo-14.0-33.26.2 MozillaThunderbird-translations-common-14.0-33.26.2 MozillaThunderbird-translations-other-14.0-33.26.2 enigmail-1.4.3+14.0-33.26.2 enigmail-debuginfo-1.4.3+14.0-33.26.2 - openSUSE 11.4 (x86_64): MozillaThunderbird-14.0-24.1 MozillaThunderbird-buildsymbols-14.0-24.1 MozillaThunderbird-debuginfo-14.0-24.1 MozillaThunderbird-debugsource-14.0-24.1 MozillaThunderbird-devel-14.0-24.1 MozillaThunderbird-devel-debuginfo-14.0-24.1 MozillaThunderbird-translations-common-14.0-24.1 MozillaThunderbird-translations-other-14.0-24.1 enigmail-1.4.3+14.0-24.1 enigmail-debuginfo-1.4.3+14.0-24.1 - openSUSE 11.4 (i586): MozillaThunderbird-14.0-24.2 MozillaThunderbird-buildsymbols-14.0-24.2 MozillaThunderbird-debuginfo-14.0-24.2 MozillaThunderbird-debugsource-14.0-24.2 MozillaThunderbird-devel-14.0-24.2 MozillaThunderbird-devel-debuginfo-14.0-24.2 MozillaThunderbird-translations-common-14.0-24.2 MozillaThunderbird-translations-other-14.0-24.2 enigmail-1.4.3+14.0-24.2 enigmail-debuginfo-1.4.3+14.0-24.2 References: https://bugzilla.novell.com/771583

1 0

openSUSE-SU-2012:0915-1: moderate: arpwatch (CVE-2012-2653)
by opensuse-security＠opensuse.org 25 Jul '12

25 Jul '12

openSUSE Security Update: arpwatch (CVE-2012-2653) ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0915-1 Rating: moderate References: #764521 Cross-References: CVE-2012-2653 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Changes in arpwatch: - arpwatch-2.1a11-drop-privs.dif: call initgroups() with pw->pw_gid, not NULL, to not have groupid 0 initialized. (bnc#764521, CVE-2012-2653) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-439 - openSUSE 11.4: zypper in -t patch openSUSE-2012-439 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): arpwatch-2.1a15-144.4.1 arpwatch-debuginfo-2.1a15-144.4.1 arpwatch-debugsource-2.1a15-144.4.1 arpwatch-ethercodes-build-2.1a15-144.4.1 - openSUSE 11.4 (i586 x86_64): arpwatch-2.1a15-143.1 arpwatch-debuginfo-2.1a15-143.1 arpwatch-debugsource-2.1a15-143.1 arpwatch-ethercodes-build-2.1a15-143.1 References: http://support.novell.com/security/cve/CVE-2012-2653.html https://bugzilla.novell.com/764521

1 0

openSUSE-SU-2012:0914-1: libexif: Fixed several security issues
by opensuse-security＠opensuse.org 25 Jul '12

25 Jul '12

openSUSE Security Update: libexif: Fixed several security issues ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0914-1 Rating: low References: #771229 Cross-References: CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: Several security issues were found by the Google Security Team in libexif and fixed there. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-440 - openSUSE 11.4: zypper in -t patch openSUSE-2012-440 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): libexif-debugsource-0.6.20-10.4.1 libexif-devel-0.6.20-10.4.1 libexif12-0.6.20-10.4.1 libexif12-debuginfo-0.6.20-10.4.1 - openSUSE 12.1 (x86_64): libexif12-32bit-0.6.20-10.4.1 libexif12-debuginfo-32bit-0.6.20-10.4.1 - openSUSE 12.1 (ia64): libexif12-debuginfo-x86-0.6.20-10.4.1 libexif12-x86-0.6.20-10.4.1 - openSUSE 11.4 (i586 x86_64): libexif-debugsource-0.6.20-10.1 libexif-devel-0.6.20-10.1 libexif12-0.6.20-10.1 libexif12-debuginfo-0.6.20-10.1 - openSUSE 11.4 (x86_64): libexif12-32bit-0.6.20-10.1 libexif12-debuginfo-32bit-0.6.20-10.1 - openSUSE 11.4 (ia64): libexif12-debuginfo-x86-0.6.20-10.1 libexif12-x86-0.6.20-10.1 References: http://support.novell.com/security/cve/CVE-2012-2812.html http://support.novell.com/security/cve/CVE-2012-2813.html http://support.novell.com/security/cve/CVE-2012-2814.html http://support.novell.com/security/cve/CVE-2012-2836.html http://support.novell.com/security/cve/CVE-2012-2837.html http://support.novell.com/security/cve/CVE-2012-2840.html http://support.novell.com/security/cve/CVE-2012-2841.html https://bugzilla.novell.com/771229

1 0

openSUSE-RU-2012:0911-1: dbus-1: Increase the file limit to allow more sessions
by maintenance＠opensuse.org 24 Jul '12

24 Jul '12

openSUSE Recommended Update: dbus-1: Increase the file limit to allow more sessions ______________________________________________________________________________ Announcement ID: openSUSE-RU-2012:0911-1 Rating: low References: #739743 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: dbus-1 had a low global session limit making larger deployments less usable. This update does: - add patch: dbus-1.2.10-fd-limit-backport.patch - Raise file descriptor limit to match configuration. The default configuration has hardcoded 2048 complete connections, and 64 incomplete. We need at least that number of file descriptors, plus some for internal use. In the bus, attempt to call setrlimit() before we drop privileges. Practically speaking for this means the system bus gets it, the session bus doesn't. Upstream: bugs.freedesktop.org/show_bug.cgi?id=33474 . Fixes bnc#739743). Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch openSUSE-2012-438 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): dbus-1-1.4.1-7.24.1 dbus-1-debuginfo-1.4.1-7.24.1 dbus-1-debugsource-1.4.1-7.24.1 dbus-1-devel-1.4.1-7.24.1 - openSUSE 11.4 (x86_64): dbus-1-32bit-1.4.1-7.24.1 dbus-1-debuginfo-32bit-1.4.1-7.24.1 dbus-1-devel-32bit-1.4.1-7.24.1 - openSUSE 11.4 (noarch): dbus-1-devel-doc-1.4.1-7.24.1 - openSUSE 11.4 (ia64): dbus-1-debuginfo-x86-1.4.1-7.24.1 dbus-1-x86-1.4.1-7.24.1 References: https://bugzilla.novell.com/739743

1 0

openSUSE-RU-2012:0910-1: gdm: fixes to PAM setup
by maintenance＠opensuse.org 24 Jul '12

24 Jul '12

openSUSE Recommended Update: gdm: fixes to PAM setup ______________________________________________________________________________ Announcement ID: openSUSE-RU-2012:0910-1 Rating: low References: #731867 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Some fixes were done to the GDM setup allowing it to work on Tumbleweed and other setups. bnc#731867 Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-437 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): gdm-3.2.0-5.5.1 gdm-debuginfo-3.2.0-5.5.1 gdm-debugsource-3.2.0-5.5.1 gdm-devel-3.2.0-5.5.1 libgdmgreeter1-3.2.0-5.5.1 libgdmgreeter1-debuginfo-3.2.0-5.5.1 libgdmsimplegreeter1-3.2.0-5.5.1 libgdmsimplegreeter1-debuginfo-3.2.0-5.5.1 - openSUSE 12.1 (noarch): gdm-branding-upstream-3.2.0-5.5.1 gdm-lang-3.2.0-5.5.1 gdmflexiserver-3.2.0-5.5.1 References: https://bugzilla.novell.com/731867

1 0