February 2013 - openSUSE Updates - openSUSE Mailing Lists

openSUSE-RU-2013:0317-1: mkinitrd: Fix boolean typo that is assume local time as default in warpclock
by maintenance＠opensuse.org 21 Feb '13

21 Feb '13

openSUSE Recommended Update: mkinitrd: Fix boolean typo that is assume local time as default in warpclock ______________________________________________________________________________ Announcement ID: openSUSE-RU-2013:0317-1 Rating: low References: #779145 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue for mkinitrd: - Fix boolean typo that is assume local time as default in warpclock as we check for UTC in /etc/adjtime (related to bnc#779145) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-138 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): mkinitrd-2.7.1-62.9.1 mkinitrd-debuginfo-2.7.1-62.9.1 mkinitrd-debugsource-2.7.1-62.9.1 References: https://bugzilla.novell.com/779145

1 0

openSUSE-RU-2013:0316-1: yast2-gtk: fixed layout-issues
by maintenance＠opensuse.org 20 Feb '13

20 Feb '13

openSUSE Recommended Update: yast2-gtk: fixed layout-issues ______________________________________________________________________________ Announcement ID: openSUSE-RU-2013:0316-1 Rating: low References: #722053 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue for yast2-gtk: - bnc#722053: Fixed an layout-issue when a window is too small Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-135 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): yast2-gtk-2.22.6-2.5.1 yast2-gtk-debuginfo-2.22.6-2.5.1 yast2-gtk-debugsource-2.22.6-2.5.1 References: https://bugzilla.novell.com/722053

1 0

openSUSE-SU-2013:0312-1: important: java-1_6_0-openjdk to 1.12.1
by opensuse-security＠opensuse.org 19 Feb '13

19 Feb '13

openSUSE Security Update: java-1_6_0-openjdk to 1.12.1 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0312-1 Rating: important References: #801972 Cross-References: CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: OpenJDK (java-1_6_0-openjdk) was updated to 1.12.1 to fix bugs and security issues (bnc#801972) * Security fixes (on top of 1.12.0) - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time - S6776941: CVE-2013-0427: Improve thread pool shutdown - S7141694, CVE-2013-0429: Improving CORBA internals - S7173145: Improve in-memory representation of splashscreens - S7186945: Unpack200 improvement - S7186946: Refine unpacker resource usage - S7186948: Improve Swing data validation - S7186952, CVE-2013-0432: Improve clipboard access - S7186954: Improve connection performance - S7186957: Improve Pack200 data validation - S7192392, CVE-2013-0443: Better validation of client keys - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages - S7192977, CVE-2013-0442: Issue in toolkit thread - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies - S7200491: Tighten up JTable layout code - S7200500: Launcher better input validation - S7201064: Better dialogue checking - S7201066, CVE-2013-0441: Change modifiers on unused fields - S7201068, CVE-2013-0435: Better handling of UI elements - S7201070: Serialization to conform to protocol - S7201071, CVE-2013-0433: InetSocketAddress serialization issue - S8000210: Improve JarFile code quality - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class - S8000540, CVE-2013-1475: Improve IIOP type reuse management - S8000631, CVE-2013-1476: Restrict access to class constructor - S8001235, CVE-2013-0434: Improve JAXP HTTP handling Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2013-27 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b27.1.12.1-25.1 java-1_6_0-openjdk-debuginfo-1.6.0.0_b27.1.12.1-25.1 java-1_6_0-openjdk-debugsource-1.6.0.0_b27.1.12.1-25.1 java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.1-25.1 java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b27.1.12.1-25.1 java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.1-25.1 java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b27.1.12.1-25.1 java-1_6_0-openjdk-javadoc-1.6.0.0_b27.1.12.1-25.1 java-1_6_0-openjdk-src-1.6.0.0_b27.1.12.1-25.1 References: http://support.novell.com/security/cve/CVE-2013-0424.html http://support.novell.com/security/cve/CVE-2013-0425.html http://support.novell.com/security/cve/CVE-2013-0426.html http://support.novell.com/security/cve/CVE-2013-0427.html http://support.novell.com/security/cve/CVE-2013-0428.html http://support.novell.com/security/cve/CVE-2013-0429.html http://support.novell.com/security/cve/CVE-2013-0432.html http://support.novell.com/security/cve/CVE-2013-0433.html http://support.novell.com/security/cve/CVE-2013-0434.html http://support.novell.com/security/cve/CVE-2013-0435.html http://support.novell.com/security/cve/CVE-2013-0440.html http://support.novell.com/security/cve/CVE-2013-0441.html http://support.novell.com/security/cve/CVE-2013-0442.html http://support.novell.com/security/cve/CVE-2013-0443.html http://support.novell.com/security/cve/CVE-2013-0450.html http://support.novell.com/security/cve/CVE-2013-1475.html http://support.novell.com/security/cve/CVE-2013-1476.html https://bugzilla.novell.com/801972

