openSUSE Updates January 2014

updates@lists.opensuse.org

2 participants
108 discussions

openSUSE-SU-2014:0013-1: moderate: update for wireshark

by opensuse-security＠opensuse.org

openSUSE Security Update: update for wireshark ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0013-1 Rating: moderate References: #855980 Cross-References: CVE-2013-7112 CVE-2013-7113 CVE-2013-7114 Affected Products: openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: - openSUSE 12.2 and 12.3: update to 1.8.12 [bnc#855980] + vulnerabilities fixed: * The SIP dissector could go into an infinite loop. wnpa-sec-2013-66 CVE-2013-7112 * The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. wnpa-sec-2013-68 CVE-2013-7114 + Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.htm l - openSUSE 13.1: update to 1.10.4 [bnc#855980] + vulnerabilities fixed: * The SIP dissector could go into an infinite loop. wnpa-sec-2013-66 CVE-2013-7112 * The BSSGP dissector could crash. wnpa-sec-2013-67 CVE-2013-7113 * The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. wnpa-sec-2013-68 CVE-2013-7114 + Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.4.htm l Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2014-3 - openSUSE 12.2: zypper in -t patch openSUSE-2014-3 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): wireshark-1.8.12-1.28.1 wireshark-debuginfo-1.8.12-1.28.1 wireshark-debugsource-1.8.12-1.28.1 wireshark-devel-1.8.12-1.28.1 - openSUSE 12.2 (i586 x86_64): wireshark-1.8.12-1.47.1 wireshark-debuginfo-1.8.12-1.47.1 wireshark-debugsource-1.8.12-1.47.1 wireshark-devel-1.8.12-1.47.1 References: http://support.novell.com/security/cve/CVE-2013-7112.html http://support.novell.com/security/cve/CVE-2013-7113.html http://support.novell.com/security/cve/CVE-2013-7114.html https://bugzilla.novell.com/855980

8 years, 4 months

openSUSE-SU-2014:0012-1: moderate: update for openssl

by opensuse-security＠opensuse.org

openSUSE Security Update: update for openssl ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0012-1 Rating: moderate References: #849377 #856687 Cross-References: CVE-2013-6449 Affected Products: openSUSE 12.3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: - Fixed bnc#856687, openssl: crash when using TLS 1.2 Add file: CVE-2013-6449.patch - compression_methods_switch.patch: setenv might not be successful if a surrounding library or application filters it, like e.g. sudo. As setenv() does not seem to be useful anyway, remove it. bnc#849377 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2014-10 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): libopenssl-devel-1.0.1e-1.17.1 libopenssl1_0_0-1.0.1e-1.17.1 libopenssl1_0_0-debuginfo-1.0.1e-1.17.1 openssl-1.0.1e-1.17.1 openssl-debuginfo-1.0.1e-1.17.1 openssl-debugsource-1.0.1e-1.17.1 - openSUSE 12.3 (x86_64): libopenssl-devel-32bit-1.0.1e-1.17.1 libopenssl1_0_0-32bit-1.0.1e-1.17.1 libopenssl1_0_0-debuginfo-32bit-1.0.1e-1.17.1 - openSUSE 12.3 (noarch): openssl-doc-1.0.1e-1.17.1 References: http://support.novell.com/security/cve/CVE-2013-6449.html https://bugzilla.novell.com/849377 https://bugzilla.novell.com/856687

8 years, 4 months

openSUSE-SU-2014:0011-1: moderate: update for pixman

by opensuse-security＠opensuse.org

openSUSE Security Update: update for pixman ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0011-1 Rating: moderate References: #853824 Cross-References: CVE-2013-6425 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - Added pixman-bnc853824-bfo67484-CVE-2013-6425-fix-underflow.patch for bnc#853824. Fixes an integer underflow bug which can cause a crash. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2014-5 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): libpixman-1-0-0.24.4-4.8.1 libpixman-1-0-debuginfo-0.24.4-4.8.1 libpixman-1-0-devel-0.24.4-4.8.1 pixman-debugsource-0.24.4-4.8.1 - openSUSE 12.2 (x86_64): libpixman-1-0-32bit-0.24.4-4.8.1 libpixman-1-0-debuginfo-32bit-0.24.4-4.8.1 References: http://support.novell.com/security/cve/CVE-2013-6425.html https://bugzilla.novell.com/853824

