August 2012 - openSUSE Updates - openSUSE Mailing Lists

openSUSE-SU-2012:0976-1: moderate: php5
by opensuse-security＠opensuse.org 09 Aug '12

09 Aug '12

openSUSE Security Update: php5 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0976-1 Rating: moderate References: #769785 #772580 #772582 Cross-References: CVE-2012-2688 CVE-2012-3365 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: Three security issues were fixed in php5: CVE-2012-2688: php5: potential overflow in _php_stream_scandir CVE-2012-3365: open_basedir bypass via SQLite extension Also a out of band read sql denial of service was fixed (bnc#769785) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-502 - openSUSE 11.4: zypper in -t patch openSUSE-2012-502 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): apache2-mod_php5-5.3.8-4.27.1 apache2-mod_php5-debuginfo-5.3.8-4.27.1 php5-5.3.8-4.27.1 php5-bcmath-5.3.8-4.27.1 php5-bcmath-debuginfo-5.3.8-4.27.1 php5-bz2-5.3.8-4.27.1 php5-bz2-debuginfo-5.3.8-4.27.1 php5-calendar-5.3.8-4.27.1 php5-calendar-debuginfo-5.3.8-4.27.1 php5-ctype-5.3.8-4.27.1 php5-ctype-debuginfo-5.3.8-4.27.1 php5-curl-5.3.8-4.27.1 php5-curl-debuginfo-5.3.8-4.27.1 php5-dba-5.3.8-4.27.1 php5-dba-debuginfo-5.3.8-4.27.1 php5-debuginfo-5.3.8-4.27.1 php5-debugsource-5.3.8-4.27.1 php5-devel-5.3.8-4.27.1 php5-dom-5.3.8-4.27.1 php5-dom-debuginfo-5.3.8-4.27.1 php5-enchant-5.3.8-4.27.1 php5-enchant-debuginfo-5.3.8-4.27.1 php5-exif-5.3.8-4.27.1 php5-exif-debuginfo-5.3.8-4.27.1 php5-fastcgi-5.3.8-4.27.1 php5-fastcgi-debuginfo-5.3.8-4.27.1 php5-fileinfo-5.3.8-4.27.1 php5-fileinfo-debuginfo-5.3.8-4.27.1 php5-fpm-5.3.8-4.27.1 php5-fpm-debuginfo-5.3.8-4.27.1 php5-ftp-5.3.8-4.27.1 php5-ftp-debuginfo-5.3.8-4.27.1 php5-gd-5.3.8-4.27.1 php5-gd-debuginfo-5.3.8-4.27.1 php5-gettext-5.3.8-4.27.1 php5-gettext-debuginfo-5.3.8-4.27.1 php5-gmp-5.3.8-4.27.1 php5-gmp-debuginfo-5.3.8-4.27.1 php5-iconv-5.3.8-4.27.1 php5-iconv-debuginfo-5.3.8-4.27.1 php5-imap-5.3.8-4.27.1 php5-imap-debuginfo-5.3.8-4.27.1 php5-intl-5.3.8-4.27.1 php5-intl-debuginfo-5.3.8-4.27.1 php5-json-5.3.8-4.27.1 php5-json-debuginfo-5.3.8-4.27.1 php5-ldap-5.3.8-4.27.1 php5-ldap-debuginfo-5.3.8-4.27.1 php5-mbstring-5.3.8-4.27.1 php5-mbstring-debuginfo-5.3.8-4.27.1 php5-mcrypt-5.3.8-4.27.1 php5-mcrypt-debuginfo-5.3.8-4.27.1 php5-mssql-5.3.8-4.27.1 php5-mssql-debuginfo-5.3.8-4.27.1 php5-mysql-5.3.8-4.27.1 php5-mysql-debuginfo-5.3.8-4.27.1 php5-odbc-5.3.8-4.27.1 php5-odbc-debuginfo-5.3.8-4.27.1 php5-openssl-5.3.8-4.27.1 