From sle-security-updates at lists.suse.com Mon Nov 5 11:08:34 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 5 Nov 2012 19:08:34 +0100 (CET) Subject: SUSE-SU-2012:1390-3: important: Security update for bind Message-ID: <20121105180834.87EB432289@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1390-3 Rating: important References: #784602 Cross-References: CVE-2012-5166 Affected Products: SUSE CORE 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Specially crafted RDATA could have caused the bind nameserver to lockup (CVE-2012-5166). This was a different flaw than CVE-2012-4244. Security Issue reference: * CVE-2012-5166 Package List: - SUSE CORE 9 (i586 s390 s390x x86_64): bind-9.3.4-4.18 bind-devel-9.3.4-4.18 bind-utils-9.3.4-4.18 - SUSE CORE 9 (x86_64): bind-utils-32bit-9-201210261342 - SUSE CORE 9 (s390x): bind-utils-32bit-9-201210261352 References: http://support.novell.com/security/cve/CVE-2012-5166.html https://bugzilla.novell.com/784602 http://download.novell.com/patch/finder/?keywords=cc769094d1b8a281e47121ac083eae2b From sle-security-updates at lists.suse.com Thu Nov 8 10:08:31 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 8 Nov 2012 18:08:31 +0100 (CET) Subject: SUSE-SU-2012:1455-1: important: Security update for openstack-glance Message-ID: <20121108170831.B6433322A4@maintenance.suse.de> SUSE Security Update: Security update for openstack-glance ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1455-1 Rating: important References: #787814 Cross-References: CVE-2012-4573 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: OpenStack glance had a bug where image deletion was allowed for all logged in users (CVE-2012-4573). This has been fixed. Security Issue reference: * CVE-2012-4573 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-openstack-glance-7033 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (x86_64): openstack-glance-2012.1+git.1344578005.120fcf4-0.7.1 python-glance-2012.1+git.1344578005.120fcf4-0.7.1 References: http://support.novell.com/security/cve/CVE-2012-4573.html https://bugzilla.novell.com/787814 http://download.novell.com/patch/finder/?keywords=702ffac90e6c557e86e585da921b9b98 From sle-security-updates at lists.suse.com Mon Nov 12 12:08:53 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 12 Nov 2012 20:08:53 +0100 (CET) Subject: SUSE-SU-2012:1472-1: Security update for sap_suse_cluster_connector Message-ID: <20121112190853.7B5AD3213D@maintenance.suse.de> SUSE Security Update: Security update for sap_suse_cluster_connector ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1472-1 Rating: low References: #763793 #777453 #778273 #778293 Cross-References: CVE-2012-0426 Affected Products: SUSE Linux Enterprise for SAP Applications 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: A tmp race condition was fixed in sap_suse_cluster_connector. CVE-2012-0426 was assigned to this issue. Additionally some minor non-security fixes are included. Security Issue reference: * CVE-2012-0426 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise for SAP Applications 11 SP2: zypper in -t patch slesapp2-sap_suse_cluster_connector-6918 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise for SAP Applications 11 SP2 (noarch): sap_suse_cluster_connector-1.0.0-0.8.1 References: http://support.novell.com/security/cve/CVE-2012-0426.html https://bugzilla.novell.com/763793 https://bugzilla.novell.com/777453 https://bugzilla.novell.com/778273 https://bugzilla.novell.com/778293 http://download.novell.com/patch/finder/?keywords=67f8397652f3d8ee3df37f91ef07cc58 From sle-security-updates at lists.suse.com Tue Nov 13 14:08:46 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 13 Nov 2012 22:08:46 +0100 (CET) Subject: SUSE-SU-2012:1475-1: moderate: Security update for IBM Java 1.4.2 Message-ID: <20121113210846.398A2322A1@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 1.4.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1475-1 Rating: moderate References: #666744 #778943 Cross-References: CVE-2012-1713 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 Affected Products: SUSE Linux Enterprise for SAP Applications 11 SP2 SUSE Linux Enterprise for SAP Applications 11 SP1 SUSE Linux Enterprise Java 11 SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: IBM Java 1.4.2 has been updated to SR13-FP13 that fixes bugs and security issues. Please see for more information: http://www.ibm.com/developerworks/java/jdk/alerts/ Additionally one bug has been fixed: * fix bnc#771808: create symlink /usr/bin/javaws properly Security Issue references: * CVE-2012-1717 * CVE-2012-1713 * CVE-2012-1719 * CVE-2012-1718 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise for SAP Applications 11 SP2: zypper in -t patch slesapp2-java-1_4_2-ibm-sap-6998 - SUSE Linux Enterprise for SAP Applications 11 SP1: zypper in -t patch slesapp1-java-1_4_2-ibm-sap-6997 - SUSE Linux Enterprise Java 11 SP2: zypper in -t patch slejsp2-java-1_4_2-ibm-sap-6998 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise for SAP Applications 11 SP2 (x86_64): java-1_4_2-ibm-sap-1.4.2_sr13.13-0.3.1 java-1_4_2-ibm-sap-devel-1.4.2_sr13.13-0.3.1 - SUSE Linux Enterprise for SAP Applications 11 SP1 (x86_64): java-1_4_2-ibm-sap-1.4.2_sr13.13-0.3.1 java-1_4_2-ibm-sap-devel-1.4.2_sr13.13-0.3.1 - SUSE Linux Enterprise Java 11 SP2 (x86_64): java-1_4_2-ibm-sap-1.4.2_sr13.13-0.3.1 java-1_4_2-ibm-sap-devel-1.4.2_sr13.13-0.3.1 References: http://support.novell.com/security/cve/CVE-2012-1713.html http://support.novell.com/security/cve/CVE-2012-1717.html http://support.novell.com/security/cve/CVE-2012-1718.html http://support.novell.com/security/cve/CVE-2012-1719.html https://bugzilla.novell.com/666744 https://bugzilla.novell.com/778943 http://download.novell.com/patch/finder/?keywords=362e4a8f1f21644a7d9eb0b72f2da0c9 http://download.novell.com/patch/finder/?keywords=fa385924d3e201f9e1a8265800eb93bd From sle-security-updates at lists.suse.com Thu Nov 15 15:08:28 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 15 Nov 2012 23:08:28 +0100 (CET) Subject: SUSE-SU-2012:1485-1: important: Security update for flash-player Message-ID: <20121115220828.214F832342@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1485-1 Rating: important References: #788450 Cross-References: CVE-2012-5274 CVE-2012-5275 CVE-2012-5276 CVE-2012-5277 CVE-2012-5278 CVE-2012-5279 CVE-2012-5280 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. It includes one version update. Description: This update of flash-player fixes multiple (unspecified) buffer overflows, memory corruptions and other security-related issues. Security Issue references: * CVE-2012-5274 * CVE-2012-5275 * CVE-2012-5276 * CVE-2012-5277 * CVE-2012-5278 * CVE-2012-5279 * CVE-2012-5280 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-flash-player-7038 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.251]: flash-player-11.2.202.251-0.3.