May 2014 - openSUSE Updates - openSUSE Mailing Lists

openSUSE-RU-2014:0647-1: moderate: gtkspell3: check the NULL pointer to avoid segfault in strcmp
by maintenance＠opensuse.org 15 May '14

15 May '14

openSUSE Recommended Update: gtkspell3: check the NULL pointer to avoid segfault in strcmp ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0647-1 Rating: moderate References: #876684 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue with gtkspell3: - bnc#876684: check the NULL pointer to avoid segfault in strcmp Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-364 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): gtkspell3-debugsource-3.0.3-2.4.1 gtkspell3-devel-3.0.3-2.4.1 libgtkspell3-3-0-3.0.3-2.4.1 libgtkspell3-3-0-debuginfo-3.0.3-2.4.1 typelib-1_0-GtkSpell-3_0-3.0.3-2.4.1 - openSUSE 13.1 (noarch): gtkspell3-lang-3.0.3-2.4.1 References: https://bugzilla.novell.com/876684

1 0

openSUSE-RU-2014:0646-1: moderate: osc: Update to 0.145.0
by maintenance＠opensuse.org 15 May '14

15 May '14

openSUSE Recommended Update: osc: Update to 0.145.0 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0646-1 Rating: moderate References: #699224 #807621 #815296 Affected Products: openSUSE 12.3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues with osc: - Update from 0.139.1 to 0.145.0 + allow to use the set-release option when running a manual release + added support for "osc requestmaintainership PROJECT" + various bugfixes: * print_buildlog: do not strip tabs * fixed "osc -H ..." in combination with a proxy * fixed creation of ~/.osc_cookiejar * Package.commit: create _meta for newly added packages * fixed behavior of set_link_rev #72 + fixed typos in PKGBUILD file: no comma in depends tag (as pointed out by roflik) + fixed "osc meta pkg -e" regression for special package names + allow commiting to package sources from linked projects. osc will ask to branch it first. + group support in bugowner and maintainer command + add option to add a auto-accept in future for delete requests (handy for admins) + many bugfixes: * plugin loading * bugowner handling * download of server side generated source "up -S" * wipebinaries command + bnc#699224: package COPYING + support for ppc64le architecture + fixes regression for wipebinaries call + fixes "osc api" call when uploading binaries via POST + support for OBS 2.5 authentification token support + ppc64p7 build support + request --no-devel to disable request forwarding + crash bug fix for copypac + crash fixes + support for kiwi appliance builds using obsrepositories:/ directive + support for manual release of sources and binaries + add --last parameter for build logs to show last finished log file, if currently building + add signkey --sslcert option to fetch the optional create ssl certificate instead of gpg key + improved compatibility with old plugins + support python 2.7 and python 3 in parallel now + reworked plugin loading mechanism in order to avoid the (mass) breakage of existing plugins due to the python 3 support. Nonetheless if a plugin uses the "@cmdln.option(...)" decorator it has to import the cmdln module first via "from osc import cmdln". + allow specifying directories as mv targets + drop the support for deprecated cbinstall and cbpreinstall directives + allow to set maintainer or bugowner ship for a binary package initially, but ask back if this is the right place. + support listing of deleted source files "ls -D $PROJECT $PACKAGE" + build results do show that a succeeded is not yet published + improved bash completions + default build root includes repository and architecture name now + --request-accept-or-revoke option, useful to handle mass approval of requests + multiple minor bugfixes + bnc#815296: fix build on ppc/s390/ia64 + bnc#807621: when forwarding a request, previous request is not superseded automatically + fix with/without definitions, --with should not define %_without and vice versa + Abort when the server is not answering with 200 or 404 when downloading _pubkey files - really use the internal rpm signature check + some spelling corrections Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2014-367 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (noarch): osc-0.145.0-1.4.1 References: https://bugzilla.novell.com/699224 https://bugzilla.novell.com/807621 https://bugzilla.novell.com/815296