php5-openssl-debuginfo-5.3.8-4.27.1 php5-pcntl-5.3.8-4.27.1 php5-pcntl-debuginfo-5.3.8-4.27.1 php5-pdo-5.3.8-4.27.1 php5-pdo-debuginfo-5.3.8-4.27.1 php5-pgsql-5.3.8-4.27.1 php5-pgsql-debuginfo-5.3.8-4.27.1 php5-phar-5.3.8-4.27.1 php5-phar-debuginfo-5.3.8-4.27.1 php5-posix-5.3.8-4.27.1 php5-posix-debuginfo-5.3.8-4.27.1 php5-pspell-5.3.8-4.27.1 php5-pspell-debuginfo-5.3.8-4.27.1 php5-readline-5.3.8-4.27.1 php5-readline-debuginfo-5.3.8-4.27.1 php5-shmop-5.3.8-4.27.1 php5-shmop-debuginfo-5.3.8-4.27.1 php5-snmp-5.3.8-4.27.1 php5-snmp-debuginfo-5.3.8-4.27.1 php5-soap-5.3.8-4.27.1 php5-soap-debuginfo-5.3.8-4.27.1 php5-sockets-5.3.8-4.27.1 php5-sockets-debuginfo-5.3.8-4.27.1 php5-sqlite-5.3.8-4.27.1 php5-sqlite-debuginfo-5.3.8-4.27.1 php5-suhosin-5.3.8-4.27.1 php5-suhosin-debuginfo-5.3.8-4.27.1 php5-sysvmsg-5.3.8-4.27.1 php5-sysvmsg-debuginfo-5.3.8-4.27.1 php5-sysvsem-5.3.8-4.27.1 php5-sysvsem-debuginfo-5.3.8-4.27.1 php5-sysvshm-5.3.8-4.27.1 php5-sysvshm-debuginfo-5.3.8-4.27.1 php5-tidy-5.3.8-4.27.1 php5-tidy-debuginfo-5.3.8-4.27.1 php5-tokenizer-5.3.8-4.27.1 php5-tokenizer-debuginfo-5.3.8-4.27.1 php5-wddx-5.3.8-4.27.1 php5-wddx-debuginfo-5.3.8-4.27.1 php5-xmlreader-5.3.8-4.27.1 php5-xmlreader-debuginfo-5.3.8-4.27.1 php5-xmlrpc-5.3.8-4.27.1 php5-xmlrpc-debuginfo-5.3.8-4.27.1 php5-xmlwriter-5.3.8-4.27.1 php5-xmlwriter-debuginfo-5.3.8-4.27.1 php5-xsl-5.3.8-4.27.1 php5-xsl-debuginfo-5.3.8-4.27.1 php5-zip-5.3.8-4.27.1 php5-zip-debuginfo-5.3.8-4.27.1 php5-zlib-5.3.8-4.27.1 php5-zlib-debuginfo-5.3.8-4.27.1 - openSUSE 12.1 (noarch): php5-pear-5.3.8-4.27.1 - openSUSE 11.4 (i586 x86_64): apache2-mod_php5-5.3.5-344.1 apache2-mod_php5-debuginfo-5.3.5-344.1 php5-5.3.5-344.1 php5-bcmath-5.3.5-344.1 php5-bcmath-debuginfo-5.3.5-344.1 php5-bz2-5.3.5-344.1 php5-bz2-debuginfo-5.3.5-344.1 php5-calendar-5.3.5-344.1 php5-calendar-debuginfo-5.3.5-344.1 php5-ctype-5.3.5-344.1 php5-ctype-debuginfo-5.3.5-344.1 php5-curl-5.3.5-344.1 php5-curl-debuginfo-5.3.5-344.1 php5-dba-5.3.5-344.1 php5-dba-debuginfo-5.3.5-344.1 php5-debuginfo-5.3.5-344.1 php5-debugsource-5.3.5-344.1 php5-devel-5.3.5-344.1 php5-dom-5.3.5-344.1 php5-dom-debuginfo-5.3.5-344.1 php5-enchant-5.3.5-344.1 php5-enchant-debuginfo-5.3.5-344.1 php5-exif-5.3.5-344.1 php5-exif-debuginfo-5.3.5-344.1 php5-fastcgi-5.3.5-344.1 php5-fastcgi-debuginfo-5.3.5-344.1 php5-fileinfo-5.3.5-344.1 php5-fileinfo-debuginfo-5.3.5-344.1 php5-fpm-5.3.5-344.1 php5-fpm-debuginfo-5.3.5-344.1 php5-ftp-5.3.5-344.1 php5-ftp-debuginfo-5.3.5-344.1 php5-gd-5.3.5-344.1 php5-gd-debuginfo-5.3.5-344.1 php5-gettext-5.3.5-344.1 php5-gettext-debuginfo-5.3.5-344.1 php5-gmp-5.3.5-344.1 php5-gmp-debuginfo-5.3.5-344.1 php5-hash-5.3.5-344.1 php5-hash-debuginfo-5.3.5-344.1 php5-iconv-5.3.5-344.1 php5-iconv-debuginfo-5.3.5-344.1 php5-imap-5.3.5-344.1 php5-imap-debuginfo-5.3.5-344.1 php5-intl-5.3.5-344.1 php5-intl-debuginfo-5.3.5-344.1 php5-json-5.3.5-344.1 php5-json-debuginfo-5.3.5-344.1 php5-ldap-5.3.5-344.1 php5-ldap-debuginfo-5.3.5-344.1 php5-mbstring-5.3.5-344.1 php5-mbstring-debuginfo-5.3.5-344.1 php5-mcrypt-5.3.5-344.1 php5-mcrypt-debuginfo-5.3.5-344.1 php5-mysql-5.3.5-344.1 php5-mysql-debuginfo-5.3.5-344.1 php5-odbc-5.3.5-344.1 php5-odbc-debuginfo-5.3.5-344.1 php5-openssl-5.3.5-344.1 php5-openssl-debuginfo-5.3.5-344.1 php5-pcntl-5.3.5-344.1 php5-pcntl-debuginfo-5.3.5-344.1 php5-pdo-5.3.5-344.1 php5-pdo-debuginfo-5.3.5-344.1 php5-pgsql-5.3.5-344.1 php5-pgsql-debuginfo-5.3.5-344.1 php5-phar-5.3.5-344.1 php5-phar-debuginfo-5.3.5-344.1 php5-posix-5.3.5-344.1 php5-posix-debuginfo-5.3.5-344.1 php5-pspell-5.3.5-344.1 php5-pspell-debuginfo-5.3.5-344.1 php5-readline-5.3.5-344.1 php5-readline-debuginfo-5.3.5-344.1 php5-shmop-5.3.5-344.1 php5-shmop-debuginfo-5.3.5-344.1 php5-snmp-5.3.5-344.1 php5-snmp-debuginfo-5.3.5-344.1 php5-soap-5.3.5-344.1 php5-soap-debuginfo-5.3.5-344.1 php5-sockets-5.3.5-344.1 php5-sockets-debuginfo-5.3.5-344.1 php5-sqlite-5.3.5-344.1 php5-sqlite-debuginfo-5.3.5-344.1 php5-suhosin-5.3.5-344.1 php5-suhosin-debuginfo-5.3.5-344.1 php5-sysvmsg-5.3.5-344.1 php5-sysvmsg-debuginfo-5.3.5-344.1 php5-sysvsem-5.3.5-344.1 php5-sysvsem-debuginfo-5.3.5-344.1 php5-sysvshm-5.3.5-344.1 php5-sysvshm-debuginfo-5.3.5-344.1 php5-tidy-5.3.5-344.1 php5-tidy-debuginfo-5.3.5-344.1 php5-tokenizer-5.3.5-344.1 php5-tokenizer-debuginfo-5.3.5-344.1 php5-wddx-5.3.5-344.1 php5-wddx-debuginfo-5.3.5-344.1 php5-xmlreader-5.3.5-344.1 php5-xmlreader-debuginfo-5.3.5-344.1 php5-xmlrpc-5.3.5-344.1 php5-xmlrpc-debuginfo-5.3.5-344.1 php5-xmlwriter-5.3.5-344.1 php5-xmlwriter-debuginfo-5.3.5-344.1 php5-xsl-5.3.5-344.1 php5-xsl-debuginfo-5.3.5-344.1 php5-zip-5.3.5-344.1 php5-zip-debuginfo-5.3.5-344.1 php5-zlib-5.3.5-344.1 php5-zlib-debuginfo-5.3.5-344.1 - openSUSE 11.4 (noarch): php5-pear-5.3.5-344.1 References: http://support.novell.com/security/cve/CVE-2012-2688.html http://support.novell.com/security/cve/CVE-2012-3365.html https://bugzilla.novell.com/769785 https://bugzilla.novell.com/772580 https://bugzilla.novell.com/772582

