From sle-security-updates at lists.suse.com Mon Jul 1 11:04:09 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Jul 2013 19:04:09 +0200 (CEST) Subject: SUSE-SU-2013:1059-2: moderate: Security update for clamav Message-ID: <20130701170409.D488C32139@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1059-2 Rating: moderate References: #816865 Cross-References: CVE-2013-2020 CVE-2013-2021 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: This release of clamav provides version 0.97.8 and fixes several potential security issues (bnc#816865): * CVE-2013-2020: Fix heap corruption * CVE-2013-2021: Fix overflow due to PDF key length computation. Security Issue references: * CVE-2013-2020 * CVE-2013-2021 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-clamav-7915 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-clamav-7915 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-clamav-7915 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 0.97.8]: clamav-0.97.8-0.2.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.97.8]: clamav-0.97.8-0.2.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 0.97.8]: clamav-0.97.8-0.2.1 References: http://support.novell.com/security/cve/CVE-2013-2020.html http://support.novell.com/security/cve/CVE-2013-2021.html https://bugzilla.novell.com/816865 http://download.novell.com/patch/finder/?keywords=6da024ec050086bf133f786c65c215cc From sle-security-updates at lists.suse.com Mon Jul 1 11:04:13 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Jul 2013 19:04:13 +0200 (CEST) Subject: SUSE-SU-2013:1112-1: moderate: Security update for openstack-swift Message-ID: <20130701170413.3A36C3213D@maintenance.suse.de> SUSE Security Update: Security update for openstack-swift ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1112-1 Rating: moderate References: #824286 Cross-References: CVE-2013-2161 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of openstack-swift fixes a vulnerability in XML handling within the Swift account server (bnc#824286 / CVE-2013-2161) Security Issue reference: * CVE-2013-2161 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-openstack-swift-7864 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (x86_64): openstack-swift-1.4.8+git.1332408124.4a6fead-0.13.1 openstack-swift-account-1.4.8+git.1332408124.4a6fead-0.13.1 openstack-swift-container-1.4.8+git.1332408124.4a6fead-0.13.1 openstack-swift-doc-1.4.8+git.1332408124.4a6fead-0.13.1 openstack-swift-object-1.4.8+git.1332408124.4a6fead-0.13.1 openstack-swift-proxy-1.4.8+git.1332408124.4a6fead-0.13.1 python-swift-1.4.8+git.1332408124.4a6fead-0.13.1 References: http://support.novell.com/security/cve/CVE-2013-2161.html https://bugzilla.novell.com/824286 http://download.novell.com/patch/finder/?keywords=47e9ab2536215cb233a5fa8322820291 From sle-security-updates at lists.suse.com Mon Jul 1 11:04:16 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Jul 2013 19:04:16 +0200 (CEST) Subject: SUSE-SU-2013:1113-1: moderate: Security update for openstack-keystone Message-ID: <20130701170416.67C773213D@maintenance.suse.de> SUSE Security Update: Security update for openstack-keystone ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1113-1 Rating: moderate References: #818596 #823783 Cross-References: CVE-2013-2059 CVE-2013-2157 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes security vulnerabilities within openstack-keystone. * Vulnerable Keystone LDAP backend authentication (bnc#823783 / CVE-2013-2157) * Keystone tokens were not immediately invalidated when user was deleted (bnc#818596 / CVE-2013-2059) Security Issue references: * CVE-2013-2157 * CVE-2013-2059 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-openstack-keystone-7863 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (x86_64): openstack-keystone-2012.1+git.1361360075.f48dd0f-0.5.1 openstack-keystone-doc-2012.1+git.1361360075.f48dd0f-0.5.1 python-keystone-2012.1+git.1361360075.f48dd0f-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-2059.html http://support.novell.com/security/cve/CVE-2013-2157.html https://bugzilla.novell.com/818596 https://bugzilla.novell.com/823783 http://download.novell.com/patch/finder/?keywords=d80cf71c4dbecaa6df6fc448eea5bbbd From sle-security-updates at lists.suse.com Mon Jul 1 12:04:12 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Jul 2013 20:04:12 +0200 (CEST) Subject: SUSE-SU-2013:1039-2: important: Security update for flash-player Message-ID: <20130701180412.A8AAF3213D@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1039-2 Rating: important References: #824512 Cross-References: CVE-2013-3343 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: Adobe flash-player has been updated to the 11.2.202.291 security update which fixes security issues (bnc#824512, CVE-2013-3343, APSB13-16). Security Issue reference: * CVE-2013-3343 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-7917 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.291]: flash-player-11.2.202.291-0.3.1 flash-player-gnome-11.2.202.291-0.3.1 flash-player-kde4-11.2.202.291-0.3.1 References: http://support.novell.com/security/cve/CVE-2013-3343.html https://bugzilla.novell.com/824512 