March 2014 - openSUSE Updates - openSUSE Mailing Lists

openSUSE-RU-2014:0442-1: fontforge: fix linking against libpng
by maintenance＠opensuse.org 25 Mar '14

25 Mar '14

openSUSE Recommended Update: fontforge: fix linking against libpng ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0442-1 Rating: low References: #867041 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue with fontforge: - bnc#867041: Fix linking against libpng. Wrong linking can cause segmenation fault. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-252 - openSUSE 12.3: zypper in -t patch openSUSE-2014-252 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): fontforge-20120731-6.4.1 fontforge-debuginfo-20120731-6.4.1 fontforge-debugsource-20120731-6.4.1 fontforge-devel-20120731-6.4.1 - openSUSE 12.3 (i586 x86_64): fontforge-20120731-2.4.1 fontforge-debuginfo-20120731-2.4.1 fontforge-debugsource-20120731-2.4.1 fontforge-devel-20120731-2.4.1 References: https://bugzilla.novell.com/867041

1 0

openSUSE-RU-2014:0441-1: postgrey: Several fixes
by maintenance＠opensuse.org 25 Mar '14

25 Mar '14

openSUSE Recommended Update: postgrey: Several fixes ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0441-1 Rating: low References: #782364 #809400 #815160 #862552 Affected Products: openSUSE 12.3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues with postgrey: - fix for bnc#782364 (duplicates bnc#809400, bnc#815160) + postgrey does not start - bnc#862552: fix files section in spec file - fix change of name and location of whitelist_recipients - Added missing perl-Net-DNS is needed for postgreyreport - fix multiple bugs in systemd unit file, syslog.target must not be used neither Requires but Wants - update to 1.34: + gracefully handle future timestamps in the database + replaced obsolete Digest::SHA1 with Digest::SHA + updated whitelist Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2014-248 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (x86_64): postgrey-1.34-22.3.1 - openSUSE 12.3 (i586): postgrey-1.34-22.4.1 References: https://bugzilla.novell.com/782364 https://bugzilla.novell.com/809400 https://bugzilla.novell.com/815160 https://bugzilla.novell.com/862552

1 0

openSUSE-RU-2014:0440-1: xinetd: Make sure that xinetd service becomes real after network is up
by maintenance＠opensuse.org 25 Mar '14

25 Mar '14

openSUSE Recommended Update: xinetd: Make sure that xinetd service becomes real after network is up ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0440-1 Rating: low References: #866433 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue with xinetd: - bnc#866433: Make sure that xinetd service becomes real after network is up Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-251 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): xinetd-2.3.15-2.4.1 xinetd-debuginfo-2.3.15-2.4.1 xinetd-debugsource-2.3.15-2.4.1 References: https://bugzilla.novell.com/866433

1 0

openSUSE-RU-2014:0439-1: proftpd: fixed start due to missing /var/run/proftpd
by maintenance＠opensuse.org 25 Mar '14

25 Mar '14

openSUSE Recommended Update: proftpd: fixed start due to missing /var/run/proftpd ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0439-1 Rating: low References: #844183 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue with proftpd: - bnc#844183: Fixed start due to missing /var/run/proftpd - add own proftpd.tmpfile Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-254 - openSUSE 12.3: zypper in -t patch openSUSE-2014-254 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): proftpd-1.3.4d-4.1 proftpd-debuginfo-1.3.4d-4.1 proftpd-debugsource-1.3.4d-4.1 proftpd-devel-1.3.4d-4.1 proftpd-doc-1.3.4d-4.1 proftpd-ldap-1.3.4d-4.1 proftpd-ldap-debuginfo-1.3.4d-4.1 proftpd-mysql-1.3.4d-4.1 proftpd-mysql-debuginfo-1.3.4d-4.1 proftpd-pgsql-1.3.4d-4.1 proftpd-pgsql-debuginfo-1.3.4d-4.1 proftpd-radius-1.3.4d-4.1 proftpd-radius-debuginfo-1.3.4d-4.1 proftpd-sqlite-1.3.4d-4.1 proftpd-sqlite-debuginfo-1.3.4d-4.1 - openSUSE 13.1 (noarch): proftpd-lang-1.3.4d-4.1 - openSUSE 12.3 (i586 x86_64): proftpd-1.3.4d-4.8.1 proftpd-debuginfo-1.3.4d-4.8.1 proftpd-debugsource-1.3.4d-4.8.1 proftpd-devel-1.3.4d-4.8.1 proftpd-doc-1.3.4d-4.8.1 proftpd-ldap-1.3.4d-4.8.1 proftpd-ldap-debuginfo-1.3.4d-4.8.1 proftpd-mysql-1.3.4d-4.8.1 proftpd-mysql-debuginfo-1.3.4d-4.8.1 proftpd-pgsql-1.3.4d-4.8.1 proftpd-pgsql-debuginfo-1.3.4d-4.8.1 proftpd-radius-1.3.4d-4.8.1 proftpd-radius-debuginfo-1.3.4d-4.8.1 proftpd-sqlite-1.3.4d-4.8.1 proftpd-sqlite-debuginfo-1.3.4d-4.8.1 - openSUSE 12.3 (noarch): proftpd-lang-1.3.4d-4.8.1 References: https://bugzilla.novell.com/844183

1 0

openSUSE-RU-2014:0438-1: important: dosfstools: Prevent corruption of FAT during fsck on 64 bit platforms.
by maintenance＠opensuse.org 25 Mar '14

