openSUSE Updates February 2013

updates@lists.opensuse.org

2 participants
99 discussions

openSUSE-SU-2013:0289-1: moderate: Opera update to 12.14 version

by opensuse-security＠opensuse.org

openSUSE Security Update: Opera update to 12.14 version ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0289-1 Rating: moderate References: #801233 Cross-References: CVE-2013-1618 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Opera was updated to 12.14 version fixing stability issues. This update also consists updates for Opera 12.13 which is a recommended upgrade offering security and stability enhancements. -fixed an issue where Opera gets internal communication errors on Facebook -fixed an issue where no webpages load on startup, if Opera is disconnected from the Internet -fixed an issue where images will not load after back navigation, when a site uses the HTML5 history API (deviantart.com) -improved protection against hijacking of the default search, including a one-time reset -fixed an issue where DOM events manipulation might be used to execute arbitrary code; -fixed an issue where use of SVG clipPaths could allow execution of arbitrary code; -CVE-2013-1618: Fixed a TLS information leak. -fixed an issue where CORS requests could omit the preflight request; Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2013-113 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): opera-12.14-38.1 opera-gtk-12.14-38.1 opera-kde4-12.14-38.1 References: http://support.novell.com/security/cve/CVE-2013-1618.html https://bugzilla.novell.com/801233

8 years, 7 months

openSUSE-SU-2013:0285-1: moderate: wireshark: update to 1.8.5

by opensuse-security＠opensuse.org

openSUSE Security Update: wireshark: update to 1.8.5 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0285-1 Rating: moderate References: #801131 Cross-References: CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 CVE-2013-1582 CVE-2013-1583 CVE-2013-1584 CVE-2013-1585 CVE-2013-1586 CVE-2013-1587 CVE-2013-1588 CVE-2013-1589 CVE-2013-1590 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes 19 vulnerabilities is now available. Description: wireshark was updated to 1.8.5 to fix bugs and security issues. Vulnerabilities fixed: * Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors wnpa-sec-2013-01 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 * The CLNP dissector could crash wnpa-sec-2013-02 CVE-2013-1582 * The DTN dissector could crash wnpa-sec-2013-03 CVE-2013-1583 CVE-2013-1584 * The MS-MMC dissector (and possibly others) could crash wnpa-sec-2013-04 CVE-2013-1585 * The DTLS dissector could crash wnpa-sec-2013-05 CVE-2013-1586 * The ROHC dissector could crash wnpa-sec-2013-06 CVE-2013-1587 * The DCP-ETSI dissector could corrupt memory wnpa-sec-2013-07 CVE-2013-1588 * The Wireshark dissection engine could crash wnpa-sec-2013-08 CVE-2013-1589 * The NTLMSSP dissector could overflow a buffer wnpa-sec-2013-09 CVE-2013-1590 + Further bug fixes and updated protocol support as listed in: http://www.wireshark.org/docs/relnotes/wireshark-1.8.5.html Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2013-23 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): wireshark-1.8.5-37.1 wireshark-debuginfo-1.8.5-37.1 wireshark-debugsource-1.8.5-37.1 wireshark-devel-1.8.5-37.1 References: http://support.novell.com/security/cve/CVE-2013-1572.html http://support.novell.com/security/cve/CVE-2013-1573.html http://support.novell.com/security/cve/CVE-2013-1574.html http://support.novell.com/security/cve/CVE-2013-1575.html http://support.novell.com/security/cve/CVE-2013-1576.html http://support.novell.com/security/cve/CVE-2013-1577.html http://support.novell.com/security/cve/CVE-2013-1578.html http://support.novell.com/security/cve/CVE-2013-1579.html http://support.novell.com/security/cve/CVE-2013-1580.html http://support.novell.com/security/cve/CVE-2013-1581.html http://support.novell.com/security/cve/CVE-2013-1582.html http://support.novell.com/security/cve/CVE-2013-1583.html http://support.novell.com/security/cve/CVE-2013-1584.html http://support.novell.com/security/cve/CVE-2013-1585.html http://support.novell.com/security/cve/CVE-2013-1586.html http://support.novell.com/security/cve/CVE-2013-1587.html http://support.novell.com/security/cve/CVE-2013-1588.html http://support.novell.com/security/cve/CVE-2013-1589.html http://support.novell.com/security/cve/CVE-2013-1590.html https://bugzilla.novell.com/801131