1 0

openSUSE-SU-2014:0645-1: libxml2
by opensuse-security＠opensuse.org 15 May '14

15 May '14

openSUSE Security Update: libxml2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0645-1 Rating: low References: #876652 Cross-References: CVE-2014-0191 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - fix for CVE-2014-0191 (bnc#876652) * libxml2: external parameter entity loaded when entity substitution is disabled * added libxml2-CVE-2014-0191.patch Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-363 - openSUSE 12.3: zypper in -t patch openSUSE-2014-363 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): libxml2-2-2.9.1-2.4.1 libxml2-2-debuginfo-2.9.1-2.4.1 libxml2-debugsource-2.9.1-2.4.1 libxml2-devel-2.9.1-2.4.1 libxml2-tools-2.9.1-2.4.1 libxml2-tools-debuginfo-2.9.1-2.4.1 python-libxml2-2.9.1-2.4.1 python-libxml2-debuginfo-2.9.1-2.4.1 python-libxml2-debugsource-2.9.1-2.4.1 - openSUSE 13.1 (x86_64): libxml2-2-32bit-2.9.1-2.4.1 libxml2-2-debuginfo-32bit-2.9.1-2.4.1 libxml2-devel-32bit-2.9.1-2.4.1 - openSUSE 13.1 (noarch): libxml2-doc-2.9.1-2.4.1 - openSUSE 12.3 (i586 x86_64): libxml2-2-2.9.0-2.21.1 libxml2-2-debuginfo-2.9.0-2.21.1 libxml2-debugsource-2.9.0-2.21.1 libxml2-devel-2.9.0-2.21.1 libxml2-tools-2.9.0-2.21.1 libxml2-tools-debuginfo-2.9.0-2.21.1 python-libxml2-2.9.0-2.21.1 python-libxml2-debuginfo-2.9.0-2.21.1 python-libxml2-debugsource-2.9.0-2.21.1 - openSUSE 12.3 (x86_64): libxml2-2-32bit-2.9.0-2.21.1 libxml2-2-debuginfo-32bit-2.9.0-2.21.1 libxml2-devel-32bit-2.9.0-2.21.1 - openSUSE 12.3 (noarch): libxml2-doc-2.9.0-2.21.1 References: http://support.novell.com/security/cve/CVE-2014-0191.html https://bugzilla.novell.com/876652

1 0

openSUSE-RU-2014:0644-1: important: osc: Update to 0.145.0
by maintenance＠opensuse.org 15 May '14

15 May '14

openSUSE Recommended Update: osc: Update to 0.145.0 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0644-1 Rating: important References: #874267 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues with osc: - Update from 0.144.1 to 0.145.0 + bnc#874267: Fixes a regression + allow to use the set-release option when running a manual release + added support for "osc requestmaintainership PROJECT" + various bugfixes: * print_buildlog: do not strip tabs * fixed "osc -H ..." in combination with a proxy * fixed creation of ~/.osc_cookiejar * Package.commit: create _meta for newly added packages * fixed behavior of set_link_rev #72 + fixed typos in PKGBUILD file: no comma in depends tag (as pointed out by roflik) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-366 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (noarch): osc-0.145.0-2.12.1 References: https://bugzilla.novell.com/874267

1 0

openSUSE-RU-2014:0641-1: important: seamonkey: fix translations packaging
by maintenance＠opensuse.org 14 May '14

14 May '14

openSUSE Recommended Update: seamonkey: fix translations packaging ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0641-1 Rating: important References: #877263 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes a regression introduced with the last update of seamonkey: - bnc#877263: fix translations packaging Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-362 - openSUSE 12.3: zypper in -t patch openSUSE-2014-362 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): seamonkey-2.26-24.1 seamonkey-debuginfo-2.26-24.1 seamonkey-debugsource-2.26-24.1 seamonkey-dom-inspector-2.26-24.1 seamonkey-irc-2.26-24.1 seamonkey-translations-common-2.26-24.1 seamonkey-translations-other-2.26-24.1 seamonkey-venkman-2.26-24.1 - openSUSE 12.3 (i586 x86_64): seamonkey-2.26-1.49.1 seamonkey-debuginfo-2.26-1.49.1 seamonkey-debugsource-2.26-1.49.1 seamonkey-dom-inspector-2.26-1.49.1 seamonkey-irc-2.26-1.49.1 seamonkey-translations-common-2.26-1.49.1 seamonkey-translations-other-2.26-1.49.1 seamonkey-venkman-2.26-1.49.1 References: https://bugzilla.novell.com/877263

1 0

openSUSE-SU-2014:0640-1: moderate: update for MozillaThunderbird
by opensuse-security＠opensuse.org 14 May '14

14 May '14

openSUSE Security Update: update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0640-1 Rating: moderate References: #875378 Cross-References: CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This is a MozillaThunderbird update to version 24.5.0: * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 (bmo#969226) Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 (bmo#989183) Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 (bmo#987003) Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 (bmo#895557) Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 (bmo#987140) Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 (bmo#966006) Use-after-free in nsHostResolver - use shipped-locales as the authoritative source for supported locales (some unsupported locales disappear from -other package) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-361 - openSUSE 12.3: zypper in -t patch openSUSE-2014-361 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): MozillaThunderbird-24.5.0-70.19.3 MozillaThunderbird-buildsymbols-24.5.0-70.19.3 MozillaThunderbird-debuginfo-24.5.0-70.19.3 MozillaThunderbird-debugsource-24.5.0-70.19.3 MozillaThunderbird-devel-24.5.0-70.19.3 MozillaThunderbird-translations-common-24.5.0-70.19.3 MozillaThunderbird-translations-other-24.5.0-70.19.3 enigmail-1.6.0+24.5.0-70.19.3 enigmail-debuginfo-1.6.0+24.5.0-70.19.3 - openSUSE 12.3 (i586 x86_64): MozillaThunderbird-24.5.0-61.47.2 MozillaThunderbird-buildsymbols-24.5.0-61.47.2 MozillaThunderbird-debuginfo-24.5.0-61.47.2 MozillaThunderbird-debugsource-24.5.0-61.47.2 MozillaThunderbird-devel-24.5.0-61.47.2 MozillaThunderbird-translations-common-24.5.0-61.47.2 MozillaThunderbird-translations-other-24.5.0-61.47.2 enigmail-1.6.0+24.5.0-61.47.2 enigmail-debuginfo-1.6.0+24.5.0-61.47.2 References: http://support.novell.com/security/cve/CVE-2014-1518.html http://support.novell.com/security/cve/CVE-2014-1523.html http://support.novell.com/security/cve/CVE-2014-1524.html http://support.novell.com/security/cve/CVE-2014-1529.html http://support.novell.com/security/cve/CVE-2014-1530.html http://support.novell.com/security/cve/CVE-2014-1531.html http://support.novell.com/security/cve/CVE-2014-1532.html https://bugzilla.novell.com/875378

