December 2013 - openSUSE Updates - openSUSE Mailing Lists

openSUSE-SU-2013:1971-1: moderate: kernel: security and bugfix update
by opensuse-security＠opensuse.org 30 Dec '13

30 Dec '13

openSUSE Security Update: kernel: security and bugfix update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1971-1 Rating: moderate References: #799516 #801341 #802347 #804198 #807153 #807188 #807471 #808827 #809906 #810144 #810473 #811882 #812116 #813733 #813889 #814211 #814336 #814510 #815256 #815320 #816668 #816708 #817651 #818053 #818561 #821612 #821735 #822575 #822579 #823267 #823342 #823517 #823633 #823797 #824171 #824295 #826102 #826350 #826374 #827749 #827750 #828119 #828191 #828714 #829539 #831058 #831956 #832615 #833321 #833585 #834647 #837258 #838346 Cross-References: CVE-2013-0914 CVE-2013-1059 CVE-2013-1819 CVE-2013-1929 CVE-2013-1979 CVE-2013-2141 CVE-2013-2148 CVE-2013-2164 CVE-2013-2206 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237 CVE-2013-2546 CVE-2013-2547 CVE-2013-2548 CVE-2013-2634 CVE-2013-2635 CVE-2013-2851 CVE-2013-2852 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3226 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3230 CVE-2013-3231 CVE-2013-3232 CVE-2013-3233 CVE-2013-3234 CVE-2013-3235 CVE-2013-3301 CVE-2013-4162 Affected Products: openSUSE 12.3 ______________________________________________________________________________ An update that solves 34 vulnerabilities and has 19 fixes is now available. Description: The Linux Kernel was updated to fix various security issues and bugs. - sctp: Use correct sideffect command in duplicate cookie handling (bnc#826102, CVE-2013-2206). - Drivers: hv: util: Fix a bug in util version negotiation code (bnc#838346). - vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev (bnc#833321). - md/raid1,5,10: Disable WRITE SAME until a recovery strategy is in place (bnc#813889). - netback: don't disconnect frontend when seeing oversize packet (bnc#823342). - netfront: reduce gso_max_size to account for max TCP header. - netfront: fix kABI after "reduce gso_max_size to account for max TCP header". - backends: Check for insane amounts of requests on the ring. - Refresh other Xen patches (bnc#804198, bnc#814211, bnc#826374). - Fix TLB gather virtual address range invalidation corner cases (TLB gather memory corruption). - mm: fix the TLB range flushed when __tlb_remove_page() runs out of slots (TLB gather memory corruption). - bnx2x: protect different statistics flows (bnc#814336). - Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714). - kabi/severities: Ignore changes in drivers/hv - e1000e: workaround DMA unit hang on I218 (bnc#834647). - e1000e: unexpected "Reset adapter" message when cable pulled (bnc#834647). - e1000e: 82577: workaround for link drop issue (bnc#834647). - e1000e: helper functions for accessing EMI registers (bnc#834647). - atl1c: Fix misuse of netdev_alloc_skb in refilling rx ring (bnc#812116). - reiserfs: Fixed double unlock in reiserfs_setattr failure path. - reiserfs: locking, release lock around quota operations (bnc#815320). - reiserfs: locking, handle nested locks properly (bnc#815320). - reiserfs: locking, push write lock out of xattr code (bnc#815320). - af_key: fix info leaks in notify messages (bnc#827749 CVE-2013-2234). - af_key: initialize satype in key_notify_policy_flush() (bnc#828119 CVE-2013-2237). - kernel/signal.c: stop info leak via the tkill and the tgkill syscalls (bnc#823267 CVE-2013-2141). - b43: stop format string leaking into error msgs (bnc#822579 CVE-2013-2852). - net: fix incorrect credentials passing (bnc#816708 CVE-2013-1979). - tipc: fix info leaks via msg_name in recv_msg/recv_stream (bnc#816668 CVE-2013-3235). - rose: fix info leak via msg_name in rose_recvmsg() (bnc#816668 CVE-2013-3234). - NFC: llcp: fix info leaks via msg_name in llcp_sock_recvmsg() (bnc#816668 CVE-2013-3233). - netrom: fix info leak via msg_name in nr_recvmsg() (bnc#816668 CVE-2013-3232). - llc: Fix missing msg_namelen update in llc_ui_recvmsg() (bnc#816668 CVE-2013-3231). - l2tp: fix info leak in l2tp_ip6_recvmsg() (bnc#816668 CVE-2013-3230). - iucv: Fix missing msg_namelen update in iucv_sock_recvmsg() (bnc#816668 CVE-2013-3229). - irda: Fix missing msg_namelen update in irda_recvmsg_dgram() (bnc#816668 CVE-2013-3228). - caif: Fix missing msg_namelen update in caif_seqpkt_recvmsg() (bnc#816668 CVE-2013-3227). - Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (bnc#816668 CVE-2013-3226). - Bluetooth: fix possible info leak in bt_sock_recvmsg() (bnc#816668 CVE-2013-3224). - ax25: fix info leak via msg_name in ax25_recvmsg() (bnc#816668 CVE-2013-3223). - atm: update msg_namelen in vcc_recvmsg() (bnc#816668 CVE-2013-3222). - ipv6: call udp_push_pending_frames when uncorking a socket with (bnc#831058, CVE-2013-4162). - tracing: Fix possible NULL pointer dereferences (bnc#815256 CVE-2013-3301). - tg3: fix length overflow in VPD firmware parsing (bnc#813733 CVE-2013-1929). - dcbnl: fix various netlink info leaks (bnc#810473 CVE-2013-2634). - rtnl: fix info leak on RTM_GETLINK request for VF devices (bnc#810473 CVE-2013-2635). - crypto: user - fix info leaks in report API (bnc#809906 CVE-2013-2546 CVE-2013-2547 CVE-2013-2548). - kernel/signal.c: use __ARCH_HAS_SA_RESTORER instead of SA_RESTORER (bnc#808827 CVE-2013-0914). - signal: always clear sa_restorer on execve (bnc#808827 CVE-2013-0914). - signal: Define __ARCH_HAS_SA_RESTORER so we know whether to clear sa_restorer (bnc#808827 CVE-2013-0914). - ipv6: ip6_sk_dst_check() must not assume ipv6 dst (bnc#827750, CVE-2013-2232). - xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end (CVE-2013-1819 bnc#807471). - blk: avoid divide-by-zero with zero discard granularity (bnc#832615). - dlm: check the write size from user (bnc#831956). - drm/i915: Serialize almost all register access (bnc#823633). - drm/i915: initialize gt_lock early with other spin locks (bnc#801341). - drm/i915: fix up gt init sequence fallout (bnc#801341). - drm/nouveau/hwmon: s/fan0/fan1/. - Drivers: hv: balloon: Do not post pressure status if interrupted (bnc#829539). - drm/i915: Clear FORCEWAKE when taking over from BIOS (bnc#801341). - drm/i915: Apply alignment restrictions on scanout surfaces for VT-d (bnc#818561). - fs/notify/inode_mark.c: make fsnotify_find_inode_mark_locked() static (bnc#807188). - fsnotify: change locking order (bnc#807188). - fsnotify: dont put marks on temporary list when clearing marks by group (bnc#807188). - fsnotify: introduce locked versions of fsnotify_add_mark() and fsnotify_remove_mark() (bnc#807188). - fsnotify: pass group to fsnotify_destroy_mark() (bnc#807188). - fsnotify: use a mutex instead of a spinlock to protect a groups mark list (bnc#807188). - fanotify: add an extra flag to mark_remove_from_mask that indicates wheather a mark should be destroyed (bnc#807188). - fsnotify: take groups mark_lock before mark lock (bnc#807188). - fsnotify: use reference counting for groups (bnc#807188). - fsnotify: introduce fsnotify_get_group() (bnc#807188). - inotify, fanotify: replace fsnotify_put_group() with fsnotify_destroy_group() (bnc#807188). - drm/i915: fix long-standing SNB regression in power consumption after resume v2 (bnc#801341). - drm/nouveau: use vmalloc for pgt allocation (bnc#802347). - USB: xhci: correctly enable interrupts (bnc#828191). - drm/i915: Resurrect ring kicking for semaphores, selectively (bnc#823633,bnc#799516). - ALSA: usb-audio: Fix invalid volume resolution for Logitech HD Webcam c310 (bnc#821735). - ALSA: usb-audio - Fix invalid volume resolution on Logitech HD webcam c270 (bnc#821735). - config: sync up config options added with btrfs update - xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053 bnc#807153). - xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053 bnc#807153). - btrfs: update to v3.10. - block: Add bio_end_sector(). - block: Use bio_sectors() more consistently. - btrfs: handle lookup errors after subvol/snapshot creation. - btrfs: add new ioctl to determine size of compressed file (FATE#306586). - btrfs: reduce btrfs_path size (FATE#306586). - btrfs: simplify move_pages and copy_pages (FATE#306586). - Prefix mount messages with btrfs: for clarity (FATE#306586). - Btrfs: forced readonly when free_log_tree fails (FATE#306586). - Btrfs: forced readonly when orphan_del fails (FATE#306586). - btrfs: abort unlink trans in missed error case. - btrfs: access superblock via pagecache in scan_one_device. - Btrfs: account for orphan inodes properly during cleanup. - Btrfs: add a comment for fs_info->max_inline. - Btrfs: add a incompatible format change for smaller metadata extent refs. - Btrfs: Add a new ioctl to get the label of a mounted file system. - Btrfs: add a plugging callback to raid56 writes. - Btrfs: add a rb_tree to improve performance of ulist search. - Btrfs: Add a stripe cache to raid56. - Btrfs: Add ACCESS_ONCE() to transaction->abort accesses. - Btrfs: add all ioctl checks before user change for quota operations. - Btrfs: add btrfs_scratch_superblock() function. - btrfs: add cancellation points to defrag. - Btrfs: add code to scrub to copy read data to another disk. - btrfs: add debug check for extent_io range alignment. - Btrfs: add fiemap's flag check. - Btrfs: add ioctl to wait for qgroup rescan completion. - btrfs: add missing break in btrfs_print_leaf(). - Btrfs: add new sources for device replace code. - btrfs: add "no file data" flag to btrfs send ioctl. - Btrfs: add orphan before truncating pagecache. - Btrfs: add path->really_keep_locks. - btrfs: add prefix to sanity tests messages. - Btrfs: add rw argument to merge_bio_hook(). - Btrfs: add some free space cache tests. - Btrfs: add some missing iput()'s in btrfs_orphan_cleanup. - Btrfs: add support for device replace ioctls. - Btrfs: add tree block level sanity check. - Btrfs: add two more find_device() methods. - Btrfs: allocate new chunks if the space is not enough for global rsv. - Btrfs: allow file data clone within a file. - Btrfs: allow for selecting only completely empty chunks. - Btrfs: allow omitting stream header and end-cmd for btrfs send. - Btrfs: allow repair code to include target disk when searching mirrors. - Btrfs: allow running defrag in parallel to administrative tasks. - Btrfs: allow superblock mismatch from older mkfs. - btrfs: annotate intentional switch case fallthroughs. - btrfs: annotate quota tree for lockdep. - Btrfs: automatic rescan after "quota enable" command. - Btrfs: avoid deadlock on transaction waiting list. - Btrfs: avoid double free of fs_info->qgroup_ulist. - Btrfs: avoid risk of a deadlock in btrfs_handle_error. - Btrfs: bring back balance pause/resume logic. - Btrfs: build up error handling for merge_reloc_roots. - Btrfs: change core code of btrfs to support the device replace operations. - Btrfs: changes to live filesystem are also written to replacement disk. - Btrfs: Check CAP_DAC_READ_SEARCH for BTRFS_IOC_INO_PATHS. - Btrfs: check for actual acls rather than just xattrs when caching no acl. - Btrfs: check for NULL pointer in updating reloc roots. - Btrfs: check if leaf's parent exists before pushing items around. - Btrfs: check if we can nocow if we don't have data space. - Btrfs: check return value of commit when recovering log. - Btrfs: check the return value of btrfs_run_ordered_operations(). - Btrfs: check the return value of btrfs_start_delalloc_inodes(). - btrfs: clean snapshots one