openSUSE Security Update: update for squid3 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0162-1 Rating: moderate References: #794954 Cross-References: CVE-2012-5643 Affected Products: openSUSE 12.2 openSUSE 12.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - update to 3.1.23 fix for bnc#794954, CVE-2012-5643, SQUID:2012-1 - Additional fixes for CVE-2012-5643 / SQUID:2012-1 * http://www.squid-cache.org/Advisories/SQUID-2012_1.txt * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5643 - removed 3.1.12 config, nobuilddates, swapdir patch - added FSF, config, nobuilddates, swapdir patch - added rpmlintrc, service file - rebase swapdir patch Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-43 - openSUSE 12.1: zypper in -t patch openSUSE-2013-43 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): squid3-3.1.23-2.4.1 squid3-debuginfo-3.1.23-2.4.1 squid3-debugsource-3.1.23-2.4.1 - openSUSE 12.1 (i586 x86_64): squid3-3.1.23-2.6.1 squid3-debuginfo-3.1.23-2.6.1 squid3-debugsource-3.1.23-2.6.1 References: http://support.novell.com/security/cve/CVE-2012-5643.html https://bugzilla.novell.com/794954