March 2014 - openSUSE Updates - openSUSE Mailing Lists

openSUSE-SU-2014:0399-1: moderate: net-snmp: security fixes for remote denial of service problems
by opensuse-security＠opensuse.org 19 Mar '14

19 Mar '14

openSUSE Security Update: net-snmp: security fixes for remote denial of service problems ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0399-1 Rating: moderate References: #866942 Cross-References: CVE-2014-2284 CVE-2014-2285 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: net-snmp was updated to fix potential remote denial of service problems: - fixed a potential remote denial of service problem within the Linux ICMP-MIB implementation (CVE-2014-2284)(bnc#866942) - fixed a potential remote denial of service problem inside the snmptrapd Perl trap handler (CVE-2014-2285)(bnc#866942) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2014-36 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): libsnmp25-5.6.1-4.35.1 libsnmp25-debuginfo-5.6.1-4.35.1 net-snmp-5.6.1-4.35.1 net-snmp-debuginfo-5.6.1-4.35.1 net-snmp-debugsource-5.6.1-4.35.1 net-snmp-devel-5.6.1-4.35.1 perl-SNMP-5.6.1-4.35.1 perl-SNMP-debuginfo-5.6.1-4.35.1 snmp-mibs-5.6.1-4.35.1 - openSUSE 11.4 (x86_64): libsnmp25-32bit-5.6.1-4.35.1 libsnmp25-debuginfo-32bit-5.6.1-4.35.1 - openSUSE 11.4 (ia64): libsnmp25-debuginfo-x86-5.6.1-4.35.1 libsnmp25-x86-5.6.1-4.35.1 References: http://support.novell.com/security/cve/CVE-2014-2284.html http://support.novell.com/security/cve/CVE-2014-2285.html https://bugzilla.novell.com/866942

1 0

openSUSE-SU-2014:0398-1: moderate: net-snmp: security fixes for remote denial of service problems
by opensuse-security＠opensuse.org 19 Mar '14

19 Mar '14

openSUSE Security Update: net-snmp: security fixes for remote denial of service problems ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0398-1 Rating: moderate References: #866942 Cross-References: CVE-2014-2284 CVE-2014-2285 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: net-snmp was updated to fix potential remote denial of service problems: - fixed a potential remote denial of service problem within the Linux ICMP-MIB implementation (CVE-2014-2284)(bnc#866942) - fixed a potential remote denial of service problem inside the snmptrapd Perl trap handler (CVE-2014-2285)(bnc#866942) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-227 - openSUSE 12.3: zypper in -t patch openSUSE-2014-227 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): libsnmp30-5.7.2-9.4.1 libsnmp30-debuginfo-5.7.2-9.4.1 net-snmp-5.7.2-9.4.1 net-snmp-debuginfo-5.7.2-9.4.1 net-snmp-debugsource-5.7.2-9.4.1 net-snmp-devel-5.7.2-9.4.1 net-snmp-python-5.7.2-9.4.1 net-snmp-python-debuginfo-5.7.2-9.4.1 perl-SNMP-5.7.2-9.4.1 perl-SNMP-debuginfo-5.7.2-9.4.1 snmp-mibs-5.7.2-9.4.1 - openSUSE 13.1 (x86_64): libsnmp30-32bit-5.7.2-9.4.1 libsnmp30-debuginfo-32bit-5.7.2-9.4.1 net-snmp-devel-32bit-5.7.2-9.4.1 - openSUSE 12.3 (i586 x86_64): libsnmp30-5.7.2-3.8.1 libsnmp30-debuginfo-5.7.2-3.8.1 net-snmp-5.7.2-3.8.1 net-snmp-debuginfo-5.7.2-3.8.1 net-snmp-debugsource-5.7.2-3.8.1 net-snmp-devel-5.7.2-3.8.1 perl-SNMP-5.7.2-3.8.1 perl-SNMP-debuginfo-5.7.2-3.8.1 snmp-mibs-5.7.2-3.8.1 - openSUSE 12.3 (x86_64): libsnmp30-32bit-5.7.2-3.8.1 libsnmp30-debuginfo-32bit-5.7.2-3.8.1 net-snmp-devel-32bit-5.7.2-3.8.1 References: http://support.novell.com/security/cve/CVE-2014-2284.html http://support.novell.com/security/cve/CVE-2014-2285.html https://bugzilla.novell.com/866942

1 0

openSUSE-RU-2014:0396-1: less: Fix lesspipe.sh for removing properly the leftover tmp files when viewing patch files without colordiff
by maintenance＠opensuse.org 19 Mar '14