1 0

openSUSE-RU-2013:0311-1: gdb: update to the 7.5.1 final release
by maintenance＠opensuse.org 19 Feb '13

19 Feb '13

openSUSE Recommended Update: gdb: update to the 7.5.1 final release ______________________________________________________________________________ Announcement ID: openSUSE-RU-2013:0311-1 Rating: low References: #766311 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: gdb was updated to 7.5.1: 7.5.1 gives: * An "Attempt to dereference a generic pointer" errors (-var-create). * Backtrace problems on x32 (PR backtrace/14646). * next/step/finish problems on x32 (PR gdb/14647). * A "malformed linespec error: unexpected keyword, [...]" error (PR breakpoints/14643). * GDB crash while stepping through powerpc (32bits) code. * A failed assertion in linux_ptrace_test_ret_to_nx. * A "!frame_id_inlined_p (frame_id)" failed assertion. * A "No more reverse-execution history." error during reverse "next" execution (PR 14548). * Incomplete command descriptions in "apropos" output. * PR gdb/14494 (a GDB crash difficult to characterize). 7.5 gives: * Go language support. * New targets (x32 ABI, microMIPS, Renesas RL78, HP OpenVMS ia64). * More Python scripting improvements. * SDT (Static Defined Tracing) probes support with SystemTap probes. * GDBserver improvements (stdio connections, target-side evaluation of breakpoint conditions, remote protocol improvements). * Other miscellaneous improvements (ability to stop when a shared library is loaded/unloaded, dynamic printf, etc). * Reverse debugging on ARM. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-132 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): gdb-7.5.1-2.5.1 gdb-debuginfo-7.5.1-2.5.1 gdb-debugsource-7.5.1-2.5.1 gdbserver-7.5.1-2.5.1 gdbserver-debuginfo-7.5.1-2.5.1 References: https://bugzilla.novell.com/766311

1 0

openSUSE-RU-2013:0310-1: lcov: make lcov work with gcc-4.7
by maintenance＠opensuse.org 19 Feb '13

19 Feb '13

openSUSE Recommended Update: lcov: make lcov work with gcc-4.7 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2013:0310-1 Rating: low References: #781483 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue for lcov: - bnc#781483: make lcov work with gcc-4.7 Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-134 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (noarch): lcov-1.9-9.4.1 References: https://bugzilla.novell.com/781483

1 0

openSUSE-RU-2013:0309-1: calibre: Added requirement for python-sip version greater than or equal 4.13.2
by maintenance＠opensuse.org 19 Feb '13

19 Feb '13

openSUSE Recommended Update: calibre: Added requirement for python-sip version greater than or equal 4.13.2 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2013:0309-1 Rating: low References: #793269 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue for python-sip: - bnc#793269: calibre doesn't work with newer python-sip version then 4.13.2 Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-133 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): calibre-0.8.63-1.8.1 calibre-debuginfo-0.8.63-1.8.1 calibre-debugsource-0.8.63-1.8.1 References: https://bugzilla.novell.com/793269

1 0

openSUSE-SU-2013:0308-1: important: java-1_6_0-openjdk to 1.12.2
by opensuse-security＠opensuse.org 19 Feb '13

19 Feb '13

openSUSE Security Update: java-1_6_0-openjdk to 1.12.2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0308-1 Rating: important References: #801972 Cross-References: CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: OpenJDK (java-1_6_0-openjdk) was updated to 1.12.2 to fix bugs and security issues (bnc#801972) * Security fixes (on top of 1.12.0) - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time - S6776941: CVE-2013-0427: Improve thread pool shutdown - S7141694, CVE-2013-0429: Improving CORBA internals - S7173145: Improve in-memory representation of splashscreens - S7186945: Unpack200 improvement - S7186946: Refine unpacker resource usage - S7186948: Improve Swing data validation - S7186952, CVE-2013-0432: Improve clipboard access - S7186954: Improve connection performance - S7186957: Improve Pack200 data validation - S7192392, CVE-2013-0443: Better validation of client keys - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages - S7192977, CVE-2013-0442: Issue in toolkit thread - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies - S7200491: Tighten up JTable layout code - S7200500: Launcher better input validation - S7201064: Better dialogue checking - S7201066, CVE-2013-0441: Change modifiers on unused fields - S7201068, CVE-2013-0435: Better handling of UI elements - S7201070: Serialization to conform to protocol - S7201071, CVE-2013-0433: InetSocketAddress serialization issue - S8000210: Improve JarFile code quality - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class - S8000540, CVE-2013-1475: Improve IIOP type reuse management - S8000631, CVE-2013-1476: Restrict access to class constructor - S8001235, CVE-2013-0434: Improve JAXP HTTP handling Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2013-131 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b27.1.12.2-24.1 java-1_6_0-openjdk-debuginfo-1.6.0.0_b27.1.12.2-24.1 java-1_6_0-openjdk-debugsource-1.6.0.0_b27.1.12.2-24.1 java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.2-24.1 java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b27.1.12.2-24.1 java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.2-24.1 java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b27.1.12.2-24.1 java-1_6_0-openjdk-javadoc-1.6.0.0_b27.1.12.2-24.1 java-1_6_0-openjdk-src-1.6.0.0_b27.1.12.2-24.1 References: http://support.novell.com/security/cve/CVE-2013-0424.html http://support.novell.com/security/cve/CVE-2013-0425.html http://support.novell.com/security/cve/CVE-2013-0426.html http://support.novell.com/security/cve/CVE-2013-0427.html http://support.novell.com/security/cve/CVE-2013-0428.html http://support.novell.com/security/cve/CVE-2013-0429.html http://support.novell.com/security/cve/CVE-2013-0432.html http://support.novell.com/security/cve/CVE-2013-0433.html http://support.novell.com/security/cve/CVE-2013-0434.html http://support.novell.com/security/cve/CVE-2013-0435.html http://support.novell.com/security/cve/CVE-2013-0440.html http://support.novell.com/security/cve/CVE-2013-0441.html http://support.novell.com/security/cve/CVE-2013-0442.html http://support.novell.com/security/cve/CVE-2013-0443.html http://support.novell.com/security/cve/CVE-2013-0450.html http://support.novell.com/security/cve/CVE-2013-1475.html http://support.novell.com/security/cve/CVE-2013-1476.html https://bugzilla.novell.com/801972