8 years, 7 months

openSUSE-SU-2013:0284-1: critical: flash-player to 11.2.202.262

by opensuse-security＠opensuse.org

openSUSE Security Update: flash-player to 11.2.202.262 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0284-1 Rating: critical References: #802809 Cross-References: CVE-2013-0633 CVE-2013-0634 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: Adobe Flash Player was updated to 11.2.202.262 to fix various security issues and bugs. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2013-22 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): flash-player-11.2.202.262-43.1 flash-player-gnome-11.2.202.262-43.1 flash-player-kde4-11.2.202.262-43.1 References: http://support.novell.com/security/cve/CVE-2013-0633.html http://support.novell.com/security/cve/CVE-2013-0634.html https://bugzilla.novell.com/802809

8 years, 7 months

openSUSE-SU-2013:0283-1: moderate: update for gnutls

by opensuse-security＠opensuse.org

openSUSE Security Update: update for gnutls ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0283-1 Rating: moderate References: #752193 Cross-References: CVE-2012-1663 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - fix gnutls double free (bnc#752193, CVE-2012-1663.patch) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2013-110 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): gnutls-3.0.3-5.11.1 gnutls-debuginfo-3.0.3-5.11.1 gnutls-debugsource-3.0.3-5.11.1 libgnutls-devel-3.0.3-5.11.1 libgnutls-extra-devel-3.0.3-5.11.1 libgnutls-extra28-3.0.3-5.11.1 libgnutls-extra28-debuginfo-3.0.3-5.11.1 libgnutls-openssl-devel-3.0.3-5.11.1 libgnutls-openssl27-3.0.3-5.11.1 libgnutls-openssl27-debuginfo-3.0.3-5.11.1 libgnutls28-3.0.3-5.11.1 libgnutls28-debuginfo-3.0.3-5.11.1 libgnutlsxx-devel-3.0.3-5.11.1 libgnutlsxx28-3.0.3-5.11.1 libgnutlsxx28-debuginfo-3.0.3-5.11.1 - openSUSE 12.1 (x86_64): libgnutls-devel-32bit-3.0.3-5.11.1 libgnutls28-32bit-3.0.3-5.11.1 libgnutls28-debuginfo-32bit-3.0.3-5.11.1 - openSUSE 12.1 (ia64): libgnutls28-debuginfo-x86-3.0.3-5.11.1 libgnutls28-x86-3.0.3-5.11.1 References: http://support.novell.com/security/cve/CVE-2012-1663.html https://bugzilla.novell.com/752193

8 years, 7 months

openSUSE-SU-2013:0282-1: Opera update to 12.14 version

by opensuse-security＠opensuse.org

openSUSE Security Update: Opera update to 12.14 version ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0282-1 Rating: low References: #801233 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: Opera was updated to 12.14 version fixing stability issues. This update also consists updates for Opera 12.13 which is a recommended upgrade offering security and stability enhancements. -fixed an issue where Opera gets internal communication errors on Facebook -fixed an issue where no webpages load on startup, if Opera is disconnected from the Internet -fixed an issue where images will not load after back navigation, when a site uses the HTML5 history API (deviantart.com) -improved protection against hijacking of the default search, including a one-time reset -fixed an issue where DOM events manipulation might be used to execute arbitrary code; -fixed an issue where use of SVG clipPaths could allow execution of arbitrary code; -fixed a low severity security issue; details will be disclosed at a later date -fixed an issue where CORS requests could omit the preflight request; Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2013-19 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): opera-12.14-48.1 opera-gtk-12.14-48.1 opera-kde4-12.14-48.1 References: https://bugzilla.novell.com/801233