19 Mar '14

openSUSE Recommended Update: less: Fix lesspipe.sh for removing properly the leftover tmp files when viewing patch files without colordiff ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0396-1 Rating: low References: #850225 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue with less: - bnc#850225: Fix lesspipe.sh for removing properly the leftover tmp files when viewing patch files without colordiff (bnc#850225) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-225 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): less-458-2.4.1 less-debuginfo-458-2.4.1 less-debugsource-458-2.4.1 References: https://bugzilla.novell.com/850225

1 0

openSUSE-RU-2014:0395-1: moderate: open-iscsi: Cleaned up systemd unit files and spec entries
by maintenance＠opensuse.org 19 Mar '14

19 Mar '14

openSUSE Recommended Update: open-iscsi: Cleaned up systemd unit files and spec entries ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0395-1 Rating: moderate References: #847953 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update cleanes up systemd unit files and spec entries (bnc#847953) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-226 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): open-iscsi-2.0.873-2.8.1 open-iscsi-debuginfo-2.0.873-2.8.1 open-iscsi-debugsource-2.0.873-2.8.1 References: https://bugzilla.novell.com/847953

1 0

openSUSE-SU-2014:0394-1: moderate: libjansson: fixed denial of service problem in hash table
by opensuse-security＠opensuse.org 19 Mar '14

19 Mar '14

openSUSE Security Update: libjansson: fixed denial of service problem in hash table ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0394-1 Rating: moderate References: #863301 Cross-References: CVE-2013-6401 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: libjansson was updated to fix a hash table collission CPU usage denial of service issue, when an attacker can supply his own JSON file. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-224 - openSUSE 12.3: zypper in -t patch openSUSE-2014-224 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): libjansson-debugsource-2.3.1-7.4.1 libjansson-devel-2.3.1-7.4.1 libjansson4-2.3.1-7.4.1 libjansson4-debuginfo-2.3.1-7.4.1 - openSUSE 12.3 (i586 x86_64): libjansson-debugsource-2.3.1-5.4.1 libjansson-devel-2.3.1-5.4.1 libjansson4-2.3.1-5.4.1 libjansson4-debuginfo-2.3.1-5.4.1 References: http://support.novell.com/security/cve/CVE-2013-6401.html https://bugzilla.novell.com/863301

1 0

openSUSE-RU-2014:0393-1: autofs: various bug fixes
by maintenance＠opensuse.org 18 Mar '14

18 Mar '14

openSUSE Recommended Update: autofs: various bug fixes ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0393-1 Rating: low References: #820585 #847207 #853469 #859969 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: AutoFS was updated to upstream version 5.0.8, including many fixes and enhancements: - Fix the special -hosts map (auto.net) in IPv6 environments (bnc#847207) - Fix deadlock when trying to lock mutex that's already owned by the same thread (bnc#859969) - Serialize LDAP unbind operations, as they're also not thread-safe and could cause segmentation faults (bnc#853469) - Fix crash due to thread unsafe use of libldap (bnc#820585) Please refer to the package's change log for a comprehensive list of changes. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-221 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): autofs-5.0.8-19.8.1 autofs-debuginfo-5.0.8-19.8.1 autofs-debugsource-5.0.8-19.8.1 References: https://bugzilla.novell.com/820585 https://bugzilla.novell.com/847207 https://bugzilla.novell.com/853469 https://bugzilla.novell.com/859969

1 0

openSUSE-RU-2014:0392-1: python-numpy, python-scipy: - rename PY_ARRAY_UNIQUE_SYMBOL to something other than PyArray_API
by maintenance＠opensuse.org 18 Mar '14

18 Mar '14

openSUSE Recommended Update: python-numpy, python-scipy: - rename PY_ARRAY_UNIQUE_SYMBOL to something other than PyArray_API ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0392-1 Rating: low References: #853466 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue with python-numpy and python-scipy: - bnc#853466: rename PY_ARRAY_UNIQUE_SYMBOL to something other than PyArray_API to alleviate risk of symbol name conflicts in code generated by f2py - rebuild python-scipy against the current python-numpy api Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-222 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): python-numpy-1.7.1-4.4.1 python-numpy-debuginfo-1.7.1-4.4.1 python-numpy-debugsource-1.7.1-4.4.1 python-numpy-devel-1.7.1-4.4.1 python-scipy-0.12.0-3.3.1 python-scipy-debuginfo-0.12.0-3.3.1 python-scipy-debugsource-0.12.0-3.3.1 python-scipy-weave-0.12.0-3.3.1 - openSUSE 13.1 (noarch): python-numpy-doc-html-1.7.1-4.4.2 python-numpy-doc-pdf-1.7.1-4.4.2 python-numpydoc-1.7.1-4.4.2 References: https://bugzilla.novell.com/853466