1 0

openSUSE-SU-2012:0975-1: moderate: libxml2: fixed integer overflow
by opensuse-security＠opensuse.org 09 Aug '12

09 Aug '12

openSUSE Security Update: libxml2: fixed integer overflow ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0975-1 Rating: moderate References: #769184 Cross-References: CVE-2012-2807 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Fixed an integer overflow in libxml2 which could lead to crashes or potential code execution. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-501 - openSUSE 11.4: zypper in -t patch openSUSE-2012-501 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): libxml2-2.7.8+git20110708-3.11.1 libxml2-debuginfo-2.7.8+git20110708-3.11.1 libxml2-debugsource-2.7.8+git20110708-3.11.1 libxml2-devel-2.7.8+git20110708-3.11.1 - openSUSE 12.1 (x86_64): libxml2-32bit-2.7.8+git20110708-3.11.1 libxml2-debuginfo-32bit-2.7.8+git20110708-3.11.1 libxml2-devel-32bit-2.7.8+git20110708-3.11.1 - openSUSE 12.1 (noarch): libxml2-doc-2.7.8+git20110708-3.11.1 - openSUSE 12.1 (ia64): libxml2-debuginfo-x86-2.7.8+git20110708-3.11.1 libxml2-x86-2.7.8+git20110708-3.11.1 - openSUSE 11.4 (i586 x86_64): libxml2-2.7.8-34.1 libxml2-debuginfo-2.7.8-34.1 libxml2-debugsource-2.7.8-34.1 libxml2-devel-2.7.8-34.1 - openSUSE 11.4 (x86_64): libxml2-32bit-2.7.8-34.1 libxml2-debuginfo-32bit-2.7.8-34.1 libxml2-devel-32bit-2.7.8-34.1 - openSUSE 11.4 (noarch): libxml2-doc-2.7.8-34.1 - openSUSE 11.4 (ia64): libxml2-debuginfo-x86-2.7.8-34.1 libxml2-x86-2.7.8-34.1 References: http://support.novell.com/security/cve/CVE-2012-2807.html https://bugzilla.novell.com/769184

1 0

openSUSE-SU-2012:0974-1: moderate: mono-web: Fixed a XSS attack in the HttpForbidden class
by opensuse-security＠opensuse.org 09 Aug '12

09 Aug '12

openSUSE Security Update: mono-web: Fixed a XSS attack in the HttpForbidden class ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0974-1 Rating: moderate References: #769799 Cross-References: CVE-2012-3382 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Mono was updated to fix: A cross site scripting attack in the System.Web class "forbidden extensions" filtering was fixed. (CVE-2012-3382) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-498 - openSUSE 11.4: zypper in -t patch openSUSE-2012-498 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): ibm-data-db2-2.10.6-2.4.1 libmono-2_0-1-2.10.6-2.4.1 libmono-2_0-1-debuginfo-2.10.6-2.4.1 libmono-2_0-devel-2.10.6-2.4.1 libmonosgen-2_0-0-2.10.6-2.4.1 libmonosgen-2_0-0-debuginfo-2.10.6-2.4.1 libmonosgen-2_0-devel-2.10.6-2.4.1 mono-complete-2.10.6-2.4.1 mono-core-2.10.6-2.4.1 mono-core-debuginfo-2.10.6-2.4.1 mono-core-debugsource-2.10.6-2.4.1 mono-data-2.10.6-2.4.1 mono-data-oracle-2.10.6-2.4.1 mono-data-postgresql-2.10.6-2.4.1 mono-data-sqlite-2.10.6-2.4.1 mono-devel-2.10.6-2.4.1 mono-devel-debuginfo-2.10.6-2.4.1 mono-extras-2.10.6-2.4.1 mono-locale-extras-2.10.6-2.4.1 mono-mvc-2.10.6-2.4.1 mono-nunit-2.10.6-2.4.1 mono-wcf-2.10.6-2.4.1 mono-web-2.10.6-2.4.1 mono-winforms-2.10.6-2.4.1 mono-winfxcore-2.10.6-2.4.1 monodoc-core-2.10.6-2.4.1 - openSUSE 11.4 (i586 x86_64): ibm-data-db2-2.8.2-0.5.1 libmono-2_0-1-2.8.2-0.5.1 libmono-2_0-1-debuginfo-2.8.2-0.5.1 libmono-2_0-devel-2.8.2-0.5.1 libmonosgen-2_0-0-2.8.2-0.5.1 libmonosgen-2_0-0-debuginfo-2.8.2-0.5.1 libmonosgen-2_0-devel-2.8.2-0.5.1 mono-complete-2.8.2-0.5.1 mono-core-2.8.2-0.5.1 mono-core-debuginfo-2.8.2-0.5.1 mono-core-debugsource-2.8.2-0.5.1 mono-data-2.8.2-0.5.1 mono-data-oracle-2.8.2-0.5.1 mono-data-postgresql-2.8.2-0.5.1 mono-data-sqlite-2.8.2-0.5.1 mono-devel-2.8.2-0.5.1 mono-devel-debuginfo-2.8.2-0.5.1 mono-extras-2.8.2-0.5.1 mono-locale-extras-2.8.2-0.5.1 mono-mvc-2.8.2-0.5.1 mono-nunit-2.8.2-0.5.1 mono-wcf-2.8.2-0.5.1 mono-web-2.8.2-0.5.1 mono-winforms-2.8.2-0.5.1 mono-winfxcore-2.8.2-0.5.1 monodoc-core-2.8.2-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-3382.html https://bugzilla.novell.com/769799

