openSUSE Updates October 2013

updates@lists.opensuse.org

2 participants
64 discussions

openSUSE-SU-2013:1619-1: moderate: kernel: security and bugfix update to 3.4.63
by opensuse-security＠opensuse.org 31 Oct '13

31 Oct '13

openSUSE Security Update: kernel: security and bugfix update to 3.4.63 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1619-1 Rating: moderate References: #783858 #785542 #787649 #789598 #794988 #801178 #806976 #807153 #807471 #814336 #815320 #817377 #818053 #821560 #821612 #822575 #823342 #823517 #824171 #824295 #827749 #827750 #828119 #828714 #831055 #831058 #833321 #835414 #838346 Cross-References: CVE-2013-0231 CVE-2013-1774 CVE-2013-1819 CVE-2013-2148 CVE-2013-2164 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237 CVE-2013-2850 CVE-2013-2851 CVE-2013-4162 CVE-2013-4163 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 17 fixes is now available. Description: The Linux kernel was updated to 3.4.63, fixing various bugs and security issues. - Linux 3.4.59 (CVE-2013-2237 bnc#828119). - Linux 3.4.57 (CVE-2013-2148 bnc#823517). - Linux 3.4.55 (CVE-2013-2232 CVE-2013-2234 CVE-2013-4162 CVE-2013-4163 bnc#827749 bnc#827750 bnc#831055 bnc#831058). - Drivers: hv: util: Fix a bug in util version negotiation code (bnc#838346). - vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev (bnc#833321). - bnx2x: protect different statistics flows (bnc#814336). - bnx2x: Avoid sending multiple statistics queries (bnc#814336). - Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714). - Update Xen patches to 3.4.53. - netfront: fix kABI after "reduce gso_max_size to account for max TCP header". - netback: don't disconnect frontend when seeing oversize packet (bnc#823342). - netfront: reduce gso_max_size to account for max TCP header. - backends: Check for insane amounts of requests on the ring. - reiserfs: Fixed double unlock in reiserfs_setattr failure path. - reiserfs: locking, release lock around quota operations (bnc#815320). - reiserfs: locking, handle nested locks properly (bnc#815320). - reiserfs: locking, push write lock out of xattr code (bnc#815320). - ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size (bnc#831055, CVE-2013-4163). - af_key: fix info leaks in notify messages (bnc#827749 CVE-2013-2234). - af_key: initialize satype in key_notify_policy_flush() (bnc#828119 CVE-2013-2237). - ipv6: call udp_push_pending_frames when uncorking a socket with (bnc#831058, CVE-2013-4162). - ipv6: ip6_sk_dst_check() must not assume ipv6 dst. - xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end (CVE-2013-1819 bnc#807471). - brcmsmac: don't start device when RfKill is engaged (bnc#787649). - CIFS: Protect i_nlink from being negative (bnc#785542 bnc#789598). - cifs: don't compare uniqueids in cifs_prime_dcache unless server inode numbers are in use (bnc#794988). - xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053 bnc#807153). - xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053 bnc#807153). - Linux 3.4.53 (CVE-2013-2164 CVE-2013-2851 bnc#822575 bnc#824295). - drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (bnc#824295, CVE-2013-2164). - fanotify: info leak in copy_event_to_user() (CVE-2013-2148 bnc#823517). - block: do not pass disk names as format strings (bnc#822575 CVE-2013-2851). - ext4: avoid hang when mounting non-journal filesystems with orphan list (bnc#817377). - Linux 3.4.49 (CVE-2013-0231 XSA-43 bnc#801178). - Linux 3.4.48 (CVE-2013-1774 CVE-2013-2850 bnc#806976 bnc#821560). - Always include the git commit in KOTD builds This allows us not to set it explicitly in builds submitted to the official distribution (bnc#821612, bnc#824171). - Bluetooth: Really fix registering hci with duplicate name (bnc#783858). - Bluetooth: Fix registering hci with duplicate name (bnc#783858). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-813 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): kernel-default-3.4.63-2.44.1 kernel-default-base-3.4.63-2.44.1 kernel-default-base-debuginfo-3.4.63-2.44.1 kernel-default-debuginfo-3.4.63-2.44.1 kernel-default-debugsource-3.4.63-2.44.1 kernel-default-devel-3.4.63-2.44.1 kernel-default-devel-debuginfo-3.4.63-2.44.1 kernel-syms-3.4.63-2.44.1 - openSUSE 12.2 (i686 x86_64): kernel-debug-3.4.63-2.44.1 kernel-debug-base-3.4.63-2.44.1 kernel-debug-base-debuginfo-3.4.63-2.44.1 kernel-debug-debuginfo-3.4.63-2.44.1 kernel-debug-debugsource-3.4.63-2.44.1 kernel-debug-devel-3.4.63-2.44.1 kernel-debug-devel-debuginfo-3.4.63-2.44.1 kernel-desktop-3.4.63-2.44.1 kernel-desktop-base-3.4.63-2.44.1 kernel-desktop-base-debuginfo-3.4.63-2.44.1 kernel-desktop-debuginfo-3.4.63-2.44.1 kernel-desktop-debugsource-3.4.63-2.44.1 kernel-desktop-devel-3.4.63-2.44.1 kernel-desktop-devel-debuginfo-3.4.63-2.44.1 kernel-ec2-3.4.63-2.44.1 kernel-ec2-base-3.4.63-2.44.1 kernel-ec2-base-debuginfo-3.4.63-2.44.1 kernel-ec2-debuginfo-3.4.63-2.44.1 kernel-ec2-debugsource-3.4.63-2.44.1 kernel-ec2-devel-3.4.63-2.44.1 kernel-ec2-devel-debuginfo-3.4.63-2.44.1 kernel-ec2-extra-3.4.63-2.44.1 kernel-ec2-extra-debuginfo-3.4.63-2.44.1 kernel-trace-3.4.63-2.44.1 kernel-trace-base-3.4.63-2.44.1 kernel-trace-base-debuginfo-3.4.63-2.44.1 kernel-trace-debuginfo-3.4.63-2.44.1 kernel-trace-debugsource-3.4.63-2.44.1 kernel-trace-devel-3.4.63-2.44.1 kernel-trace-devel-debuginfo-3.4.63-2.44.1 kernel-vanilla-3.4.63-2.44.1 kernel-vanilla-debuginfo-3.4.63-2.44.1 kernel-vanilla-debugsource-3.4.63-2.44.1 kernel-vanilla-devel-3.4.63-2.44.1 kernel-vanilla-devel-debuginfo-3.4.63-2.44.1 kernel-xen-3.4.63-2.44.1 kernel-xen-base-3.4.63-2.44.1 kernel-xen-base-debuginfo-3.4.63-2.44.1 kernel-xen-debuginfo-3.4.63-2.44.1 kernel-xen-debugsource-3.4.63-2.44.1 kernel-xen-devel-3.4.63-2.44.1 kernel-xen-devel-debuginfo-3.4.63-2.44.1 - openSUSE 12.2 (noarch): kernel-devel-3.4.63-2.44.1 kernel-docs-3.4.63-2.44.2 kernel-source-3.4.63-2.44.1 kernel-source-vanilla-3.4.63-2.44.1 - openSUSE 12.2 (i686): kernel-pae-3.4.63-2.44.1 kernel-pae-base-3.4.63-2.44.1 kernel-pae-base-debuginfo-3.4.63-2.44.1 kernel-pae-debuginfo-3.4.63-2.44.1 kernel-pae-debugsource-3.4.63-2.44.1 kernel-pae-devel-3.4.63-2.44.1 kernel-pae-devel-debuginfo-3.4.63-2.44.1 References: http://support.novell.com/security/cve/CVE-2013-0231.html http://support.novell.com/security/cve/CVE-2013-1774.html http://support.novell.com/security/cve/CVE-2013-1819.html http://support.novell.com/security/cve/CVE-2013-2148.html http://support.novell.com/security/cve/CVE-2013-2164.html http://support.novell.com/security/cve/CVE-2013-2232.html http://support.novell.com/security/cve/CVE-2013-2234.html http://support.novell.com/security/cve/CVE-2013-2237.html http://support.novell.com/security/cve/CVE-2013-2850.html http://support.novell.com/security/cve/CVE-2013-2851.html http://support.novell.com/security/cve/CVE-2013-4162.html http://support.novell.com/security/cve/CVE-2013-4163.html https://bugzilla.novell.com/783858 https://bugzilla.novell.com/785542 https://bugzilla.novell.com/787649 https://bugzilla.novell.com/789598 https://bugzilla.novell.com/794988 https://bugzilla.novell.com/801178 https://bugzilla.novell.com/806976 https://bugzilla.novell.com/807153 https://bugzilla.novell.com/807471 https://bugzilla.novell.com/814336 https://bugzilla.novell.com/815320 https://bugzilla.novell.com/817377 https://bugzilla.novell.com/818053 https://bugzilla.novell.com/821560 https://bugzilla.novell.com/821612 https://bugzilla.novell.com/822575 https://bugzilla.novell.com/823342 https://bugzilla.novell.com/823517 https://bugzilla.novell.com/824171 https://bugzilla.novell.com/824295 https://bugzilla.novell.com/827749 https://bugzilla.novell.com/827750 https://bugzilla.novell.com/828119 https://bugzilla.novell.com/828714 https://bugzilla.novell.com/831055 https://bugzilla.novell.com/831058 https://bugzilla.novell.com/833321 https://bugzilla.novell.com/835414 https://bugzilla.novell.com/838346

