openSUSE Updates October 2015

updates@lists.opensuse.org

2 participants
61 discussions

openSUSE-SU-2015:1849-1: moderate: Security update for sudo
by opensuse-security＠opensuse.org 30 Oct '15

30 Oct '15

openSUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1849-1 Rating: moderate References: #917806 Cross-References: CVE-2014-9680 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: sudo was updated to fix one security issue. This security issue was fixed: - CVE-2014-9680: Unsafe handling of TZ environment variable (bsc#917806). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2015-687=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): sudo-1.8.10p3-5.1 sudo-debuginfo-1.8.10p3-5.1 sudo-debugsource-1.8.10p3-5.1 sudo-devel-1.8.10p3-5.1 sudo-test-1.8.10p3-5.1 References: https://www.suse.com/security/cve/CVE-2014-9680.html https://bugzilla.suse.com/917806

1 0

openSUSE-RU-2015:1843-1: Recommended udpate for pullin-bcm43xx-firmware and pullin-fluendo-mp3
by maintenance＠opensuse.org 29 Oct '15

29 Oct '15

openSUSE Recommended Update: Recommended udpate for pullin-bcm43xx-firmware and pullin-fluendo-mp3 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2015:1843-1 Rating: low References: Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This is the initial update to pullin bcm43xx-firmware and fluendo-mp3. (https://progress.opensuse.org/issues/9020) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2015-685=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (noarch): pullin-bcm43xx-firmware-1.0-4.1 pullin-fluendo-mp3-13.2-4.1 References:

1 0

openSUSE-SU-2015:1825-2: fix boo#948602 boo#948045
by opensuse-security＠opensuse.org 29 Oct '15

29 Oct '15

openSUSE Security Update: fix boo#948602 boo#948045 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1825-2 Rating: low References: #948045 #948602 Cross-References: CVE-2015-7384 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: * boo#948602/cve#2015-7384: HTTP Denial of Service Vulnerability * boo#948045: addon-rpm.gypi wasn't installed * Leap: update nodejs to 4.2.1 from 0.12.7 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2015-680=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): nodejs-4.2.1-6.1 nodejs-debuginfo-4.2.1-6.1 nodejs-debugsource-4.2.1-6.1 nodejs-devel-4.2.1-6.1 nodejs-npm-4.2.1-6.1 - openSUSE Leap 42.1 (noarch): nodejs-docs-4.2.1-6.1 References: https://www.suse.com/security/cve/CVE-2015-7384.html https://bugzilla.suse.com/948045 https://bugzilla.suse.com/948602

1 0

openSUSE-SU-2015:1836-2: moderate: Security update for wireshark
by opensuse-security＠opensuse.org 29 Oct '15

29 Oct '15

openSUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1836-2 Rating: moderate References: #941500 #950437 Cross-References: CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249 CVE-2015-7830 Affected Products: openSUSE ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: wireshark was updated to version 1.12.8 to fix ten security issues. These security issues were fixed: - CVE-2015-6247: The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 did not validate a certain offset value, which allowed remote attackers to cause a denial of service (infinite loop) via a crafted packet (bsc#941500). - CVE-2015-6246: The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). - CVE-2015-6245: epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 used incorrect integer data types, which allowed remote attackers to cause a denial of service (infinite loop) via a crafted packet (bsc#941500). - CVE-2015-6244: The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). - CVE-2015-6243: The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions (bsc#941500). - CVE-2015-6242: The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 did not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allowed remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet (bsc#941500). - CVE-2015-6241: The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 did not properly terminate a data structure after a failure to locate a number within a string, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). - CVE-2015-7830: pcapng file parser could crash while copying an interface filter (bsc#950437). - CVE-2015-6249: The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 did not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). - CVE-2015-6248: The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 did not check whether the expected amount of data is available, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE : zypper in -t patch openSUSE-2015-683=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE (i586 x86_64): wireshark-1.12.8-9.1 wireshark-debuginfo-1.12.8-9.1 wireshark-debugsource-1.12.8-9.1 wireshark-devel-1.12.8-9.1 wireshark-ui-gtk-1.12.8-9.1 wireshark-ui-gtk-debuginfo-1.12.8-9.1 wireshark-ui-qt-1.12.8-9.1 wireshark-ui-qt-debuginfo-1.12.8-9.1 References: https://www.suse.com/security/cve/CVE-2015-6241.html https://www.suse.com/security/cve/CVE-2015-6242.html https://www.suse.com/security/cve/CVE-2015-6243.html https://www.suse.com/security/cve/CVE-2015-6244.html https://www.suse.com/security/cve/CVE-2015-6245.html https://www.suse.com/security/cve/CVE-2015-6246.html https://www.suse.com/security/cve/CVE-2015-6247.html https://www.suse.com/security/cve/CVE-2015-6248.html https://www.suse.com/security/cve/CVE-2015-6249.html https://www.suse.com/security/cve/CVE-2015-7830.html https://bugzilla.suse.com/941500 https://bugzilla.suse.com/950437