1 0

openSUSE-SU-2012:0971-1: moderate: bind: update to fix a remote denial of service in DNSSEC
by opensuse-security＠opensuse.org 08 Aug '12

08 Aug '12

openSUSE Security Update: bind: update to fix a remote denial of service in DNSSEC ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0971-1 Rating: moderate References: #772945 Cross-References: CVE-2012-3817 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: bind was updated to fix a remote denial of service (crash) problem in high load DNSSEC scenarious. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch openSUSE-2012-493 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): bind-9.7.6P2-0.34.1 bind-chrootenv-9.7.6P2-0.34.1 bind-debuginfo-9.7.6P2-0.34.1 bind-debugsource-9.7.6P2-0.34.1 bind-devel-9.7.6P2-0.34.1 bind-libs-9.7.6P2-0.34.1 bind-libs-debuginfo-9.7.6P2-0.34.1 bind-lwresd-9.7.6P2-0.34.1 bind-lwresd-debuginfo-9.7.6P2-0.34.1 bind-utils-9.7.6P2-0.34.1 bind-utils-debuginfo-9.7.6P2-0.34.1 - openSUSE 11.4 (x86_64): bind-libs-32bit-9.7.6P2-0.34.1 bind-libs-debuginfo-32bit-9.7.6P2-0.34.1 - openSUSE 11.4 (noarch): bind-doc-9.7.6P2-0.34.1 - openSUSE 11.4 (ia64): bind-libs-debuginfo-x86-9.7.6P2-0.34.1 bind-libs-x86-9.7.6P2-0.34.1 References: http://support.novell.com/security/cve/CVE-2012-3817.html https://bugzilla.novell.com/772945

1 0

openSUSE-SU-2012:0970-1: moderate: python-django: fixed some security issues
by opensuse-security＠opensuse.org 08 Aug '12

08 Aug '12

openSUSE Security Update: python-django: fixed some security issues ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0970-1 Rating: moderate References: #773769 Cross-References: CVE-2012-3442 CVE-2012-3443 CVE-2012-3444 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: Python Django was updated to fix several security issues. CVE-2012-3442: Cross-site scripting in authentication views CVE-2012-3443: Denial-of-service in image validation CVE-2012-3444: Denial-of-service via get_image_dimensions() Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-495 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (noarch): python-django-1.3.2-3.4.1 References: http://support.novell.com/security/cve/CVE-2012-3442.html http://support.novell.com/security/cve/CVE-2012-3443.html http://support.novell.com/security/cve/CVE-2012-3444.html https://bugzilla.novell.com/773769

1 0

openSUSE-SU-2012:0969-1: moderate: bind: Fixed a remote denial of service in DNSSEC
by opensuse-security＠opensuse.org 08 Aug '12