1 0

openSUSE-SU-2013:1617-1: moderate: update for hplip
by opensuse-security＠opensuse.org 31 Oct '13

31 Oct '13

openSUSE Security Update: update for hplip ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1617-1 Rating: moderate References: #835827 #836937 Cross-References: CVE-2013-4288 CVE-2013-4325 Affected Products: openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: the following security issue was fixed for HPLIP 3.13.10: usage of an insecure polkit DBUS API (fix for bnc#836937 and CVE-2013-4325 that are related to CVE-2013-4288 and bnc#835827). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-812 - openSUSE 12.2: zypper in -t patch openSUSE-2013-812 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): hplip-3.12.11-2.5.1 hplip-debuginfo-3.12.11-2.5.1 hplip-debugsource-3.12.11-2.5.1 hplip-hpijs-3.12.11-2.5.1 hplip-hpijs-debuginfo-3.12.11-2.5.1 hplip-sane-3.12.11-2.5.1 hplip-sane-debuginfo-3.12.11-2.5.1 - openSUSE 12.2 (i586 x86_64): hplip-3.12.4-3.6.1 hplip-debuginfo-3.12.4-3.6.1 hplip-debugsource-3.12.4-3.6.1 hplip-hpijs-3.12.4-3.6.1 hplip-hpijs-debuginfo-3.12.4-3.6.1 hplip-sane-3.12.4-3.6.1 hplip-sane-debuginfo-3.12.4-3.6.1 References: http://support.novell.com/security/cve/CVE-2013-4288.html http://support.novell.com/security/cve/CVE-2013-4325.html https://bugzilla.novell.com/835827 https://bugzilla.novell.com/836937

1 0

openSUSE-SU-2013:1616-1: moderate: update for dropbear
by opensuse-security＠opensuse.org 31 Oct '13