8 years, 4 months

openSUSE-SU-2014:0010-1: moderate: update for libvirt

by opensuse-security＠opensuse.org

openSUSE Security Update: update for libvirt ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0010-1 Rating: moderate References: #854144 #854486 #855239 Cross-References: CVE-2013-6436 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: - CVE-2013-6436: Fix crashes in lxc memtune code, one of which results in DoS f8c1cb90-CVE-2013-6436.patch, 9faf3f29-LXC-memtune.patch bnc#854486 - Backported upstream patch to fix LXC container failing start. bnc#855239 - Building with polkit support requires polkit-devel bnc#854144 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-8 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): libvirt-1.1.2-2.14.2 libvirt-client-1.1.2-2.14.2 libvirt-client-debuginfo-1.1.2-2.14.2 libvirt-daemon-1.1.2-2.14.2 libvirt-daemon-config-nwfilter-1.1.2-2.14.2 libvirt-daemon-debuginfo-1.1.2-2.14.2 libvirt-daemon-driver-interface-1.1.2-2.14.2 libvirt-daemon-driver-interface-debuginfo-1.1.2-2.14.2 libvirt-daemon-driver-lxc-1.1.2-2.14.2 libvirt-daemon-driver-lxc-debuginfo-1.1.2-2.14.2 libvirt-daemon-driver-network-1.1.2-2.14.2 libvirt-daemon-driver-network-debuginfo-1.1.2-2.14.2 libvirt-daemon-driver-nodedev-1.1.2-2.14.2 libvirt-daemon-driver-nodedev-debuginfo-1.1.2-2.14.2 libvirt-daemon-driver-nwfilter-1.1.2-2.14.2 libvirt-daemon-driver-nwfilter-debuginfo-1.1.2-2.14.2 libvirt-daemon-driver-qemu-1.1.2-2.14.2 libvirt-daemon-driver-qemu-debuginfo-1.1.2-2.14.2 libvirt-daemon-driver-secret-1.1.2-2.14.2 libvirt-daemon-driver-secret-debuginfo-1.1.2-2.14.2 libvirt-daemon-driver-storage-1.1.2-2.14.2 libvirt-daemon-driver-storage-debuginfo-1.1.2-2.14.2 libvirt-daemon-driver-uml-1.1.2-2.14.2 libvirt-daemon-driver-uml-debuginfo-1.1.2-2.14.2 libvirt-daemon-driver-vbox-1.1.2-2.14.2 libvirt-daemon-driver-vbox-debuginfo-1.1.2-2.14.2 libvirt-daemon-lxc-1.1.2-2.14.2 libvirt-daemon-qemu-1.1.2-2.14.2 libvirt-daemon-uml-1.1.2-2.14.2 libvirt-daemon-vbox-1.1.2-2.14.2 libvirt-debugsource-1.1.2-2.14.2 libvirt-devel-1.1.2-2.14.2 libvirt-doc-1.1.2-2.14.2 libvirt-lock-sanlock-1.1.2-2.14.2 libvirt-lock-sanlock-debuginfo-1.1.2-2.14.2 libvirt-login-shell-1.1.2-2.14.2 libvirt-login-shell-debuginfo-1.1.2-2.14.2 libvirt-python-1.1.2-2.14.2 libvirt-python-debuginfo-1.1.2-2.14.2 - openSUSE 13.1 (x86_64): libvirt-client-32bit-1.1.2-2.14.2 libvirt-client-debuginfo-32bit-1.1.2-2.14.2 libvirt-daemon-driver-libxl-1.1.2-2.14.2 libvirt-daemon-driver-libxl-debuginfo-1.1.2-2.14.2 libvirt-daemon-driver-xen-1.1.2-2.14.2 libvirt-daemon-driver-xen-debuginfo-1.1.2-2.14.2 libvirt-daemon-xen-1.1.2-2.14.2 libvirt-devel-32bit-1.1.2-2.14.2 References: http://support.novell.com/security/cve/CVE-2013-6436.html https://bugzilla.novell.com/854144 https://bugzilla.novell.com/854486 https://bugzilla.novell.com/855239