by one. - btrfs: clean up transaction abort messages. - Btrfs: cleanup backref search commit root flag stuff. - Btrfs: cleanup, btrfs_read_fs_root_no_name() doesn't return NULL. - Btrfs: cleanup destroy_marked_extents. - Btrfs: cleanup: don't check the same thing twice. - Btrfs: cleanup duplicated division functions. - Btrfs: cleanup for btrfs_btree_balance_dirty. - Btrfs: cleanup for btrfs_wait_order_range. - btrfs: cleanup for open-coded alignment. - Btrfs: cleanup fs roots if we fail to mount. - Btrfs: cleanup of function where btrfs_extend_item() is called. - Btrfs: cleanup of function where fixup_low_keys() is called. - Btrfs: cleanup orphan reservation if truncate fails. - Btrfs: cleanup orphaned root orphan item. - Btrfs: cleanup redundant code in btrfs_submit_direct(). - Btrfs: cleanup scrub bio and worker wait code. - Btrfs: cleanup similar code in delayed inode. - btrfs: Cleanup some redundant codes in btrfs_log_inode(). - btrfs: Cleanup some redundant codes in btrfs_lookup_csums_range(). - Btrfs: cleanup the code of copy_nocow_pages_for_inode(). - Btrfs: cleanup the similar code of the fs root read. - Btrfs: cleanup to make the function btrfs_delalloc_reserve_metadata more logic. - Btrfs: cleanup to remove reduplicate code in transaction.c. - Btrfs: cleanup unnecessary assignment when cleaning up all the residual transaction. - Btrfs: cleanup unnecessary clear when freeing a transaction or a trans handle. - Btrfs: cleanup unused arguments. - Btrfs: cleanup unused arguments in send.c. - Btrfs: cleanup unused arguments of btrfs_csum_data. - Btrfs: cleanup unused function. - Btrfs: clear received_uuid field for new writable snapshots. - Btrfs: Cocci spatch "memdup.spatch". - Btrfs: Cocci spatch "ptr_ret.spatch". - Btrfs: compare relevant parts of delayed tree refs. - Btrfs: copy everything if we've created an inline extent. - btrfs: cover more error codes in btrfs_decode_error. - Btrfs: creating the subvolume qgroup automatically when enabling quota. - Btrfs: deal with bad mappings in btrfs_map_block. - Btrfs: deal with errors in write_dev_supers. - Btrfs: deal with free space cache errors while replaying log. - btrfs: define BTRFS_MAGIC as a u64 value. - Btrfs: delete inline extents when we find them during logging. - Btrfs: delete unused function. - Btrfs: delete unused parameter to btrfs_read_root_item(). - btrfs: deprecate subvolrootid mount option. - btrfs: device delete to get errors from the kernel. - Btrfs: disable qgroup id 0. - Btrfs: disallow mutually exclusive admin operations from user mode. - Btrfs: disallow some operations on the device replace target device. - btrfs: do away with non-whole_page extent I/O. - Btrfs: do delay iput in sync_fs. - Btrfs: do not allow logged extents to be merged or removed. - Btrfs: do not BUG_ON in prepare_to_reloc. - Btrfs: do not BUG_ON on aborted situation. - Btrfs: do not call file_update_time in aio_write. - Btrfs: do not change inode flags in rename. - Btrfs: do not continue if out of memory happens. - Btrfs: do not delete a subvolume which is in a R/O subvolume. - Btrfs: do not log extents when we only log new names. - Btrfs: do not mark ems as prealloc if we are writing to them. - Btrfs: do not merge logged extents if we've removed them from the tree. - Btrfs: do not overcommit if we don't have enough space for global rsv. - Btrfs: do not pin while under spin lock. - Btrfs: do not warn_on io_ctl->cur in io_ctl_map_page. - Btrfs: don't abort the current transaction if there is no enough space for inode cache. - Btrfs: don't add a NULL extended attribute. - Btrfs: don't allow degraded mount if too many devices are missing. - Btrfs: don't allow device replace on RAID5/RAID6. - Btrfs: don't auto defrag a file when doing directIO. - Btrfs: don't bother copying if we're only logging the inode. - Btrfs: don't BUG_ON() in btrfs_num_copies. - Btrfs: don't call btrfs_qgroup_free if just btrfs_qgroup_reserve fails. - Btrfs: don't call readahead hook until we have read the entire eb. - Btrfs: don't delete fs_roots until after we cleanup the transaction. - Btrfs: don't drop path when printing out tree errors in scrub. - Btrfs: don't flush the delalloc inodes in the while loop if flushoncommit is set. - Btrfs: don't force pages under writeback to finish when aborting. - Btrfs: don't invoke btrfs_invalidate_inodes() in the spin lock context. - Btrfs: don't memset new tokens. - Btrfs: don't null pointer deref on abort. - Btrfs: don't panic if we're trying to drop too many refs. - Btrfs: don't re-enter when allocating a chunk. - Btrfs: don't start a new transaction when starting sync. - Btrfs: don't steal the reserved space from the global reserve if their space type is different. - btrfs: don't stop searching after encountering the wrong item. - Btrfs: don't take inode delalloc mutex if we're a free space inode. - Btrfs: don't traverse the ordered operation list repeatedly. - Btrfs: Don't trust the superblock label and simply printk("%s") it. - Btrfs: don't try and free ebs twice in log replay. - btrfs: don't try to notify udev about missing devices. - Btrfs: don't use global block reservation for inode cache truncation. - Btrfs: don't wait for all the writers circularly during the transaction commit. - Btrfs: don't wait on ordered extents if we have a trans open. - Btrfs: dont do log_removal in insert_new_root. - btrfs: Drop inode if inode root is NULL. - Btrfs: eliminate a use-after-free in btrfs_balance(). - Btrfs: enforce min_bytes parameter during extent allocation. - Btrfs: enhance btrfs structures for device replace support. - btrfs: enhance superblock checks. - btrfs: ensure we don't overrun devices_info in __btrfs_alloc_chunk. - Btrfs: exclude logged extents before replying when we are mixed. - Btrfs: explicitly use global_block_rsv for quota_tree. - Btrfs: extend the checksum item as much as possible. - btrfs: fall back to global reservation when removing subvolumes. - Btrfs: fill the global reserve when unpinning space. - Btrfs: fix a bug of per-file nocow. - Btrfs: fix a bug when llseek for delalloc bytes behind prealloc extents. - Btrfs: fix a build warning for an unused label. - Btrfs: fix a deadlock in aborting transaction due to ENOSPC. - Btrfs: fix a double free on pending snapshots in error handling. - Btrfs: fix a mismerge in btrfs_balance(). - Btrfs: fix a regression in balance usage filter. - Btrfs: fix a scrub regression in case of write errors. - Btrfs: fix a warning when disabling quota. - Btrfs: fix a warning when updating qgroup limit. - Btrfs: fix accessing a freed tree root. - Btrfs: fix accessing the root pointer in tree mod log functions. - Btrfs: fix all callers of read_tree_block. - Btrfs: fix an while-loop of listxattr. - Btrfs: fix autodefrag and umount lockup. - Btrfs: fix backref walking race with tree deletions. - Btrfs: fix bad extent logging. - Btrfs: fix broken nocow after balance. - btrfs: fix btrfs_cont_expand() freeing IS_ERR em. - btrfs: fix btrfs_extend_item() comment. - Btrfs: fix BUG() in scrub when first superblock reading gives EIO. - Btrfs: fix check on same raid type flag twice. - Btrfs: fix chunk allocation error handling. - Btrfs: fix cleaner thread not working with inode cache option. - Btrfs: fix cluster alignment for mount -o ssd. - btrfs: fix comment typos. - Btrfs: fix confusing edquot happening case. - Btrfs: fix crash in log replay with qgroups enabled. - Btrfs: fix crash regarding to ulist_add_merge. - Btrfs: fix deadlock due to unsubmitted. - Btrfs: fix double free in the btrfs_qgroup_account_ref(). - Btrfs: fix double free in the iterate_extent_inodes(). - Btrfs: fix EDQUOT handling in btrfs_delalloc_reserve_metadata. - Btrfs: fix EIO from btrfs send in is_extent_unchanged for punched holes. - Btrfs: fix error handling in btrfs_ioctl_send(). - Btrfs: fix error handling in make/read block group. - Btrfs: fix estale with btrfs send. - Btrfs: fix extent logging with O_DIRECT into prealloc. - Btrfs: fix freeing delayed ref head while still holding its mutex. - Btrfs: fix freeze vs auto defrag. - Btrfs: fix hash overflow handling. - Btrfs: fix how we discard outstanding ordered extents on abort. - Btrfs: fix infinite loop when we abort on mount. - Btrfs: fix joining the same transaction handler more than 2 times. - Btrfs: fix lockdep warning. - Btrfs: fix locking on ROOT_REPLACE operations in tree mod log. - Btrfs: fix lots of orphan inodes when the space is not enough. - Btrfs: fix max chunk size on raid5/6. - Btrfs: fix memory leak in btrfs_create_tree(). - Btrfs: fix memory leak in name_cache_insert(). - Btrfs: fix memory leak of log roots. - Btrfs: fix memory leak of pending_snapshot->inherit. - Btrfs: fix memory patcher through fs_info->qgroup_ulist. - btrfs: fix minor typo in comment. - btrfs: fix misleading variable name for flags. - Btrfs: fix missed transaction->aborted check. - Btrfs: fix missing check about ulist_add() in qgroup.c. - Btrfs: fix missing check before creating a qgroup relation. - Btrfs: fix missing check before disabling quota. - Btrfs: fix missing check in the btrfs_qgroup_inherit(). - Btrfs: fix missing deleted items in btrfs_clean_quota_tree. - Btrfs: fix missing flush when committing a transaction. - Btrfs: fix missing i_size update. - Btrfs: fix missing log when BTRFS_INODE_NEEDS_FULL_SYNC is set. - Btrfs: fix missing qgroup reservation before fallocating. - Btrfs: fix missing release of qgroup reservation in commit_transaction(). - Btrfs: fix missing release of the space/qgroup reservation in start_transaction(). - Btrfs: fix missing reserved space release in error path of delalloc reservation. - Btrfs: fix missing write access release in btrfs_ioctl_resize(). - Btrfs: fix "mutually exclusive op is running" error code. - Btrfs: fix not being able to find skinny extents during relocate. - Btrfs: fix NULL pointer after aborting a transaction. - Btrfs: fix off-by-one error of the reserved size of btrfs_allocate(). - Btrfs: fix off-by-one error of the same page check in btrfs_punch_hole(). - Btrfs: fix off-by-one in fiemap. - Btrfs: fix off-by-one in lseek. - Btrfs: fix oops when recovering the file data by scrub function. - Btrfs: fix panic when recovering tree log. - Btrfs: fix permissions of empty files not affected by umask. - Btrfs: fix permissions of empty files not affected by umask. - Btrfs: fix possible infinite loop in slow caching. - Btrfs: fix possible memory leak in replace_path(). - Btrfs: fix possible memory leak in the find_parent_nodes(). - Btrfs: fix possible stale data exposure. - Btrfs: Fix printk and variable name. - Btrfs: fix qgroup rescan resume on mount. - Btrfs: fix race between mmap writes and compression. - Btrfs: fix race between snapshot deletion and getting inode. - Btrfs: fix race in check-integrity caused by usage of bitfield. - Btrfs: fix reada debug code compilation. - Btrfs: fix remount vs autodefrag. - Btrfs: fix repeated delalloc work allocation. - Btrfs: fix resize a readonly device. - Btrfs: fix several potential problems in copy_nocow_pages_for_inode. - Btrfs: fix space accounting for unlink and rename. - Btrfs: fix space leak when we fail to reserve metadata space. - btrfs: fix the code comments for LZO compression workspace. - Btrfs: fix the comment typo for btrfs_attach_transaction_barrier. - Btrfs: fix the deadlock between the transaction start/attach and commit. - Btrfs: fix the page that is beyond EOF. - Btrfs: fix the