31 Oct '13

openSUSE Security Update: update for dropbear ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1616-1 Rating: moderate References: #845306 Cross-References: CVE-2013-4421 CVE-2013-4434 Affected Products: openSUSE 12.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: dropbear was updated to version 2013.60 to fix following bugs: * Fix "make install" so that it doesn't always install to /bin and /sbin * Fix "make install MULTI=1", installing manpages failed * Fix "make install" when scp is included since it has no manpage * Make --disable-bundled-libtom work - used as bug fix release for bnc#845306 - VUL-0: CVE-2013-4421 and CVE-2013-4434 - provided links for download sources - employed gpg-offline - verify sources - imported upstream version 2013.59 * Fix crash from -J command Thanks to Lluís Batlle i Rossell and Arnaud Mouiche for patches * Avoid reading too much from /proc/net/rt_cache since that causes system slowness. * Improve EOF handling for half-closed connections Thanks to Catalin Patulea * Send a banner message to report PAM error messages intended for the user Patch from Martin Donnelly * Limit the size of decompressed payloads, avoids memory exhaustion denial of service Thanks to Logan Lamb for reporting and investigating it * Avoid disclosing existence of valid users through inconsistent delays Thanks to Logan Lamb for reporting * Update config.guess and config.sub for newer architectures * Avoid segfault in server for locked accounts * "make install" now installs manpages dropbearkey.8 has been renamed to dropbearkey.1 manpage added for dropbearconvert * Get rid of one second delay when running non-interactive commands Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-811 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): dropbear-2013.60-7.4.1 dropbear-debuginfo-2013.60-7.4.1 dropbear-debugsource-2013.60-7.4.1 References: http://support.novell.com/security/cve/CVE-2013-4421.html http://support.novell.com/security/cve/CVE-2013-4434.html https://bugzilla.novell.com/845306

1 0

openSUSE-SU-2013:1614-1: moderate: update for xorg-x11-server
by opensuse-security＠opensuse.org 30 Oct '13

30 Oct '13

openSUSE Security Update: update for xorg-x11-server ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1614-1 Rating: moderate References: #816813 #843652 Cross-References: CVE-2013-4396 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: Fixes the following security issue: - an authenticated X client can cause an X server to use memory after it was freed, potentially leading to crash and/or memory corruption. (CVE-2013-4396, bnc#843652) and the following bug was fixed too: - rfbAuthReenable is accessing rfbClient structure that was in most cases already freed. It actually needs only ScreenPtr, so pass it directly. (bnc#816813) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2013-153 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): xorg-x11-Xvnc-7.6_1.9.3-15.44.1 xorg-x11-Xvnc-debuginfo-7.6_1.9.3-15.44.1 xorg-x11-server-7.6_1.9.3-15.44.1 xorg-x11-server-debuginfo-7.6_1.9.3-15.44.1 xorg-x11-server-debugsource-7.6_1.9.3-15.44.1 xorg-x11-server-extra-7.6_1.9.3-15.44.1 xorg-x11-server-extra-debuginfo-7.6_1.9.3-15.44.1 xorg-x11-server-sdk-7.6_1.9.3-15.44.1 References: http://support.novell.com/security/cve/CVE-2013-4396.html https://bugzilla.novell.com/816813 https://bugzilla.novell.com/843652

1 0

openSUSE-SU-2013:1613-1: moderate: This update fixes a heap overflow in apache2-mod_fcgid, identified as CVE-2013-4365. [bnc#844935]
by opensuse-security＠opensuse.org 30 Oct '13

30 Oct '13

openSUSE Security Update: This update fixes a heap overflow in apache2-mod_fcgid, identified as CVE-2013-4365. [bnc#844935] ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1613-1 Rating: moderate References: #844935 Cross-References: CVE-2013-4365 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: the following security issue was fixed in apache2-mod_fcgid: - fixes a heap overflow identified by CVE-2013-4365 [bnc#844935]. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2013-152 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): apache2-mod_fcgid-2.3.6-6.1 apache2-mod_fcgid-debuginfo-2.3.6-6.1 apache2-mod_fcgid-debugsource-2.3.6-6.1 References: http://support.novell.com/security/cve/CVE-2013-4365.html https://bugzilla.novell.com/844935