8 years, 7 months

openSUSE-SU-2013:0281-1: moderate: samba

by opensuse-security＠opensuse.org

openSUSE Security Update: samba ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0281-1 Rating: moderate References: #799641 #800982 Cross-References: CVE-2013-0213 CVE-2013-0214 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: - The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 4.0.1 are affected by a cross-site request forgery; CVE-2013-0214; (bnc#799641). - The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 4.0.1 could possibly be used in clickjacking attacks; CVE-2013-0213; (bnc#800982). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2013-20 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): ldapsmb-1.34b-118.1 libldb-devel-1.0.2-118.1 libldb1-1.0.2-118.1 libldb1-debuginfo-1.0.2-118.1 libnetapi-devel-3.6.3-118.1 libnetapi0-3.6.3-118.1 libnetapi0-debuginfo-3.6.3-118.1 libsmbclient-devel-3.6.3-118.1 libsmbclient0-3.6.3-118.1 libsmbclient0-debuginfo-3.6.3-118.1 libsmbsharemodes-devel-3.6.3-118.1 libsmbsharemodes0-3.6.3-118.1 libsmbsharemodes0-debuginfo-3.6.3-118.1 libtalloc-devel-2.0.5-118.1 libtalloc2-2.0.5-118.1 libtalloc2-debuginfo-2.0.5-118.1 libtdb-devel-1.2.9-118.1 libtdb1-1.2.9-118.1 libtdb1-debuginfo-1.2.9-118.1 libtevent-devel-0.9.11-118.1 libtevent0-0.9.11-118.1 libtevent0-debuginfo-0.9.11-118.1 libwbclient-devel-3.6.3-118.1 libwbclient0-3.6.3-118.1 libwbclient0-debuginfo-3.6.3-118.1 samba-3.6.3-118.1 samba-client-3.6.3-118.1 samba-client-debuginfo-3.6.3-118.1 samba-debuginfo-3.6.3-118.1 samba-debugsource-3.6.3-118.1 samba-devel-3.6.3-118.1 samba-krb-printing-3.6.3-118.1 samba-krb-printing-debuginfo-3.6.3-118.1 samba-winbind-3.6.3-118.1 samba-winbind-debuginfo-3.6.3-118.1 - openSUSE 11.4 (x86_64): libldb1-32bit-1.0.2-118.1 libldb1-debuginfo-32bit-1.0.2-118.1 libsmbclient0-32bit-3.6.3-118.1 libsmbclient0-debuginfo-32bit-3.6.3-118.1 libtalloc2-32bit-2.0.5-118.1 libtalloc2-debuginfo-32bit-2.0.5-118.1 libtdb1-32bit-1.2.9-118.1 libtdb1-debuginfo-32bit-1.2.9-118.1 libtevent0-32bit-0.9.11-118.1 libtevent0-debuginfo-32bit-0.9.11-118.1 libwbclient0-32bit-3.6.3-118.1 libwbclient0-debuginfo-32bit-3.6.3-118.1 samba-32bit-3.6.3-118.1 samba-client-32bit-3.6.3-118.1 samba-client-debuginfo-32bit-3.6.3-118.1 samba-debuginfo-32bit-3.6.3-118.1 samba-winbind-32bit-3.6.3-118.1 samba-winbind-debuginfo-32bit-3.6.3-118.1 - openSUSE 11.4 (noarch): samba-doc-3.6.3-118.1 - openSUSE 11.4 (ia64): libldb1-debuginfo-x86-1.0.2-118.1 libldb1-x86-1.0.2-118.1 libsmbclient0-debuginfo-x86-3.6.3-118.1 libsmbclient0-x86-3.6.3-118.1 libtalloc2-debuginfo-x86-2.0.5-118.1 libtalloc2-x86-2.0.5-118.1 libtdb1-debuginfo-x86-1.2.9-118.1 libtdb1-x86-1.2.9-118.1 libtevent0-debuginfo-x86-0.9.11-118.1 libtevent0-x86-0.9.11-118.1 libwbclient0-debuginfo-x86-3.6.3-118.1 libwbclient0-x86-3.6.3-118.1 samba-client-debuginfo-x86-3.6.3-118.1 samba-client-x86-3.6.3-118.1 samba-debuginfo-x86-3.6.3-118.1 samba-winbind-debuginfo-x86-3.6.3-118.1 samba-winbind-x86-3.6.3-118.1 samba-x86-3.6.3-118.1 References: http://support.novell.com/security/cve/CVE-2013-0213.html http://support.novell.com/security/cve/CVE-2013-0214.html https://bugzilla.novell.com/799641 https://bugzilla.novell.com/800982