25 Mar '14

openSUSE Recommended Update: dosfstools: Prevent corruption of FAT during fsck on 64 bit platforms. ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0438-1 Rating: important References: #867122 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue with dosfstools: - bnc#867122: unsigned long is 64 bit on x86-64, which means set_fat was writing two entries, which corrupts the next entry. This can cause loss of data in another file. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-253 - openSUSE 12.3: zypper in -t patch openSUSE-2014-253 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): dosfstools-3.0.22-2.4.1 dosfstools-debuginfo-3.0.22-2.4.1 dosfstools-debugsource-3.0.22-2.4.1 - openSUSE 12.3 (i586 x86_64): dosfstools-3.0.10-26.8.1 dosfstools-debuginfo-3.0.10-26.8.1 dosfstools-debugsource-3.0.10-26.8.1 References: https://bugzilla.novell.com/867122

1 0

openSUSE-RU-2014:0437-1: postgrey: Two bugfixes
by maintenance＠opensuse.org 25 Mar '14

25 Mar '14

openSUSE Recommended Update: postgrey: Two bugfixes ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0437-1 Rating: low References: #862552 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues with postgrey: - bnc#862552: fix files section in spec-file - include change of name and location of whitelist_recipients Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-249 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): postgrey-1.34-4.4.1 References: https://bugzilla.novell.com/862552

1 0

openSUSE-SU-2014:0436-1: moderate: mutt: fixed remote triggerable crash in header view
by opensuse-security＠opensuse.org 25 Mar '14

25 Mar '14

openSUSE Security Update: mutt: fixed remote triggerable crash in header view ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0436-1 Rating: moderate References: #868115 Cross-References: CVE-2014-0467 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The mailreader mutt was updated to fix a crash in header view that could be triggered by malformed e-mails and potentially be used to execute code. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2014-38 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): mutt-1.5.21-14.21.1 mutt-debuginfo-1.5.21-14.21.1 mutt-debugsource-1.5.21-14.21.1 References: http://support.novell.com/security/cve/CVE-2014-0467.html https://bugzilla.novell.com/868115

1 0

openSUSE-SU-2014:0435-1: moderate: file: fixed off-by-one errors
by opensuse-security＠opensuse.org 25 Mar '14

25 Mar '14

openSUSE Security Update: file: fixed off-by-one errors ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0435-1 Rating: moderate References: #866750 Cross-References: CVE-2014-2270 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The file magic scanning tool/library was updated to fix a off-by-one error in the last security fixes. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-255 - openSUSE 12.3: zypper in -t patch openSUSE-2014-255 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): file-5.15-4.20.1 file-debuginfo-5.15-4.20.1 file-debugsource-5.15-4.20.1 file-devel-5.15-4.20.1 file-magic-5.15-4.20.1 libmagic1-5.15-4.20.1 libmagic1-debuginfo-5.15-4.20.1 python-magic-5.15-4.20.1 - openSUSE 13.1 (x86_64): libmagic1-32bit-5.15-4.20.1 libmagic1-debuginfo-32bit-5.15-4.20.1 - openSUSE 12.3 (i586 x86_64): file-5.11-12.16.1 file-debuginfo-5.11-12.16.1 file-debugsource-5.11-12.16.1 file-devel-5.11-12.16.1 libmagic-data-5.11-12.16.1 libmagic1-5.11-12.16.1 libmagic1-debuginfo-5.11-12.16.1 python-magic-5.11-12.16.1 - openSUSE 12.3 (x86_64): libmagic1-32bit-5.11-12.16.1 libmagic1-debuginfo-32bit-5.11-12.16.1 References: http://support.novell.com/security/cve/CVE-2014-2270.html https://bugzilla.novell.com/866750

1 0

openSUSE-SU-2014:0434-1: moderate: mutt: fixed remote triggerable crash in header view
by opensuse-security＠opensuse.org 25 Mar '14

25 Mar '14

openSUSE Security Update: mutt: fixed remote triggerable crash in header view ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0434-1 Rating: moderate References: #868115 Cross-References: CVE-2014-0467 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The mailreader mutt was updated to fix a crash in header view that could be triggered by malformed e-mails and potentially be used to execute code. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-246 - openSUSE 12.3: zypper in -t patch openSUSE-2014-246 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): mutt-1.5.21-41.4.1 mutt-debuginfo-1.5.21-41.4.1 mutt-debugsource-1.5.21-41.4.1 - openSUSE 12.3 (i586 x86_64): mutt-1.5.21-36.4.1 mutt-debuginfo-1.5.21-36.4.1 mutt-debugsource-1.5.21-36.4.1 References: http://support.novell.com/security/cve/CVE-2014-0467.html https://bugzilla.novell.com/868115

1 0

openSUSE-SU-2014:0433-1: important: perl-HTTP-Body: update to 1.19 release with security fixes
by opensuse-security＠opensuse.org 25 Mar '14

25 Mar '14

openSUSE Security Update: perl-HTTP-Body: update to 1.19 release with security fixes ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0433-1 Rating: important References: #844951 Cross-References: CVE-2013-4407 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: perl-HTTP-Body was updated to 1.19 and also received a security fix for a potential remote code injection when upload files. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-247 - openSUSE 12.3: zypper in -t patch openSUSE-2014-247 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (noarch): perl-HTTP-Body-1.19-2.4.1 - openSUSE 12.3 (noarch): perl-HTTP-Body-1.19-4.4.1 References: http://support.novell.com/security/cve/CVE-2013-4407.html https://bugzilla.novell.com/844951

1 0