openSUSE Recommended Update: digikam: Fixes flickr upload errors by using ssl
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:1074-1
Rating: low
References: #891629
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issue with digikam:
- kde#336835/bnc#891629: Added patch which uses SSL URL for flickr to
fix upload issues
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-521
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (aarch64 armv7hl ppc64):
digikam-3.5.0-7.3
digikam-debuginfo-3.5.0-7.3
digikam-debugsource-3.5.0-7.3
kipi-plugins-3.5.0-7.3
kipi-plugins-acquireimage-3.5.0-7.3
kipi-plugins-acquireimage-debuginfo-3.5.0-7.3
kipi-plugins-debuginfo-3.5.0-7.3
kipi-plugins-geolocation-3.5.0-7.3
kipi-plugins-geolocation-debuginfo-3.5.0-7.3
libkface-devel-3.5.0-7.3
libkface2-3.5.0-7.3
libkface2-debuginfo-3.5.0-7.3
libkgeomap-devel-3.5.0-7.3
libkgeomap1-3.5.0-7.3
libkgeomap1-debuginfo-3.5.0-7.3
libmediawiki-devel-3.5.0-7.3
libmediawiki1-3.5.0-7.3
libmediawiki1-debuginfo-3.5.0-7.3
- openSUSE 13.1 (noarch):
digikam-doc-3.5.0-7.3
digikam-lang-3.5.0-7.3
kipi-plugins-lang-3.5.0-7.3
libkgeomap-lang-3.5.0-7.3
References:
https://bugzilla.novell.com/891629
openSUSE Security Update: update for python3
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1070-1
Rating: moderate
References: #885882 #886001
Cross-References: CVE-2013-2099 CVE-2014-4650
Affected Products:
openSUSE 12.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This python3 update fixes the following security and non security issues:
- CGIHTTPServer filedisclosure and directory traversal through URL-encoded
characters (CVE-2014-4650, bnc#885882)
- DoS on ssl.match_hostname via a crafted certificate with too many
wildcards (CVE-2013-2099, bnc#886001)
- fix import_failed hook file names
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-517
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.3 (i586 x86_64):
libpython3_3m1_0-3.3.0-6.23.1
libpython3_3m1_0-debuginfo-3.3.0-6.23.1
python3-3.3.0-6.23.1
python3-base-3.3.0-6.23.1
python3-base-debuginfo-3.3.0-6.23.1
python3-base-debugsource-3.3.0-6.23.1
python3-curses-3.3.0-6.23.1
python3-curses-debuginfo-3.3.0-6.23.1
python3-dbm-3.3.0-6.23.1
python3-dbm-debuginfo-3.3.0-6.23.1
python3-debuginfo-3.3.0-6.23.1
python3-debugsource-3.3.0-6.23.1
python3-devel-3.3.0-6.23.1
python3-devel-debuginfo-3.3.0-6.23.1
python3-idle-3.3.0-6.23.1
python3-testsuite-3.3.0-6.23.1
python3-testsuite-debuginfo-3.3.0-6.23.1
python3-tk-3.3.0-6.23.1
python3-tk-debuginfo-3.3.0-6.23.1
python3-tools-3.3.0-6.23.1
- openSUSE 12.3 (x86_64):
libpython3_3m1_0-32bit-3.3.0-6.23.1
libpython3_3m1_0-debuginfo-32bit-3.3.0-6.23.1
python3-32bit-3.3.0-6.23.1
python3-base-32bit-3.3.0-6.23.1
python3-base-debuginfo-32bit-3.3.0-6.23.1
python3-debuginfo-32bit-3.3.0-6.23.1
- openSUSE 12.3 (noarch):
python3-doc-3.3.0-6.23.1
python3-doc-pdf-3.3.0-6.23.1
References:
http://support.novell.com/security/cve/CVE-2013-2099.htmlhttp://support.novell.com/security/cve/CVE-2014-4650.htmlhttps://bugzilla.novell.com/885882https://bugzilla.novell.com/886001
openSUSE Security Update: update for phpMyAdmin
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1069-1
Rating: moderate
References: #892401
Cross-References: CVE-2014-4349 CVE-2014-4955 CVE-2014-4986
CVE-2014-4987 CVE-2014-5273 CVE-2014-5274
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This phpMyAdmin update addresses several security and non security issues:
- This is a phpMyAdmin version upgrade (bnc#892401): (From 4.1.14.3):
* sf#4501 [security] XSS in table browse page (CVE-2014-5273)
* sf#4502 [security] Self-XSS in enum value editor (CVE-2014-5273)
* sf#4503 [security] Self-XSSes in monitor (CVE-2014-5273)
* sf#4505 [security] XSS in view operations page (CVE-2014-5274)
* sf#4504 [security] Self-XSS in query charts (CVE-2014-5273)