08 Aug '12

openSUSE Security Update: bind: Fixed a remote denial of service in DNSSEC ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0969-1 Rating: moderate References: #772945 Cross-References: CVE-2012-3817 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Bind was updated to fix a denial of service (crash) during heavy DNSSEC validation load that can cause a "Bad Cache" assertion failure. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-494 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): bind-9.8.3P2-4.17.1 bind-chrootenv-9.8.3P2-4.17.1 bind-debuginfo-9.8.3P2-4.17.1 bind-debugsource-9.8.3P2-4.17.1 bind-devel-9.8.3P2-4.17.1 bind-libs-9.8.3P2-4.17.1 bind-libs-debuginfo-9.8.3P2-4.17.1 bind-lwresd-9.8.3P2-4.17.1 bind-lwresd-debuginfo-9.8.3P2-4.17.1 bind-utils-9.8.3P2-4.17.1 bind-utils-debuginfo-9.8.3P2-4.17.1 - openSUSE 12.1 (x86_64): bind-libs-32bit-9.8.3P2-4.17.1 bind-libs-debuginfo-32bit-9.8.3P2-4.17.1 - openSUSE 12.1 (noarch): bind-doc-9.8.3P2-4.17.1 - openSUSE 12.1 (ia64): bind-libs-debuginfo-x86-9.8.3P2-4.17.1 bind-libs-x86-9.8.3P2-4.17.1 References: http://support.novell.com/security/cve/CVE-2012-3817.html https://bugzilla.novell.com/772945

1 0

openSUSE-SU-2012:0968-1: icinga: Fixed the db permissions in the create mysqldb.sh script
by opensuse-security＠opensuse.org 08 Aug '12

08 Aug '12

openSUSE Security Update: icinga: Fixed the db permissions in the create mysqldb.sh script ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0968-1 Rating: low References: #767319 Cross-References: CVE-2012-3441 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - fixed icinga-create_mysqldb.sh - it granted icinga access to all dbs - so please check the permissions of your mysql icinga user Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-496 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): icinga-1.5.1-5.4.1 icinga-debuginfo-1.5.1-5.4.1 icinga-debugsource-1.5.1-5.4.1 icinga-devel-1.5.1-5.4.1 icinga-doc-1.5.1-5.4.1 icinga-idoutils-1.5.1-5.4.1 icinga-idoutils-debuginfo-1.5.1-5.4.1 icinga-idoutils-mysql-1.5.1-5.4.1 icinga-idoutils-oracle-1.5.1-5.4.1 icinga-idoutils-pgsql-1.5.1-5.4.1 icinga-plugins-eventhandlers-1.5.1-5.4.1 icinga-www-1.5.1-5.4.1 icinga-www-debuginfo-1.5.1-5.4.1 References: http://support.novell.com/security/cve/CVE-2012-3441.html https://bugzilla.novell.com/767319

1 0

openSUSE-SU-2012:0967-1: moderate: krb5: fixed several potential code execution flaws
by opensuse-security＠opensuse.org 08 Aug '12

08 Aug '12

openSUSE Security Update: krb5: fixed several potential code execution flaws ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0967-1 Rating: moderate References: #770172 Cross-References: CVE-2012-1014 CVE-2012-1015 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: Several potential codeexecution flaws were fixed in krb5. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-497 - openSUSE 11.4: zypper in -t patch openSUSE-2012-497 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): krb5-1.9.1-24.9.1 krb5-client-1.9.1-24.9.1 krb5-client-debuginfo-1.9.1-24.9.1 krb5-debuginfo-1.9.1-24.9.1 krb5-debugsource-1.9.1-24.9.1 krb5-devel-1.9.1-24.9.1 krb5-plugin-kdb-ldap-1.9.1-24.9.1 krb5-plugin-kdb-ldap-debuginfo-1.9.1-24.9.1 krb5-plugin-preauth-pkinit-1.9.1-24.9.1 krb5-plugin-preauth-pkinit-debuginfo-1.9.1-24.9.1 krb5-server-1.9.1-24.9.1 krb5-server-debuginfo-1.9.1-24.9.1 - openSUSE 12.1 (x86_64): krb5-32bit-1.9.1-24.9.1 krb5-debuginfo-32bit-1.9.1-24.9.1 krb5-devel-32bit-1.9.1-24.9.1 - openSUSE 12.1 (ia64): krb5-debuginfo-x86-1.9.1-24.9.1 krb5-x86-1.9.1-24.9.1 - openSUSE 11.4 (i586 x86_64): krb5-1.8.3-52.1 krb5-client-1.8.3-52.1 krb5-client-debuginfo-1.8.3-52.1 krb5-debuginfo-1.8.3-52.1 krb5-debugsource-1.8.3-52.1 krb5-devel-1.8.3-52.1 krb5-plugin-kdb-ldap-1.8.3-52.1 krb5-plugin-kdb-ldap-debuginfo-1.8.3-52.1 krb5-plugin-preauth-pkinit-1.8.3-52.1 krb5-plugin-preauth-pkinit-debuginfo-1.8.3-52.1 krb5-server-1.8.3-52.1 krb5-server-debuginfo-1.8.3-52.1 - openSUSE 11.4 (x86_64): krb5-32bit-1.8.3-52.1 krb5-debuginfo-32bit-1.8.3-52.1 krb5-devel-32bit-1.8.3-52.1 - openSUSE 11.4 (ia64): krb5-debuginfo-x86-1.8.3-52.1 krb5-x86-1.8.3-52.1 References: http://support.novell.com/security/cve/CVE-2012-1014.html http://support.novell.com/security/cve/CVE-2012-1015.html https://bugzilla.novell.com/770172