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 11.2.202.251]: flash-player-11.2.202.251-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-5274.html http://support.novell.com/security/cve/CVE-2012-5275.html http://support.novell.com/security/cve/CVE-2012-5276.html http://support.novell.com/security/cve/CVE-2012-5277.html http://support.novell.com/security/cve/CVE-2012-5278.html http://support.novell.com/security/cve/CVE-2012-5279.html http://support.novell.com/security/cve/CVE-2012-5280.html https://bugzilla.novell.com/788450 http://download.novell.com/patch/finder/?keywords=2704cd8e916c14e8d622e540925ea064 http://download.novell.com/patch/finder/?keywords=8a2ea2251ceaffe0fb0d2fb2849a774e From sle-security-updates at lists.suse.com Thu Nov 15 16:09:06 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 16 Nov 2012 00:09:06 +0100 (CET) Subject: SUSE-SU-2012:1486-1: important: Security update for Xen Message-ID: <20121115230906.6474A32338@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1486-1 Rating: important References: #777890 #778105 #779212 #784087 #786516 #786517 #786518 #786519 #786520 #787163 Cross-References: CVE-2012-3497 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has two fixes is now available. Description: XEN was updated to fix various bugs and security issues: The following security issues have been fixed: * CVE-2012-4544: xen: Domain builder Out-of-memory due to malicious kernel/ramdisk (XSA 25) * CVE-2012-4411: XEN / qemu: guest administrator can access qemu monitor console (XSA-19) * CVE-2012-4535: xen: Timer overflow DoS vulnerability (XSA 20) * CVE-2012-4536: xen: pirq range check DoS vulnerability (XSA 21) * CVE-2012-4537: xen: Memory mapping failure DoS vulnerability (XSA 22) * CVE-2012-4538: xen: Unhooking empty PAE entries DoS vulnerability (XSA 23) * CVE-2012-4539: xen: Grant table hypercall infinite loop DoS vulnerability (XSA 24) * CVE-2012-3497: xen: multiple TMEM hypercall vulnerabilities (XSA-15) Also the following bugs have been fixed and upstream patches have been applied: * bnc#784087 - L3: Xen BUG at io_apic.c:129 26102-x86-IOAPIC-legacy-not-first.patch * Upstream patches merged: 26054-x86-AMD-perf-ctr-init.patch 26055-x86-oprof-hvm-mode.patch 26056-page-alloc-flush-filter.patch 26061-x86-oprof-counter-range.patch 26062-ACPI-ERST-move-data.patch 26063-x86-HPET-affinity-lock.patch 26093-HVM-PoD-grant-mem-type.patch 25931-x86-domctl-iomem-mapping-checks.patch 25952-x86-MMIO-remap-permissions.patch 25808-domain_create-return-value.patch 25814-x86_64-set-debugreg-guest.patch 25815-x86-PoD-no-bug-in-non-translated.patch 25816-x86-hvm-map-pirq-range-check.patch 25833-32on64-bogus-pt_base-adjust.patch 25834-x86-S3-MSI-resume.patch 25835-adjust-rcu-lock-domain.patch 25836-VT-d-S3-MSI-resume.patch 25850-tmem-xsa-15-1.patch 25851-tmem-xsa-15-2.patch 25852-tmem-xsa-15-3.patch 25853-tmem-xsa-15-4.patch 25854-tmem-xsa-15-5.patch 25855-tmem-xsa-15-6.patch 25856-tmem-xsa-15-7.patch 25857-tmem-xsa-15-8.patch 25858-tmem-xsa-15-9.patch 25859-tmem-missing-break.patch 25860-tmem-cleanup.patch 25883-pt-MSI-cleanup.patch 25927-x86-domctl-ioport-mapping-range.patch 25929-tmem-restore-pool-version.patch * bnc#778105 - first XEN-PV VM fails to spawn xend: Increase wait time for disk to appear in host bootloader Modified existing xen-domUloader.diff 25752-ACPI-pm-op-valid-cpu.patch 25754-x86-PoD-early-access.patch 25755-x86-PoD-types.patch 25756-x86-MMIO-max-mapped-pfn.patch Security Issue references: * CVE-2012-4539 * CVE-2012-3497 * CVE-2012-4411 * CVE-2012-4535 * CVE-2012-4537 * CVE-2012-4536 * CVE-2012-4538 * CVE-2012-4539 * CVE-2012-4544 Indications: Everyone using XEN should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xen-201211-7018 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xen-201211-7018 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xen-201211-7018 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xen-201211-7018 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): xen-devel-4.1.3_04-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xen-kmp-trace-4.1.3_04_3.0.42_0.7-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): xen-kmp-default-4.1.3_04_3.0.42_0.7-0.5.1 xen-kmp-trace-4.1.3_04_3.0.42_0.7-0.5.1 xen-libs-4.1.3_04-0.5.1 xen-tools-domU-4.1.3_04-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (x86_64): xen-4.1.3_04-0.5.1 xen-doc-html-4.1.3_04-0.5.1 xen-doc-pdf-4.1.3_04-0.5.1 xen-libs-32bit-4.1.3_04-0.5.1 xen-tools-4.1.3_04-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586): xen-kmp-pae-4.1.3_04_3.0.42_0.7-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xen-kmp-default-4.1.3_04_3.0.42_0.7-0.5.1 xen-kmp-trace-4.1.3_04_3.0.42_0.7-0.5.1 xen-libs-4.1.3_04-0.5.1 xen-tools-domU-4.1.3_04-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xen-4.1.3_04-0.5.1 xen-doc-html-4.1.3_04-0.5.1 xen-doc-pdf-4.1.3_04-0.5.1 xen-libs-32bit-4.1.3_04-0.5.1 xen-tools-4.1.3_04-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586): xen-kmp-pae-4.1.3_04_3.0.42_0.7-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-3497.html http://support.novell.com/security/cve/CVE-2012-4411.html http://support.novell.com/security/cve/CVE-2012-4535.html http://support.novell.com/security/cve/CVE-2012-4536.html http://support.novell.com/security/cve/CVE-2012-4537.html http://support.novell.com/security/cve/CVE-2012-4538.html http://support.novell.com/security/cve/CVE-2012-4539.html http://support.novell.com/security/cve/CVE-2012-4544.html https://bugzilla.novell.com/777890 https://bugzilla.novell.com/778105 https://bugzilla.novell.com/779212 https://bugzilla.novell.com/784087 https://bugzilla.novell.com/786516 https://bugzilla.novell.com/786517 https://bugzilla.novell.com/786518 https://bugzilla.novell.com/786519 https://bugzilla.novell.com/786520 https://bugzilla.novell.com/787163 http://download.novell.com/patch/finder/?keywords=8f87058beb7d6e2bf1940373a4fb3ae2 From sle-security-updates at lists.suse.com Fri Nov 16 09:08:30 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 16 Nov 2012 17:08:30 +0100 (CET) Subject: SUSE-SU-2012:1487-1: important: Security update for Xen Message-ID: <20121116160830.22E253233D@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1487-1 Rating: important References: #651093 #713555 #784087 #786516 #786517 Cross-References: CVE-2012-3497 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: XEN received various security and bugfixes: * CVE-2012-4535: xen: Timer overflow DoS vulnerability (XSA-20) * CVE-2012-4537: xen: Memory mapping failure DoS vulnerability (XSA-22) The following additional bugs have beenfixed: * bnc#784087 - L3: Xen BUG at io_apic.c:129 26102-x86-IOAPIC-legacy-not-first.patch * Upstream patches from Jan 25927-x86-domctl-ioport-mapping-range.patch 25931-x86-domctl-iomem-mapping-checks.patch 26061-x86-oprof-counter-range.patch 25431-x86-EDD-MBR-sig-check.patch 25480-x86_64-sysret-canonical.patch 25481-x86_64-AMD-erratum-121.patch 25485-x86_64-canonical-checks.patch 25587-param-parse-limit.patch 25589-pygrub-size-limits.patch 25744-hypercall-return-long.patch 25765-x86_64-allow-unsafe-adjust.patch 25773-x86-honor-no-real-mode.patch 25786-x86-prefer-multiboot-meminfo-over-e801.patch 25808-domain_create-return-value.patch 25814-x86_64-set-debugreg-guest.patch 24742-gnttab-misc.patch 25098-x86-emul-lock-UD.patch 25200-x86_64-trap-bounce-flags.patch 25271-x86_64-IST-index.patch * bnc#651093 - win2k8 guests are unable to restore after saving the vms state ept-novell-x64.patch 23800-x86_64-guest-addr-range.patch 24168-x86-vioapic-clear-remote_irr.patch 24453-x86-vIRQ-IRR-TMR-race.patch 24456-x86-emul-lea.patch * bnc#713555 - Unable to install RHEL 6.1 x86 as a paravirtualized guest OS on SLES 10 SP4 x86 vm-install-0.2.19.tar.bz2 Security Issue references: * CVE-2012-4539 * CVE-2012-3497 * CVE-2012-4411 * CVE-2012-4535 * CVE-2012-4537 * CVE-2012-4536 * CVE-2012-4538 * CVE-2012-4539 * CVE-2012-4544 Package List: - SUSE Linux Enterprise Server 10 SP4 (x86_64): xen-3.2.3_17040_42-0.7.2 xen-devel-3.2.3_17040_42-0.7.2 xen-doc-html-3.2.3_17040_42-0.7.2 xen-doc-pdf-3.2.3_17040_42-0.7.2 xen-doc-ps-3.2.3_17040_42-0.7.2 xen-kmp-debug-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2 xen-kmp-default-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2 xen-kmp-kdump-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2 xen-kmp-smp-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2 xen-libs-3.2.3_17040_42-0.7.2 xen-libs-32bit-3.2.3_17040_42-0.7.1 xen-tools-3.2.3_17040_42-0.7.2 xen-tools-domU-3.2.3_17040_42-0.7.2 xen-tools-ioemu-3.2.3_17040_42-0.7.2 - SUSE Linux Enterprise Server 10 SP4 (i586): xen-3.2.3_17040_42-0.7.1 xen-devel-3.2.3_17040_42-0.7.1 xen-doc-html-3.2.3_17040_42-0.7.1 xen-doc-pdf-3.2.3_17040_42-0.7.1 xen-doc-ps-3.2.3_17040_42-0.7.1 xen-kmp-bigsmp-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1 xen-kmp-debug-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1 xen-kmp-default-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1 xen-kmp-kdump-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1 xen-kmp-kdumppae-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1 xen-kmp-smp-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1 xen-kmp-vmi-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1 xen-kmp-vmipae-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1 xen-libs-3.2.3_17040_42-0.7.1 xen-tools-3.2.3_17040_42-0.7.1 xen-tools-domU-3.2.3_17040_42-0.7.1 xen-tools-ioemu-3.2.3_17040_42-0.7.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): xen-3.2.3_17040_42-0.7.2 xen-devel-3.2.3_17040_42-0.7.2 xen-doc-html-3.2.3_17040_42-0.7.2 xen-doc-pdf-3.2.3_17040_42-0.7.2 xen-doc-ps-3.2.3_17040_42-0.7.2 xen-kmp-default-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2 xen-kmp-smp-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2 xen-libs-3.2.3_17040_42-0.7.2 xen-libs-32bit-3.2.3_17040_42-0.7.1 xen-tools-3.2.3_17040_42-0.7.2 xen-tools-domU-3.2.3_17040_42-0.7.2 xen-tools-ioemu-3.2.3_17040_42-0.7.2 - SUSE Linux Enterprise Desktop 10 SP4 (i586): xen-3.2.3_17040_42-0.7.1 xen-devel-3.2.3_17040_42-0.7.1 xen-doc-html-3.2.3_17040_42-0.7.1 xen-doc-pdf-3.2.3_17040_42-0.7.1 xen-doc-ps-3.2.3_17040_42-0.7.1 xen-kmp-bigsmp-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1 xen-kmp-default-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1 xen-kmp-smp-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1 xen-libs-3.2.3_17040_42-0.7.1 xen-tools-3.2.3_17040_42-0.7.1 xen-tools-domU-3.2.3_17040_42-0.7.1 xen-tools-ioemu-3.2.3_17040_42-0.7.1 - SLE SDK 10 SP4 (x86_64): xen-3.2.3_17040_42-0.7.2 xen-devel-3.2.3_17040_42-0.7.2 xen-kmp-debug-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2 xen-kmp-kdump-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2 xen-libs-3.2.3_17040_42-0.7.2 xen-libs-32bit-3.2.3_17040_42-0.7.1 xen-tools-3.2.3_17040_42-0.7.2 xen-tools-ioemu-3.2.3_17040_42-0.7.2 - SLE SDK 10 SP4 (i586): xen-3.2.3_17040_42-0.7.1 xen-devel-3.2.3_17040_42-0.7.1 xen-kmp-debug-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1 xen-kmp-kdump-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1 xen-libs-3.2.3_17040_42-0.7.1 xen-tools-3.2.3_17040_42-0.7.1 xen-tools-ioemu-3.2.3_17040_42-0.7.1 References: http://support.novell.com/security/cve/CVE-2012-3497.html http://support.novell.com/security/cve/CVE-2012-4411.html http://support.novell.com/security/cve/CVE-2012-4535.html http://support.novell.com/security/cve/CVE-2012-4536.html http://support.novell.com/security/cve/CVE-2012-4537.html http://support.novell.com/security/cve/CVE-2012-4538.html http://support.novell.com/security/cve/CVE-2012-4539.html http://support.novell.com/security/cve/CVE-2012-4544.html https://bugzilla.novell.com/651093 https://bugzilla.novell.com/713555 https://bugzilla.novell.com/784087 https://bugzilla.novell.com/786516 https://bugzilla.novell.com/786517 http://download.novell.com/patch/finder/?keywords=1e9042debead5d88c23444a904a4e0c9 From sle-security-updates at lists.suse.com Fri Nov 16 10:08:30 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 16 Nov 2012 18:08:30 +0100 (CET) Subject: SUSE-SU-2012:1488-1: Security update for glibc Message-ID: <20121116170830.BF53332343@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1488-1 Rating: low References: #676178 #753756 #760216 #770891 Cross-References: CVE-2011-1089 CVE-2012-3406 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This collective update to the GNU Lib C library (glibc) provides the following fixes: * Make addmntent() return errors also for cached streams (bnc#676178, CVE-2011-1089) * Fix overflows in vfprintf() (bnc#770891, CVE-2012-3406) * Fix incomplete results from nscd (bnc#753756) * Fix a deadlock in dlsym in case the symbol isn't found, for multi-threaded programs (bnc #760216). Security Issues: * CVE-2011-1089 * CVE-2012-3406 Contraindications: Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 i686 ia64 ppc s390x x86_64): glibc-2.4-31.103.1 glibc-devel-2.4-31.103.