1 0

openSUSE-SU-2015:1842-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 29 Oct '15

29 Oct '15

openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1842-1 Rating: important References: #919154 #926238 #937969 #938645 #939834 #940338 #941104 #941305 #941867 #942178 #944296 #947155 #951195 #951440 Cross-References: CVE-2015-0272 CVE-2015-1333 CVE-2015-2925 CVE-2015-3290 CVE-2015-5283 CVE-2015-5707 CVE-2015-7872 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 7 fixes is now available. Description: The openSUSE 13.2 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: * CVE-2015-3290: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform improperly relied on espfix64 during nested NMI processing, which allowed local users to gain privileges by triggering an NMI within a certain instruction window (bnc#937969) * CVE-2015-0272: It was reported that it's possible to craft a Router Advertisement message which will bring the receiver in a state where new IPv6 connections will not be accepted until correct Router Advertisement message received. (bsc#944296). * CVE-2015-5283: The sctp_init function in net/sctp/protocol.c in the Linux kernel had an incorrect sequence of protocol-initialization steps, which allowed local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished (bnc#947155). * CVE-2015-1333: Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys. (bsc#938645) * CVE-2015-5707: Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. (bsc#940338) * CVE-2015-2925: An attacker could potentially break out of a namespace or container, depending on if he had specific rights in these containers. (bsc#926238). * CVE-2015-7872: A vulnerability in keyrings garbage collector allowed a local user to trigger an oops was found, caused by using request_key() or keyctl request2. (bsc#951440) The following non-security bugs were fixed: - input: evdev - do not report errors form flush() (bsc#939834). - NFSv4: Recovery of recalled read delegations is broken (bsc#942178). - apparmor: temporary work around for bug while unloading policy (boo#941867). - config/x86_64/ec2: Align CONFIG_STRICT_DEVMEM CONFIG_STRICT_DEVMEM is enabled in every other kernel flavor, so enable it for x86_64/ec2 as well. - kernel-obs-build: add btrfs to initrd This is needed for kiwi builds. - mmc: card: Do not access RPMB partitions for normal read/write (bnc#941104). - netback: coalesce (guest) RX SKBs as needed (bsc#919154). - rpm/kernel-obs-build.spec.in: Add virtio_rng to the initrd. This allows to feed some randomness to the OBS workers. - xfs: Fix file type directory corruption for btree directories (bsc#941305). - xfs: ensure buffer types are set correctly (bsc#941305). - xfs: inode unlink does not set AGI buffer type (bsc#941305). - xfs: set buf types when converting extent formats (bsc#941305). - xfs: set superblock buffer type correctly (bsc#941305). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#951195). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-686=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): bbswitch-0.8-3.13.2 bbswitch-debugsource-0.8-3.13.2 bbswitch-kmp-default-0.8_k3.16.7_29-3.13.2 bbswitch-kmp-default-debuginfo-0.8_k3.16.7_29-3.13.2 bbswitch-kmp-desktop-0.8_k3.16.7_29-3.13.2 bbswitch-kmp-desktop-debuginfo-0.8_k3.16.7_29-3.13.2 bbswitch-kmp-xen-0.8_k3.16.7_29-3.13.2 bbswitch-kmp-xen-debuginfo-0.8_k3.16.7_29-3.13.2 cloop-2.639-14.13.2 cloop-debuginfo-2.639-14.13.2 cloop-debugsource-2.639-14.13.2 cloop-kmp-default-2.639_k3.16.7_29-14.13.2 cloop-kmp-default-debuginfo-2.639_k3.16.7_29-14.13.2 cloop-kmp-desktop-2.639_k3.16.7_29-14.13.2 cloop-kmp-desktop-debuginfo-2.639_k3.16.7_29-14.13.2 cloop-kmp-xen-2.639_k3.16.7_29-14.13.2 cloop-kmp-xen-debuginfo-2.639_k3.16.7_29-14.13.2 crash-7.0.8-13.2 crash-debuginfo-7.0.8-13.2 crash-debugsource-7.0.8-13.2 crash-devel-7.0.8-13.2 crash-doc-7.0.8-13.2 crash-eppic-7.0.8-13.2 crash-eppic-debuginfo-7.0.8-13.2 crash-gcore-7.0.8-13.2 crash-gcore-debuginfo-7.0.8-13.2 crash-kmp-default-7.0.8_k3.16.7_29-13.2 crash-kmp-default-debuginfo-7.0.8_k3.16.7_29-13.2 crash-kmp-desktop-7.0.8_k3.16.7_29-13.2 crash-kmp-desktop-debuginfo-7.0.8_k3.16.7_29-13.2 crash-kmp-xen-7.0.8_k3.16.7_29-13.2 crash-kmp-xen-debuginfo-7.0.8_k3.16.7_29-13.2 hdjmod-debugsource-1.28-18.14.2 hdjmod-kmp-default-1.28_k3.16.7_29-18.14.2 hdjmod-kmp-default-debuginfo-1.28_k3.16.7_29-18.14.2 hdjmod-kmp-desktop-1.28_k3.16.7_29-18.14.2 hdjmod-kmp-desktop-debuginfo-1.28_k3.16.7_29-18.14.2 hdjmod-kmp-xen-1.28_k3.16.7_29-18.14.2 hdjmod-kmp-xen-debuginfo-1.28_k3.16.7_29-18.14.2 ipset-6.23-13.2 ipset-debuginfo-6.23-13.2 ipset-debugsource-6.23-13.2 ipset-devel-6.23-13.2 ipset-kmp-default-6.23_k3.16.7_29-13.2 ipset-kmp-default-debuginfo-6.23_k3.16.7_29-13.2 ipset-kmp-desktop-6.23_k3.16.7_29-13.2 ipset-kmp-desktop-debuginfo-6.23_k3.16.7_29-13.2 ipset-kmp-xen-6.23_k3.16.7_29-13.2 ipset-kmp-xen-debuginfo-6.23_k3.16.7_29-13.2 kernel-default-3.16.7-29.1 kernel-default-base-3.16.7-29.1 kernel-default-base-debuginfo-3.16.7-29.1 kernel-default-debuginfo-3.16.7-29.1 kernel-default-debugsource-3.16.7-29.1 kernel-default-devel-3.16.7-29.1 kernel-ec2-3.16.7-29.1 kernel-ec2-base-3.16.7-29.1 kernel-ec2-devel-3.16.7-29.1 kernel-obs-build-3.16.7-29.2 kernel-obs-build-debugsource-3.16.7-29.2 kernel-obs-qa-3.16.7-29.1 kernel-obs-qa-xen-3.16.7-29.1 kernel-syms-3.16.7-29.1 libipset3-6.23-13.2 libipset3-debuginfo-6.23-13.2 pcfclock-0.44-260.13.2 pcfclock-debuginfo-0.44-260.13.2 pcfclock-debugsource-0.44-260.13.2 pcfclock-kmp-default-0.44_k3.16.7_29-260.13.2 pcfclock-kmp-default-debuginfo-0.44_k3.16.7_29-260.13.2 pcfclock-kmp-desktop-0.44_k3.16.7_29-260.13.2 pcfclock-kmp-desktop-debuginfo-0.44_k3.16.7_29-260.13.2 vhba-kmp-debugsource-20140629-2.13.2 vhba-kmp-default-20140629_k3.16.7_29-2.13.2 vhba-kmp-default-debuginfo-20140629_k3.16.7_29-2.13.2 vhba-kmp-desktop-20140629_k3.16.7_29-2.13.2 vhba-kmp-desktop-debuginfo-20140629_k3.16.7_29-2.13.2 vhba-kmp-xen-20140629_k3.16.7_29-2.13.2 vhba-kmp-xen-debuginfo-20140629_k3.16.7_29-2.13.2 xen-debugsource-4.4.2_06-27.2 xen-devel-4.4.2_06-27.2 xen-libs-4.4.2_06-27.2 xen-libs-debuginfo-4.4.2_06-27.2 xen-tools-domU-4.4.2_06-27.2 xen-tools-domU-debuginfo-4.4.2_06-27.2 xtables-addons-2.6-13.2 xtables-addons-debuginfo-2.6-13.2 xtables-addons-debugsource-2.6-13.2 xtables-addons-kmp-default-2.6_k3.16.7_29-13.2 xtables-addons-kmp-default-debuginfo-2.6_k3.16.7_29-13.2 xtables-addons-kmp-desktop-2.6_k3.16.7_29-13.2 xtables-addons-kmp-desktop-debuginfo-2.6_k3.16.7_29-13.2 xtables-addons-kmp-xen-2.6_k3.16.7_29-13.2 