openSUSE Security Update: Security update for apache2
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1726-1
Rating: moderate
References: #792309 #842377 #849445 #864166 #871310 #909715
Cross-References: CVE-2013-5704 CVE-2014-8109
Affected Products:
openSUSE 13.2
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that solves two vulnerabilities and has four
fixes is now available.
Description:
Apache2 was updated to fix bugs and security issues.
Security issues fixed: CVE-2013-5704: Added a change to fix a flaw in the
way mod_headers handled chunked requests. Adds "MergeTrailers" directive
to restore legacy behavior [bnc#871310],
CVE-2014-8109: Fixes handling of the Require line when a LuaAuthzProvider
is used in multiple Require directives with different arguments.
Bugfixes:
- changed apache2.service file to fix situation where apache won't start
at boot when using an encrypted certificate because user isn't prompted
for password during boot [bnc#792309].
- added <IfModule> around SSLSessionCache to avoid failing to start
[bnc#842377], [bnc#849445] and [bnc#864166].
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2014-822
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-822
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-822
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.2 (i586 x86_64):
apache2-2.4.10-4.1
apache2-debuginfo-2.4.10-4.1
apache2-debugsource-2.4.10-4.1
apache2-devel-2.4.10-4.1
apache2-event-2.4.10-4.1
apache2-event-debuginfo-2.4.10-4.1
apache2-example-pages-2.4.10-4.1
apache2-prefork-2.4.10-4.1
apache2-prefork-debuginfo-2.4.10-4.1
apache2-utils-2.4.10-4.1
apache2-utils-debuginfo-2.4.10-4.1
apache2-worker-2.4.10-4.1
apache2-worker-debuginfo-2.4.10-4.1
- openSUSE 13.2 (noarch):
apache2-doc-2.4.10-4.1
- openSUSE 13.1 (i586 x86_64):
apache2-2.4.6-6.37.1
apache2-debuginfo-2.4.6-6.37.1
apache2-debugsource-2.4.6-6.37.1
apache2-devel-2.4.6-6.37.1
apache2-event-2.4.6-6.37.1
apache2-event-debuginfo-2.4.6-6.37.1
apache2-example-pages-2.4.6-6.37.1
apache2-prefork-2.4.6-6.37.1
apache2-prefork-debuginfo-2.4.6-6.37.1
apache2-utils-2.4.6-6.37.1
apache2-utils-debuginfo-2.4.6-6.37.1
apache2-worker-2.4.6-6.37.1
apache2-worker-debuginfo-2.4.6-6.37.1
- openSUSE 13.1 (noarch):
apache2-doc-2.4.6-6.37.1
- openSUSE 12.3 (i586 x86_64):
apache2-2.2.29-10.20.1
apache2-debuginfo-2.2.29-10.20.1
apache2-debugsource-2.2.29-10.20.1
apache2-devel-2.2.29-10.20.1
apache2-event-2.2.29-10.20.1
apache2-event-debuginfo-2.2.29-10.20.1
apache2-example-pages-2.2.29-10.20.1
apache2-itk-2.2.29-10.20.1
apache2-itk-debuginfo-2.2.29-10.20.1
apache2-prefork-2.2.29-10.20.1
apache2-prefork-debuginfo-2.2.29-10.20.1
apache2-utils-2.2.29-10.20.1
apache2-utils-debuginfo-2.2.29-10.20.1
apache2-worker-2.2.29-10.20.1
apache2-worker-debuginfo-2.2.29-10.20.1
- openSUSE 12.3 (noarch):
apache2-doc-2.2.29-10.20.1
References:
http://support.novell.com/security/cve/CVE-2013-5704.htmlhttp://support.novell.com/security/cve/CVE-2014-8109.htmlhttps://bugzilla.suse.com/show_bug.cgi?id=792309https://bugzilla.suse.com/show_bug.cgi?id=842377https://bugzilla.suse.com/show_bug.cgi?id=849445https://bugzilla.suse.com/show_bug.cgi?id=864166https://bugzilla.suse.com/show_bug.cgi?id=871310https://bugzilla.suse.com/show_bug.cgi?id=909715
openSUSE Security Update: Security update for docker
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1722-1
Rating: moderate
References: #909709 #909710 #909712
Cross-References: CVE-2014-9356 CVE-2014-9357 CVE-2014-9358
Affected Products:
openSUSE 13.2
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This docker version update fixes the following security and non security
issues and adds additional features.