8 years, 4 months

openSUSE-SU-2014:0009-1: moderate: update for rubygem-actionpack-3_2

by opensuse-security＠opensuse.org

openSUSE Security Update: update for rubygem-actionpack-3_2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0009-1 Rating: moderate References: #846239 #853625 #853627 #853632 #853633 Cross-References: CVE-2013-4389 CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6417 Affected Products: openSUSE 13.1 openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update fixes the following security issues with rubygem-actionpack-3_2: - fix CVE-2013-4389: rubygem-actionmailer-3_1: possible DoS vulnerability in the log subscriber component (bnc#846239) File CVE-2013-4389.patch contains the fix. - fix CVE-2013-4491: rubygem-actionpack: i18n missing translation XSS (bnc#853625). File CVE-2013-4491.patch contains the patch - fix CVE-2013-6414: rubygem-actionpack: Action View DoS (bnc#853633). File CVE-2013-6414.patch contains the patch. - fix CVE-2013-6415: rubygem-actionpack: number_to_currency XSS (bnc#853632). File CVE-2013-6415.patch contains the patch. - fix CVE-2013-6417: rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013-0155) (bnc#853627). File CVE-2013-6417.patch contains the patch. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-1 - openSUSE 12.3: zypper in -t patch openSUSE-2014-1 - openSUSE 12.2: zypper in -t patch openSUSE-2014-1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): rubygem-actionpack-3_2-3.2.13-2.9.1 rubygem-actionpack-3_2-doc-3.2.13-2.9.1 - openSUSE 12.3 (i586 x86_64): rubygem-actionpack-3_2-3.2.12-1.13.1 rubygem-actionpack-3_2-doc-3.2.12-1.13.1 - openSUSE 12.2 (i586 x86_64): rubygem-actionpack-3_2-3.2.12-3.26.2 rubygem-actionpack-3_2-doc-3.2.12-3.26.2 References: http://support.novell.com/security/cve/CVE-2013-4389.html http://support.novell.com/security/cve/CVE-2013-4491.html http://support.novell.com/security/cve/CVE-2013-6414.html http://support.novell.com/security/cve/CVE-2013-6415.html http://support.novell.com/security/cve/CVE-2013-6417.html https://bugzilla.novell.com/846239 https://bugzilla.novell.com/853625 https://bugzilla.novell.com/853627 https://bugzilla.novell.com/853632 https://bugzilla.novell.com/853633

8 years, 4 months

openSUSE-SU-2014:0008-1: moderate: update for seamonkey

by opensuse-security＠opensuse.org

openSUSE Security Update: update for seamonkey ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0008-1 Rating: moderate References: #854370 Cross-References: CVE-2013-5609 CVE-2013-5610 CVE-2013-5611 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-5619 CVE-2013-6629 CVE-2013-6630 CVE-2013-6671 CVE-2013-6672 CVE-2013-6673 Affected Products: openSUSE 13.1 openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update fixes the following security issues with SeaMonkey: - update to SeaMonkey 2.23 (bnc#854370)) * requires NSPR 4.10.2 and NSS 3.15.3.1 * MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards * MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation * MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack * MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements * MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners * MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing * MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms * MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements * MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste * MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation * MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement * MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets * MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak * MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - rebased patches: * mozilla-nongnome-proxies.patch * mozilla-shared-nss-db.patch Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-2 - openSUSE 12.3: zypper in -t patch openSUSE-2014-2 - openSUSE 12.2: zypper in -t patch openSUSE-2014-2 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): seamonkey-2.23-4.3 seamonkey-debuginfo-2.23-4.3 seamonkey-debugsource-2.23-4.3 seamonkey-dom-inspector-2.23-4.3 seamonkey-irc-2.23-4.3 seamonkey-translations-common-2.23-4.3 seamonkey-translations-other-2.23-4.3 seamonkey-venkman-2.23-4.3 - openSUSE 12.3 (i586 x86_64): seamonkey-2.23-1.29.2 seamonkey-debuginfo-2.23-1.29.2 seamonkey-debugsource-2.23-1.29.2 seamonkey-dom-inspector-2.23-1.29.2 seamonkey-irc-2.23-1.29.2 seamonkey-translations-common-2.23-1.29.2 seamonkey-translations-other-2.23-1.29.2 seamonkey-venkman-2.23-1.29.2 - openSUSE 12.2 (i586 x86_64): seamonkey-2.23-2.58.2 seamonkey-debuginfo-2.23-2.58.2 seamonkey-debugsource-2.23-2.58.2 seamonkey-dom-inspector-2.23-2.58.2 seamonkey-irc-2.23-2.58.2 seamonkey-translations-common-2.23-2.58.2 seamonkey-translations-other-2.23-2.58.2 seamonkey-venkman-2.23-2.58.2 References: http://support.novell.com/security/cve/CVE-2013-5609.html http://support.novell.com/security/cve/CVE-2013-5610.html http://support.novell.com/security/cve/CVE-2013-5611.html http://support.novell.com/security/cve/CVE-2013-5612.html http://support.novell.com/security/cve/CVE-2013-5613.html http://support.novell.com/security/cve/CVE-2013-5614.html http://support.novell.com/security/cve/CVE-2013-5615.html http://support.novell.com/security/cve/CVE-2013-5616.html http://support.novell.com/security/cve/CVE-2013-5618.html http://support.novell.com/security/cve/CVE-2013-5619.html http://support.novell.com/security/cve/CVE-2013-6629.html http://support.novell.com/security/cve/CVE-2013-6630.html http://support.novell.com/security/cve/CVE-2013-6671.html http://support.novell.com/security/cve/CVE-2013-6672.html http://support.novell.com/security/cve/CVE-2013-6673.html https://bugzilla.novell.com/854370