* sf#4517 [security] XSS in relation view (CVE-2014-5273) (From
4.1.14.2):
* sf#4488 [security] XSS injection due to unescaped table name
(triggers)(CVE-2014-4955)
* sf#4492 [security] XSS in AJAX confirmation messages (CVE-2014-4986)
* sf#4491 [security] Missing validation for accessing User groups
feature (CVE-2014-4987) (From 4.1.14.1):
* sf#4464 [security] XSS injection due to unescaped db/table name in
navigation hiding (CVE-2014-4349) (From 4.1.14.0 through 4.1.9.0):
* Numerous non-security bugfixes are listed at
https://github.com/phpmyadmin/phpmyadmin/blob/MAINT_4_1_14/ChangeLog
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-518
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-518
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (noarch):
phpMyAdmin-4.1.14.3-8.1
- openSUSE 12.3 (noarch):
phpMyAdmin-4.1.14.3-1.16.1
References:
http://support.novell.com/security/cve/CVE-2014-4349.htmlhttp://support.novell.com/security/cve/CVE-2014-4955.htmlhttp://support.novell.com/security/cve/CVE-2014-4986.htmlhttp://support.novell.com/security/cve/CVE-2014-4987.htmlhttp://support.novell.com/security/cve/CVE-2014-5273.htmlhttp://support.novell.com/security/cve/CVE-2014-5274.htmlhttps://bugzilla.novell.com/892401
openSUSE Recommended Update: git-review: Replaces python-git-review and fixes issue with non-english locale
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:1068-1
Rating: low
References: #889147
Affected Products:
openSUSE 12.3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issues with git-review:
- replaces old package python-git-review
- bnc#889147: Fixes issues with "git-review -s" on non-english locale
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-519
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.3 (noarch):
git-review-1.23-1.3
git-review-1.23-3.1
References:
https://bugzilla.novell.com/889147
openSUSE Recommended Update: git-review: Version update to 1.24 and fixes issue with non-english locales
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:1067-1
Rating: low
References: #889147
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issues with git-review:
- update to 1.24
* Require python-requests
* Update homepage on PyPI
* Update requirements to OpenStack's recommendations
* Update the README to mention dependencies
* Ensure username is set for all tests
* Provide nicer user message for missing remote ref
* Fix a typo in HACKING.rst
* Ignore newline in bp/bug search in commit message
* Restrict tests SSH auth to only the provided key
* Disable proxies for tests that clone over http
* Keep track of gerrit.war and golden_site versions
* Fix typo in manpage s/gireview/gitreview/
* Correct git review -l over http(s)
- Avoid source Url, we're packaging from git
- update to 1.23.61:
* Topic: do not use '(detached' when detached
* Use gerrit 2.8.5 instead of gerrit 2.6.1 in tests
* Allow to specify default scheme in .gitreview file
* Correct test_remote to support branchs without upstream
* Remove parsing of --help and variants from our code
* Python2: fixed UnicodeEncodeError
* Skip invalid unicode in commit messages
* Git review assumes the wrong ssh default port
* Add http(s) protocol support to fetch_review and list_reviews
* git-review.1 manpage fix for groff warnings
* Fix parsing of SCP-style URLs, as these are valid in Git itself
* "git review --setup" failed in Chinese localei
* Bump hacking version in requirements
* Reduce testr concurrnecy to 2
* Add http(s) protocol support to set_hooks_commit_msg
* Add http(s) protocol support to test_remote
* Verify if every attached file exists. Attach gerrig.config
* Wrap exceptions that occur while running external process
* Make Gerrit port and dir selection deterministic
* Don't try to attach known_hosts if it's not there
* Remove tox locale overrides