qgroup reserved space is released prematurely. - Btrfs: fix the race between bio and btrfs_stop_workers. - Btrfs: fix transaction throttling for delayed refs. - Btrfs: fix tree mod log regression on root split operations. - Btrfs: fix trivial error in btrfs_ioctl_resize(). - Btrfs: Fix typo in fs/btrfs. - Btrfs: fix unblocked autodefraggers when remount. - Btrfs: fix unclosed transaction handler when the async transaction commitment fails. - Btrfs: fix uncompleted transaction. - Btrfs: fix unlock after free on rewinded tree blocks. - Btrfs: fix unlock order in btrfs_ioctl_resize. - Btrfs: fix unlock order in btrfs_ioctl_rm_dev. - Btrfs: fix unnecessary while loop when search the free space, cache. - Btrfs: fix unprotected defragable inode insertion. - Btrfs: fix unprotected extent map operation when logging file extents. - Btrfs: fix unprotected root node of the subvolume's inode rb-tree. - Btrfs: fix use-after-free bug during umount. - btrfs: fix varargs in __btrfs_std_error. - Btrfs: fix warning of free_extent_map. - Btrfs: fix warning when creating snapshots. - Btrfs: fix wrong comment in can_overcommit(). - Btrfs: fix wrong file extent length. - Btrfs: fix wrong handle at error path of create_snapshot() when the commit fails. - Btrfs: fix wrong max device number for single profile. - Btrfs: fix wrong mirror number tuning. - Btrfs: fix wrong outstanding_extents when doing DIO write. - Btrfs: fix wrong reservation of csums. - Btrfs: fix wrong reserved space in qgroup during snap/subv creation. - Btrfs: fix wrong reserved space when deleting a snapshot/subvolume. - Btrfs: fix wrong return value of btrfs_lookup_csum(). - Btrfs: fix wrong return value of btrfs_truncate_page(). - Btrfs: fix wrong return value of btrfs_wait_for_commit(). - Btrfs: fix wrong sync_writers decrement in btrfs_file_aio_write(). - btrfs: fixup/remove module.h usage as required. - Btrfs: flush all dirty inodes if writeback can not start. - Btrfs: free all recorded tree blocks on error. - Btrfs: free csums when we're done scrubbing an extent. - Btrfs: get better concurrency for snapshot-aware defrag work. - Btrfs: get right arguments for btrfs_wait_ordered_range. - btrfs: get the device in write mode when deleting it. - Btrfs: get write access for qgroup operations. - Btrfs: get write access for scrub. - Btrfs: get write access when doing resize fs. - Btrfs: get write access when removing a device. - Btrfs: get write access when setting the default subvolume. - Btrfs: handle a bogus chunk tree nicely. - Btrfs: handle errors from btrfs_map_bio() everywhere. - Btrfs: handle errors in compression submission path. - btrfs: handle errors returned from get_tree_block_key. - btrfs: handle null fs_info in btrfs_panic(). - Btrfs: handle running extent ops with skinny metadata. - Btrfs: hold the ordered operations mutex when waiting on ordered extents. - Btrfs: hold the tree mod lock in __tree_mod_log_rewind. - Btrfs: if we aren't committing just end the transaction if we error out. - btrfs: ignore device open failures in __btrfs_open_devices. - Btrfs: ignore orphan qgroup relations. - Btrfs: implement unlocked dio write. - Btrfs: improve the delayed inode throttling. - Btrfs: improve the loop of scrub_stripe. - Btrfs: improve the noflush reservation. - Btrfs: improve the performance of the csums lookup. - Btrfs: in scrub repair code, optimize the reading of mirrors. - Btrfs: in scrub repair code, simplify alloc error handling. - Btrfs: Include the device in most error printk()s. - Btrfs: increase BTRFS_MAX_MIRRORS by one for dev replace. - btrfs: Init io_lock after cloning btrfs device struct. - Btrfs: init relocate extent_io_tree with a mapping. - Btrfs: inline csums if we're fsyncing. - Btrfs: introduce a btrfs_dev_replace_item type. - Btrfs: introduce a mutex lock for btrfs quota operations. - Btrfs: introduce GET_READ_MIRRORS functionality for btrfs_map_block(). - Btrfs: introduce grab/put functions for the root of the fs/file tree. - Btrfs: introduce per-subvolume delalloc inode list. - Btrfs: introduce per-subvolume ordered extent list. - Btrfs: introduce qgroup_ulist to avoid frequently allocating/freeing ulist. - Btrfs: just flush the delalloc inodes in the source tree before snapshot creation. - Btrfs: keep track of the extents original block length. - Btrfs: kill replicate code in replay_one_buffer. - Btrfs: kill some BUG_ONs() in the find_parent_nodes(). - Btrfs: kill unnecessary arguments in del_ptr. - Btrfs: kill unused argument of btrfs_pin_extent_for_log_replay. - Btrfs: kill unused argument of update_block_group. - Btrfs: kill unused arguments of cache_block_group. - Btrfs: let allocation start from the right raid type. - btrfs: limit fallocate extent reservation to 256MB. - Btrfs: limit the global reserve to 512mb. - btrfs: list_entry can't return NULL. - Btrfs: log changed inodes based on the extent map tree. - Btrfs: log ram bytes properly. - Btrfs: make __merge_refs() return type be void. - Btrfs: make backref walking code handle skinny metadata. - Btrfs: make delalloc inodes be flushed by multi-task. - Btrfs: make delayed ref lock logic more readable. - Btrfs: make ordered extent be flushed by multi-task. - Btrfs: make ordered operations be handled by multi-task. - btrfs: make orphan cleanup less verbose. - Btrfs: make raid attr array more readable. - btrfs: make static code static & remove dead code. - btrfs: make subvol creation/deletion killable in the early stages. - Btrfs: make sure nbytes are right after log replay. - Btrfs: make sure NODATACOW also gets NODATASUM set. - Btrfs: make sure roots are assigned before freeing their nodes. - Btrfs: make the chunk allocator completely tree lockless. - Btrfs: make the cleaner complete early when the fs is going to be umounted. - Btrfs: make the scrub page array dynamically allocated. - Btrfs: make the snap/subv deletion end more early when the fs is R/O. - Btrfs: make the state of the transaction more readable. - Btrfs: merge inode_list in __merge_refs. - Btrfs: merge pending IO for tree log write back. - btrfs: merge save_error_info helpers into one. - Btrfs: MOD_LOG_KEY_REMOVE_WHILE_MOVING never change node's nritems. - btrfs: more open-coded file_inode(). - Btrfs: move btrfs_truncate_page to btrfs_cont_expand instead of btrfs_truncate. - Btrfs: move checks in set_page_dirty under DEBUG. - Btrfs: move d_instantiate outside the transaction during mksubvol. - Btrfs: move fs/btrfs/ioctl.h to include/uapi/linux/btrfs.h. - btrfs: move ifdef around sanity checks out of init_btrfs_fs. - btrfs: move leak debug code to functions. - Btrfs: move some common code into a subfunction. - Btrfs: move the R/O check out of btrfs_clean_one_deleted_snapshot(). - btrfs: Notify udev when removing device. - Btrfs: only clear dirty on the buffer if it is marked as dirty. - Btrfs: only do the tree_mod_log_free_eb if this is our last ref. - Btrfs: only exclude supers in the range of our block group. - Btrfs: only log the inode item if we can get away with it. - Btrfs: only unlock and relock if we have to. - Btrfs: optimize leaf_space_used. - Btrfs: optimize read_block_for_search. - Btrfs: optimize reada_for_balance. - Btrfs: optimize the error handle of use_block_rsv(). - Btrfs: optionally avoid reads from device replace source drive. - Btrfs: pass fs_info instead of root. - Btrfs: pass fs_info to btrfs_map_block() instead of mapping_tree. - Btrfs: Pass fs_info to btrfs_num_copies() instead of mapping_tree. - Btrfs: pass NULL instead of 0. - Btrfs: pass root object into btrfs_ioctl_{start, wait}_sync(). - Btrfs: pause the space balance when remounting to R/O. - Btrfs: place ordered operations on a per transaction list. - Btrfs: prevent qgroup destroy when there are still relations. - Btrfs: protect devices list with its mutex. - Btrfs: protect fs_info->alloc_start. - Btrfs: punch hole past the end of the file. - Btrfs: put csums on the right ordered extent. - Btrfs: put our inode if orphan cleanup fails. - Btrfs: put raid properties into global table. - btrfs: put some enospc messages under enospc_debug. - Btrfs: RAID5 and RAID6. - btrfs/raid56: Add missing #include <linux/vmalloc.h>. - btrfs: read entire device info under lock. - Btrfs: recheck bio against block device when we map the bio. - Btrfs: record first logical byte in memory. - Btrfs: reduce CPU contention while waiting for delayed extent operations. - Btrfs: reduce lock contention on extent buffer locks. - Btrfs: refactor error handling to drop inode in btrfs_create(). - Btrfs: relax the block group size limit for bitmaps. - btrfs: remove a printk from scan_one_device. - Btrfs: remove almost all of the BUG()'s from tree-log.c. - Btrfs: remove btrfs_sector_sum structure. - Btrfs: remove btrfs_try_spin_lock. - Btrfs: remove BUG_ON() in btrfs_read_fs_tree_no_radix(). - btrfs: remove cache only arguments from defrag path. - Btrfs: remove conflicting check for minimum number of devices in raid56. - Btrfs: remove deprecated comments. - Btrfs: remove extent mapping if we fail to add chunk. - Btrfs: remove reduplicate check about root in the function btrfs_clean_quota_tree. - Btrfs: remove some BUG_ONs() when walking backref tree. - Btrfs: remove some unnecessary spin_lock usages. - Btrfs: remove the block device pointer from the scrub context struct. - Btrfs: remove the code for the impossible case in cleanup_transaction(). - Btrfs: Remove the invalid shrink size check up from btrfs_shrink_dev(). - Btrfs: remove the time check in btrfs_commit_transaction(). - btrfs: remove unnecessary cur_trans set before goto loop in join_transaction. - btrfs: remove unnecessary DEFINE_WAIT() declarations. - Btrfs: remove unnecessary dget_parent/dput when creating the pending snapshot. - Btrfs: remove unnecessary ->s_umount in cleaner_kthread(). - Btrfs: remove unnecessary varient ->num_joined in btrfs_transaction structure. - Btrfs: remove unused argument of btrfs_extend_item(). - Btrfs: remove unused argument of fixup_low_keys(). - Btrfs: remove unused code in btrfs_del_root. - Btrfs: remove unused extent io tree ops V2. - btrfs: remove unused fd in btrfs_ioctl_send(). - btrfs: remove unused fs_info from btrfs_decode_error(). - btrfs: remove unused gfp mask parameter from release_extent_buffer callchain. - btrfs: remove unused "item" in btrfs_insert_delayed_item(). - Btrfs: remove unused variable in __process_changed_new_xattr(). - Btrfs: remove unused variable in the iterate_extent_inodes(). - Btrfs: remove useless copy in quota_ctl. - Btrfs: remove warn on in free space cache writeout. - Btrfs: rename root_times_lock to root_item_lock. - Btrfs: rename the scrub context structure. - Btrfs: reorder locks and sanity checks in btrfs_ioctl_defrag. - Btrfs: reorder tree mod log operations in deleting a pointer. - Btrfs: rescan for qgroups. - Btrfs: reset path lock state to zero. - Btrfs: restructure btrfs_run_defrag_inodes(). - Btrfs: return as soon as possible when edquot happens. - Btrfs: return EIO if we have extent tree corruption. - Btrfs: return ENOMEM rather than use BUG_ON when btrfs_alloc_path fails. - Btrfs: return errno if possible when we fail to allocate memory. - Btrfs: return error code in btrfs_check_trunc_cache_free_space(). - Btrfs: return error when we specify wrong start to defrag. - Btrfs: return free space in cow error path. - Btrfs: rework the overcommit logic to be based on the total size. - Btrfs: save us a read_lock. - Btrfs: select XOR_BLOCKS in Kconfig. - Btrfs: separate sequence numbers for delayed ref tracking and tree mod log. - Btrfs: serialize unlocked dio reads with truncate. - Btrfs: set/change the label of a mounted file system. - Btrfs: set flushing if we're limited flushing. - Btrfs: set hole punching time properly. - Btrfs: set UUID in root_item for created trees. - Btrfs: share stop worker code. - btrfs: show compiled-in config features at module load time. - Btrfs: simplify unlink reservations. - Btrfs: skip adding an acl attribute if we don't have to. - Btrfs: snapshot-aware defrag. - Btrfs: split btrfs_qgroup_account_ref into four functions. - Btrfs: steal from global reserve if we are cleaning up orphans. - Btrfs: stop all workers before cleaning up roots. - Btrfs: stop using try_to_writeback_inodes_sb_nr to flush delalloc. - Btrfs: stop waiting on current trans if we aborted. - Btrfs: traverse and flush the delalloc inodes once. - btrfs: try harder to allocate raid56 stripe cache. - Btrfs: unlock extent range on enospc in compressed submit. - btrfs: unpin_extent_cache: fix the typo and unnecessary arguements. - Btrfs: unreserve space if our ordered extent fails to work. - btrfs: update kconfig title. - Btrfs: update the global reserve if it is empty. - btrfs: update timestamps on truncate(). - Btrfs: update to use fs_state bit. - Btrfs: use a btrfs bioset instead of abusing bio internals. - Btrfs: use a lock to protect incompat/compat flag of the super block. - Btrfs: use a percpu to keep track of possibly pinned bytes. - Btrfs: use bit operation for ->fs_state. - Btrfs: use common work instead of delayed work. - Btrfs: use ctl->unit for free space calculation instead of block_group->sectorsize. - Btrfs: use existing align macros in btrfs_allocate(). - Btrfs: use helper to cleanup tree roots. - btrfs: use only inline_pages from extent buffer. - Btrfs: use percpu counter for dirty metadata count. - Btrfs: use percpu counter for fs_info->delalloc_bytes. - btrfs: use rcu_barrier() to wait for bdev puts at unmount. - Btrfs: use REQ_META for all metadata IO. - Btrfs: use reserved space for creating a snapshot. - Btrfs: use right range to find checksum for compressed extents. - Btrfs: use seqlock to protect fs_info->avail_{data, metadata, system}_alloc_bits. - Btrfs: use set_nlink if our i_nlink is 0. - Btrfs: use slabs for auto defrag allocation. - Btrfs: use slabs for delayed reference allocation. - Btrfs: use the inode own lock to protect its delalloc_bytes. - Btrfs: use token to avoid times mapping extent buffer. - Btrfs: use tokens where we can in the tree log. - Btrfs: use tree_root to avoid edquot when disabling quota. - btrfs: use unsigned long type for extent state bits. - Btrfs: use wrapper page_offset. - Btrfs: various abort cleanups. - Btrfs: wait on ordered extents at the last possible moment. - Btrfs: wait ordered range before doing direct io. - Btrfs: wake up delayed ref flushing waiters on abort. - clear chunk_alloc flag on retryable failure. - Correct allowed raid levels on balance. - Fix misspellings of "whether" in comments. - fs/btrfs: drop if around WARN_ON. - fs/btrfs: remove depends on CONFIG_EXPERIMENTAL. - fs/btrfs: use WARN. - Minor format cleanup. - new helper: file_inode(file). - Revert "Btrfs: fix permissions of empty files not affected by umask". - Revert "Btrfs: MOD_LOG_KEY_REMOVE_WHILE_MOVING never change node's nritems". - Revert "Btrfs: reorder tree mod log operations in deleting a pointer". - treewide: Fix typo in printk. - writeback: remove nr_pages_dirtied arg from balance_dirty_pages_ratelimited_nr(). - drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (bnc#824295, CVE-2013-2164). - fanotify: info leak in copy_event_to_user() (CVE-2013-2148 bnc#823517). - block: do not pass disk names as format strings (bnc#822575 CVE-2013-2851). - libceph: Fix NULL pointer dereference in auth client code. (CVE-2013-1059, bnc#826350) - Update patches.drivers/media-rtl28xxu-01-add-NOXON-DAB-DAB-USB-dong le-rev-2.patch (bnc#811882). - Update patches.drivers/media-rtl28xxu-02-1b80-d3a8-ASUS-My-Cinema-U 3100Mini-Pl.patch (bnc#811882). - Update patches.drivers/media-rtl28xxu-03-add-Gigabyte-U7300-DVB-T-D ongle.patch (bnc#811882). - Update patches.drivers/media-rtl28xxu-04-correct-some-device-names. patch (bnc#811882). - Update patches.drivers/media-rtl28xxu-05-Support-Digivox-Mini-HD.pa tch (bnc#811882). - Update patches.drivers/media-rtl28xxu-06-Add-USB-IDs-for-Compro-Vid eoMate-U620.patch (bnc#811882). - Update patches.drivers/media-rtl28xxu-07-Add-USB-ID-for-MaxMedia-HU 394-T.patch (bnc#811882). Correct the bnc reference. - Update patches.fixes/block-discard-granularity-might-not-be-power-o f-2.patch (bnc#823797). - block: discard granularity might not be power of 2. - USB: reset resume quirk needed by a hub (bnc#810144). - NFS: Fix keytabless mounts (bnc#817651). - ipv4: fix redirect handling for TCP packets (bnc#814510). - Always include the git commit in KOTD builds This allows us not to set it explicitly in builds submitted to the official distribution (bnc#821612, bnc#824171). - Btrfs: relocate csums properly with prealloc extents. - gcc4: disable __compiletime_object_size for GCC 4.6+ (bnc#837258). - ALSA: hda - Add Toshiba Satellite C870 to MSI blacklist (bnc#833585). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-1034 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): kernel-default-3.7.10-1.24.1 kernel-default-base-3.7.10-1.24.1 kernel-default-base-debuginfo-3.7.10-1.24.1 kernel-default-debuginfo-3.7.10-1.24.1 kernel-default-debugsource-3.7.10-1.24.1 kernel-default-devel-3.7.10-1.24.1 kernel-default-devel-debuginfo-3.7.10-1.24.1 kernel-syms-3.7.10-1.24.1 - openSUSE 12.3 (i686 x86_64): kernel-debug-3.7.10-1.24.1 kernel-debug-base-3.7.10-1.24.1 kernel-debug-base-debuginfo-3.7.10-1.24.1 kernel-debug-debuginfo-3.7.10-1.24.1 kernel-debug-debugsource-3.7.10-1.24.1 kernel-debug-devel-3.7.10-1.24.1 kernel-debug-devel-debuginfo-3.7.10-1.24.1 kernel-desktop-3.7.10-1.24.1 kernel-desktop-base-3.7.10-1.24.1 kernel-desktop-base-debuginfo-3.7.10-1.24.1 kernel-desktop-debuginfo-3.7.10-1.24.1 kernel-desktop-debugsource-3.7.10-1.24.1 kernel-desktop-devel-3.7.10-1.24.1 kernel-desktop-devel-debuginfo-3.7.10-1.24.1 kernel-ec2-3.7.10-1.24.1 kernel-ec2-base-3.7.10-1.24.1 kernel-ec2-base-debuginfo-3.7.10-1.24.1 kernel-ec2-debuginfo-3.7.10-1.24.1 kernel-ec2-debugsource-3.7.10-1.24.1 kernel-ec2-devel-3.7.10-1.24.1 kernel-ec2-devel-debuginfo-3.7.10-1.24.1 kernel-trace-3.7.10-1.24.1 kernel-trace-base-3.7.10-1.24.1 kernel-trace-base-debuginfo-3.7.10-1.24.1 kernel-trace-debuginfo-3.7.10-1.24.1 kernel-trace-debugsource-3.7.10-1.24.1 kernel-trace-devel-3.7.10-1.24.1 kernel-trace-devel-debuginfo-3.7.10-1.24.1 kernel-vanilla-3.7.10-1.24.1 kernel-vanilla-debuginfo-3.7.10-1.24.1 kernel-vanilla-debugsource-3.7.10-1.24.1 kernel-vanilla-devel-3.7.10-1.24.1 kernel-vanilla-devel-debuginfo-3.7.10-1.24.1 kernel-xen-3.7.10-1.24.1 kernel-xen-base-3.7.10-1.24.1 kernel-xen-base-debuginfo-3.7.10-1.24.1 kernel-xen-debuginfo-3.7.10-1.24.1 kernel-xen-debugsource-3.7.10-1.24.1 kernel-xen-devel-3.7.10-1.24.1 kernel-xen-devel-debuginfo-3.7.10-1.24.1 - openSUSE 12.3 (noarch): kernel-devel-3.7.10-1.24.1 kernel-docs-3.7.10-1.24.1 kernel-source-3.7.10-1.24.1 kernel-source-vanilla-3.7.10-1.24.1 - openSUSE 12.3 (i686): kernel-pae-3.7.10-1.24.1 kernel-pae-base-3.7.10-1.24.1 kernel-pae-base-debuginfo-3.7.10-1.24.1 kernel-pae-debuginfo-3.7.10-1.24.1 kernel-pae-debugsource-3.7.10-1.24.1 kernel-pae-devel-3.7.10-1.24.1 kernel-pae-devel-debuginfo-3.7.10-1.24.1 References: http://support.novell.com/security/cve/CVE-2013-0914.html http://support.novell.com/security/cve/CVE-2013-1059.html http://support.novell.com/security/cve/CVE-2013-1819.html http://support.novell.com/security/cve/CVE-2013-1929.html http://support.novell.com/security/cve/CVE-2013-1979.html http://support.novell.com/security/cve/CVE-2013-2141.html http://support.novell.com/security/cve/CVE-2013-2148.html http://support.novell.com/security/cve/CVE-2013-2164.html http://support.novell.com/security/cve/CVE-2013-2206.html http://support.novell.com/security/cve/CVE-2013-2232.html http://support.novell.com/security/cve/CVE-2013-2234.html http://support.novell.com/security/cve/CVE-2013-2237.html http://support.novell.com/security/cve/CVE-2013-2546.html http://support.novell.com/security/cve/CVE-2013-2547.html http://support.novell.com/security/cve/CVE-2013-2548.html http://support.novell.com/security/cve/CVE-2013-2634.html http://support.novell.com/security/cve/CVE-2013-2635.html http://support.novell.com/security/cve/CVE-2013-2851.html http://support.novell.com/security/cve/CVE-2013-2852.html http://support.novell.com/security/cve/CVE-2013-3222.html http://support.novell.com/security/cve/CVE-2013-3223.html http://support.novell.com/security/cve/CVE-2013-3224.html http://support.novell.com/security/cve/CVE-2013-3226.html http://support.novell.com/security/cve/CVE-2013-3227.html http://support.novell.com/security/cve/CVE-2013-3228.html http://support.novell.com/security/cve/CVE-2013-3229.html http://support.novell.com/security/cve/CVE-2013-3230.html http://support.novell.com/security/cve/CVE-2013-3231.html http://support.novell.com/security/cve/CVE-2013-3232.html http://support.novell.com/security/cve/CVE-2013-3233.html http://support.novell.com/security/cve/CVE-2013-3234.html http://support.novell.com/security/cve/CVE-2013-3235.html http://support.novell.com/security/cve/CVE-2013-3301.html http://support.novell.com/security/cve/CVE-2013-4162.html https://bugzilla.novell.com/799516 https://bugzilla.novell.com/801341 https://bugzilla.novell.com/802347 https://bugzilla.novell.com/804198 https://bugzilla.novell.com/807153 https://bugzilla.novell.com/807188 https://bugzilla.novell.com/807471 https://bugzilla.novell.com/808827 https://bugzilla.novell.com/809906 https://bugzilla.novell.com/810144 https://bugzilla.novell.com/810473 https://bugzilla.novell.com/811882 https://bugzilla.novell.com/812116 https://bugzilla.novell.com/813733 https://bugzilla.novell.com/813889 https://bugzilla.novell.com/814211 https://bugzilla.novell.com/814336 https://bugzilla.novell.com/814510 https://bugzilla.novell.com/815256 https://bugzilla.novell.com/815320 https://bugzilla.novell.com/816668 https://bugzilla.novell.com/816708 https://bugzilla.novell.com/817651 https://bugzilla.novell.com/818053 https://bugzilla.novell.com/818561 https://bugzilla.novell.com/821612 https://bugzilla.novell.com/821735 https://bugzilla.novell.com/822575 https://bugzilla.novell.com/822579 https://bugzilla.novell.com/823267 https://bugzilla.novell.com/823342 https://bugzilla.novell.com/823517 https://bugzilla.novell.com/823633 https://bugzilla.novell.com/823797 https://bugzilla.novell.com/824171 https://bugzilla.novell.com/824295 https://bugzilla.novell.com/826102 https://bugzilla.novell.com/826350 https://bugzilla.novell.com/826374 https://bugzilla.novell.com/827749 https://bugzilla.novell.com/827750 https://bugzilla.novell.com/828119 https://bugzilla.novell.com/828191 https://bugzilla.novell.com/828714 https://bugzilla.novell.com/829539 https://bugzilla.novell.com/831058 https://bugzilla.novell.com/831956 https://bugzilla.novell.com/832615 https://bugzilla.novell.com/833321 https://bugzilla.novell.com/833585 https://bugzilla.novell.com/834647 https://bugzilla.novell.com/837258 https://bugzilla.novell.com/838346