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): glibc-html-2.4-31.103.1 glibc-i18ndata-2.4-31.103.1 glibc-info-2.4-31.103.1 glibc-locale-2.4-31.103.1 glibc-profile-2.4-31.103.1 nscd-2.4-31.103.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): glibc-32bit-2.4-31.103.1 glibc-devel-32bit-2.4-31.103.1 glibc-locale-32bit-2.4-31.103.1 glibc-profile-32bit-2.4-31.103.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): glibc-locale-x86-2.4-31.103.1 glibc-profile-x86-2.4-31.103.1 glibc-x86-2.4-31.103.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): glibc-64bit-2.4-31.103.1 glibc-devel-64bit-2.4-31.103.1 glibc-locale-64bit-2.4-31.103.1 glibc-profile-64bit-2.4-31.103.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 i686 x86_64): glibc-2.4-31.103.1 glibc-devel-2.4-31.103.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): glibc-html-2.4-31.103.1 glibc-i18ndata-2.4-31.103.1 glibc-info-2.4-31.103.1 glibc-locale-2.4-31.103.1 nscd-2.4-31.103.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): glibc-32bit-2.4-31.103.1 glibc-devel-32bit-2.4-31.103.1 glibc-locale-32bit-2.4-31.103.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): glibc-dceext-2.4-31.103.1 glibc-html-2.4-31.103.1 glibc-profile-2.4-31.103.1 - SLE SDK 10 SP4 (s390x x86_64): glibc-dceext-32bit-2.4-31.103.1 glibc-profile-32bit-2.4-31.103.1 - SLE SDK 10 SP4 (ia64): glibc-dceext-x86-2.4-31.103.1 glibc-profile-x86-2.4-31.103.1 - SLE SDK 10 SP4 (ppc): glibc-dceext-64bit-2.4-31.103.1 glibc-profile-64bit-2.4-31.103.1 References: http://support.novell.com/security/cve/CVE-2011-1089.html http://support.novell.com/security/cve/CVE-2012-3406.html https://bugzilla.novell.com/676178 https://bugzilla.novell.com/753756 https://bugzilla.novell.com/760216 https://bugzilla.novell.com/770891 http://download.novell.com/patch/finder/?keywords=ae7b2bb12ddda522987dc10489bcbf1f From sle-security-updates at lists.suse.com Fri Nov 16 13:08:41 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 16 Nov 2012 21:08:41 +0100 (CET) Subject: SUSE-SU-2012:1489-1: important: Security update for IBM Java 1.5.0 Message-ID: <20121116200841.D957E3233E@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 1.5.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1489-1 Rating: important References: #788750 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Java 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: IBM Java 1.5.0 has been updated to SR15 which fixes bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ CVE-2012-3216,CVE-2012-3143,CVE-2012-5073,CVE-2012-5075,CVE- 2012-5083,CVE-2012-5083,CVE-2012-1531,CVE-2012-5081,CVE-2012 -5069,CVE-2012-5071,CVE-2012-5084,CVE-2012-5079,CVE-2012-508 9 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ppc s390x x86_64): java-1_5_0-ibm-1.5.0_sr15.0-0.5.1 java-1_5_0-ibm-devel-1.5.0_sr15.0-0.5.1 java-1_5_0-ibm-fonts-1.5.0_sr15.0-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): java-1_5_0-ibm-32bit-1.5.0_sr15.0-0.5.1 java-1_5_0-ibm-devel-32bit-1.5.0_sr15.0-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc): java-1_5_0-ibm-jdbc-1.5.0_sr15.0-0.5.1 java-1_5_0-ibm-plugin-1.5.0_sr15.0-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (x86_64): java-1_5_0-ibm-alsa-32bit-1.5.0_sr15.0-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (i586): java-1_5_0-ibm-alsa-1.5.0_sr15.0-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): java-1_5_0-ibm-64bit-1.5.0_sr15.0-0.5.1 - SUSE Linux Enterprise Java 10 SP4 (i586 ppc s390x x86_64): java-1_5_0-ibm-1.5.0_sr15.0-0.5.1 java-1_5_0-ibm-devel-1.5.0_sr15.0-0.5.1 java-1_5_0-ibm-fonts-1.5.0_sr15.0-0.5.1 - SUSE Linux Enterprise Java 10 SP4 (ppc): java-1_5_0-ibm-jdbc-1.5.0_sr15.0-0.5.1 java-1_5_0-ibm-plugin-1.5.0_sr15.0-0.5.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): java-1_5_0-ibm-1.5.0_sr15.0-0.5.1 java-1_5_0-ibm-demo-1.5.0_sr15.0-0.5.1 java-1_5_0-ibm-devel-1.5.0_sr15.0-0.5.1 java-1_5_0-ibm-fonts-1.5.0_sr15.0-0.5.1 java-1_5_0-ibm-src-1.5.0_sr15.0-0.5.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): java-1_5_0-ibm-32bit-1.5.0_sr15.0-0.5.1 java-1_5_0-ibm-alsa-32bit-1.5.0_sr15.0-0.5.1 java-1_5_0-ibm-devel-32bit-1.5.0_sr15.0-0.5.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586): java-1_5_0-ibm-alsa-1.5.0_sr15.0-0.5.1 java-1_5_0-ibm-jdbc-1.5.0_sr15.0-0.5.1 java-1_5_0-ibm-plugin-1.5.0_sr15.0-0.5.1 References: https://bugzilla.novell.com/788750 http://download.novell.com/patch/finder/?keywords=bb56b08850390b907db4d458f187e204 From sle-security-updates at lists.suse.com Fri Nov 16 13:08:58 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 16 Nov 2012 21:08:58 +0100 (CET) Subject: SUSE-SU-2012:1490-1: important: Security update for IBM Java 1.4.2 Message-ID: <20121116200858.DF6C43233B@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 1.4.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1490-1 Rating: important References: #758651 #788750 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Java 11 SP2 SUSE Linux Enterprise Java 10 SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: IBM Java 1.4.2 has been updated to SR13-FP14 which fixes bugs and security issues. More information can be found on: [http://www.ibm.com/developerworks/java/jdk/alerts/)(http:// www.ibm.com/developerworks/java/jdk/alerts/) CVEs fixed: CVE-2012-3216,CVE-2012-5073,CVE-2012-5083,CVE-2012-5083,CVE- 2012-1531,CVE-2012-5081,CVE-2012-5084,CVE-2012-5079 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-java-1_4_2-ibm-7043 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-java-1_4_2-ibm-7043 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-java-1_4_2-ibm-7043 - SUSE Linux Enterprise Java 11 SP2: zypper in -t patch slejsp2-java-1_4_2-ibm-7043 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): java-1_4_2-ibm-devel-1.4.2_sr13.14-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): java-1_4_2-ibm-1.4.2_sr13.14-0.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): java-1_4_2-ibm-1.4.2_sr13.14-0.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.14-0.2.1 java-1_4_2-ibm-plugin-1.4.2_sr13.14-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.14-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.14-0.2.1 java-1_4_2-ibm-plugin-1.4.2_sr13.14-0.2.