* Fix the regex for setting topic
* Add 2m timeout to tests
* Attach Gerrit logs and known_hosts to failed tests
* Change test gerrit ssh/http ports offset
* Correct .Fl typo WRT --compare in the manual page
* Ignore content of merge commits in reporting
* Remove empty lines from git log output
* Preserve merges when doing a rebase
* Split git rev-parse --show-toplevel --git-dir on newline
* Prefer .gitconfig username
* Add more deterministic port selection for Gerrit
* Document source location as git.openstack.org
* Implement integration tests
* Migrate to pbr
* No longer check for new git-review releases
- bnc#889147: Retrieve remote pushurl independently of user's locale
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-520
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (noarch):
git-review-1.24-2.4.1
References:
https://bugzilla.novell.com/889147
openSUSE Recommended Update: octave: Fixes runtime dependencies
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:1066-1
Rating: low
References: #892123
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issue with octave:
- bnc#892123: Fixes runtime dependencies: makeinfo instead of texinfo
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-516
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-516
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
octave-3.6.4-6.4.1
octave-debuginfo-3.6.4-6.4.1
octave-debugsource-3.6.4-6.4.1
octave-devel-3.6.4-6.4.1
- openSUSE 13.1 (noarch):
octave-doc-3.6.4-6.4.1
- openSUSE 12.3 (i586 x86_64):
octave-3.6.3-4.8.1
octave-debuginfo-3.6.3-4.8.1
octave-debugsource-3.6.3-4.8.1
octave-devel-3.6.3-4.8.1
References:
https://bugzilla.novell.com/892123
openSUSE Recommended Update: kernel-firmware: Check for exact microcode filename
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:1062-1
Rating: moderate
References: #890098
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issue with kernel-firmware:
- BNC#890098: Check for exact microcode filename and drop hint if no
matching binary could be found.
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-515
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (noarch):
kernel-firmware-20130714git-2.21.1
ucode-amd-20130714git-2.21.1
References:
https://bugzilla.novell.com/890098
openSUSE Recommended Update: kexec-tools: Rebuild against current xen-devel
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:1061-1
Rating: important
References: #883686
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issue with kexec-tools:
- bnc#883686: Rebuild against current xen-devel
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-514
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
kexec-tools-2.0.3-5.4.1
kexec-tools-debuginfo-2.0.3-5.4.1
kexec-tools-debugsource-2.0.3-5.4.1
References:
https://bugzilla.novell.com/883686
openSUSE Security Update: update for IPython
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1060-1
Rating: moderate
References: #887577
Cross-References: CVE-2014-3429
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This IPython update fixes the following security issue:
- RCE in IPython Notebook via cross-origin websocket connection
(CVE-2014-3429, bnc#887577)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-513
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-513
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
python-pyzmq-13.0.0-4.4.1
python-pyzmq-debuginfo-13.0.0-4.4.1
python-pyzmq-debugsource-13.0.0-4.4.1
python-pyzmq-devel-13.0.0-4.4.1
- openSUSE 13.1 (noarch):
IPython-0.13.1-4.4.1
IPython-1.0.0-2.4.3
IPython-doc-0.13.1-4.4.1
IPython-doc-1.0.0-2.4.3
- openSUSE 12.3 (noarch):
IPython-0.13.1-4.4.1
IPython-doc-0.13.1-4.4.1
python3-IPython-0.13.1-4.4.1
References:
http://support.novell.com/security/cve/CVE-2014-3429.htmlhttps://bugzilla.novell.com/887577