1 0

openSUSE-SU-2013:1968-1: moderate: update for openjdk with icedtea
by opensuse-security＠opensuse.org 27 Dec '13

27 Dec '13

openSUSE Security Update: update for openjdk with icedtea ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1968-1 Rating: moderate References: Cross-References: CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5790 CVE-2013-5797 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5814 CVE-2013-5817 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5840 CVE-2013-5842 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes 27 vulnerabilities is now available. Description: This release updates OpenJDK 6 support of icedtea version 1.12.7 with the October 2013 security errata and a number of bug fixes: Security fixes S8006900, CVE-2013-3829: Add new date/time capability S8008589: Better MBean permission validation S8011071, CVE-2013-5780: Better crypto provider handling S8011081, CVE-2013-5772: Improve jhat S8011157, CVE-2013-5814: Improve CORBA portablility S8012071, CVE-2013-5790: Better Building of Beans S8012147: Improve tool support S8012277: CVE-2013-5849: Improve AWT DataFlavor S8012425, CVE-2013-5802: Transform TransformerFactory S8013503, CVE-2013-5851: Improve stream factories S8013506: Better Pack200 data handling S8013510, CVE-2013-5809: Augment image writing code S8013514: Improve stability of cmap class S8013739, CVE-2013-5817: Better LDAP resource management S8013744, CVE-2013-5783: Better tabling for AWT S8014085: Better serialization support in JMX classes S8014093, CVE-2013-5782: Improve parsing of images S8014102, CVE-2013-5778: Improve image conversion S8014341, CVE-2013-5803: Better service from Kerberos servers S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic in some class loader configurations S8014530, CVE-2013-5825: Better digital signature processing S8014534: Better profiling support S8014987, CVE-2013-5842: Augment serialization handling S8015614: Update build settings S8015731: Subject java.security.auth.subject to improvements S8015743, CVE-2013-5774: Address internet addresses S8016256: Make finalization final S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters in names S8016675, CVE-2013-5797: Make Javadoc pages more robust S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately S8017287, CVE-2013-5829: Better resource disposal S8017291, CVE-2013-5830: Cast Proxies Aside S8017298, CVE-2013-4002: Better XML support S8017300, CVE-2013-5784: Improve Interface Implementation S8017505, CVE-2013-5820: Better Client Service S8019292: Better Attribute Value Exceptions S8019617: Better view of objects S8020293: JVM crash S8021290, CVE-2013-5823: Better signature validation S8022940: Enhance CORBA translations S8023683: Enhance class file parsing Backports S4075303: Use javap to enquire about a specific inner class S4111861: static final field contents are not displayed S4348375: Javap is not internationalized S4459541: “javap -l” shows line numbers as signed short; they should be unsigned S4501660: change diagnostic of -help as ‘print this help message and exit’ S4501661: disallow mixing -public, -private, and -protected options at the same time S4776241: unused source file in javap… S4870651: javap should recognize generics, varargs, enum S4876942: javap invoked without args does not print help screen S4880663: javap could output whitespace between class name and opening brace S4884240: additional option required for javap S4893408: JPEGReader throws IllegalArgException when setting the destination to BYTE_GRAY S4975569: javap doesn’t print new flag bits S6271787: javap dumps LocalVariableTypeTable attribute in hex, needs to print a table S6305779: javap: support annotations S6439940: Clean up javap implementation S6469569: wrong check of searchpath in JavapEnvironment S6474890: javap does not open .zip files in -classpath S6563752: Build and test JDK7 with Sun Studio 12 Express compilers (prep makefiles) S6587786: Javap throws error : “ERROR:Could not find <classname>” for JRE classes S6622215: javap ignores certain relevant access flags S6622216: javap names some attributes incorrectly S6622232: javap gets whitespace confused S6622260: javap prints negative bytes incorrectly in hex S6631559: Registration of ImageIO plugins should not cause loading of jpeg.dlli and cmm.dll S6636331: ConcurrentModificationException in AppContext code S6636370: minor corrections and simplification of code in AppContext S6708729: update jdk Makefiles for new javap S6715767: javap on java.lang.ClassLoader crashes S6729772: 64-bit build with SS12 compiler: SIGSEGV (0xb) at pc=0×0000000000000048, pid=14826, tid=2 S6791502: IIOException “Invalid icc profile” on jpeg after update from JDK5 to JDK6 S6793818: JpegImageReader is too greedy creating color profiles S6799141: Build with –hash-style=both so that binaries can work on SuSE 10 S6816311: Changes to allow builds with latest Windows SDK 6.1 on 64bit Windows 2003 S6819246: improve support for decoding instructions in classfile library S6824493: experimental support for additional info for instructions S6840152: JVM crashes when heavyweight monitors are used S6841419: classfile: add constant pool iterator S6841420: classfile: add new methods to ConstantClassInfo S6843013: missing files in fix for 6824493 S6852856: javap changes to facilitate subclassing javap for variants S6867671: javap whitespace formatting issues S6868539: javap should use current names for constant pool tags S6888215: memory leak in jpeg plugin S6902264: fix indentation of tableswitch and lookupswitch S6925851: Localize JRE into pt_BR S6954275: XML signatures with reference data larger 16KB and cacheRef on fails to validate S6974017: Upgrade required Solaris Studio compilers to 5.10 (12 update 1 + patches) S6980281: SWAT: SwingSet2 got core dumped in Solaris-AMD64 using b107 swat build S6989760: cmm native compiler warnings S6989774: imageio compiler warnings in native code S7000225: Sanity check on sane-alsa-headers is broken S7013519: [parfait] Integer overflows in 2D code S7018912: [parfait] potential buffer overruns in imageio jpeg S7022999: Can’t build with FORCE_TIERED=0 S7035073: Add missing timezones to TimeZoneNames_pt_BR.java S7038711: Fix CC_VER checks for compiler options, fix use of -Wno-clobber S7146431: java.security files out-of-sync S7196533: TimeZone.getDefault() slow due to synchronization bottleneck S8000450: Restrict access to com/sun/corba/se/impl package S8002070: Remove the stack search for a resource bundle for Logger to use S8003992: File and other classes in java.io do not handle embedded nulls properly S8004188: Rename src/share/lib/security/java.security to java.security-linux S8005194: [parfait] #353 sun/awt/image/jpeg/imageioJPEG.c Memory leak of pointer ‘scale’ allocated with calloc() S8006882: Proxy generated classes in sun.proxy package breaks JMockit S8010118: Annotate jdk caller sensitive methods with @sun.reflect.CallerSensitive S8010727: WLS fails to add a logger with “” in its own LogManager subclass instance S8010939: Deadlock in LogManager S8011139: (reflect) Revise checking in getEnclosingClass S8011950: java.io.File.createTempFile enters infinite loop when passed invalid data S8011990: TEST_BUG: java/util/logging/bundlesearch/ResourceBundleSearchTest.java fails on Windows S8012243: about 30% regression on specjvm2008.serial on 7u25 comparing 7u21 S8012453: (process) Runtime.exec(String) fails if command contains spaces [win] S8012617: ArrayIndexOutOfBoundsException with some fonts using LineBreakMeasurer S8013380: Removal of stack walk to find resource bundle breaks Glassfish startup S8013827: File.createTempFile hangs with temp file starting with ‘com1.4′ S8014469: (tz) Support tzdata2013c S8014718: Netbeans IDE begins to throw a lot exceptions since 7u25 b10 S8014745: Provide a switch to allow stack walk search of resource bundle S8015144: Performance regression in ICU OpenType Layout library S8015965: (process) Typo in name of property to allow ambiguous commands S8015978: Incorrect transformation of XPath expression “string(-0)” S8016357: Update hotspot diagnostic class S8017566: Backout 8000450 – Cannot access to com.sun.corba.se.impl.orb.ORBImpl S8019584: javax/management/remote/mandatory/loading/MissingClassTest.j ava failed in nightly against jdk7u45: java.io.InvalidObjectException: Invalid notification: null S8019969: nioNetworkChannelInet6/SetOptionGetOptionTestInet6 test case crashes S8019979: Replace CheckPackageAccess test with better one from closed repo S8020054: (tz) Support tzdata2013d S8020983, RH976897: OutOfMemoryError caused by non garbage collected JPEGImageWriter Instances S8021355: REGRESSION: Five closed/java/awt/SplashScreen tests fail since 7u45 b01 on Linux, Solaris S8021366: java_util/Properties/PropertiesWithOtherEncodings fails during 7u45 nightly testing S8021577: JCK test api/javax_management/jmx_serial/modelmbean/ModelMBeanNotific ationInfo/serial/index.html#Input has failed since jdk 7u45 b01 S8021933: Add extra check for fix # JDK-8014530 S8021969: The index_AccessAllowed jnlp can not load successfully with exception thrown in the log. S8022661: InetAddress.writeObject() performs flush() on object output stream S8022682: Supporting XOM S8023964: java/io/IOException/LastErrorString.java should be @ignore-d S8024914: Swapped usage of idx_t and bm_word_t types in bitMap.inline.hpp S8025128: File.createTempFile fails if prefix is absolute path S8025255: (tz) Support tzdata2013g OJ19: Fix test cases from 8010118 to work with OpenJDK 6 OJ20: Resolve merge issues with JAXP security fixes OJ21: Remove @Override annotation added on interface by 2013/10/15 security fixes Bug fixes PR1188: ASM Interpreter and Thumb2 JIT javac miscompile modulo reminder on armel. RH995488: Java thinks that the default timezone is Busingen instead of Zurich D729448: 32-bit alignment on mips and mipsel Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2013-176 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b27.1.12.7-45.1 java-1_6_0-openjdk-debuginfo-1.6.0.0_b27.1.12.7-45.1 java-1_6_0-openjdk-debugsource-1.6.0.0_b27.1.12.7-45.1 java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.7-45.1 java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b27.1.12.7-45.1 java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.7-45.1 java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b27.1.12.7-45.1 java-1_6_0-openjdk-javadoc-1.6.0.0_b27.1.12.7-45.1 java-1_6_0-openjdk-src-1.6.0.0_b27.1.12.7-45.1 References: http://support.novell.com/security/cve/CVE-2013-3829.html http://support.novell.com/security/cve/CVE-2013-4002.html http://support.novell.com/security/cve/CVE-2013-5772.html http://support.novell.com/security/cve/CVE-2013-5774.html http://support.novell.com/security/cve/CVE-2013-5778.html http://support.novell.com/security/cve/CVE-2013-5780.html http://support.novell.com/security/cve/CVE-2013-5782.html http://support.novell.com/security/cve/CVE-2013-5783.html http://support.novell.com/security/cve/CVE-2013-5784.html http://support.novell.com/security/cve/CVE-2013-5790.html http://support.novell.com/security/cve/CVE-2013-5797.html http://support.novell.com/security/cve/CVE-2013-5802.html http://support.novell.com/security/cve/CVE-2013-5803.html http://support.novell.com/security/cve/CVE-2013-5804.html http://support.novell.com/security/cve/CVE-2013-5809.html http://support.novell.com/security/cve/CVE-2013-5814.html http://support.novell.com/security/cve/CVE-2013-5817.html http://support.novell.com/security/cve/CVE-2013-5820.html http://support.novell.com/security/cve/CVE-2013-5823.html http://support.novell.com/security/cve/CVE-2013-5825.html http://support.novell.com/security/cve/CVE-2013-5829.html http://support.novell.com/security/cve/CVE-2013-5830.html http://support.novell.com/security/cve/CVE-2013-5840.html http://support.novell.com/security/cve/CVE-2013-5842.html http://support.novell.com/security/cve/CVE-2013-5849.html http://support.novell.com/security/cve/CVE-2013-5850.html http://support.novell.com/security/cve/CVE-2013-5851.html