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.14-0.5.1 java-1_4_2-ibm-devel-1.4.2_sr13.14-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc): java-1_4_2-ibm-jdbc-1.4.2_sr13.14-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (i586): java-1_4_2-ibm-plugin-1.4.2_sr13.14-0.5.1 - SUSE Linux Enterprise Java 11 SP2 (i586 ppc64 s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.14-0.2.1 - SUSE Linux Enterprise Java 11 SP2 (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.14-0.2.1 java-1_4_2-ibm-plugin-1.4.2_sr13.14-0.2.1 - SUSE Linux Enterprise Java 10 SP4 (i586 ia64 ppc s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.14-0.5.1 java-1_4_2-ibm-devel-1.4.2_sr13.14-0.5.1 - SUSE Linux Enterprise Java 10 SP4 (i586 ppc): java-1_4_2-ibm-jdbc-1.4.2_sr13.14-0.5.1 - SUSE Linux Enterprise Java 10 SP4 (i586): java-1_4_2-ibm-plugin-1.4.2_sr13.14-0.5.1 References: https://bugzilla.novell.com/758651 https://bugzilla.novell.com/788750 http://download.novell.com/patch/finder/?keywords=a01a06d8f691fbd19a4c84cccb9cd2f1 http://download.novell.com/patch/finder/?keywords=cc64f4b8f8231d78d335786a3fa84851 From sle-security-updates at lists.suse.com Mon Nov 19 13:08:26 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 19 Nov 2012 21:08:26 +0100 (CET) Subject: SUSE-SU-2012:1503-1: important: Security update for libvirt Message-ID: <20121119200826.1F16232345@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1503-1 Rating: important References: #772586 #773621 #773626 #780432 Cross-References: CVE-2012-3497 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: libvirt received security and bugfixes: * CVE-2012-4423: Fixed a libvirt remote denial of service (crash) problem. The following bugs have been fixed: * qemu: Fix probing for guest capabilities * xen-xm: Generate UUID if not specified * xenParseXM: don't dereference NULL pointer when script is empty Security Issue references: * CVE-2012-4539 * CVE-2012-3497 * CVE-2012-4411 * CVE-2012-4535 * CVE-2012-4537 * CVE-2012-4536 * CVE-2012-4538 * CVE-2012-4539 * CVE-2012-4544 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libvirt-201211-7015 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libvirt-201211-7015 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libvirt-201211-7015 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): libvirt-devel-0.9.6-0.23.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (x86_64): libvirt-devel-32bit-0.9.6-0.23.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): libvirt-0.9.6-0.23.1 libvirt-client-0.9.6-0.23.1 libvirt-doc-0.9.6-0.23.1 libvirt-python-0.9.6-0.23.1 - SUSE Linux Enterprise Server 11 SP2 (x86_64): libvirt-client-32bit-0.9.6-0.23.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libvirt-0.9.6-0.23.1 libvirt-client-0.9.6-0.23.1 libvirt-doc-0.9.6-0.23.1 libvirt-python-0.9.6-0.23.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libvirt-client-32bit-0.9.6-0.23.1 References: http://support.novell.com/security/cve/CVE-2012-3497.html http://support.novell.com/security/cve/CVE-2012-4411.html http://support.novell.com/security/cve/CVE-2012-4535.html http://support.novell.com/security/cve/CVE-2012-4536.html http://support.novell.com/security/cve/CVE-2012-4537.html http://support.novell.com/security/cve/CVE-2012-4538.html http://support.novell.com/security/cve/CVE-2012-4539.html http://support.novell.com/security/cve/CVE-2012-4544.html https://bugzilla.novell.com/772586 https://bugzilla.novell.com/773621 https://bugzilla.novell.com/773626 https://bugzilla.novell.com/780432 http://download.novell.com/patch/finder/?keywords=6c77cedf2e828c0cfa0f10bbd2cdbb87 From sle-security-updates at lists.suse.com Tue Nov 20 10:08:42 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 20 Nov 2012 18:08:42 +0100 (CET) Subject: SUSE-SU-2012:1511-1: moderate: Security update for icedtea-web Message-ID: <20121120170842.C1D6D32341@maintenance.suse.de> SUSE Security Update: Security update for icedtea-web ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1511-1 Rating: moderate References: #784859 #785333 #786775 #787846 Cross-References: CVE-2012-4540 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. It includes one version update. Description: The IcedTea-Web Java plugin has been updated to version 1.3.1 to fix various bugs and security issues. 1.3.1 changes: * Security Updates o CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet * Common o PR1161: X509VariableTrustManager does not work correctly with OpenJDK7 fixes the self-signed issue (mentioned in bnc#784859, bnc#785333, bnc#786775) Security Issue reference: * CVE-2012-4540 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-icedtea-web-7041 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.3.1]: icedtea-web-1.3.1-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-4540.html https://bugzilla.novell.com/784859 https://bugzilla.novell.com/785333 https://bugzilla.novell.com/786775 https://bugzilla.novell.com/787846 http://download.novell.com/patch/finder/?keywords=fe843a85263c39ee81c6ce36f83bda27 From sle-security-updates at lists.suse.com Wed Nov 21 10:08:32 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 21 Nov 2012 18:08:32 +0100 (CET) Subject: SUSE-SU-2012:1489-2: important: Security update for IBM Java 1.7.0 Message-ID: <20121121170832.E266C3233D@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 1.7.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1489-2 Rating: important References: #788750 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Java 11 SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: IBM Java 1.7.0 has been updated to SR3 which fixes bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ CVEs fixed: CVE-2012-3159,CVE-2012-3216,CVE-2012-5070,CVE-2012-5067,CVE- 2012-3143,CVE-2012-5076,CVE-2012-5077,CVE-2012-5073,CVE-2012 -5074,CVE-2012-5075,CVE-2012-5083,CVE-2012-5083,CVE-2012-507 2,CVE-2012-1531,CVE-2012-5081,CVE-2012-1532,CVE-2012-1533,CV E-2012-5069,CVE-2012-5071,CVE-2012-5084,CVE-2012-5087,CVE-20 12-5086,CVE-2012-5079,CVE-2012-5088,CVE-2012-5089 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-java-1_7_0-ibm-7046 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-java-1_7_0-ibm-7046 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-java-1_7_0-ibm-7046 - SUSE Linux Enterprise Java 11 SP2: zypper in -t patch slejsp2-java-1_7_0-ibm-7046 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-devel-1.7.0_sr3.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): java-1_7_0-ibm-1.7.0_sr3.0-0.5.1 java-1_7_0-ibm-jdbc-1.7.0_sr3.0-0.5.1 java-1_7_0-ibm-plugin-1.7.0_sr3.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586): java-1_7_0-ibm-alsa-1.7.0_sr3.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr3.0-0.5.1 java-1_7_0-ibm-jdbc-1.7.0_sr3.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): java-1_7_0-ibm-plugin-1.7.0_sr3.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586): java-1_7_0-ibm-alsa-1.7.0_sr3.0-0.5.1 - SUSE Linux Enterprise Java 11 SP2 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr3.0-0.5.1 java-1_7_0-ibm-devel-1.7.0_sr3.0-0.5.1 java-1_7_0-ibm-jdbc-1.7.0_sr3.0-0.5.1 - SUSE Linux Enterprise Java 11 SP2 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr3.0-0.5.1 java-1_7_0-ibm-plugin-1.7.0_sr3.0-0.5.1 References: https://bugzilla.novell.com/788750 http://download.novell.com/patch/finder/?keywords=6af80338101f9a022afdf21e00326b65 From sle-security-updates at lists.suse.com Wed Nov 21 11:08:37 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 21 Nov 2012 19:08:37 +0100 (CET) Subject: SUSE-SU-2012:1520-1: important: Security update for libssh2 Message-ID: <20121121180837.71C0432342@maintenance.suse.de> SUSE Security Update: Security update for libssh2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1520-1 Rating: important References: #789827 Cross-References: CVE-2012-4562 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of libssh fixes multiple integer overflows. CVE-2012-4562 has been assigned to this issue. Security Issue reference: * CVE-2012-4562 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libssh2-7073 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libssh2-7073 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libssh2-0.2-5.18.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libssh2-0.2-5.18.1 References: http://support.novell.com/security/cve/CVE-2012-4562.html https://bugzilla.novell.com/789827 http://download.novell.com/patch/finder/?keywords=2e1c319ecc84f3419428796ffd252ae7 From sle-security-updates at lists.suse.com Thu Nov 22 13:08:27 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 22 Nov 2012 21:08:27 +0100 (CET) Subject: SUSE-SU-2012:1529-1: moderate: Security update for inst-source-utils Message-ID: <20121122200827.66EEA3233B@maintenance.suse.de> SUSE Security Update: Security update for inst-source-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1529-1 Rating: moderate References: #604730 Cross-References: CVE-2012-0427 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes two new package versions. Description: Multiple code execution flaws have been fixed that could have been exploited via specially crafted file names / directory path names. Security Issue reference: * CVE-2012-0427 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-inst-source-utils-6817 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-inst-source-utils-6817 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-inst-source-utils-6817 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-inst-source-utils-6817 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (noarch) [New Version: 2012.9.13]: inst-source-utils-2012.9.13-0.8.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch) [New Version: 2012.9.13]: inst-source-utils-2012.9.13-0.8.1 - SUSE Linux Enterprise Server 11 SP2 (noarch) [New Version: 2012.9.13]: inst-source-utils-2012.9.13-0.8.1 - SUSE Linux Enterprise Server 10 SP4 (noarch) [New Version: 2008.11.26]: inst-source-utils-2008.11.26-0.9.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 2012.9.13]: inst-source-utils-2012.9.13-0.8.1 - SUSE Linux Enterprise Desktop 10 SP4 (noarch) [New Version: 2008.11.26]: inst-source-utils-2008.11.26-0.9.1 References: http://support.novell.com/security/cve/CVE-2012-0427.html https://bugzilla.novell.com/604730 http://download.novell.com/patch/finder/?keywords=37a5722f1fdf0e2643b80548de09976b http://download.novell.com/patch/finder/?keywords=f35a1b0dc8ef2c77aa295b221038b7af From sle-security-updates at lists.suse.com Tue Nov 27 16:09:07 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Nov 2012 00:09:07 +0100 (CET) Subject: SUSE-SU-2012:1578-1: important: Security update for libotr Message-ID: <20121127230907.60E033233E@maintenance.suse.de> SUSE Security Update: Security update for libotr ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1578-1 Rating: important References: #777468 Cross-References: CVE-2012-3461 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes various heap overflows in libotr. CVE-2012-3461 has been assigned to this issue. Security Issue reference: * CVE-2012-3461 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libotr-7076 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libotr-7076 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libotr-7076 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libotr-7076 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libotr-devel-3.2.0-10.3.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): libotr2-3.2.0-10.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libotr2-3.2.0-10.3.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libotr2-3.2.0-10.3.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): libotr-3.0.0-16.9.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): libotr-3.0.0-16.9.1 libotr-devel-3.0.0-16.9.1 References: http://support.novell.com/security/cve/CVE-2012-3461.html https://bugzilla.novell.com/777468 http://download.novell.com/patch/finder/?keywords=185be6b158bccfaa385e8682935d125d http://download.novell.com/patch/finder/?keywords=fe4d1b88e23655d9450cf3fc8115a6e8 From sle-security-updates at lists.suse.com Wed Nov 28 13:08:27 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Nov 2012 21:08:27 +0100 (CET) Subject: SUSE-SU-2012:1588-1: important: Security update for IBM Java 1.6.0 Message-ID: <20121128200827.E178B32343@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 1.6.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1588-1 Rating: important References: #780491 #785631 #788750 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Java 10 SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: IBM Java 1.6.0 has been updated to SR12 which fixes bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ CVEs fixed: CVE-2012-3159, CVE-2012-3216, CVE-2012-5068, CVE-2012-3143, CVE-2012-5073, CVE-2012-5075, CVE-2012-5083, CVE-2012-5083, CVE-2012-5072, CVE-2012-1531, CVE-2012-5081, CVE-2012-1532, CVE-2012-1533, CVE-2012-5069, CVE-2012-5071, CVE-2012-5084, CVE-2012-5079, CVE-2012-5089 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ppc s390x x86_64): java-1_6_0-ibm-1.6.0_sr12.0-0.10.1 java-1_6_0-ibm-devel-1.6.0_sr12.0-0.10.1 java-1_6_0-ibm-fonts-1.6.0_sr12.0-0.10.1 java-1_6_0-ibm-jdbc-1.6.0_sr12.0-0.10.