January 2013 - openSUSE Updates - openSUSE Mailing Lists

openSUSE-RU-2013:0222-1: fontconfig: fc-cache fails when cached dir mtime is in the future
by maintenance＠opensuse.org 31 Jan '13

31 Jan '13

openSUSE Recommended Update: fontconfig: fc-cache fails when cached dir mtime is in the future ______________________________________________________________________________ Announcement ID: openSUSE-RU-2013:0222-1 Rating: low References: #227385 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This udpate fixes the following issue for fontconfig: -bnc#227385: When e. g. system time is set before mtime of /usr/share/fonts or its subdirectories, affected dirs do not get cached and fc-cache is reporting "(dir): failed to write cache". This update should fix it. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2013-69 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): fontconfig-2.8.0-24.17.1 fontconfig-debuginfo-2.8.0-24.17.1 fontconfig-debugsource-2.8.0-24.17.1 fontconfig-devel-2.8.0-24.17.1 - openSUSE 12.1 (x86_64): fontconfig-32bit-2.8.0-24.17.1 fontconfig-debuginfo-32bit-2.8.0-24.17.1 fontconfig-devel-32bit-2.8.0-24.17.1 - openSUSE 12.1 (ia64): fontconfig-debuginfo-x86-2.8.0-24.17.1 fontconfig-x86-2.8.0-24.17.1 References: https://bugzilla.novell.com/227385

1 0

openSUSE-RU-2013:0221-1: pure-ftpd: fix pure-ftpd login
by maintenance＠opensuse.org 31 Jan '13

31 Jan '13

openSUSE Recommended Update: pure-ftpd: fix pure-ftpd login ______________________________________________________________________________ Announcement ID: openSUSE-RU-2013:0221-1 Rating: low References: #789833 Affected Products: openSUSE 12.2 openSUSE 12.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues for pure-ftpd: - bnc#789833: fix pure-ftpd login - remove oes related patches have never used at openSUSE - add version to pureftpd symbol Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-67 - openSUSE 12.1: zypper in -t patch openSUSE-2013-67 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): pure-ftpd-1.0.36-3.4.1 pure-ftpd-debuginfo-1.0.36-3.4.1 pure-ftpd-debugsource-1.0.36-3.4.1 - openSUSE 12.1 (i586 x86_64): pure-ftpd-1.0.32-5.4.1 pure-ftpd-debuginfo-1.0.32-5.4.1 pure-ftpd-debugsource-1.0.32-5.4.1 References: https://bugzilla.novell.com/789833

1 0

openSUSE-RU-2013:0220-1: moderate: Softwarestack update
by maintenance＠opensuse.org 31 Jan '13

31 Jan '13

openSUSE Recommended Update: Softwarestack update ______________________________________________________________________________ Announcement ID: openSUSE-RU-2013:0220-1 Rating: moderate References: #665327 #745404 #765528 #769819 #773467 #773641 #777323 #779716 #783539 #785832 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update fixes several issues for the software-management-stack: - zypper: - bnc#785832: Fix source-install to accept package names and lookup their source package - bnc#783539: Add patch/list-patches option --category to man - bnc#779716: Fix zypper output if stdout is not a tty - bnc#777323: Rephrase misleading sections about zypp.conf and zypper.conf - bnc#773641: Properly encode data in XML output - Use edition style on table columns - Enable zypper-log reading lzma (.xz) compressed logs. - libzypp: - bnc#773467: Fixed typo in zypp.conf - bnc#769819: Filter zero sized devices in disk usage counter - bnc#665327: Fix possibly reporting timeout as "aborted by user" - bnc#765528: zypp.conf:servicesdir is ignored - bnc#745404: allow libcurl to take proxy from environment if proxy is not configured or disallowed - do not fork the uuidgen program, use kernel interface instead - remove obsolete hicolor-icon-theme BuildRequires - set $ZYPP_IS_RUNNING during commit - libsolv: - fix susetags parser, it ignored the filelist of the last solvable - fix encoding of large values - libzypp-testsuite-tools: - general improvements and additions in the testsuite Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-70 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): libsolv-debugsource-0.1.1-4.5.1 libsolv-demo-0.1.1-4.5.1 libsolv-demo-debuginfo-0.1.1-4.5.1 libsolv-devel-0.1.1-4.5.1 libsolv-devel-debuginfo-0.1.1-4.5.1 libsolv-tools-0.1.1-4.5.1 libsolv-tools-debuginfo-0.1.1-4.5.1 libzypp-11.8.0-2.4.1 libzypp-debuginfo-11.8.0-2.4.1 libzypp-debugsource-11.8.0-2.4.1 libzypp-devel-11.8.0-2.4.1 libzypp-testsuite-tools-4.2.11-14.4.1 perl-solv-0.1.1-4.5.1 perl-solv-debuginfo-0.1.1-4.5.1 python-solv-0.1.1-4.5.1 python-solv-debuginfo-0.1.1-4.5.1 ruby-solv-0.1.1-4.5.1 ruby-solv-debuginfo-0.1.1-4.5.1 zypper-1.7.8-1.5.1 zypper-debuginfo-1.7.8-1.5.1 zypper-debugsource-1.7.8-1.5.1 - openSUSE 12.2 (noarch): libzypp-testsuite-tools-data-4.2.11-14.4.1 zypper-aptitude-1.7.8-1.5.1 zypper-log-1.7.8-1.5.1 References: https://bugzilla.novell.com/665327 https://bugzilla.novell.com/745404 https://bugzilla.novell.com/765528 https://bugzilla.novell.com/769819 https://bugzilla.novell.com/773467 https://bugzilla.novell.com/773641 https://bugzilla.novell.com/777323 https://bugzilla.novell.com/779716 https://bugzilla.novell.com/783539 https://bugzilla.novell.com/785832

1 0

openSUSE-RU-2013:0219-1: moderate: OpenLP: Update from 2.0 to 2.0.1
by maintenance＠opensuse.org 31 Jan '13

31 Jan '13

openSUSE Recommended Update: OpenLP: Update from 2.0 to 2.0.1 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2013:0219-1 Rating: moderate References: #799157 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues for OpenLP: - bnc#799157: + 2.0.1: * Song export and import now works correctly * Transparent themes are once again transparent * PowerPoint/Impress files with unicode characters in the filename can be imported * OpenLP is now more usable with the XFCE desktop on Linux Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-68 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (noarch): OpenLP-2.0.1-1.19.1 References: https://bugzilla.novell.com/799157

1 0

openSUSE-SU-2013:0211-1: moderate: update for libqt4
by opensuse-security＠opensuse.org 30 Jan '13

30 Jan '13

openSUSE Security Update: update for libqt4 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0211-1 Rating: moderate References: #797006 Cross-References: CVE-2012-6093 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - Add cert-blacklist-more.diff, cert-blacklist-tuerktrust.diff: * blacklist more evil certificates - Add weak-ssl-certificates.diff: * blacklist weak certificates - enable linked support for OpenSSL - openssl-incompatibility-fix.diff: Fix wrong error reporting when using a binary incompatible version of openSSL (bnc#797006, CVE-2012-6093) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2013-15 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): libQtWebKit-devel-4.7.1-8.68.1 libQtWebKit4-4.7.1-8.68.1 libQtWebKit4-debuginfo-4.7.1-8.68.1 libqt4-4.7.1-8.68.1 libqt4-debuginfo-4.7.1-8.68.1 libqt4-debugsource-4.7.1-8.68.1 libqt4-devel-4.7.1-8.68.1 libqt4-devel-debuginfo-4.7.1-8.68.1 libqt4-qt3support-4.7.1-8.68.1 libqt4-qt3support-debuginfo-4.7.1-8.68.1 libqt4-sql-4.7.1-8.68.1 libqt4-sql-debuginfo-4.7.1-8.68.1 libqt4-sql-sqlite-4.7.1-8.68.1 libqt4-sql-sqlite-debuginfo-4.7.1-8.68.1 libqt4-x11-4.7.1-8.68.1 libqt4-x11-debuginfo-4.7.1-8.68.1 - openSUSE 11.4 (x86_64): libQtWebKit4-32bit-4.7.1-8.68.1 libQtWebKit4-debuginfo-32bit-4.7.1-8.68.1 libqt4-32bit-4.7.1-8.68.1 libqt4-debuginfo-32bit-4.7.1-8.68.1 libqt4-qt3support-32bit-4.7.1-8.68.1 libqt4-qt3support-debuginfo-32bit-4.7.1-8.68.1 libqt4-sql-32bit-4.7.1-8.68.1 libqt4-sql-debuginfo-32bit-4.7.1-8.68.1 libqt4-sql-sqlite-32bit-4.7.1-8.68.1 libqt4-sql-sqlite-debuginfo-32bit-4.7.1-8.68.1 libqt4-x11-32bit-4.7.1-8.68.1 libqt4-x11-debuginfo-32bit-4.7.1-8.68.1 - openSUSE 11.4 (ia64): libQtWebKit4-debuginfo-x86-4.7.1-8.68.1 libQtWebKit4-x86-4.7.1-8.68.1 libqt4-debuginfo-x86-4.7.1-8.68.1 libqt4-qt3support-debuginfo-x86-4.7.1-8.68.1 libqt4-qt3support-x86-4.7.1-8.68.1 libqt4-sql-debuginfo-x86-4.7.1-8.68.1 libqt4-sql-sqlite-debuginfo-x86-4.7.1-8.68.1 libqt4-sql-sqlite-x86-4.7.1-8.68.1 libqt4-sql-x86-4.7.1-8.68.1 libqt4-x11-debuginfo-x86-4.7.1-8.68.1 libqt4-x11-x86-4.7.1-8.68.1 libqt4-x86-4.7.1-8.68.1 References: http://support.novell.com/security/cve/CVE-2012-6093.html https://bugzilla.novell.com/797006

1 0

openSUSE-SU-2013:0206-1: moderate: update for icinga
by opensuse-security＠opensuse.org 29 Jan '13

29 Jan '13

openSUSE Security Update: update for icinga ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0206-1 Rating: moderate References: #797237 Cross-References: CVE-2012-6096 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - fixed Stack based buffer overflow in web interface: bnc#797237 - CVE-2012-6096 - icinga-fix-bnc797237.patch Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2013-54 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): icinga-1.5.1-5.11.1 icinga-debuginfo-1.5.1-5.11.1 icinga-debugsource-1.5.1-5.11.1 icinga-devel-1.5.1-5.11.1 icinga-doc-1.5.1-5.11.1 icinga-idoutils-1.5.1-5.11.1 icinga-idoutils-debuginfo-1.5.1-5.11.1 icinga-idoutils-mysql-1.5.1-5.11.1 icinga-idoutils-oracle-1.5.1-5.11.1 icinga-idoutils-pgsql-1.5.1-5.11.1 icinga-plugins-eventhandlers-1.5.1-5.11.1 icinga-www-1.5.1-5.11.1 icinga-www-debuginfo-1.5.1-5.11.1 References: http://support.novell.com/security/cve/CVE-2012-6096.html https://bugzilla.novell.com/797237

1 0

openSUSE-SU-2013:0205-1: moderate: update for cronie
by opensuse-security＠opensuse.org 29 Jan '13

29 Jan '13

openSUSE Security Update: update for cronie ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0205-1 Rating: moderate References: #786096 Cross-References: CVE-2012-6097 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - Fix Bug 786096 - cron: does not close file descriptors before invocation of commands - bug-786096_cronie-fdleak.diff (CVE-2012-6097) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-52 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): cron-4.2-37.5.1 cronie-1.4.8-37.5.1 cronie-anacron-1.4.8-37.5.1 cronie-anacron-debuginfo-1.4.8-37.5.1 cronie-debuginfo-1.4.8-37.5.1 cronie-debugsource-1.4.8-37.5.1 References: http://support.novell.com/security/cve/CVE-2012-6097.html https://bugzilla.novell.com/786096

1 0

openSUSE-SU-2013:0204-1: moderate: update for libqt4
by opensuse-security＠opensuse.org 29 Jan '13

29 Jan '13

openSUSE Security Update: update for libqt4 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0204-1 Rating: moderate References: #797006 Cross-References: CVE-2012-6093 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - Add cert-blacklist-more.diff, cert-blacklist-tuerktrust.diff: * blacklist more evil certificates - Add weak-ssl-certificates.diff: * blacklist weak certificates - enable linked support for OpenSSL - openssl-incompatibility-fix.diff: Fix wrong error reporting when using a binary incompatible version of openSSL (bnc#797006, CVE-2012-6093) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2013-53 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): libqt4-4.7.4-19.17.1 libqt4-debuginfo-4.7.4-19.17.1 libqt4-debugsource-4.7.4-19.17.1 libqt4-devel-4.7.4-19.17.1 libqt4-devel-debuginfo-4.7.4-19.17.1 libqt4-private-headers-devel-4.7.4-19.17.1 libqt4-qt3support-4.7.4-19.17.1 libqt4-qt3support-debuginfo-4.7.4-19.17.1 libqt4-sql-4.7.4-19.17.1 libqt4-sql-debuginfo-4.7.4-19.17.1 libqt4-sql-sqlite-4.7.4-19.17.1 libqt4-sql-sqlite-debuginfo-4.7.4-19.17.1 libqt4-x11-4.7.4-19.17.1 libqt4-x11-debuginfo-4.7.4-19.17.1 - openSUSE 12.1 (x86_64): libqt4-32bit-4.7.4-19.17.1 libqt4-debuginfo-32bit-4.7.4-19.17.1 libqt4-qt3support-32bit-4.7.4-19.17.1 libqt4-qt3support-debuginfo-32bit-4.7.4-19.17.1 libqt4-sql-32bit-4.7.4-19.17.1 libqt4-sql-debuginfo-32bit-4.7.4-19.17.1 libqt4-sql-sqlite-32bit-4.7.4-19.17.1 libqt4-sql-sqlite-debuginfo-32bit-4.7.4-19.17.1 libqt4-x11-32bit-4.7.4-19.17.1 libqt4-x11-debuginfo-32bit-4.7.4-19.17.1 - openSUSE 12.1 (ia64): libqt4-debuginfo-x86-4.7.4-19.17.1 libqt4-qt3support-debuginfo-x86-4.7.4-19.17.1 libqt4-qt3support-x86-4.7.4-19.17.1 libqt4-sql-debuginfo-x86-4.7.4-19.17.1 libqt4-sql-sqlite-debuginfo-x86-4.7.4-19.17.1 libqt4-sql-sqlite-x86-4.7.4-19.17.1 libqt4-sql-x86-4.7.4-19.17.1 libqt4-x11-debuginfo-x86-4.7.4-19.17.1 libqt4-x11-x86-4.7.4-19.17.1 libqt4-x86-4.7.4-19.17.1 References: http://support.novell.com/security/cve/CVE-2012-6093.html https://bugzilla.novell.com/797006

1 0

openSUSE-RU-2013:0203-1: moderate: netcontrol: Update to 0.2.6
by maintenance＠opensuse.org 28 Jan '13

28 Jan '13

openSUSE Recommended Update: netcontrol: Update to 0.2.6 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2013:0203-1 Rating: moderate References: #708398 #735187 #754001 #760500 #763388 #765040 #794720 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update fixes the following issues for netcontrol: - bnc#794720: 0.2.6: - Merged spec file changes from openSUSE:Factory - Fixed libnl-devel build requires to build on 12.1 - Updated FSF address in copyright/license statements - 0.2.5: - Fixed several bugs reported in bnc#760500, bnc#763388, bnc#765040, bnc#754001: - Fetch ip addresses and routes in system refresh via netlink, adds libnl-1 dependency to libnetcontrol. - Do not use -o rc for ifup or it fails when startmode is set to manual. - Always call ifstatus in ncf_if_status and not check interface operstate to better match ifstatus results - Check type while creating topology tree as well, not only if the interface specific data exists. - Do not report error in ncf_if_xml_state when interface does not exists any more [has been stopped/removed]. - Improved error handling, report several errors once - Expose a lot of error details to the caller - Fixed to parse and configure complete interface trees and fixed a senseless type check that caused SEGV. - Fetch mac address from system when not in the config - Fixed arp ip target bonding option handling and expose errors while trying to add not unique slave interface. - Refresh config handle earlier in ncf_define, fixed a double free in regression test it does. - Automatically start port/slave/base interfeces when stating a bridge/bond/vlan. - Lowered bad_reference (bridge config references an unknown interface) log level to warning (bnc#735187). - 0.2.4: - Fixed writing of bonding slaves into ifcfg file - Fixed a memory leak while netcf xml generation error - Generate complete interface chanins, do not generate type attribute in vlan interface reference xml node (bnc#708398) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-50 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): libnetcontrol-devel-0.2.6-0.6.4.1 libnetcontrol0-0.2.6-0.6.4.1 libnetcontrol0-debuginfo-0.2.6-0.6.4.1 netcontrol-debugsource-0.2.6-0.6.4.1 - openSUSE 12.2 (x86_64): libnetcontrol0-32bit-0.2.6-0.6.4.1 libnetcontrol0-debuginfo-32bit-0.2.6-0.6.4.1 References: https://bugzilla.novell.com/708398 https://bugzilla.novell.com/735187 https://bugzilla.novell.com/754001 https://bugzilla.novell.com/760500 https://bugzilla.novell.com/763388 https://bugzilla.novell.com/765040 https://bugzilla.novell.com/794720

1 0

openSUSE-RU-2013:0202-1: python-pysvn: Fix build-script
by maintenance＠opensuse.org 28 Jan '13

28 Jan '13

openSUSE Recommended Update: python-pysvn: Fix build-script ______________________________________________________________________________ Announcement ID: openSUSE-RU-2013:0202-1 Rating: low References: #780243 Affected Products: openSUSE 12.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue for python-pysvn: - bnc#780243: Added patch to fix the build-script, cherry-picked from upstream r1742 Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-49 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): python-pysvn-1.7.6-3.4.1 python3-pysvn-1.7.6-3.4.1 References: https://bugzilla.novell.com/780243

1 0