1 0

openSUSE-SU-2013:1965-1: moderate: xorg-x11-server: fixed an overflow in trapezoid handling
by opensuse-security＠opensuse.org 27 Dec '13

27 Dec '13

openSUSE Security Update: xorg-x11-server: fixed an overflow in trapezoid handling ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1965-1 Rating: moderate References: #853846 Cross-References: CVE-2013-6424 Affected Products: openSUSE 13.1 openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The X server was updated to fix a possible X server crash using invalid trapezoids. (bnc#853846 CVE-2013-6424) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2013-1033 - openSUSE 12.3: zypper in -t patch openSUSE-2013-1033 - openSUSE 12.2: zypper in -t patch openSUSE-2013-1033 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): xorg-x11-server-7.6_1.14.3.901-4.1 xorg-x11-server-debuginfo-7.6_1.14.3.901-4.1 xorg-x11-server-debugsource-7.6_1.14.3.901-4.1 xorg-x11-server-extra-7.6_1.14.3.901-4.1 xorg-x11-server-extra-debuginfo-7.6_1.14.3.901-4.1 xorg-x11-server-sdk-7.6_1.14.3.901-4.1 - openSUSE 12.3 (i586 x86_64): xorg-x11-server-7.6_1.13.2-1.21.1 xorg-x11-server-debuginfo-7.6_1.13.2-1.21.1 xorg-x11-server-debugsource-7.6_1.13.2-1.21.1 xorg-x11-server-extra-7.6_1.13.2-1.21.1 xorg-x11-server-extra-debuginfo-7.6_1.13.2-1.21.1 xorg-x11-server-sdk-7.6_1.13.2-1.21.1 - openSUSE 12.2 (i586 x86_64): xorg-x11-Xvnc-7.6_1.12.3-1.41.1 xorg-x11-Xvnc-debuginfo-7.6_1.12.3-1.41.1 xorg-x11-server-7.6_1.12.3-1.41.1 xorg-x11-server-debuginfo-7.6_1.12.3-1.41.1 xorg-x11-server-debugsource-7.6_1.12.3-1.41.1 xorg-x11-server-extra-7.6_1.12.3-1.41.1 xorg-x11-server-extra-debuginfo-7.6_1.12.3-1.41.1 xorg-x11-server-sdk-7.6_1.12.3-1.41.1 References: http://support.novell.com/security/cve/CVE-2013-6424.html https://bugzilla.novell.com/853846

1 0

openSUSE-SU-2013:1964-1: moderate: update for php5
by opensuse-security＠opensuse.org 27 Dec '13

27 Dec '13

openSUSE Security Update: update for php5 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1964-1 Rating: moderate References: #837746 #853045 #854880 Cross-References: CVE-2013-4248 CVE-2013-6420 CVE-2013-6712 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: - security update * CVE-2013-6420.patch [bnc#854880] * CVE-2013-6712.patch [bnc#853045] * CVE-2013-4248.patch [bnc#837746] Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2013-175 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): apache2-mod_php5-5.3.5-359.1 apache2-mod_php5-debuginfo-5.3.5-359.1 php5-5.3.5-359.1 php5-bcmath-5.3.5-359.1 php5-bcmath-debuginfo-5.3.5-359.1 php5-bz2-5.3.5-359.1 php5-bz2-debuginfo-5.3.5-359.1 php5-calendar-5.3.5-359.1 php5-calendar-debuginfo-5.3.5-359.1 php5-ctype-5.3.5-359.1 php5-ctype-debuginfo-5.3.5-359.1 php5-curl-5.3.5-359.1 php5-curl-debuginfo-5.3.5-359.1 php5-dba-5.3.5-359.1 php5-dba-debuginfo-5.3.5-359.1 php5-debuginfo-5.3.5-359.1 php5-debugsource-5.3.5-359.1 php5-devel-5.3.5-359.1 php5-dom-5.3.5-359.1 php5-dom-debuginfo-5.3.5-359.1 php5-enchant-5.3.5-359.1 php5-enchant-debuginfo-5.3.5-359.1 php5-exif-5.3.5-359.1 php5-exif-debuginfo-5.3.5-359.1 php5-fastcgi-5.3.5-359.1 php5-fastcgi-debuginfo-5.3.5-359.1 php5-fileinfo-5.3.5-359.1 php5-fileinfo-debuginfo-5.3.5-359.1 php5-fpm-5.3.5-359.1 php5-fpm-debuginfo-5.3.5-359.1 php5-ftp-5.3.5-359.1 php5-ftp-debuginfo-5.3.5-359.1 php5-gd-5.3.5-359.1 php5-gd-debuginfo-5.3.5-359.1 php5-gettext-5.3.5-359.1 php5-gettext-debuginfo-5.3.5-359.1 php5-gmp-5.3.5-359.1 php5-gmp-debuginfo-5.3.5-359.1 php5-hash-5.3.5-359.1 php5-hash-debuginfo-5.3.5-359.1 php5-iconv-5.3.5-359.1 php5-iconv-debuginfo-5.3.5-359.1 php5-imap-5.3.5-359.1 php5-imap-debuginfo-5.3.5-359.1 php5-intl-5.3.5-359.1 php5-intl-debuginfo-5.3.5-359.1 php5-json-5.3.5-359.1 php5-json-debuginfo-5.3.5-359.1 php5-ldap-5.3.5-359.1 php5-ldap-debuginfo-5.3.5-359.1 php5-mbstring-5.3.5-359.1 php5-mbstring-debuginfo-5.3.5-359.1 php5-mcrypt-5.3.5-359.1 php5-mcrypt-debuginfo-5.3.5-359.1 php5-mysql-5.3.5-359.1 php5-mysql-debuginfo-5.3.5-359.1 php5-odbc-5.3.5-359.1 php5-odbc-debuginfo-5.3.5-359.1 php5-openssl-5.3.5-359.1 php5-openssl-debuginfo-5.3.5-359.1 php5-pcntl-5.3.5-359.1 php5-pcntl-debuginfo-5.3.5-359.1 php5-pdo-5.3.5-359.1 php5-pdo-debuginfo-5.3.5-359.1 php5-pgsql-5.3.5-359.1 php5-pgsql-debuginfo-5.3.5-359.1 php5-phar-5.3.5-359.1 php5-phar-debuginfo-5.3.5-359.1 php5-posix-5.3.5-359.1 php5-posix-debuginfo-5.3.5-359.1 php5-pspell-5.3.5-359.1 php5-pspell-debuginfo-5.3.5-359.1 php5-readline-5.3.5-359.1 php5-readline-debuginfo-5.3.5-359.1 php5-shmop-5.3.5-359.1 php5-shmop-debuginfo-5.3.5-359.1 php5-snmp-5.3.5-359.1 php5-snmp-debuginfo-5.3.5-359.1 php5-soap-5.3.5-359.1 php5-soap-debuginfo-5.3.5-359.1 php5-sockets-5.3.5-359.1 php5-sockets-debuginfo-5.3.5-359.1 php5-sqlite-5.3.5-359.1 php5-sqlite-debuginfo-5.3.5-359.1 php5-suhosin-5.3.5-359.1 php5-suhosin-debuginfo-5.3.5-359.1 php5-sysvmsg-5.3.5-359.1 php5-sysvmsg-debuginfo-5.3.5-359.1 php5-sysvsem-5.3.5-359.1 php5-sysvsem-debuginfo-5.3.5-359.1 php5-sysvshm-5.3.5-359.1 php5-sysvshm-debuginfo-5.3.5-359.1 php5-tidy-5.3.5-359.1 php5-tidy-debuginfo-5.3.5-359.1 php5-tokenizer-5.3.5-359.1 php5-tokenizer-debuginfo-5.3.5-359.1 php5-wddx-5.3.5-359.1 php5-wddx-debuginfo-5.3.5-359.1 php5-xmlreader-5.3.5-359.1 php5-xmlreader-debuginfo-5.3.5-359.1 php5-xmlrpc-5.3.5-359.1 php5-xmlrpc-debuginfo-5.3.5-359.1 php5-xmlwriter-5.3.5-359.1 php5-xmlwriter-debuginfo-5.3.5-359.1 php5-xsl-5.3.5-359.1 php5-xsl-debuginfo-5.3.5-359.1 php5-zip-5.3.5-359.1 php5-zip-debuginfo-5.3.5-359.1 php5-zlib-5.3.5-359.1 php5-zlib-debuginfo-5.3.5-359.1 - openSUSE 11.4 (noarch): php5-pear-5.3.5-359.1 References: http://support.novell.com/security/cve/CVE-2013-4248.html http://support.novell.com/security/cve/CVE-2013-6420.html http://support.novell.com/security/cve/CVE-2013-6712.html https://bugzilla.novell.com/837746 https://bugzilla.novell.com/853045 https://bugzilla.novell.com/854880

1 0

openSUSE-SU-2013:1963-1: moderate: update for php5
by opensuse-security＠opensuse.org 27 Dec '13

