openSUSE Security Update: update for wireshark
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0013-1
Rating: moderate
References: #855980
Cross-References: CVE-2013-7112 CVE-2013-7113 CVE-2013-7114
Affected Products:
openSUSE 12.3
openSUSE 12.2
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
- openSUSE 12.2 and 12.3: update to 1.8.12 [bnc#855980]
+ vulnerabilities fixed:
* The SIP dissector could go into an infinite loop.
wnpa-sec-2013-66 CVE-2013-7112
* The NTLMSSP v2 dissector could crash. Discovered by
Garming Sam. wnpa-sec-2013-68 CVE-2013-7114
+ Further bug fixes and updated protocol support as
listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.htm
l
- openSUSE 13.1: update to 1.10.4 [bnc#855980]
+ vulnerabilities fixed:
* The SIP dissector could go into an infinite loop.
wnpa-sec-2013-66 CVE-2013-7112
* The BSSGP dissector could crash. wnpa-sec-2013-67
CVE-2013-7113
* The NTLMSSP v2 dissector could crash. Discovered by
Garming Sam. wnpa-sec-2013-68 CVE-2013-7114
+ Further bug fixes and updated protocol support as
listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.4.htm
l
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-3
- openSUSE 12.2:
zypper in -t patch openSUSE-2014-3
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.3 (i586 x86_64):
wireshark-1.8.12-1.28.1
wireshark-debuginfo-1.8.12-1.28.1
wireshark-debugsource-1.8.12-1.28.1
wireshark-devel-1.8.12-1.28.1
- openSUSE 12.2 (i586 x86_64):
wireshark-1.8.12-1.47.1
wireshark-debuginfo-1.8.12-1.47.1
wireshark-debugsource-1.8.12-1.47.1
wireshark-devel-1.8.12-1.47.1
References:
http://support.novell.com/security/cve/CVE-2013-7112.htmlhttp://support.novell.com/security/cve/CVE-2013-7113.htmlhttp://support.novell.com/security/cve/CVE-2013-7114.htmlhttps://bugzilla.novell.com/855980
openSUSE Security Update: update for openssl
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0012-1
Rating: moderate
References: #849377 #856687
Cross-References: CVE-2013-6449
Affected Products:
openSUSE 12.3
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
- Fixed bnc#856687, openssl: crash when using TLS 1.2 Add
file: CVE-2013-6449.patch
- compression_methods_switch.patch: setenv might not be
successful if a surrounding library or application
filters it, like e.g. sudo. As setenv() does not seem to
be useful anyway, remove it. bnc#849377
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-10
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.3 (i586 x86_64):
libopenssl-devel-1.0.1e-1.17.1
libopenssl1_0_0-1.0.1e-1.17.1
libopenssl1_0_0-debuginfo-1.0.1e-1.17.1
openssl-1.0.1e-1.17.1
openssl-debuginfo-1.0.1e-1.17.1
openssl-debugsource-1.0.1e-1.17.1
- openSUSE 12.3 (x86_64):
libopenssl-devel-32bit-1.0.1e-1.17.1
libopenssl1_0_0-32bit-1.0.1e-1.17.1
libopenssl1_0_0-debuginfo-32bit-1.0.1e-1.17.1
- openSUSE 12.3 (noarch):
openssl-doc-1.0.1e-1.17.1
References:
http://support.novell.com/security/cve/CVE-2013-6449.htmlhttps://bugzilla.novell.com/849377https://bugzilla.novell.com/856687
openSUSE Security Update: update for pixman
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0011-1
Rating: moderate
References: #853824
Cross-References: CVE-2013-6425
Affected Products:
openSUSE 12.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
- Added
pixman-bnc853824-bfo67484-CVE-2013-6425-fix-underflow.patch
for bnc#853824. Fixes an integer underflow bug which can
cause a crash.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.2:
zypper in -t patch openSUSE-2014-5
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.2 (i586 x86_64):
libpixman-1-0-0.24.4-4.8.1
libpixman-1-0-debuginfo-0.24.4-4.8.1
libpixman-1-0-devel-0.24.4-4.8.1
pixman-debugsource-0.24.4-4.8.1
- openSUSE 12.2 (x86_64):
libpixman-1-0-32bit-0.24.4-4.8.1
libpixman-1-0-debuginfo-32bit-0.24.4-4.8.1
References:
http://support.novell.com/security/cve/CVE-2013-6425.htmlhttps://bugzilla.novell.com/853824
openSUSE Security Update: update for pixman
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0007-1
Rating: moderate
References: #853824
Cross-References: CVE-2013-6425
Affected Products:
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
- Added
pixman-bnc853824-bfo67484-CVE-2013-6425-fix-underflow.patch
for bnc#853824. Fixes an integer underflow bug which can
cause a crash.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-6
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.3 (i586 x86_64):
libpixman-1-0-0.28.2-2.4.1
libpixman-1-0-debuginfo-0.28.2-2.4.1
libpixman-1-0-devel-0.28.2-2.4.1
pixman-debugsource-0.28.2-2.4.1
- openSUSE 12.3 (x86_64):
libpixman-1-0-32bit-0.28.2-2.4.1
libpixman-1-0-debuginfo-32bit-0.28.2-2.4.1
References:
http://support.novell.com/security/cve/CVE-2013-6425.htmlhttps://bugzilla.novell.com/853824
openSUSE Security Update: acroread: not supported anymore
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0006-1
Rating: important
References: #843835
Affected Products:
openSUSE 12.3:NonFree
openSUSE 12.2:NonFree
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
Adobe discontinued the Adobe Reader 9 for Linux in June
2013 and has not fixed and will not fix any further
security issues in it.
As there is no new version, it is officially out of support.
The SUSE Security Team strongly recommends to not use it
anymore.
Installing this update will deinstall the plugin package to
avoid automatic exploitation via PDF embedded in webpages
or emails.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.3:NonFree:
zypper in -t patch openSUSE-2014-12
- openSUSE 12.2:NonFree:
zypper in -t patch openSUSE-2014-12
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.3:NonFree (noarch):
acroread-cmaps-9.4.1-8.1
acroread-fonts-ja-9.4.1-8.1
acroread-fonts-ko-9.4.1-8.1
acroread-fonts-zh_CN-9.4.1-8.1
acroread-fonts-zh_TW-9.4.1-8.1
- openSUSE 12.3:NonFree (i586):
acroread-9.5.5-8.1
- openSUSE 12.2:NonFree (noarch):
acroread-cmaps-9.4.1-3.16.1
acroread-fonts-ja-9.4.1-3.16.1
acroread-fonts-ko-9.4.1-3.16.1
acroread-fonts-zh_CN-9.4.1-3.16.1
acroread-fonts-zh_TW-9.4.1-3.16.1
- openSUSE 12.2:NonFree (i586):
acroread-9.5.5-3.16.1
References:
https://bugzilla.novell.com/843835