1 0

openSUSE-SU-2013:0307-1: roundcubemail: update to 0.8.5
by opensuse-security＠opensuse.org 19 Feb '13

19 Feb '13

openSUSE Security Update: roundcubemail: update to 0.8.5 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0307-1 Rating: low References: #803091 Cross-References: CVE-2012-6121 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The update to version 0.8.5 includes a fix for an XSS vulnerability. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-130 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (noarch): roundcubemail-0.8.5-3.8.1 References: http://support.novell.com/security/cve/CVE-2012-6121.html https://bugzilla.novell.com/803091

1 0

openSUSE-RU-2013:0305-1: guile: move .so file to libguilereadline sub-package
by maintenance＠opensuse.org 18 Feb '13

18 Feb '13

openSUSE Recommended Update: guile: move .so file to libguilereadline sub-package ______________________________________________________________________________ Announcement ID: openSUSE-RU-2013:0305-1 Rating: low References: #765436 Affected Products: openSUSE 12.2 openSUSE 12.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue for guile: - bnc#765436: move .so file to libguilereadline package Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-125 - openSUSE 12.1: zypper in -t patch openSUSE-2013-125 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): guile-2.0.5-3.5.1 guile-debuginfo-2.0.5-3.5.1 guile-debugsource-2.0.5-3.5.1 guile-devel-2.0.5-3.5.1 guile-modules-2_0-2.0.5-3.5.1 libguile-2_0-22-2.0.5-3.5.1 libguile-2_0-22-debuginfo-2.0.5-3.5.1 libguilereadline-v-18-18-2.0.5-3.5.1 libguilereadline-v-18-18-debuginfo-2.0.5-3.5.1 - openSUSE 12.1 (i586 x86_64): guile-2.0.2-7.6.1 guile-debuginfo-2.0.2-7.6.1 guile-debugsource-2.0.2-7.6.1 guile-devel-2.0.2-7.6.1 libguile-2_0-22-2.0.2-7.6.1 libguile-2_0-22-debuginfo-2.0.2-7.6.1 libguilereadline-v-18-18-2.0.2-7.6.1 libguilereadline-v-18-18-debuginfo-2.0.2-7.6.1 References: https://bugzilla.novell.com/765436

1 0

openSUSE-RU-2013:0304-1: ruby19: replace stack binding fix with upstream patch
by maintenance＠opensuse.org 18 Feb '13

18 Feb '13

openSUSE Recommended Update: ruby19: replace stack binding fix with upstream patch ______________________________________________________________________________ Announcement ID: openSUSE-RU-2013:0304-1 Rating: low References: #796757 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: In ruby19 the bind_stack.patch was replaced with the upstream patch (bnc#796757) (thread_pthread.c-ruby_init_stack-ignore-STACK_END_ADDRESS.p atch) * thread_pthread.c (ruby_init_stack): ignore `STACK_END_ADDRESS' if Ruby interpreter is running on co-routine. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-124 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): ruby19-1.9.3.p194-3.12.1 ruby19-debuginfo-1.9.3.p194-3.12.1 ruby19-debugsource-1.9.3.p194-3.12.1 ruby19-devel-1.9.3.p194-3.12.1 ruby19-tk-1.9.3.p194-3.12.1 ruby19-tk-debuginfo-1.9.3.p194-3.12.1 - openSUSE 12.2 (noarch): ruby19-doc-ri-1.9.3.p194-3.12.1 References: https://bugzilla.novell.com/796757

1 0