8 years, 7 months

openSUSE-SU-2013:0280-1: important: ruby on rails to 2.3.16

by opensuse-security＠opensuse.org

8 years, 7 months

openSUSE-SU-2013:0279-1: critical: flash-player to 11.2.202.262

by opensuse-security＠opensuse.org

openSUSE Security Update: flash-player to 11.2.202.262 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0279-1 Rating: critical References: #802809 Cross-References: CVE-2013-0633 CVE-2013-0634 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: Adobe Flash Player was updated to 11.2.202.262 to fix various security issues and bugs. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2013-111 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): flash-player-11.2.202.262-46.1 flash-player-gnome-11.2.202.262-46.1 flash-player-kde4-11.2.202.262-46.1 References: http://support.novell.com/security/cve/CVE-2013-0633.html http://support.novell.com/security/cve/CVE-2013-0634.html https://bugzilla.novell.com/802809

8 years, 7 months

openSUSE-SU-2013:0278-1: important: ruby on rails to 2.3.16

by opensuse-security＠opensuse.org

openSUSE Security Update: ruby on rails to 2.3.16 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0278-1 Rating: important References: #766792 #775649 #775653 #796712 #797449 #797452 #798452 #798458 #800320 Cross-References: CVE-2012-2695 CVE-2012-5664 CVE-2013-0155 CVE-2013-0156 CVE-2013-0333 Affected Products: openSUSE 12.2 openSUSE 12.1 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has four fixes is now available. Description: This update updates the RubyOnRails 2.3 stack to 2.3.16, also this update updates the RubyOnRails 3.2 stack to 3.2.11. Security and bugfixes were done, foremost: CVE-2013-0333: A JSON sql/code injection problem was fixed. CVE-2012-5664: A SQL Injection Vulnerability in Active Record was fixed. CVE-2012-2695: A SQL injection via nested hashes in conditions was fixed. CVE-2013-0155: Unsafe Query Generation Risk in Ruby on Rails was fixed. CVE-2013-0156: Multiple vulnerabilities in parameter parsing in Action Pack were fixed. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-106 - openSUSE 12.1: zypper in -t patch openSUSE-2013-106 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): rubygem-actionmailer-2_3-2.3.16-2.5.3 rubygem-actionmailer-2_3-doc-2.3.16-2.5.3 rubygem-actionmailer-2_3-testsuite-2.3.16-2.5.3 rubygem-actionmailer-3_2-3.2.11-2.9.5 rubygem-actionmailer-3_2-doc-3.2.11-2.9.5 rubygem-actionpack-2_3-2.3.16-2.13.3 rubygem-actionpack-2_3-doc-2.3.16-2.13.3 rubygem-actionpack-2_3-testsuite-2.3.16-2.13.3 rubygem-actionpack-3_2-3.2.11-3.9.4 rubygem-actionpack-3_2-doc-3.2.11-3.9.4 rubygem-activemodel-3_2-3.2.11-2.9.2 rubygem-activemodel-3_2-doc-3.2.11-2.9.2 rubygem-activerecord-2_3-2.3.16-2.9.2 rubygem-activerecord-2_3-doc-2.3.16-2.9.2 rubygem-activerecord-2_3-testsuite-2.3.16-2.9.2 rubygem-activerecord-3_2-3.2.11-2.9.1 rubygem-activerecord-3_2-doc-3.2.11-2.9.1 