1 0

openSUSE-SU-2012:0955-1: moderate: tiff (CVE-2012-3401)
by opensuse-security＠opensuse.org 06 Aug '12

06 Aug '12

openSUSE Security Update: tiff (CVE-2012-3401) ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0955-1 Rating: moderate References: #770816 Cross-References: CVE-2012-3401 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The following issues was fixed in tiff: - a overflow in tiff2pdf (CVE-2012-3401) [bnc#770816] Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-492 - openSUSE 11.4: zypper in -t patch openSUSE-2012-492 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): libtiff-devel-3.9.5-8.10.1 libtiff3-3.9.5-8.10.1 libtiff3-debuginfo-3.9.5-8.10.1 tiff-3.9.5-8.10.1 tiff-debuginfo-3.9.5-8.10.1 tiff-debugsource-3.9.5-8.10.1 - openSUSE 12.1 (x86_64): libtiff-devel-32bit-3.9.5-8.10.1 libtiff3-32bit-3.9.5-8.10.1 libtiff3-debuginfo-32bit-3.9.5-8.10.1 - openSUSE 12.1 (ia64): libtiff3-debuginfo-x86-3.9.5-8.10.1 libtiff3-x86-3.9.5-8.10.1 - openSUSE 11.4 (i586 x86_64): libtiff-devel-3.9.4-31.1 libtiff3-3.9.4-31.1 libtiff3-debuginfo-3.9.4-31.1 tiff-3.9.4-31.1 tiff-debuginfo-3.9.4-31.1 tiff-debugsource-3.9.4-31.1 - openSUSE 11.4 (x86_64): libtiff-devel-32bit-3.9.4-31.1 libtiff3-32bit-3.9.4-31.1 libtiff3-debuginfo-32bit-3.9.4-31.1 - openSUSE 11.4 (ia64): libtiff3-debuginfo-x86-3.9.4-31.1 libtiff3-x86-3.9.4-31.1 References: http://support.novell.com/security/cve/CVE-2012-3401.html https://bugzilla.novell.com/770816

1 0

openSUSE-SU-2012:0954-1: moderate: rhythmbox (CVE-2012-3355)
by opensuse-security＠opensuse.org 06 Aug '12

06 Aug '12

openSUSE Security Update: rhythmbox (CVE-2012-3355) ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0954-1 Rating: moderate References: #768681 Cross-References: CVE-2012-3355 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This security update fixes problems in rhythmbox: - Add rhythmbox-CVE-2012-3355.patch: fix insecure temporary directory use in context plugin. (bnc#768681, CVE-2012-3355) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-491 - openSUSE 11.4: zypper in -t patch openSUSE-2012-491 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): rhythmbox-0.13.3-17.7.1 rhythmbox-debuginfo-0.13.3-17.7.1 rhythmbox-debugsource-0.13.3-17.7.1 rhythmbox-devel-0.13.3-17.7.1 - openSUSE 12.1 (noarch): rhythmbox-lang-0.13.3-17.7.1 - openSUSE 11.4 (i586 x86_64): rhythmbox-0.13.3-8.1 rhythmbox-debuginfo-0.13.3-8.1 rhythmbox-debugsource-0.13.3-8.1 rhythmbox-devel-0.13.3-8.1 - openSUSE 11.4 (noarch): rhythmbox-lang-0.13.3-8.1 References: http://support.novell.com/security/cve/CVE-2012-3355.html https://bugzilla.novell.com/768681

1 0