Mailinglist Archive: opensuse-updates (56 mails)

< Previous Next >
openSUSE-SU-2012:0862-1: moderate: libgdata for SSL certificate checking
openSUSE Security Update: libgdata for SSL certificate checking
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0862-1
Rating: moderate
References: #752088
Cross-References: CVE-2012-1177
Affected Products:
openSUSE 12.1
openSUSE 11.4
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

Changes in libgdata:
- Add libgdata-validate-ssl-cert.patch: validate SSL
certificates for all connections. Fix bnc#752088,
CVE-2012-1177.
- Add gnome-common BuildRequires and call gnome-autogen.sh:
needed for above patch.
- Pass --with-ca-certs=/etc/ssl/ca-bundle.pem to configure
to let libgdata know about the location of our
certificates.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-381

- openSUSE 11.4:

zypper in -t patch openSUSE-2012-381

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.1 (i586 ia64 x86_64):

libgdata-debugsource-0.10.1-2.4.1

- openSUSE 12.1 (i586 x86_64):

libgdata-devel-0.10.1-2.4.1
libgdata13-0.10.1-2.4.1
libgdata13-debuginfo-0.10.1-2.4.1

- openSUSE 12.1 (x86_64):

libgdata13-32bit-0.10.1-2.4.1
libgdata13-debuginfo-32bit-0.10.1-2.4.1

- openSUSE 12.1 (noarch):

libgdata-lang-0.10.1-2.4.1

- openSUSE 12.1 (ia64):

libgdata13-debuginfo-x86-0.10.1-2.4.1
libgdata13-debuginfo-x86-debuginfo-0.10.1-2.4.1
libgdata13-x86-0.10.1-2.4.1

- openSUSE 11.4 (i586 ia64 x86_64):

libgdata-debugsource-0.6.6-5.1

- openSUSE 11.4 (i586 x86_64):

libgdata-devel-0.6.6-5.1
libgdata7-0.6.6-5.1
libgdata7-debuginfo-0.6.6-5.1

- openSUSE 11.4 (x86_64):

libgdata7-32bit-0.6.6-5.1
libgdata7-debuginfo-32bit-0.6.6-5.1

- openSUSE 11.4 (noarch):

libgdata-lang-0.6.6-5.1

- openSUSE 11.4 (ia64):

libgdata7-debuginfo-x86-0.6.6-5.1
libgdata7-debuginfo-x86-debuginfo-0.6.6-5.1
libgdata7-x86-0.6.6-5.1


References:

http://support.novell.com/security/cve/CVE-2012-1177.html
https://bugzilla.novell.com/752088


< Previous Next >
This Thread
  • No further messages