1 0

openSUSE-RU-2013:1612-1: timezone: Update to 2013h
by maintenance＠opensuse.org 30 Oct '13

30 Oct '13

openSUSE Recommended Update: timezone: Update to 2013h ______________________________________________________________________________ Announcement ID: openSUSE-RU-2013:1612-1 Rating: low References: #845530 Affected Products: openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues with timezone: - update to to 2013h: * Lybia has switched back to UTC+2 * Western Sahara uses Morocco's DST rules * Acre sitches from UTC-4 to UTC-5 on Nov. 10th - bnc#845530: fix patch expansion for local time link - sync changes-file with the devel-project again Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-809 - openSUSE 12.2: zypper in -t patch openSUSE-2013-809 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): timezone-2013h-2.33.1 timezone-debuginfo-2013h-2.33.1 timezone-debugsource-2013h-2.33.1 - openSUSE 12.3 (noarch): timezone-java-2013h-2.33.1 - openSUSE 12.2 (i586 x86_64): timezone-2013h-1.40.1 timezone-debuginfo-2013h-1.40.1 timezone-debugsource-2013h-1.40.1 - openSUSE 12.2 (noarch): timezone-java-2013h-1.40.1 References: https://bugzilla.novell.com/845530

1 0

openSUSE-SU-2013:1611-1: moderate: update for ruby19
by opensuse-security＠opensuse.org 30 Oct '13

30 Oct '13

openSUSE Security Update: update for ruby19 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1611-1 Rating: moderate References: #837457 #843686 Cross-References: CVE-2013-2065 CVE-2013-4287 CVE-2013-4363 Affected Products: openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: ruby19 was updated to fix the following security issues: - fix CVE-2013-2065: Object taint bypassing in DL and Fiddle (bnc#843686) The file CVE-2013-2065.patch contains the patch - fix CVE-2013-4287 CVE-2013-4363: ruby19: Algorithmic complexity vulnerability (bnc#837457) The file CVE-2013-4287-4363.patch contains the patch Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-806 - openSUSE 12.2: zypper in -t patch openSUSE-2013-806 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): ruby19-1.9.3.p392-1.13.1 ruby19-debuginfo-1.9.3.p392-1.13.1 ruby19-debugsource-1.9.3.p392-1.13.1 ruby19-devel-1.9.3.p392-1.13.1 ruby19-devel-extra-1.9.3.p392-1.13.1 ruby19-tk-1.9.3.p392-1.13.1 ruby19-tk-debuginfo-1.9.3.p392-1.13.1 - openSUSE 12.3 (noarch): ruby19-doc-ri-1.9.3.p392-1.13.1 - openSUSE 12.2 (i586 x86_64): ruby19-1.9.3.p392-3.30.1 ruby19-debuginfo-1.9.3.p392-3.30.1 ruby19-debugsource-1.9.3.p392-3.30.1 ruby19-devel-1.9.3.p392-3.30.1 ruby19-devel-extra-1.9.3.p392-3.30.1 ruby19-tk-1.9.3.p392-3.30.1 ruby19-tk-debuginfo-1.9.3.p392-3.30.1 - openSUSE 12.2 (noarch): ruby19-doc-ri-1.9.3.p392-3.30.1 References: http://support.novell.com/security/cve/CVE-2013-2065.html http://support.novell.com/security/cve/CVE-2013-4287.html http://support.novell.com/security/cve/CVE-2013-4363.html https://bugzilla.novell.com/837457 https://bugzilla.novell.com/843686

1 0

openSUSE-SU-2013:1610-1: moderate: update for xorg-x11-server
by opensuse-security＠opensuse.org 30 Oct '13