1 0

openSUSE-RU-2014:0391-1: bluez: fix logitech mx5500 mouse and keyboard
by maintenance＠opensuse.org 18 Mar '14

18 Mar '14

openSUSE Recommended Update: bluez: fix logitech mx5500 mouse and keyboard ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0391-1 Rating: low References: #681049 #850478 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issue with bluez: - bnc#850478, bnc#681049: fix logitech mx5500 mouse and keyboard Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-223 - openSUSE 12.3: zypper in -t patch openSUSE-2014-223 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): bluez-5.8-3.9.1 bluez-cups-5.8-3.9.1 bluez-cups-debuginfo-5.8-3.9.1 bluez-debuginfo-5.8-3.9.1 bluez-debugsource-5.8-3.9.1 bluez-devel-5.8-3.9.1 bluez-test-5.8-3.9.1 bluez-test-debuginfo-5.8-3.9.1 libbluetooth3-5.8-3.9.1 libbluetooth3-debuginfo-5.8-3.9.1 - openSUSE 13.1 (x86_64): bluez-devel-32bit-5.8-3.9.1 libbluetooth3-32bit-5.8-3.9.1 libbluetooth3-debuginfo-32bit-5.8-3.9.1 - openSUSE 12.3 (i586 x86_64): bluez-4.101-7.5.1 bluez-alsa-4.101-7.5.1 bluez-alsa-debuginfo-4.101-7.5.1 bluez-compat-4.101-7.5.1 bluez-compat-debuginfo-4.101-7.5.1 bluez-cups-4.101-7.5.1 bluez-cups-debuginfo-4.101-7.5.1 bluez-debuginfo-4.101-7.5.1 bluez-debugsource-4.101-7.5.1 bluez-devel-4.101-7.5.1 bluez-gstreamer-4.101-7.5.1 bluez-gstreamer-debuginfo-4.101-7.5.1 bluez-gstreamer-debugsource-4.101-7.5.1 bluez-test-4.101-7.5.1 bluez-test-debuginfo-4.101-7.5.1 libbluetooth3-4.101-7.5.1 libbluetooth3-debuginfo-4.101-7.5.1 - openSUSE 12.3 (x86_64): bluez-devel-32bit-4.101-7.5.1 libbluetooth3-32bit-4.101-7.5.1 libbluetooth3-debuginfo-32bit-4.101-7.5.1 References: https://bugzilla.novell.com/681049 https://bugzilla.novell.com/850478

1 0

openSUSE-SU-2014:0390-1: moderate: udisks: fixed a buffer overflow
by opensuse-security＠opensuse.org 18 Mar '14

18 Mar '14

openSUSE Security Update: udisks: fixed a buffer overflow ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0390-1 Rating: moderate References: #865854 Cross-References: CVE-2014-0004 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: udisks was updated to fix a buffer overflow in mount path parsing. If users have the possibility to create very long mount points, such as with FUSE, they could cause udisksd to crash, or even to run arbitrary code as root with specially crafted mount paths.(bnc#865854, CVE-2014-0004) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2014-35 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): udisks-1.0.2-3.16.1 udisks-debuginfo-1.0.2-3.16.1 udisks-debugsource-1.0.2-3.16.1 udisks-devel-1.0.2-3.16.1 References: http://support.novell.com/security/cve/CVE-2014-0004.html https://bugzilla.novell.com/865854

1 0

openSUSE-SU-2014:0389-1: moderate: udisks: fixed a buffer overflow
by opensuse-security＠opensuse.org 18 Mar '14

18 Mar '14

openSUSE Security Update: udisks: fixed a buffer overflow ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0389-1 Rating: moderate References: #865854 Cross-References: CVE-2014-0004 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: udisks was updated to fix a buffer overflow in mount path parsing. If users have the possibility to create very long mount points, such as with FUSE, they could cause udisksd to crash, or even to run arbitrary code as root with specially crafted mount paths. (bnc#865854, CVE-2014-0004) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-219 - openSUSE 12.3: zypper in -t patch openSUSE-2014-219 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): udisks-1.0.4-13.4.1 udisks-debuginfo-1.0.4-13.4.1 udisks-debugsource-1.0.4-13.4.1 udisks-devel-1.0.4-13.4.1 - openSUSE 12.3 (i586 x86_64): udisks-1.0.4-11.4.1 udisks-debuginfo-1.0.4-11.4.1 udisks-debugsource-1.0.4-11.4.1 udisks-devel-1.0.4-11.4.1 References: http://support.novell.com/security/cve/CVE-2014-0004.html https://bugzilla.novell.com/865854

1 0