rubygem-activeresource-2_3-2.3.16-2.5.2 rubygem-activeresource-2_3-doc-2.3.16-2.5.2 rubygem-activeresource-2_3-testsuite-2.3.16-2.5.2 rubygem-activeresource-3_2-3.2.11-2.9.1 rubygem-activeresource-3_2-doc-3.2.11-2.9.1 rubygem-activesupport-2_3-2.3.16-3.9.1 rubygem-activesupport-2_3-doc-2.3.16-3.9.1 rubygem-activesupport-3_2-3.2.11-2.9.1 rubygem-activesupport-3_2-doc-3.2.11-2.9.1 rubygem-rack-1_1-1.1.5-6.5.1 rubygem-rack-1_1-doc-1.1.5-6.5.1 rubygem-rack-1_1-testsuite-1.1.5-6.5.1 rubygem-rack-1_2-1.2.7-2.5.1 rubygem-rack-1_2-doc-1.2.7-2.5.1 rubygem-rack-1_2-testsuite-1.2.7-2.5.1 rubygem-rack-1_3-1.3.9-2.5.1 rubygem-rack-1_3-doc-1.3.9-2.5.1 rubygem-rack-1_3-testsuite-1.3.9-2.5.1 rubygem-rack-1_4-1.4.1-2.5.1 rubygem-rack-1_4-doc-1.4.1-2.5.1 rubygem-rack-1_4-testsuite-1.4.1-2.5.1 rubygem-rails-2_3-2.3.16-3.5.1 rubygem-rails-2_3-doc-2.3.16-3.5.1 rubygem-rails-3_2-3.2.11-2.9.1 rubygem-rails-3_2-doc-3.2.11-2.9.1 rubygem-railties-3_2-3.2.11-2.9.1 rubygem-railties-3_2-doc-3.2.11-2.9.1 rubygem-sprockets-2_2-2.2.2-2.2 rubygem-sprockets-2_2-doc-2.2.2-2.2 - openSUSE 12.2 (noarch): rubygem-actionmailer-2.3.16-2.5.1 rubygem-actionpack-2.3.16-2.5.1 rubygem-activerecord-2.3.16-3.5.1 rubygem-activeresource-2.3.16-3.5.1 rubygem-activesupport-2.3.16-3.5.1 rubygem-rails-2.3.16-3.5.1 - openSUSE 12.1 (i586 x86_64): rubygem-actionmailer-2_3-2.3.16-3.9.3 rubygem-actionmailer-2_3-doc-2.3.16-3.9.3 rubygem-actionmailer-2_3-testsuite-2.3.16-3.9.3 rubygem-actionpack-2_3-2.3.16-3.16.2 rubygem-actionpack-2_3-doc-2.3.16-3.16.2 rubygem-actionpack-2_3-testsuite-2.3.16-3.16.2 rubygem-activerecord-2_3-2.3.16-3.12.2 rubygem-activerecord-2_3-doc-2.3.16-3.12.2 rubygem-activerecord-2_3-testsuite-2.3.16-3.12.2 rubygem-activeresource-2_3-2.3.16-3.9.2 rubygem-activeresource-2_3-doc-2.3.16-3.9.2 rubygem-activeresource-2_3-testsuite-2.3.16-3.9.2 rubygem-activesupport-2_3-2.3.16-3.13.1 rubygem-activesupport-2_3-doc-2.3.16-3.13.1 rubygem-rack-1_1-1.1.5-3.5.1 rubygem-rack-1_1-doc-1.1.5-3.5.1 rubygem-rack-1_1-testsuite-1.1.5-3.5.1 rubygem-rails-2_3-2.3.16-3.9.1 rubygem-rails-2_3-doc-2.3.16-3.9.1 - openSUSE 12.1 (noarch): rubygem-actionmailer-2.3.16-2.7.1 rubygem-actionpack-2.3.16-2.7.1 rubygem-activerecord-2.3.16-2.7.1 rubygem-activeresource-2.3.16-2.7.1 rubygem-activesupport-2.3.16-2.7.1 rubygem-rails-2.3.16-2.7.1 References: http://support.novell.com/security/cve/CVE-2012-2695.html http://support.novell.com/security/cve/CVE-2012-5664.html http://support.novell.com/security/cve/CVE-2013-0155.html http://support.novell.com/security/cve/CVE-2013-0156.html http://support.novell.com/security/cve/CVE-2013-0333.html https://bugzilla.novell.com/766792 https://bugzilla.novell.com/775649 https://bugzilla.novell.com/775653 https://bugzilla.novell.com/796712 https://bugzilla.novell.com/797449 https://bugzilla.novell.com/797452 https://bugzilla.novell.com/798452 https://bugzilla.novell.com/798458 https://bugzilla.novell.com/800320