1 0

openSUSE-SU-2014:0637-1: moderate: update for android-tools
by opensuse-security＠opensuse.org 13 May '14

13 May '14

openSUSE Security Update: update for android-tools ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0637-1 Rating: moderate References: #863074 Cross-References: CVE-2014-1909 Affected Products: openSUSE 12.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - Fix overflow in adb CVE-2014-1909 [bnc#863074] * fix-overflow-in-adb_client.patch Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2014-358 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): android-tools-4.2.1_r1-2.5.1 android-tools-debuginfo-4.2.1_r1-2.5.1 android-tools-debugsource-4.2.1_r1-2.5.1 References: http://support.novell.com/security/cve/CVE-2014-1909.html https://bugzilla.novell.com/863074

1 0

openSUSE-SU-2014:0636-1: moderate: update for android-tools
by opensuse-security＠opensuse.org 13 May '14

13 May '14

openSUSE Security Update: update for android-tools ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0636-1 Rating: moderate References: #863074 Cross-References: CVE-2014-1909 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - Fix overflow in adb CVE-2014-1909 [bnc#863074] * fix-overflow-in-adb_client.patch Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-357 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): android-tools-4.2.2_r1-2.4.1 android-tools-debuginfo-4.2.2_r1-2.4.1 android-tools-debugsource-4.2.2_r1-2.4.1 References: http://support.novell.com/security/cve/CVE-2014-1909.html https://bugzilla.novell.com/863074

1 0

openSUSE-SU-2014:0635-1: moderate: update for openssl
by opensuse-security＠opensuse.org 13 May '14

13 May '14

openSUSE Security Update: update for openssl ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0635-1 Rating: moderate References: #876282 Cross-References: CVE-2014-0198 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - Fixed bug[ bnc#876282], CVE-2014-0198 openssl: OpenSSL NULL pointer dereference in do_ssl3_write Add file: CVE-2014-0198.patch Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-359 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): libopenssl-devel-1.0.1g-11.44.1 libopenssl1_0_0-1.0.1g-11.44.1 libopenssl1_0_0-debuginfo-1.0.1g-11.44.1 openssl-1.0.1g-11.44.1 openssl-debuginfo-1.0.1g-11.44.1 openssl-debugsource-1.0.1g-11.44.1 - openSUSE 13.1 (x86_64): libopenssl-devel-32bit-1.0.1g-11.44.1 libopenssl1_0_0-32bit-1.0.1g-11.44.1 libopenssl1_0_0-debuginfo-32bit-1.0.1g-11.44.1 - openSUSE 13.1 (noarch): openssl-doc-1.0.1g-11.44.1 References: http://support.novell.com/security/cve/CVE-2014-0198.html https://bugzilla.novell.com/876282

1 0

openSUSE-SU-2014:0634-1: moderate: update for openssl
by opensuse-security＠opensuse.org 13 May '14

13 May '14

openSUSE Security Update: update for openssl ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0634-1 Rating: moderate References: #876282 Cross-References: CVE-2014-0198 Affected Products: openSUSE 12.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - Fixed bug[ bnc#876282], CVE-2014-0198 openssl: OpenSSL NULL pointer dereference in do_ssl3_write Add file: CVE-2014-0198.patch Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2014-360 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): libopenssl-devel-1.0.1g-1.56.1 libopenssl1_0_0-1.0.1g-1.56.1 libopenssl1_0_0-debuginfo-1.0.1g-1.56.1 openssl-1.0.1g-1.56.1 openssl-debuginfo-1.0.1g-1.56.1 openssl-debugsource-1.0.1g-1.56.1 - openSUSE 12.3 (x86_64): libopenssl-devel-32bit-1.0.1g-1.56.1 libopenssl1_0_0-32bit-1.0.1g-1.56.1 libopenssl1_0_0-debuginfo-32bit-1.0.1g-1.56.1 - openSUSE 12.3 (noarch): openssl-doc-1.0.1g-1.56.1 References: http://support.novell.com/security/cve/CVE-2014-0198.html https://bugzilla.novell.com/876282

1 0