27 Dec '13

openSUSE Security Update: update for php5 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1963-1 Rating: moderate References: #837746 #853045 #854880 Cross-References: CVE-2013-4248 CVE-2013-6420 CVE-2013-6712 Affected Products: openSUSE 13.1 openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: - security update * CVE-2013-6420.patch [bnc#854880] * CVE-2013-6712.patch [bnc#853045] * CVE-2013-4248.patch [bnc#837746] Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2013-1032 - openSUSE 12.3: zypper in -t patch openSUSE-2013-1032 - openSUSE 12.2: zypper in -t patch openSUSE-2013-1032 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): apache2-mod_php5-5.4.20-4.1 apache2-mod_php5-debuginfo-5.4.20-4.1 php5-5.4.20-4.1 php5-bcmath-5.4.20-4.1 php5-bcmath-debuginfo-5.4.20-4.1 php5-bz2-5.4.20-4.1 php5-bz2-debuginfo-5.4.20-4.1 php5-calendar-5.4.20-4.1 php5-calendar-debuginfo-5.4.20-4.1 php5-ctype-5.4.20-4.1 php5-ctype-debuginfo-5.4.20-4.1 php5-curl-5.4.20-4.1 php5-curl-debuginfo-5.4.20-4.1 php5-dba-5.4.20-4.1 php5-dba-debuginfo-5.4.20-4.1 php5-debuginfo-5.4.20-4.1 php5-debugsource-5.4.20-4.1 php5-devel-5.4.20-4.1 php5-dom-5.4.20-4.1 php5-dom-debuginfo-5.4.20-4.1 php5-enchant-5.4.20-4.1 php5-enchant-debuginfo-5.4.20-4.1 php5-exif-5.4.20-4.1 php5-exif-debuginfo-5.4.20-4.1 php5-fastcgi-5.4.20-4.1 php5-fastcgi-debuginfo-5.4.20-4.1 php5-fileinfo-5.4.20-4.1 php5-fileinfo-debuginfo-5.4.20-4.1 php5-firebird-5.4.20-4.1 php5-firebird-debuginfo-5.4.20-4.1 php5-fpm-5.4.20-4.1 php5-fpm-debuginfo-5.4.20-4.1 php5-ftp-5.4.20-4.1 php5-ftp-debuginfo-5.4.20-4.1 php5-gd-5.4.20-4.1 php5-gd-debuginfo-5.4.20-4.1 php5-gettext-5.4.20-4.1 php5-gettext-debuginfo-5.4.20-4.1 php5-gmp-5.4.20-4.1 php5-gmp-debuginfo-5.4.20-4.1 php5-iconv-5.4.20-4.1 php5-iconv-debuginfo-5.4.20-4.1 php5-imap-5.4.20-4.1 php5-imap-debuginfo-5.4.20-4.1 php5-intl-5.4.20-4.1 php5-intl-debuginfo-5.4.20-4.1 php5-json-5.4.20-4.1 php5-json-debuginfo-5.4.20-4.1 php5-ldap-5.4.20-4.1 php5-ldap-debuginfo-5.4.20-4.1 php5-mbstring-5.4.20-4.1 php5-mbstring-debuginfo-5.4.20-4.1 php5-mcrypt-5.4.20-4.1 php5-mcrypt-debuginfo-5.4.20-4.1 php5-mssql-5.4.20-4.1 php5-mssql-debuginfo-5.4.20-4.1 php5-mysql-5.4.20-4.1 php5-mysql-debuginfo-5.4.20-4.1 php5-odbc-5.4.20-4.1 php5-odbc-debuginfo-5.4.20-4.1 php5-openssl-5.4.20-4.1 php5-openssl-debuginfo-5.4.20-4.1 php5-pcntl-5.4.20-4.1 php5-pcntl-debuginfo-5.4.20-4.1 php5-pdo-5.4.20-4.1 php5-pdo-debuginfo-5.4.20-4.1 php5-pgsql-5.4.20-4.1 php5-pgsql-debuginfo-5.4.20-4.1 php5-phar-5.4.20-4.1 php5-phar-debuginfo-5.4.20-4.1 php5-posix-5.4.20-4.1 php5-posix-debuginfo-5.4.20-4.1 php5-pspell-5.4.20-4.1 php5-pspell-debuginfo-5.4.20-4.1 php5-readline-5.4.20-4.1 php5-readline-debuginfo-5.4.20-4.1 php5-shmop-5.4.20-4.1 php5-shmop-debuginfo-5.4.20-4.1 php5-snmp-5.4.20-4.1 php5-snmp-debuginfo-5.4.20-4.1 php5-soap-5.4.20-4.1 php5-soap-debuginfo-5.4.20-4.1 php5-sockets-5.4.20-4.1 php5-sockets-debuginfo-5.4.20-4.1 php5-sqlite-5.4.20-4.1 php5-sqlite-debuginfo-5.4.20-4.1 php5-suhosin-5.4.20-4.1 php5-suhosin-debuginfo-5.4.20-4.1 php5-sysvmsg-5.4.20-4.1 php5-sysvmsg-debuginfo-5.4.20-4.1 php5-sysvsem-5.4.20-4.1 php5-sysvsem-debuginfo-5.4.20-4.1 php5-sysvshm-5.4.20-4.1 php5-sysvshm-debuginfo-5.4.20-4.1 php5-tidy-5.4.20-4.1 php5-tidy-debuginfo-5.4.20-4.1 php5-tokenizer-5.4.20-4.1 php5-tokenizer-debuginfo-5.4.20-4.1 php5-wddx-5.4.20-4.1 php5-wddx-debuginfo-5.4.20-4.1 php5-xmlreader-5.4.20-4.1 php5-xmlreader-debuginfo-5.4.20-4.1 php5-xmlrpc-5.4.20-4.1 php5-xmlrpc-debuginfo-5.4.20-4.1 php5-xmlwriter-5.4.20-4.1 php5-xmlwriter-debuginfo-5.4.20-4.1 php5-xsl-5.4.20-4.1 php5-xsl-debuginfo-5.4.20-4.1 php5-zip-5.4.20-4.1 php5-zip-debuginfo-5.4.20-4.1 php5-zlib-5.4.20-4.1 php5-zlib-debuginfo-5.4.20-4.1 - openSUSE 13.1 (noarch): php5-pear-5.4.20-4.1 - openSUSE 12.3 (i586 x86_64): apache2-mod_php5-5.3.17-3.8.1 apache2-mod_php5-debuginfo-5.3.17-3.8.1 php5-5.3.17-3.8.1 php5-bcmath-5.3.17-3.8.1 php5-bcmath-debuginfo-5.3.17-3.8.1 php5-bz2-5.3.17-3.8.1 php5-bz2-debuginfo-5.3.17-3.8.1 php5-calendar-5.3.17-3.8.1 php5-calendar-debuginfo-5.3.17-3.8.1 php5-ctype-5.3.17-3.8.1 php5-ctype-debuginfo-5.3.17-3.8.1 php5-curl-5.3.17-3.8.1 php5-curl-debuginfo-5.3.17-3.8.1 php5-dba-5.3.17-3.8.1 php5-dba-debuginfo-5.3.17-3.8.1 php5-debuginfo-5.3.17-3.8.1 php5-debugsource-5.3.17-3.8.1 php5-devel-5.3.17-3.8.1 php5-dom-5.3.17-3.8.1 php5-dom-debuginfo-5.3.17-3.8.1 php5-enchant-5.3.17-3.8.1 php5-enchant-debuginfo-5.3.17-3.8.1 php5-exif-5.3.17-3.8.1 php5-exif-debuginfo-5.3.17-3.8.1 php5-fastcgi-5.3.17-3.8.1 php5-fastcgi-debuginfo-5.3.17-3.8.1 php5-fileinfo-5.3.17-3.8.1 php5-fileinfo-debuginfo-5.3.17-3.8.1 php5-fpm-5.3.17-3.8.1 php5-fpm-debuginfo-5.3.17-3.8.1 php5-ftp-5.3.17-3.8.1 php5-ftp-debuginfo-5.3.17-3.8.1 php5-gd-5.3.17-3.8.1 php5-gd-debuginfo-5.3.17-3.8.1 php5-gettext-5.3.17-3.8.1 php5-gettext-debuginfo-5.3.17-3.8.1 php5-gmp-5.3.17-3.8.1 php5-gmp-debuginfo-5.3.17-3.8.1 php5-iconv-5.3.17-3.8.1 php5-iconv-debuginfo-5.3.17-3.8.1 php5-imap-5.3.17-3.8.1 php5-imap-debuginfo-5.3.17-3.8.1 php5-intl-5.3.17-3.8.1 php5-intl-debuginfo-5.3.17-3.8.1 php5-json-5.3.17-3.8.1 php5-json-debuginfo-5.3.17-3.8.1 php5-ldap-5.3.17-3.8.1 php5-ldap-debuginfo-5.3.17-3.8.1 php5-mbstring-5.3.17-3.8.1 php5-mbstring-debuginfo-5.3.17-3.8.1 php5-mcrypt-5.3.17-3.8.1 php5-mcrypt-debuginfo-5.3.17-3.8.1 php5-mssql-5.3.17-3.8.1 php5-mssql-debuginfo-5.3.17-3.8.1 php5-mysql-5.3.17-3.8.1 php5-mysql-debuginfo-5.3.17-3.8.1 php5-odbc-5.3.17-3.8.1 php5-odbc-debuginfo-5.3.17-3.8.1 php5-openssl-5.3.17-3.8.1 php5-openssl-debuginfo-5.3.17-3.8.1 php5-pcntl-5.3.17-3.8.1 php5-pcntl-debuginfo-5.3.17-3.8.1 php5-pdo-5.3.17-3.8.1 php5-pdo-debuginfo-5.3.17-3.8.1 php5-pgsql-5.3.17-3.8.1 php5-pgsql-debuginfo-5.3.17-3.8.1 php5-phar-5.3.17-3.8.1 php5-phar-debuginfo-5.3.17-3.8.1 php5-posix-5.3.17-3.8.1 php5-posix-debuginfo-5.3.17-3.8.1 php5-pspell-5.3.17-3.8.1 php5-pspell-debuginfo-5.3.17-3.8.1 php5-readline-5.3.17-3.8.1 php5-readline-debuginfo-5.3.17-3.8.1 php5-shmop-5.3.17-3.8.1 php5-shmop-debuginfo-5.3.17-3.8.1 php5-snmp-5.3.17-3.8.1 php5-snmp-debuginfo-5.3.17-3.8.1 php5-soap-5.3.17-3.8.1 php5-soap-debuginfo-5.3.17-3.8.1 php5-sockets-5.3.17-3.8.1 php5-sockets-debuginfo-5.3.17-3.8.1 php5-sqlite-5.3.17-3.8.1 php5-sqlite-debuginfo-5.3.17-3.8.1 php5-suhosin-5.3.17-3.8.1 php5-suhosin-debuginfo-5.3.17-3.8.1 php5-sysvmsg-5.3.17-3.8.1 php5-sysvmsg-debuginfo-5.3.17-3.8.1 php5-sysvsem-5.3.17-3.8.1 php5-sysvsem-debuginfo-5.3.17-3.8.1 php5-sysvshm-5.3.17-3.8.1 php5-sysvshm-debuginfo-5.3.17-3.8.1 php5-tidy-5.3.17-3.8.1 php5-tidy-debuginfo-5.3.17-3.8.1 php5-tokenizer-5.3.17-3.8.1 php5-tokenizer-debuginfo-5.3.17-3.8.1 php5-wddx-5.3.17-3.8.1 php5-wddx-debuginfo-5.3.17-3.8.1 php5-xmlreader-5.3.17-3.8.1 php5-xmlreader-debuginfo-5.3.17-3.8.1 php5-xmlrpc-5.3.17-3.8.1 php5-xmlrpc-debuginfo-5.3.17-3.8.1 php5-xmlwriter-5.3.17-3.8.1 php5-xmlwriter-debuginfo-5.3.17-3.8.1 php5-xsl-5.3.17-3.8.1 php5-xsl-debuginfo-5.3.17-3.8.1 php5-zip-5.3.17-3.8.1 php5-zip-debuginfo-5.3.17-3.8.1 php5-zlib-5.3.17-3.8.1 php5-zlib-debuginfo-5.3.17-3.8.1 - openSUSE 12.3 (noarch): php5-pear-5.3.17-3.8.1 - openSUSE 12.2 (i586 x86_64): apache2-mod_php5-5.3.15-1.20.1 apache2-mod_php5-debuginfo-5.3.15-1.20.1 php5-5.3.15-1.20.1 php5-bcmath-5.3.15-1.20.1 php5-bcmath-debuginfo-5.3.15-1.20.1 php5-bz2-5.3.15-1.20.1 php5-bz2-debuginfo-5.3.15-1.20.1 php5-calendar-5.3.15-1.20.1 php5-calendar-debuginfo-5.3.15-1.20.1 php5-ctype-5.3.15-1.20.1 php5-ctype-debuginfo-5.3.15-1.20.1 php5-curl-5.3.15-1.20.1 php5-curl-debuginfo-5.3.15-1.20.1 php5-dba-5.3.15-1.20.1 php5-dba-debuginfo-5.3.15-1.20.1 php5-debuginfo-5.3.15-1.20.1 php5-debugsource-5.3.15-1.20.1 php5-devel-5.3.15-1.20.1 php5-dom-5.3.15-1.20.1 php5-dom-debuginfo-5.3.15-1.20.1 php5-enchant-5.3.15-1.20.1 php5-enchant-debuginfo-5.3.15-1.20.1 php5-exif-5.3.15-1.20.1 php5-exif-debuginfo-5.3.15-1.20.1 php5-fastcgi-5.3.15-1.20.1 php5-fastcgi-debuginfo-5.3.15-1.20.1 php5-fileinfo-5.3.15-1.20.1 php5-fileinfo-debuginfo-5.3.15-1.20.1 php5-fpm-5.3.15-1.20.1 php5-fpm-debuginfo-5.3.15-1.20.1 php5-ftp-5.3.15-1.20.1 php5-ftp-debuginfo-5.3.15-1.20.1 php5-gd-5.3.15-1.20.1 php5-gd-debuginfo-5.3.15-1.20.1 php5-gettext-5.3.15-1.20.1 php5-gettext-debuginfo-5.3.15-1.20.1 php5-gmp-5.3.15-1.20.1 php5-gmp-debuginfo-5.3.15-1.20.1 php5-iconv-5.3.15-1.20.1 php5-iconv-debuginfo-5.3.15-1.20.1 php5-imap-5.3.15-1.20.1 php5-imap-debuginfo-5.3.15-1.20.1 php5-intl-5.3.15-1.20.1 php5-intl-debuginfo-5.3.15-1.20.1 php5-json-5.3.15-1.20.1 php5-json-debuginfo-5.3.15-1.20.1 php5-ldap-5.3.15-1.20.1 php5-ldap-debuginfo-5.3.15-1.20.1 php5-mbstring-5.3.15-1.20.1 php5-mbstring-debuginfo-5.3.15-1.20.1 php5-mcrypt-5.3.15-1.20.1 php5-mcrypt-debuginfo-5.3.15-1.20.1 php5-mssql-5.3.15-1.20.1 php5-mssql-debuginfo-5.3.15-1.20.1 php5-mysql-5.3.15-1.20.1 php5-mysql-debuginfo-5.3.15-1.20.1 php5-odbc-5.3.15-1.20.1 php5-odbc-debuginfo-5.3.15-1.20.1 php5-openssl-5.3.15-1.20.1 php5-openssl-debuginfo-5.3.15-1.20.1 php5-pcntl-5.3.15-1.20.1 php5-pcntl-debuginfo-5.3.15-1.20.1 php5-pdo-5.3.15-1.20.1 php5-pdo-debuginfo-5.3.15-1.20.1 php5-pgsql-5.3.15-1.20.1 php5-pgsql-debuginfo-5.3.15-1.20.1 php5-phar-5.3.15-1.20.1 php5-phar-debuginfo-5.3.15-1.20.1 php5-posix-5.3.15-1.20.1 php5-posix-debuginfo-5.3.15-1.20.1 php5-pspell-5.3.15-1.20.1 php5-pspell-debuginfo-5.3.15-1.20.1 php5-readline-5.3.15-1.20.1 php5-readline-debuginfo-5.3.15-1.20.1 php5-shmop-5.3.15-1.20.1 php5-shmop-debuginfo-5.3.15-1.20.1 php5-snmp-5.3.15-1.20.1 php5-snmp-debuginfo-5.3.15-1.20.1 php5-soap-5.3.15-1.20.1 php5-soap-debuginfo-5.3.15-1.20.1 php5-sockets-5.3.15-1.20.1 php5-sockets-debuginfo-5.3.15-1.20.1 php5-sqlite-5.3.15-1.20.1 php5-sqlite-debuginfo-5.3.15-1.20.1 php5-suhosin-5.3.15-1.20.1 php5-suhosin-debuginfo-5.3.15-1.20.1 php5-sysvmsg-5.3.15-1.20.1 php5-sysvmsg-debuginfo-5.3.15-1.20.1 php5-sysvsem-5.3.15-1.20.1 php5-sysvsem-debuginfo-5.3.15-1.20.1 php5-sysvshm-5.3.15-1.20.1 php5-sysvshm-debuginfo-5.3.15-1.20.1 php5-tidy-5.3.15-1.20.1 php5-tidy-debuginfo-5.3.15-1.20.1 php5-tokenizer-5.3.15-1.20.1 php5-tokenizer-debuginfo-5.3.15-1.20.1 php5-wddx-5.3.15-1.20.1 php5-wddx-debuginfo-5.3.15-1.20.1 php5-xmlreader-5.3.15-1.20.1 php5-xmlreader-debuginfo-5.3.15-1.20.1 php5-xmlrpc-5.3.15-1.20.1 php5-xmlrpc-debuginfo-5.3.15-1.20.1 php5-xmlwriter-5.3.15-1.20.1 php5-xmlwriter-debuginfo-5.3.15-1.20.1 php5-xsl-5.3.15-1.20.1 php5-xsl-debuginfo-5.3.15-1.20.1 php5-zip-5.3.15-1.20.1 php5-zip-debuginfo-5.3.15-1.20.1 php5-zlib-5.3.15-1.20.1 php5-zlib-debuginfo-5.3.15-1.20.1 - openSUSE 12.2 (noarch): php5-pear-5.3.15-1.20.1 References: http://support.novell.com/security/cve/CVE-2013-4248.html http://support.novell.com/security/cve/CVE-2013-6420.html http://support.novell.com/security/cve/CVE-2013-6712.html https://bugzilla.novell.com/837746 https://bugzilla.novell.com/853045 https://bugzilla.novell.com/854880