- Updated to 1.4.0 (2014-12-11):
* Notable Features since 1.3.0:
- Set key=value labels to the daemon (displayed in `docker info`),
applied with new `-label` daemon flag
- Add support for `ENV` in Dockerfile of the form: `ENV name=value
name2=value2...`
- New Overlayfs Storage Driver
- `docker info` now returns an `ID` and `Name` field
- Filter events by event name, container, or image
- `docker cp` now supports copying from container volumes
- Fixed `docker tag`, so it honors `--force` when overriding a tag for
existing image.
- Changes introduced by 1.3.3 (2014-12-11):
* Security:
- Fix path traversal vulnerability in processing of absolute symbolic
links (CVE-2014-9356) - (bnc#909709)
- Fix decompression of xz image archives, preventing privilege
escalation (CVE-2014-9357) - (bnc#909710)
- Validate image IDs (CVE-2014-9358) - (bnc#909712)
* Runtime:
- Fix an issue when image archives are being read slowly
* Client:
- Fix a regression related to stdin redirection
- Fix a regression with `docker cp` when destination is the current
directory
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2014-820
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.2 (x86_64):
docker-1.4.0-13.1
docker-debuginfo-1.4.0-13.1
docker-debugsource-1.4.0-13.1
- openSUSE 13.2 (noarch):
docker-bash-completion-1.4.0-13.1
docker-zsh-completion-1.4.0-13.1
References:
http://support.novell.com/security/cve/CVE-2014-9356.htmlhttp://support.novell.com/security/cve/CVE-2014-9357.htmlhttp://support.novell.com/security/cve/CVE-2014-9358.htmlhttps://bugzilla.suse.com/show_bug.cgi?id=909709https://bugzilla.suse.com/show_bug.cgi?id=909710https://bugzilla.suse.com/show_bug.cgi?id=909712
openSUSE Security Update: Security update for file
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1721-1
Rating: moderate
References: #910252 #910253
Cross-References: CVE-2014-8116 CVE-2014-8117
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This file update fixes the following two security issues:
- bsc#910252: multiple denial of service issues (resource consumption)
(CVE-2014-8116)
- bsc#910253: denial of service issue (resource consumption)
(CVE-2014-8117)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-817
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
file-5.15-4.28.1
file-debuginfo-5.15-4.28.1
file-debugsource-5.15-4.28.1
file-devel-5.15-4.28.1
file-magic-5.15-4.28.1
libmagic1-5.15-4.28.1
libmagic1-debuginfo-5.15-4.28.1
python-magic-5.15-4.28.1
- openSUSE 13.1 (x86_64):
libmagic1-32bit-5.15-4.28.1
libmagic1-debuginfo-32bit-5.15-4.28.1
References:
http://support.novell.com/security/cve/CVE-2014-8116.htmlhttp://support.novell.com/security/cve/CVE-2014-8117.htmlhttps://bugzilla.suse.com/show_bug.cgi?id=910252https://bugzilla.suse.com/show_bug.cgi?id=910253
openSUSE Security Update: Security update for file
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1720-1
Rating: moderate
References:
Affected Products:
openSUSE 13.2
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This file update fixes the following two security issues:
- bsc#910252: multiple denial of service issues (resource consumption)
(CVE-2014-8116)
- bsc#910253: denial of service issue (resource consumption)
(CVE-2014-8117)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2014-817
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.2 (i586 x86_64):
file-5.19-3.8.1
file-debuginfo-5.19-3.8.1
file-debugsource-5.19-3.8.1
file-devel-5.19-3.8.1
file-magic-5.19-3.8.1
libmagic1-5.19-3.8.1
libmagic1-debuginfo-5.19-3.8.1
python-magic-5.19-3.8.1
- openSUSE 13.2 (x86_64):
libmagic1-32bit-5.19-3.8.1
libmagic1-debuginfo-32bit-5.19-3.8.1
References: