openSUSE Security Update: sysconfig ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0242-1 Rating: moderate References: #559170 #580018 #697929 #735394 #739338 Cross-References: CVE-2011-4182 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for sysconfig contains the following fixes: - sysconfig hook script for NetworkManager did not properly quote shell meta characters when processing ESSIDs. Specially crafted network names could therefore lead to execution of shell code (CVE-2011-4182). - Explicitly disabled posix mode in all bash scripts as we are using several features not supported in posix mode (bnc#739338). - Fixed ipv6 dad / link ready wait time calculation (1/10 of the specified time were used), replaced useless up flag check loop with link_ready_wait to avoid send errors from dhclient6 and cleaned up link / dad wait verify flag after status update (bnc#697929). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch sysconfig-5631 - openSUSE 11.3: zypper in -t patch sysconfig-5630 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): sysconfig-0.74.5-6.13.1 - openSUSE 11.3 (i586 x86_64): sysconfig-0.73.7-2.15.1 References: http://support.novell.com/security/cve/CVE-2011-4182.html https://bugzilla.novell.com/559170 https://bugzilla.novell.com/580018 https://bugzilla.novell.com/697929 https://bugzilla.novell.com/735394 https://bugzilla.novell.com/739338