xtables-addons-kmp-xen-debuginfo-2.6_k3.16.7_29-13.2 - openSUSE 13.2 (i686 x86_64): kernel-debug-3.16.7-29.1 kernel-debug-base-3.16.7-29.1 kernel-debug-base-debuginfo-3.16.7-29.1 kernel-debug-debuginfo-3.16.7-29.1 kernel-debug-debugsource-3.16.7-29.1 kernel-debug-devel-3.16.7-29.1 kernel-debug-devel-debuginfo-3.16.7-29.1 kernel-desktop-3.16.7-29.1 kernel-desktop-base-3.16.7-29.1 kernel-desktop-base-debuginfo-3.16.7-29.1 kernel-desktop-debuginfo-3.16.7-29.1 kernel-desktop-debugsource-3.16.7-29.1 kernel-desktop-devel-3.16.7-29.1 kernel-ec2-base-debuginfo-3.16.7-29.1 kernel-ec2-debuginfo-3.16.7-29.1 kernel-ec2-debugsource-3.16.7-29.1 kernel-vanilla-3.16.7-29.1 kernel-vanilla-debuginfo-3.16.7-29.1 kernel-vanilla-debugsource-3.16.7-29.1 kernel-vanilla-devel-3.16.7-29.1 kernel-xen-3.16.7-29.1 kernel-xen-base-3.16.7-29.1 kernel-xen-base-debuginfo-3.16.7-29.1 kernel-xen-debuginfo-3.16.7-29.1 kernel-xen-debugsource-3.16.7-29.1 kernel-xen-devel-3.16.7-29.1 - openSUSE 13.2 (x86_64): xen-4.4.2_06-27.2 xen-doc-html-4.4.2_06-27.2 xen-kmp-default-4.4.2_06_k3.16.7_29-27.2 xen-kmp-default-debuginfo-4.4.2_06_k3.16.7_29-27.2 xen-kmp-desktop-4.4.2_06_k3.16.7_29-27.2 xen-kmp-desktop-debuginfo-4.4.2_06_k3.16.7_29-27.2 xen-libs-32bit-4.4.2_06-27.2 xen-libs-debuginfo-32bit-4.4.2_06-27.2 xen-tools-4.4.2_06-27.2 xen-tools-debuginfo-4.4.2_06-27.2 - openSUSE 13.2 (noarch): kernel-devel-3.16.7-29.1 kernel-docs-3.16.7-29.3 kernel-macros-3.16.7-29.1 kernel-source-3.16.7-29.1 kernel-source-vanilla-3.16.7-29.1 - openSUSE 13.2 (i686): kernel-pae-3.16.7-29.1 kernel-pae-base-3.16.7-29.1 kernel-pae-base-debuginfo-3.16.7-29.1 kernel-pae-debuginfo-3.16.7-29.1 kernel-pae-debugsource-3.16.7-29.1 kernel-pae-devel-3.16.7-29.1 - openSUSE 13.2 (i586): bbswitch-kmp-pae-0.8_k3.16.7_29-3.13.2 bbswitch-kmp-pae-debuginfo-0.8_k3.16.7_29-3.13.2 cloop-kmp-pae-2.639_k3.16.7_29-14.13.2 cloop-kmp-pae-debuginfo-2.639_k3.16.7_29-14.13.2 crash-kmp-pae-7.0.8_k3.16.7_29-13.2 crash-kmp-pae-debuginfo-7.0.8_k3.16.7_29-13.2 hdjmod-kmp-pae-1.28_k3.16.7_29-18.14.2 hdjmod-kmp-pae-debuginfo-1.28_k3.16.7_29-18.14.2 ipset-kmp-pae-6.23_k3.16.7_29-13.2 ipset-kmp-pae-debuginfo-6.23_k3.16.7_29-13.2 pcfclock-kmp-pae-0.44_k3.16.7_29-260.13.2 pcfclock-kmp-pae-debuginfo-0.44_k3.16.7_29-260.13.2 vhba-kmp-pae-20140629_k3.16.7_29-2.13.2 vhba-kmp-pae-debuginfo-20140629_k3.16.7_29-2.13.2 xtables-addons-kmp-pae-2.6_k3.16.7_29-13.2 xtables-addons-kmp-pae-debuginfo-2.6_k3.16.7_29-13.2 References: https://www.suse.com/security/cve/CVE-2015-0272.html https://www.suse.com/security/cve/CVE-2015-1333.html https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-3290.html https://www.suse.com/security/cve/CVE-2015-5283.html https://www.suse.com/security/cve/CVE-2015-5707.html https://www.suse.com/security/cve/CVE-2015-7872.html https://bugzilla.suse.com/919154 https://bugzilla.suse.com/926238 https://bugzilla.suse.com/937969 https://bugzilla.suse.com/938645 https://bugzilla.suse.com/939834 https://bugzilla.suse.com/940338 https://bugzilla.suse.com/941104 https://bugzilla.suse.com/941305 https://bugzilla.suse.com/941867 https://bugzilla.suse.com/942178 https://bugzilla.suse.com/944296 https://bugzilla.suse.com/947155 https://bugzilla.suse.com/951195 https://bugzilla.suse.com/951440