30 Oct '13

openSUSE Security Update: update for xorg-x11-server ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1610-1 Rating: moderate References: #816813 #843652 Cross-References: CVE-2013-4396 Affected Products: openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: Fixes the following security issue: - an authenticated X client can cause an X server to use memory after it was freed, potentially leading to crash and/or memory corruption. (CVE-2013-4396, bnc#843652) and the following bug was fixed too: - rfbAuthReenable is accessing rfbClient structure that was in most cases already freed. It actually needs only ScreenPtr, so pass it directly. (bnc#816813) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-807 - openSUSE 12.2: zypper in -t patch openSUSE-2013-807 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): xorg-x11-server-7.6_1.13.2-1.17.1 xorg-x11-server-debuginfo-7.6_1.13.2-1.17.1 xorg-x11-server-debugsource-7.6_1.13.2-1.17.1 xorg-x11-server-extra-7.6_1.13.2-1.17.1 xorg-x11-server-extra-debuginfo-7.6_1.13.2-1.17.1 xorg-x11-server-sdk-7.6_1.13.2-1.17.1 - openSUSE 12.2 (i586 x86_64): xorg-x11-Xvnc-7.6_1.12.3-1.37.1 xorg-x11-Xvnc-debuginfo-7.6_1.12.3-1.37.1 xorg-x11-server-7.6_1.12.3-1.37.1 xorg-x11-server-debuginfo-7.6_1.12.3-1.37.1 xorg-x11-server-debugsource-7.6_1.12.3-1.37.1 xorg-x11-server-extra-7.6_1.12.3-1.37.1 xorg-x11-server-extra-debuginfo-7.6_1.12.3-1.37.1 xorg-x11-server-sdk-7.6_1.12.3-1.37.1 References: http://support.novell.com/security/cve/CVE-2013-4396.html https://bugzilla.novell.com/816813 https://bugzilla.novell.com/843652

1 0

openSUSE-SU-2013:1609-1: moderate: update for apache2-mod_fcgid
by opensuse-security＠opensuse.org 30 Oct '13

30 Oct '13

openSUSE Security Update: update for apache2-mod_fcgid ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1609-1 Rating: moderate References: #844935 Cross-References: CVE-2013-4365 Affected Products: openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: the following security issue was fixed in apache2-mod_fcgid: - fixes a heap overflow identified by CVE-2013-4365 [bnc#844935]. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-808 - openSUSE 12.2: zypper in -t patch openSUSE-2013-808 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): apache2-mod_fcgid-2.3.6-11.4.1 apache2-mod_fcgid-debuginfo-2.3.6-11.4.1 apache2-mod_fcgid-debugsource-2.3.6-11.4.1 - openSUSE 12.2 (i586 x86_64): apache2-mod_fcgid-2.3.6-9.4.1 apache2-mod_fcgid-debuginfo-2.3.6-9.4.1 apache2-mod_fcgid-debugsource-2.3.6-9.4.1 References: http://support.novell.com/security/cve/CVE-2013-4365.html https://bugzilla.novell.com/844935

1 0

openSUSE-RU-2013:1602-1: moderate: yast2-autofs: fixed Yast2 autoFS module running with UI
by maintenance＠opensuse.org 29 Oct '13

29 Oct '13

openSUSE Recommended Update: yast2-autofs: fixed Yast2 autoFS module running with UI ______________________________________________________________________________ Announcement ID: openSUSE-RU-2013:1602-1 Rating: moderate References: #740167 Affected Products: openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue with yast2-autofs: - bnc#740167: fixed Yast2 autoFS module running with UI Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-805 - openSUSE 12.2: zypper in -t patch openSUSE-2013-805 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (noarch): yast2-autofs-2.22.0-4.5.1 - openSUSE 12.2 (noarch): yast2-autofs-2.22.0-2.5.1 References: https://bugzilla.novell.com/740167

1 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

openSUSE Updates October 2013