1 0

openSUSE-SU-2013:1962-1: moderate: v8
by opensuse-security＠opensuse.org 25 Dec '13

25 Dec '13

openSUSE Security Update: v8 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1962-1 Rating: moderate References: #854473 Cross-References: CVE-2013-6638 CVE-2013-6639 CVE-2013-6640 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: - Update spec-file to fit the changes in V8 (addition of internal ICU) * Building against system ICU * Regenerate Makefiles before using them - Update to 3.22.24.8 - Security fixes (bcn#854473): * CVE-2013-6638: Buffer overflow in v8 * CVE-2013-6639: Out of bounds write in v8 * CVE-2013-6640: Out of bounds read in v8 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2013-1026 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): libv8-3-3.22.24.8-2.4.1 libv8-3-debuginfo-3.22.24.8-2.4.1 v8-devel-3.22.24.8-2.4.1 v8-private-headers-devel-3.22.24.8-2.4.1 References: http://support.novell.com/security/cve/CVE-2013-6638.html http://support.novell.com/security/cve/CVE-2013-6639.html http://support.novell.com/security/cve/CVE-2013-6640.html https://bugzilla.novell.com/854473

1 0

openSUSE-SU-2013:1961-1: important: Fixes a local vulnerability
by opensuse-security＠opensuse.org 25 Dec '13

25 Dec '13

openSUSE Security Update: Fixes a local vulnerability ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1961-1 Rating: important References: #851116 Cross-References: CVE-2013-3709 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Fixed CVE-2013-3709: make the secret token file (secret_token.rb) readable only for the webyast user to avoid forging the session cookie (bnc#851116) (reported by joernchen of Phenoelit) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2013-1029 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (noarch): webyast-base-0.3.45.1-2.4.1 webyast-base-branding-default-0.3.45.1-2.4.1 webyast-base-testsuite-0.3.45.1-2.4.1 References: http://support.novell.com/security/cve/CVE-2013-3709.html https://bugzilla.novell.com/851116

1 0

openSUSE-SU-2013:1960-1: moderate: v8
by opensuse-security＠opensuse.org 25 Dec '13

25 Dec '13

openSUSE Security Update: v8 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1960-1 Rating: moderate References: #854473 Cross-References: CVE-2013-6638 CVE-2013-6639 CVE-2013-6640 Affected Products: openSUSE 12.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: - Update spec-file to fit the changes in V8 (addition of internal ICU) * Building against system ICU * Regenerate Makefiles before using them - Update to 3.22.24.8 - Security fixes (bnc#854473): * CVE-2013-6638: Buffer overflow in v8 * CVE-2013-6639: Out of bounds write in v8 * CVE-2013-6640: Out of bounds read in v8 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-1025 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): libv8-3-3.22.24.8-2.4.1 libv8-3-debuginfo-3.22.24.8-2.4.1 v8-devel-3.22.24.8-2.4.1 v8-private-headers-devel-3.22.24.8-2.4.1 References: http://support.novell.com/security/cve/CVE-2013-6638.html http://support.novell.com/security/cve/CVE-2013-6639.html http://support.novell.com/security/cve/CVE-2013-6640.html https://bugzilla.novell.com/854473

1 0

openSUSE-SU-2013:1959-1: moderate: update for MozillaThunderbird
by opensuse-security＠opensuse.org 25 Dec '13

25 Dec '13

openSUSE Security Update: update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1959-1 Rating: moderate References: #854370 Cross-References: CVE-2013-5609 CVE-2013-5610 CVE-2013-5613 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-6629 CVE-2013-6630 CVE-2013-6671 CVE-2013-6673 Affected Products: openSUSE 12.3 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: - update to Thunderbird 24.2.0 (bnc#854370) * requires NSS 3.15.3.1 or higher * MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards * MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners * MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing * MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements * MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation * MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement * MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets * MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak * MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - update to Thunderbird 24.1.1 * requires NSPR 4.10.2 and NSS 3.15.3 for security reasons * fix binary compatibility issues for patch level updates (bmo#927073) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-1023 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): MozillaThunderbird-24.2.0-61.35.1 MozillaThunderbird-buildsymbols-24.2.0-61.35.1 MozillaThunderbird-debuginfo-24.2.0-61.35.1 MozillaThunderbird-debugsource-24.2.0-61.35.1 MozillaThunderbird-devel-24.2.0-61.35.1 MozillaThunderbird-translations-common-24.2.0-61.35.1 MozillaThunderbird-translations-other-24.2.0-61.35.1 enigmail-1.6.0+24.2.0-61.35.1 enigmail-debuginfo-1.6.0+24.2.0-61.35.1 References: http://support.novell.com/security/cve/CVE-2013-5609.html http://support.novell.com/security/cve/CVE-2013-5610.html http://support.novell.com/security/cve/CVE-2013-5613.html http://support.novell.com/security/cve/CVE-2013-5615.html http://support.novell.com/security/cve/CVE-2013-5616.html http://support.novell.com/security/cve/CVE-2013-5618.html http://support.novell.com/security/cve/CVE-2013-6629.html http://support.novell.com/security/cve/CVE-2013-6630.html http://support.novell.com/security/cve/CVE-2013-6671.html http://support.novell.com/security/cve/CVE-2013-6673.html https://bugzilla.novell.com/854370

1 0

openSUSE-SU-2013:1958-1: moderate: update for MozillaThunderbird
by opensuse-security＠opensuse.org 25 Dec '13

25 Dec '13

openSUSE Security Update: update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1958-1 Rating: moderate References: #854370 Cross-References: CVE-2013-5609 CVE-2013-5610 CVE-2013-5613 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-6629 CVE-2013-6630 CVE-2013-6671 CVE-2013-6673 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: - update to Thunderbird 24.2.0 (bnc#854370) * requires NSS 3.15.3.1 or higher * MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards * MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners * MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing * MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements * MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation * MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement * MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets * MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak * MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - update to Thunderbird 24.1.1 * requires NSPR 4.10.2 and NSS 3.15.3 for security reasons * fix binary compatibility issues for patch level updates (bmo#927073) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2013-1022 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): MozillaThunderbird-24.2.0-70.7.2 MozillaThunderbird-buildsymbols-24.2.0-70.7.2 MozillaThunderbird-debuginfo-24.2.0-70.7.2 MozillaThunderbird-debugsource-24.2.0-70.7.2 MozillaThunderbird-devel-24.2.0-70.7.2 MozillaThunderbird-translations-common-24.2.0-70.7.2 MozillaThunderbird-translations-other-24.2.0-70.7.2 enigmail-1.6.0+24.2.0-70.7.2 enigmail-debuginfo-1.6.0+24.2.0-70.7.2 References: http://support.novell.com/security/cve/CVE-2013-5609.html http://support.novell.com/security/cve/CVE-2013-5610.html http://support.novell.com/security/cve/CVE-2013-5613.html http://support.novell.com/security/cve/CVE-2013-5615.html http://support.novell.com/security/cve/CVE-2013-5616.html http://support.novell.com/security/cve/CVE-2013-5618.html http://support.novell.com/security/cve/CVE-2013-6629.html http://support.novell.com/security/cve/CVE-2013-6630.html http://support.novell.com/security/cve/CVE-2013-6671.html http://support.novell.com/security/cve/CVE-2013-6673.html https://bugzilla.novell.com/854370

1 0