8 years, 4 months

openSUSE-SU-2014:0007-1: moderate: update for pixman

by opensuse-security＠opensuse.org

openSUSE Security Update: update for pixman ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0007-1 Rating: moderate References: #853824 Cross-References: CVE-2013-6425 Affected Products: openSUSE 12.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - Added pixman-bnc853824-bfo67484-CVE-2013-6425-fix-underflow.patch for bnc#853824. Fixes an integer underflow bug which can cause a crash. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2014-6 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): libpixman-1-0-0.28.2-2.4.1 libpixman-1-0-debuginfo-0.28.2-2.4.1 libpixman-1-0-devel-0.28.2-2.4.1 pixman-debugsource-0.28.2-2.4.1 - openSUSE 12.3 (x86_64): libpixman-1-0-32bit-0.28.2-2.4.1 libpixman-1-0-debuginfo-32bit-0.28.2-2.4.1 References: http://support.novell.com/security/cve/CVE-2013-6425.html https://bugzilla.novell.com/853824

8 years, 4 months

openSUSE-SU-2014:0006-1: important: acroread: not supported anymore

by opensuse-security＠opensuse.org

openSUSE Security Update: acroread: not supported anymore ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0006-1 Rating: important References: #843835 Affected Products: openSUSE 12.3:NonFree openSUSE 12.2:NonFree ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: Adobe discontinued the Adobe Reader 9 for Linux in June 2013 and has not fixed and will not fix any further security issues in it. As there is no new version, it is officially out of support. The SUSE Security Team strongly recommends to not use it anymore. Installing this update will deinstall the plugin package to avoid automatic exploitation via PDF embedded in webpages or emails. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3:NonFree: zypper in -t patch openSUSE-2014-12 - openSUSE 12.2:NonFree: zypper in -t patch openSUSE-2014-12 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3:NonFree (noarch): acroread-cmaps-9.4.1-8.1 acroread-fonts-ja-9.4.1-8.1 acroread-fonts-ko-9.4.1-8.1 acroread-fonts-zh_CN-9.4.1-8.1 acroread-fonts-zh_TW-9.4.1-8.1 - openSUSE 12.3:NonFree (i586): acroread-9.5.5-8.1 - openSUSE 12.2:NonFree (noarch): acroread-cmaps-9.4.1-3.16.1 acroread-fonts-ja-9.4.1-3.16.1 acroread-fonts-ko-9.4.1-3.16.1 acroread-fonts-zh_CN-9.4.1-3.16.1 acroread-fonts-zh_TW-9.4.1-3.16.1 - openSUSE 12.2:NonFree (i586): acroread-9.5.5-3.16.1 References: https://bugzilla.novell.com/843835

8 years, 4 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

openSUSE Updates January 2014