8 years, 7 months

openSUSE-SU-2013:0277-1: moderate: samba

by opensuse-security＠opensuse.org

openSUSE Security Update: samba ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0277-1 Rating: moderate References: #741623 #742504 #755663 #759731 #764577 #770056 #779269 #783384 #783719 #786677 #787983 #788159 #790741 #791183 #792340 #799641 #800982 Cross-References: CVE-2013-0213 CVE-2013-0214 Affected Products: openSUSE 12.2 openSUSE 12.1 ______________________________________________________________________________ An update that solves two vulnerabilities and has 15 fixes is now available. Description: Samba was updated to 3.6.7 fixing bugs and security issues: - The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 4.0.1 are affected by a cross-site request forgery; CVE-2013-0214; (bnc#799641). - The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 4.0.1 could possibly be used in clickjacking attacks; CVE-2013-0213; (bnc#800982). It also contains various other bugfixes merged by our Samba team. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-107 - openSUSE 12.1: zypper in -t patch openSUSE-2013-107 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): ldapsmb-1.34b-48.16.1 libnetapi-devel-3.6.7-48.16.1 libnetapi0-3.6.7-48.16.1 libnetapi0-debuginfo-3.6.7-48.16.1 libsmbclient-devel-3.6.7-48.16.1 libsmbclient0-3.6.7-48.16.1 libsmbclient0-debuginfo-3.6.7-48.16.1 libsmbsharemodes-devel-3.6.7-48.16.1 libsmbsharemodes0-3.6.7-48.16.1 libsmbsharemodes0-debuginfo-3.6.7-48.16.1 libwbclient-devel-3.6.7-48.16.1 libwbclient0-3.6.7-48.16.1 libwbclient0-debuginfo-3.6.7-48.16.1 samba-3.6.7-48.16.1 samba-client-3.6.7-48.16.1 samba-client-debuginfo-3.6.7-48.16.1 samba-debuginfo-3.6.7-48.16.1 samba-debugsource-3.6.7-48.16.1 samba-devel-3.6.7-48.16.1 samba-krb-printing-3.6.7-48.16.1 samba-krb-printing-debuginfo-3.6.7-48.16.1 samba-winbind-3.6.7-48.16.1 samba-winbind-debuginfo-3.6.7-48.16.1 - openSUSE 12.2 (x86_64): libsmbclient0-32bit-3.6.7-48.16.1 libsmbclient0-debuginfo-32bit-3.6.7-48.16.1 libwbclient0-32bit-3.6.7-48.16.1 libwbclient0-debuginfo-32bit-3.6.7-48.16.1 samba-32bit-3.6.7-48.16.1 samba-client-32bit-3.6.7-48.16.1 samba-client-debuginfo-32bit-3.6.7-48.16.1 samba-debuginfo-32bit-3.6.7-48.16.1 samba-winbind-32bit-3.6.7-48.16.1 samba-winbind-debuginfo-32bit-3.6.7-48.16.1 - openSUSE 12.2 (noarch): samba-doc-3.6.7-48.16.1 - openSUSE 12.1 (i586 x86_64): ldapsmb-1.34b-34.16.1 libldb-devel-1.0.2-34.16.1 libldb1-1.0.2-34.16.1 libldb1-debuginfo-1.0.2-34.16.1 libnetapi-devel-3.6.3-34.16.1 libnetapi0-3.6.3-34.16.1 libnetapi0-debuginfo-3.6.3-34.16.1 libsmbclient-devel-3.6.3-34.16.1 libsmbclient0-3.6.3-34.16.1 libsmbclient0-debuginfo-3.6.3-34.16.1 libsmbsharemodes-devel-3.6.3-34.16.1 libsmbsharemodes0-3.6.3-34.16.1 libsmbsharemodes0-debuginfo-3.6.3-34.16.1 libtalloc-devel-2.0.5-34.16.1 libtalloc2-2.0.5-34.16.1 