openSUSE Security Update: Opera update to 12.14 version
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:0289-1
Rating: moderate
References: #801233
Cross-References: CVE-2013-1618
Affected Products:
openSUSE 12.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Opera was updated to 12.14 version fixing stability issues.
This update also consists updates for Opera 12.13 which is
a recommended upgrade offering security and stability
enhancements.
-fixed an issue where Opera gets internal communication
errors on Facebook
-fixed an issue where no webpages load on startup, if
Opera is disconnected from the Internet
-fixed an issue where images will not load after back
navigation, when a site uses the HTML5 history API
(deviantart.com)
-improved protection against hijacking of the default
search, including a one-time reset
-fixed an issue where DOM events manipulation might be
used to execute arbitrary code;
-fixed an issue where use of SVG clipPaths could allow
execution of arbitrary code;
-CVE-2013-1618: Fixed a TLS information leak.
-fixed an issue where CORS requests could omit the
preflight request;
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.1:
zypper in -t patch openSUSE-2013-113
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.1 (i586 x86_64):
opera-12.14-38.1
opera-gtk-12.14-38.1
opera-kde4-12.14-38.1
References:
http://support.novell.com/security/cve/CVE-2013-1618.htmlhttps://bugzilla.novell.com/801233
openSUSE Security Update: flash-player to 11.2.202.262
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:0284-1
Rating: critical
References: #802809
Cross-References: CVE-2013-0633 CVE-2013-0634
Affected Products:
openSUSE 11.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
Adobe Flash Player was updated to 11.2.202.262 to fix
various security issues and bugs.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch 2013-22
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
flash-player-11.2.202.262-43.1
flash-player-gnome-11.2.202.262-43.1
flash-player-kde4-11.2.202.262-43.1
References:
http://support.novell.com/security/cve/CVE-2013-0633.htmlhttp://support.novell.com/security/cve/CVE-2013-0634.htmlhttps://bugzilla.novell.com/802809
openSUSE Security Update: Opera update to 12.14 version
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:0282-1
Rating: low
References: #801233
Affected Products:
openSUSE 11.4
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
Opera was updated to 12.14 version fixing stability issues.
This update also consists updates for Opera 12.13 which is
a recommended upgrade offering security and stability
enhancements.
-fixed an issue where Opera gets internal communication
errors on Facebook
-fixed an issue where no webpages load on startup, if
Opera is disconnected from the Internet
-fixed an issue where images will not load after back
navigation, when a site uses the HTML5 history API
(deviantart.com)
-improved protection against hijacking of the default
search, including a one-time reset
-fixed an issue where DOM events manipulation might be
used to execute arbitrary code;
-fixed an issue where use of SVG clipPaths could allow
execution of arbitrary code;
-fixed a low severity security issue; details will be
disclosed at a later date
-fixed an issue where CORS requests could omit the
preflight request;
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch 2013-19
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
opera-12.14-48.1
opera-gtk-12.14-48.1
opera-kde4-12.14-48.1
References:
https://bugzilla.novell.com/801233
openSUSE Security Update: ruby on rails to 2.3.16
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:0280-1
Rating: important
References: #766792 #775649 #775653 #796712 #797449 #797452
#798452 #798458 #800320
Cross-References: CVE-2012-2695 CVE-2012-5664 CVE-2013-0155
CVE-2013-0156 CVE-2013-0333
Affected Products:
openSUSE 11.4
______________________________________________________________________________
An update that solves 5 vulnerabilities and has four fixes
is now available.
Description:
This update updates the RubyOnRails 2.3 stack to 2.3.16.
Security and bugfixes were done, foremost: CVE-2013-0333: A
JSON sql/code injection problem was fixed. CVE-2012-5664: A
SQL Injection Vulnerability in Active Record was fixed.
CVE-2012-2695: A SQL injection via nested hashes in
conditions was fixed. CVE-2013-0155: Unsafe Query
Generation Risk in Ruby on Rails was fixed. CVE-2013-0156:
Multiple vulnerabilities in parameter parsing in Action
Pack were fixed. CVE-2012-5664: options hashes should only
be extracted if there are extra parameters CVE-2012-2695:
Fix SQL injection via nested hashes in conditions
CVE-2013-0156: Hash.from_xml raises when it encounters
type="symbol" or type="yaml". Use Hash.from_trusted_xml to
parse this XM
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch 2013-21
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
rubygem-actionmailer-2_3-2.3.16-0.16.1
rubygem-actionmailer-2_3-doc-2.3.16-0.16.1
rubygem-actionmailer-2_3-testsuite-2.3.16-0.16.1
rubygem-actionpack-2_3-2.3.16-0.23.1
rubygem-actionpack-2_3-doc-2.3.16-0.23.1
rubygem-actionpack-2_3-testsuite-2.3.16-0.23.1
rubygem-activerecord-2_3-2.3.16-0.19.1
rubygem-activerecord-2_3-doc-2.3.16-0.19.1
rubygem-activerecord-2_3-testsuite-2.3.16-0.19.1
rubygem-activeresource-2_3-2.3.16-0.16.1
rubygem-activeresource-2_3-doc-2.3.16-0.16.1
rubygem-activeresource-2_3-testsuite-2.3.16-0.16.1
rubygem-activesupport-2_3-2.3.16-0.16.1
rubygem-activesupport-2_3-doc-2.3.16-0.16.1
rubygem-rack-1.1.5-0.8.1
rubygem-rails-2_3-2.3.16-0.12.1
rubygem-rails-2_3-doc-2.3.16-0.12.1
- openSUSE 11.4 (noarch):
rubygem-actionmailer-2.3.16-0.6.1
rubygem-actionpack-2.3.16-0.6.1
rubygem-activerecord-2.3.16-0.6.1
rubygem-activeresource-2.3.16-0.6.1
rubygem-activesupport-2.3.16-0.6.1
rubygem-rails-2.3.16-0.6.1
References:
http://support.novell.com/security/cve/CVE-2012-2695.htmlhttp://support.novell.com/security/cve/CVE-2012-5664.htmlhttp://support.novell.com/security/cve/CVE-2013-0155.htmlhttp://support.novell.com/security/cve/CVE-2013-0156.htmlhttp://support.novell.com/security/cve/CVE-2013-0333.htmlhttps://bugzilla.novell.com/766792https://bugzilla.novell.com/775649https://bugzilla.novell.com/775653https://bugzilla.novell.com/796712https://bugzilla.novell.com/797449https://bugzilla.novell.com/797452https://bugzilla.novell.com/798452https://bugzilla.novell.com/798458https://bugzilla.novell.com/800320
openSUSE Security Update: flash-player to 11.2.202.262
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:0279-1
Rating: critical
References: #802809
Cross-References: CVE-2013-0633 CVE-2013-0634
Affected Products:
openSUSE 12.1
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
Adobe Flash Player was updated to 11.2.202.262 to fix
various security issues and bugs.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.1:
zypper in -t patch openSUSE-2013-111
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.1 (i586 x86_64):
flash-player-11.2.202.262-46.1
flash-player-gnome-11.2.202.262-46.1
flash-player-kde4-11.2.202.262-46.1
References:
http://support.novell.com/security/cve/CVE-2013-0633.htmlhttp://support.novell.com/security/cve/CVE-2013-0634.htmlhttps://bugzilla.novell.com/802809