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64): java-1_6_0-ibm-plugin-1.6.0_sr12.0-0.10.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): java-1_6_0-ibm-32bit-1.6.0_sr12.0-0.10.1 java-1_6_0-ibm-devel-32bit-1.6.0_sr12.0-0.10.1 - SUSE Linux Enterprise Server 10 SP4 (x86_64): java-1_6_0-ibm-alsa-32bit-1.6.0_sr12.0-0.10.1 java-1_6_0-ibm-plugin-32bit-1.6.0_sr12.0-0.10.1 - SUSE Linux Enterprise Server 10 SP4 (i586): java-1_6_0-ibm-alsa-1.6.0_sr12.0-0.10.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): java-1_6_0-ibm-64bit-1.6.0_sr12.0-0.10.1 - SUSE Linux Enterprise Java 10 SP4 (x86_64): java-1_6_0-ibm-1.6.0_sr12.0-0.10.1 java-1_6_0-ibm-devel-1.6.0_sr12.0-0.10.1 java-1_6_0-ibm-fonts-1.6.0_sr12.0-0.10.1 java-1_6_0-ibm-jdbc-1.6.0_sr12.0-0.10.1 java-1_6_0-ibm-plugin-1.6.0_sr12.0-0.10.1 References: https://bugzilla.novell.com/780491 https://bugzilla.novell.com/785631 https://bugzilla.novell.com/788750 http://download.novell.com/patch/finder/?keywords=94ebbbaeb864d11273a4fe129dc23269 From sle-security-updates at lists.suse.com Wed Nov 28 17:08:37 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Nov 2012 01:08:37 +0100 (CET) Subject: SUSE-SU-2012:1592-1: important: Security update for Mozilla Firefox Message-ID: <20121129000837.16F8032274@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1592-1 Rating: important References: #790140 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes two new package versions. Description: Mozilla Firefox has been updated to the 10.0.11 ESR security release, which fixes various bugs and security issues. * MFSA 2012-106: Security researcher miaubiz used the Address Sanitizer tool to discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that have been fixed before general release. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11: o use-after-free when loading html file on osx (CVE-2012-5830) o Mesa crashes on certain texImage2D calls involving level>0 (CVE-2012-5833) o integer overflow, invalid write w/webgl bufferdata (CVE-2012-5835) The following issues have been fixed in Firefox 17: o crash in copyTexImage2D with image dimensions too large for given level (CVE-2012-5838) * MFSA 2012-105: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that have been fixed before general release. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11: o Heap-use-after-free in nsTextEditorState::PrepareEditor (CVE-2012-4214) o Heap-use-after-free in nsPlaintextEditor::FireClipboardEvent (CVE-2012-4215) o Heap-use-after-free in gfxFont::GetFontEntry (CVE-2012-4216) o Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829) o heap-buffer-overflow in gfxShapedWord::CompressedGlyph::IsClusterStart o CVE-2012-5839 o Heap-use-after-free in nsTextEditorState::PrepareEditor (CVE-2012-5840) The following issues have been fixed in Firefox 17: o Heap-use-after-free in XPCWrappedNative::Mark (CVE-2012-4212) o Heap-use-after-free in nsEditor::FindNextLeafNode (CVE-2012-4213) o Heap-use-after-free in nsViewManager::ProcessPendingUpdates (CVE-2012-4217) o Heap-use-after-free BuildTextRunsScanner::BreakSink::SetBreaks (CVE-2012-4218) * MFSA 2012-104 / CVE-2012-4210: Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution. * MFSA 2012-103 / CVE-2012-4209: Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location with a frame whose name attribute's value is set to "top". This can allow for possible cross-site scripting (XSS) attacks through plugins. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-102 / CVE-2012-5837: Security researcher Masato Kinugawa reported that when script is entered into the Developer Toolbar, it runs in a chrome privileged context. This allows for arbitrary code execution or cross-site scripting (XSS) if a user can be convinced to paste malicious code into the Developer Toolbar. * MFSA 2012-101 / CVE-2012-4207: Security researcher Masato Kinugawa found when HZ-GB-2312 charset encoding is used for text, the "~" character will destroy another character near the chunk delimiter. This can lead to a cross-site scripting (XSS) attack in pages encoded in HZ-GB-2312. * MFSA 2012-100 / CVE-2012-5841: Mozilla developer Bobby Holley reported that security wrappers filter at the time of property access, but once a function is returned, the caller can use this function without further security checks. This affects cross-origin wrappers, allowing for write actions on objects when only read actions should be properly allowed. This can lead to cross-site scripting (XSS) attacks. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-99 / CVE-2012-4208: Mozilla developer Peter Van der Beken discovered that same-origin XrayWrappers expose chrome-only properties even when not in a chrome compartment. This can allow web content to get properties of DOM objects that are intended to be chrome-only. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-98 / CVE-2012-4206: Security researcher Robert Kugler reported that when a specifically named DLL file on a Windows computer is placed in the default downloads directory with the Firefox installer, the Firefox installer will load this DLL when it is launched. In circumstances where the installer is run by an administrator privileged account, this allows for the downloaded DLL file to be run with administrator privileges. This can lead to arbitrary code execution from a privileged account. * MFSA 2012-97 / CVE-2012-4205: Mozilla developer Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery (CSRF) or information theft via an add-on running untrusted code in a sandbox. * MFSA 2012-96 / CVE-2012-4204: Security researcher Scott Bell of Security-Assessment.com used the Address Sanitizer tool to discover a memory corruption in str_unescape in the Javascript engine. This could potentially lead to arbitrary code execution. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-95 / CVE-2012-4203: Security researcher kakzz.ng at gmail.com reported that if a javascript: URL is selected from the list of Firefox "new tab" page, the script will inherit the privileges of the privileged "new tab" page. This allows for the execution of locally installed programs if a user can be convinced to save a bookmark of a malicious javascript: URL. * MFSA 2012-94 / CVE-2012-5836: Security researcher Jonathan Stephens discovered that combining SVG text on a path with the setting of CSS properties could lead to a potentially exploitable crash. * MFSA 2012-93 / CVE-2012-4201: Mozilla security researcher moz_bug_r_a4 reported that if code executed by the evalInSandbox function sets location.href, it can get the wrong subject principal for the URL check, ignoring the sandbox's Javascript context and gaining the context of evalInSandbox object. This can lead to malicious web content being able to perform a cross-site scripting (XSS) attack or stealing a copy of a local file if the user has installed an add-on vulnerable to this attack. * MFSA 2012-92 / CVE-2012-4202: Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution. * MFSA 2012-91: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, and Bill McCloskey reported memory safety problems and crashes that affect Firefox 16. (CVE-2012-5843) Jesse Ruderman, Andrew McCreight, Bob Clary, and Kyle Huey reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 16. (CVE-2012-5842) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-firefox-20121121-7093 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-firefox-20121121-7093 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-firefox-20121121-7093 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-firefox-20121121-7093 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.14]: mozilla-nss-devel-3.14-0.3.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 10.0.11 and 3.14]: MozillaFirefox-10.0.11-0.3.1 MozillaFirefox-translations-10.0.11-0.3.1 libfreebl3-3.14-0.3.1 mozilla-nss-3.14-0.3.1 mozilla-nss-tools-3.14-0.3.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 3.14]: libfreebl3-32bit-3.14-0.3.1 mozilla-nss-32bit-3.14-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.11 and 3.14]: MozillaFirefox-10.0.11-0.3.1 MozillaFirefox-translations-10.0.11-0.3.1 libfreebl3-3.14-0.3.1 mozilla-nss-3.14-0.3.1 mozilla-nss-tools-3.14-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 3.14]: libfreebl3-32bit-3.14-0.3.1 mozilla-nss-32bit-3.14-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 3.14]: libfreebl3-x86-3.14-0.3.1 mozilla-nss-x86-3.14-0.3.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.14]: mozilla-nss-3.14-0.6.1 mozilla-nss-devel-3.14-0.6.1 mozilla-nss-tools-3.14-0.6.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x): MozillaFirefox-10.0.11-0.5.1 MozillaFirefox-translations-10.0.11-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 3.14]: mozilla-nss-32bit-3.14-0.6.1 - SUSE Linux Enterprise Server 10 SP4 (ia64) [New Version: 3.14]: mozilla-nss-x86-3.14-0.6.1 - SUSE Linux Enterprise Server 10 SP4 (ppc) [New Version: 3.14]: mozilla-nss-64bit-3.14-0.6.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 10.0.11 and 3.14]: MozillaFirefox-10.0.11-0.3.1 MozillaFirefox-translations-10.0.11-0.3.1 libfreebl3-3.14-0.3.1 mozilla-nss-3.14-0.3.1 mozilla-nss-tools-3.14-0.3.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 3.14]: libfreebl3-32bit-3.14-0.3.1 mozilla-nss-32bit-3.14-0.3.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 3.14]: mozilla-nss-3.14-0.6.1 mozilla-nss-devel-3.14-0.6.1 mozilla-nss-tools-3.14-0.6.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 3.14]: mozilla-nss-32bit-3.14-0.6.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586): MozillaFirefox-10.0.11-0.5.1 MozillaFirefox-translations-10.0.11-0.5.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.14]: mozilla-nss-tools-3.14-0.6.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x): MozillaFirefox-branding-upstream-10.0.11-0.5.1 References: https://bugzilla.novell.com/790140 http://download.novell.com/patch/finder/?keywords=8f4e08deca5960ae494ddceeb6c10708 http://download.novell.com/patch/finder/?keywords=be7a175297dfe6897d72c7cf8ca67245 From sle-security-updates at lists.suse.com Fri Nov 30 13:08:33 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 30 Nov 2012 21:08:33 +0100 (CET) Subject: SUSE-SU-2012:1595-1: important: Security update for IBM Java 1.6.0 Message-ID: <20121130200833.2004232256@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 1.6.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1595-1 Rating: important References: #785631 #788750 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Java 11 SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: IBM Java 1.6.0 has been updated to SR12 which fixes bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ CVEs fixed: CVE-2012-3159, CVE-2012-3216, CVE-2012-5068, CVE-2012-3143, CVE-2012-5073, CVE-2012-5075, CVE-2012-5083, CVE-2012-5083, CVE-2012-5072, CVE-2012-1531, CVE-2012-5081, CVE-2012-1532, CVE-2012-1533, CVE-2012-5069, CVE-2012-5071, CVE-2012-5084, CVE-2012-5079, CVE-2012-5089 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-java-1_6_0-ibm-7095 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-java-1_6_0-ibm-7095 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-java-1_6_0-ibm-7095 - SUSE Linux Enterprise Java 11 SP2: zypper in -t patch slejsp2-java-1_6_0-ibm-7095 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-devel-1.6.0_sr12.0-0.5.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): java-1_6_0-ibm-1.6.0_sr12.0-0.5.1 java-1_6_0-ibm-fonts-1.6.0_sr12.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): java-1_6_0-ibm-1.6.0_sr12.0-0.5.1 java-1_6_0-ibm-fonts-1.6.0_sr12.0-0.5.1 java-1_6_0-ibm-jdbc-1.6.0_sr12.0-0.5.1 java-1_6_0-ibm-plugin-1.6.0_sr12.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586): java-1_6_0-ibm-alsa-1.6.0_sr12.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr12.0-0.5.1 java-1_6_0-ibm-fonts-1.6.0_sr12.0-0.5.1 java-1_6_0-ibm-jdbc-1.6.0_sr12.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr12.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586): java-1_6_0-ibm-alsa-1.6.0_sr12.0-0.5.1 - SUSE Linux Enterprise Java 11 SP2 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr12.0-0.5.1 java-1_6_0-ibm-devel-1.6.0_sr12.0-0.5.1 java-1_6_0-ibm-fonts-1.6.0_sr12.0-0.5.1 java-1_6_0-ibm-jdbc-1.6.0_sr12.0-0.5.1 - SUSE Linux Enterprise Java 11 SP2 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr12.0-0.5.1 - SUSE Linux Enterprise Java 11 SP2 (i586): java-1_6_0-ibm-alsa-1.6.0_sr12.0-0.5.1 References: https://bugzilla.novell.com/785631 https://bugzilla.novell.com/788750 http://download.novell.com/patch/finder/?keywords=5a12f1af483115fdac3b86d87bb0d68c