libtalloc2-debuginfo-2.0.5-34.16.1 libtdb-devel-1.2.9-34.16.1 libtdb1-1.2.9-34.16.1 libtdb1-debuginfo-1.2.9-34.16.1 libtevent-devel-0.9.11-34.16.1 libtevent0-0.9.11-34.16.1 libtevent0-debuginfo-0.9.11-34.16.1 libwbclient-devel-3.6.3-34.16.1 libwbclient0-3.6.3-34.16.1 libwbclient0-debuginfo-3.6.3-34.16.1 samba-3.6.3-34.16.1 samba-client-3.6.3-34.16.1 samba-client-debuginfo-3.6.3-34.16.1 samba-debuginfo-3.6.3-34.16.1 samba-debugsource-3.6.3-34.16.1 samba-devel-3.6.3-34.16.1 samba-krb-printing-3.6.3-34.16.1 samba-krb-printing-debuginfo-3.6.3-34.16.1 samba-winbind-3.6.3-34.16.1 samba-winbind-debuginfo-3.6.3-34.16.1 - openSUSE 12.1 (x86_64): libldb1-32bit-1.0.2-34.16.1 libldb1-debuginfo-32bit-1.0.2-34.16.1 libsmbclient0-32bit-3.6.3-34.16.1 libsmbclient0-debuginfo-32bit-3.6.3-34.16.1 libtalloc2-32bit-2.0.5-34.16.1 libtalloc2-debuginfo-32bit-2.0.5-34.16.1 libtdb1-32bit-1.2.9-34.16.1 libtdb1-debuginfo-32bit-1.2.9-34.16.1 libtevent0-32bit-0.9.11-34.16.1 libtevent0-debuginfo-32bit-0.9.11-34.16.1 libwbclient0-32bit-3.6.3-34.16.1 libwbclient0-debuginfo-32bit-3.6.3-34.16.1 samba-32bit-3.6.3-34.16.1 samba-client-32bit-3.6.3-34.16.1 samba-client-debuginfo-32bit-3.6.3-34.16.1 samba-debuginfo-32bit-3.6.3-34.16.1 samba-winbind-32bit-3.6.3-34.16.1 samba-winbind-debuginfo-32bit-3.6.3-34.16.1 - openSUSE 12.1 (noarch): samba-doc-3.6.3-34.16.1 - openSUSE 12.1 (ia64): libldb1-debuginfo-x86-1.0.2-34.16.1 libldb1-x86-1.0.2-34.16.1 libsmbclient0-debuginfo-x86-3.6.3-34.16.1 libsmbclient0-x86-3.6.3-34.16.1 libtalloc2-debuginfo-x86-2.0.5-34.16.1 libtalloc2-x86-2.0.5-34.16.1 libtdb1-debuginfo-x86-1.2.9-34.16.1 libtdb1-x86-1.2.9-34.16.1 libtevent0-debuginfo-x86-0.9.11-34.16.1 libtevent0-x86-0.9.11-34.16.1 libwbclient0-debuginfo-x86-3.6.3-34.16.1 libwbclient0-x86-3.6.3-34.16.1 samba-client-debuginfo-x86-3.6.3-34.16.1 samba-client-x86-3.6.3-34.16.1 samba-debuginfo-x86-3.6.3-34.16.1 samba-winbind-debuginfo-x86-3.6.3-34.16.1 samba-winbind-x86-3.6.3-34.16.1 samba-x86-3.6.3-34.16.1 References: http://support.novell.com/security/cve/CVE-2013-0213.html http://support.novell.com/security/cve/CVE-2013-0214.html https://bugzilla.novell.com/741623 https://bugzilla.novell.com/742504 https://bugzilla.novell.com/755663 https://bugzilla.novell.com/759731 https://bugzilla.novell.com/764577 https://bugzilla.novell.com/770056 https://bugzilla.novell.com/779269 https://bugzilla.novell.com/783384 https://bugzilla.novell.com/783719 https://bugzilla.novell.com/786677 https://bugzilla.novell.com/787983 https://bugzilla.novell.com/788159 https://bugzilla.novell.com/790741 https://bugzilla.novell.com/791183 https://bugzilla.novell.com/792340 https://bugzilla.novell.com/799641 https://bugzilla.novell.com/800982

8 years, 7 months

← Newer
1
2
3
4
5
6
7
8
9
10
Older →

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

openSUSE Updates February 2013