1 0

openSUSE-SU-2015:1830-2: moderate: Security update for libressl
by opensuse-security＠opensuse.org 29 Oct '15

29 Oct '15

openSUSE Security Update: Security update for libressl ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1830-2 Rating: moderate References: #950707 #950708 Cross-References: CVE-2015-5333 CVE-2015-5334 Affected Products: openSUSE ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: libressl was updated to fix two security issues. These security issues were fixed: - CVE-2015-5333: Memory leak when decoding X.509 certificates (boo#950707) - CVE-2015-5334: Buffer overflow when decoding X.509 certificates (boo#950708) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE : zypper in -t patch openSUSE-2015-681=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE (i586 x86_64): libcrypto36-2.3.0-3.1 libcrypto36-debuginfo-2.3.0-3.1 libressl-2.3.0-3.1 libressl-debuginfo-2.3.0-3.1 libressl-debugsource-2.3.0-3.1 libressl-devel-2.3.0-3.1 libssl37-2.3.0-3.1 libssl37-debuginfo-2.3.0-3.1 libtls9-2.3.0-3.1 libtls9-debuginfo-2.3.0-3.1 - openSUSE (x86_64): libcrypto36-32bit-2.3.0-3.1 libcrypto36-debuginfo-32bit-2.3.0-3.1 libressl-devel-32bit-2.3.0-3.1 libssl37-32bit-2.3.0-3.1 libssl37-debuginfo-32bit-2.3.0-3.1 libtls9-32bit-2.3.0-3.1 libtls9-debuginfo-32bit-2.3.0-3.1 - openSUSE (noarch): libressl-devel-doc-2.3.0-3.1 References: https://www.suse.com/security/cve/CVE-2015-5333.html https://www.suse.com/security/cve/CVE-2015-5334.html https://bugzilla.suse.com/950707 https://bugzilla.suse.com/950708

1 0

openSUSE-SU-2015:1835-2: moderate: Security update for squid
by opensuse-security＠opensuse.org 29 Oct '15

29 Oct '15

openSUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1835-2 Rating: moderate References: #949942 Cross-References: CVE-2014-9749 Affected Products: openSUSE ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: squid was updated to fix one security issue. This security issue was fixed: - CVE-2014-9749: Nonce replay vulnerability in Digest authentication (bsc#949942). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE : zypper in -t patch openSUSE-2015-684=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE (i586 x86_64): squid-3.3.13-3.1 squid-debuginfo-3.3.13-3.1 squid-debugsource-3.3.13-3.1 References: https://www.suse.com/security/cve/CVE-2014-9749.html https://bugzilla.suse.com/949942

1 0

openSUSE-SU-2015:1836-1: moderate: Security update for wireshark
by opensuse-security＠opensuse.org 28 Oct '15

28 Oct '15

openSUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1836-1 Rating: moderate References: #941500 #950437 Cross-References: CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249 CVE-2015-7830 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: wireshark was updated to version 1.12.8 to fix ten security issues. These security issues were fixed: - CVE-2015-6247: The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 did not validate a certain offset value, which allowed remote attackers to cause a denial of service (infinite loop) via a crafted packet (bsc#941500). - CVE-2015-6246: The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). - CVE-2015-6245: epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 used incorrect integer data types, which allowed remote attackers to cause a denial of service (infinite loop) via a crafted packet (bsc#941500). - CVE-2015-6244: The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). - CVE-2015-6243: The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions (bsc#941500). - CVE-2015-6242: The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 did not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allowed remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet (bsc#941500). - CVE-2015-6241: The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 did not properly terminate a data structure after a failure to locate a number within a string, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). - CVE-2015-7830: pcapng file parser could crash while copying an interface filter (bsc#950437). - CVE-2015-6249: The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 did not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). - CVE-2015-6248: The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 did not check whether the expected amount of data is available, which allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#941500). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-683=1 - openSUSE 13.1: zypper in -t patch openSUSE-2015-683=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): wireshark-1.12.8-25.1 wireshark-debuginfo-1.12.8-25.1 wireshark-debugsource-1.12.8-25.1 wireshark-devel-1.12.8-25.1 wireshark-ui-gtk-1.12.8-25.1 wireshark-ui-gtk-debuginfo-1.12.8-25.1 wireshark-ui-qt-1.12.8-25.1 wireshark-ui-qt-debuginfo-1.12.8-25.1 - openSUSE 13.1 (i586 x86_64): wireshark-1.12.8-43.1 wireshark-debuginfo-1.12.8-43.1 wireshark-debugsource-1.12.8-43.1 wireshark-devel-1.12.8-43.1 wireshark-ui-gtk-1.12.8-43.1 wireshark-ui-gtk-debuginfo-1.12.8-43.1 wireshark-ui-qt-1.12.8-43.1 wireshark-ui-qt-debuginfo-1.12.8-43.1 References: https://www.suse.com/security/cve/CVE-2015-6241.html https://www.suse.com/security/cve/CVE-2015-6242.html https://www.suse.com/security/cve/CVE-2015-6243.html https://www.suse.com/security/cve/CVE-2015-6244.html https://www.suse.com/security/cve/CVE-2015-6245.html https://www.suse.com/security/cve/CVE-2015-6246.html https://www.suse.com/security/cve/CVE-2015-6247.html https://www.suse.com/security/cve/CVE-2015-6248.html https://www.suse.com/security/cve/CVE-2015-6249.html https://www.suse.com/security/cve/CVE-2015-7830.html https://bugzilla.suse.com/941500 https://bugzilla.suse.com/950437

1 0

openSUSE-SU-2015:1835-1: moderate: Security update for squid
by opensuse-security＠opensuse.org 28 Oct '15

28 Oct '15

openSUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1835-1 Rating: moderate References: #949942 Cross-References: CVE-2014-9749 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: squid was updated to fix one security issue. This security issue was fixed: - CVE-2014-9749: Nonce replay vulnerability in Digest authentication (bsc#949942). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-684=1 - openSUSE 13.1: zypper in -t patch openSUSE-2015-684=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): squid-3.4.4-3.13.1 squid-debuginfo-3.4.4-3.13.1 squid-debugsource-3.4.4-3.13.1 - openSUSE 13.1 (i586 x86_64): squid-3.3.13-2.23.1 squid-debuginfo-3.3.13-2.23.1 squid-debugsource-3.3.13-2.23.1 References: https://www.suse.com/security/cve/CVE-2014-9749.html https://bugzilla.suse.com/949942

1 0

openSUSE-SU-2015:1831-1: important: Security update for haproxy
by opensuse-security＠opensuse.org 27 Oct '15

27 Oct '15

openSUSE Security Update: Security update for haproxy ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1831-1 Rating: important References: #937042 #937202 Cross-References: CVE-2015-3281 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: haproxy was updated to fix two security issues. These security issues were fixed: - CVE-2015-3281: The buffer_slow_realign function in HAProxy did not properly realign a buffer that is used for pending outgoing data, which allowed remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request (bsc#937042). - Changed DH parameters to prevent Logjam attack. These non-security issues were fixed: - BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data - BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id - MEDIUM: ssl: replace standards DH groups with custom ones - BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten - MINOR: ssl: add a destructor to free allocated SSL ressources - BUG/MINOR: ssl: Display correct filename in error message - MINOR: ssl: load certificates in alphabetical order - BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks - BUG/MEDIUM: ssl: force a full GC in case of memory shortage - BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM. - BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates - MINOR: ssl: add statement to force some ssl options in global. - MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER formatted certs Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-682=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): haproxy-1.5.5-3.1 haproxy-debuginfo-1.5.5-3.1 haproxy-debugsource-1.5.5-3.1 References: https://www.suse.com/security/cve/CVE-2015-3281.html https://bugzilla.suse.com/937042 https://bugzilla.suse.com/937202

1 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

openSUSE Updates October 2015