http://download.novell.com/patch/finder/?keywords=ecac9ef0850e33c0354dc97e8e47c86f From sle-security-updates at lists.suse.com Tue Jul 2 11:04:20 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Jul 2013 19:04:20 +0200 (CEST) Subject: SUSE-SU-2013:0835-3: important: Security update for IBM Java Message-ID: <20130702170420.45BE73213C@maintenance.suse.de> SUSE Security Update: Security update for IBM Java ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0835-3 Rating: important References: #592934 #819288 Cross-References: CVE-2013-0401 CVE-2013-1491 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1563 CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2394 CVE-2013-2417 CVE-2013-2418 CVE-2013-2419 CVE-2013-2420 CVE-2013-2422 CVE-2013-2424 CVE-2013-2429 CVE-2013-2430 CVE-2013-2432 CVE-2013-2433 CVE-2013-2435 CVE-2013-2440 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that fixes 22 vulnerabilities is now available. Description: IBM Java 1.6.0 has been updated to SR13-FP2 which fixes bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ Security Issue references: * CVE-2013-2422 * CVE-2013-1491 * CVE-2013-2435 * CVE-2013-2420 * CVE-2013-2432 * CVE-2013-1569 * CVE-2013-2384 * CVE-2013-2383 * CVE-2013-1557 * CVE-2013-1537 * CVE-2013-2440 * CVE-2013-2429 * CVE-2013-2430 * CVE-2013-1563 * CVE-2013-2394 * CVE-2013-0401 * CVE-2013-2424 * CVE-2013-2419 * CVE-2013-2417 * CVE-2013-2418 * CVE-2013-1540 * CVE-2013-2433 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-java-1_6_0-ibm-7920 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-java-1_6_0-ibm-7920 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-java-1_6_0-ibm-7920 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-devel-1.6.0_sr13.2-0.3.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): java-1_6_0-ibm-1.6.0_sr13.2-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr13.2-0.3.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): java-1_6_0-ibm-1.6.0_sr13.2-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr13.2-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr13.2-0.3.1 java-1_6_0-ibm-plugin-1.6.0_sr13.2-0.3.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586): java-1_6_0-ibm-alsa-1.6.0_sr13.2-0.3.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr13.2-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr13.2-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr13.2-0.3.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr13.2-0.3.1 - SUSE Linux Enterprise Server 11 SP3 (i586): java-1_6_0-ibm-alsa-1.6.0_sr13.2-0.3.1 References: http://support.novell.com/security/cve/CVE-2013-0401.html http://support.novell.com/security/cve/CVE-2013-1491.html http://support.novell.com/security/cve/CVE-2013-1537.html http://support.novell.com/security/cve/CVE-2013-1540.html http://support.novell.com/security/cve/CVE-2013-1557.html http://support.novell.com/security/cve/CVE-2013-1563.html http://support.novell.com/security/cve/CVE-2013-1569.html http://support.novell.com/security/cve/CVE-2013-2383.html http://support.novell.com/security/cve/CVE-2013-2384.html http://support.novell.com/security/cve/CVE-2013-2394.html http://support.novell.com/security/cve/CVE-2013-2417.html http://support.novell.com/security/cve/CVE-2013-2418.html http://support.novell.com/security/cve/CVE-2013-2419.html http://support.novell.com/security/cve/CVE-2013-2420.html http://support.novell.com/security/cve/CVE-2013-2422.html http://support.novell.com/security/cve/CVE-2013-2424.html http://support.novell.com/security/cve/CVE-2013-2429.html http://support.novell.com/security/cve/CVE-2013-2430.html http://support.novell.com/security/cve/CVE-2013-2432.html http://support.novell.com/security/cve/CVE-2013-2433.html http://support.novell.com/security/cve/CVE-2013-2435.html http://support.novell.com/security/cve/CVE-2013-2440.html https://bugzilla.novell.com/592934 https://bugzilla.novell.com/819288 http://download.novell.com/patch/finder/?keywords=62974895920e0150fbefc2d3825d8cf3 From sle-security-updates at lists.suse.com Wed Jul 3 07:04:15 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 3 Jul 2013 15:04:15 +0200 (CEST) Subject: SUSE-SU-2013:0871-2: important: Security update for IBM Java Message-ID: <20130703130415.6C7663213F@maintenance.suse.de> SUSE Security Update: Security update for IBM Java ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0871-2 Rating: important References: #592934 #819285 #819288 Cross-References: CVE-2013-0401 CVE-2013-1491 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1563 CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2394 CVE-2013-2417 CVE-2013-2418 CVE-2013-2419 CVE-2013-2420 CVE-2013-2422 CVE-2013-2424 CVE-2013-2429 CVE-2013-2430 CVE-2013-2432 CVE-2013-2433 CVE-2013-2435 CVE-2013-2440 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that fixes 22 vulnerabilities is now available. Description: IBM Java 1.7.0 has been updated to SR4-FP2 which fixes bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ Security Issue references: * CVE-2013-2422 * CVE-2013-1491 * CVE-2013-2435 * CVE-2013-2420 * CVE-2013-2432 * CVE-2013-1569 * CVE-2013-2384 * CVE-2013-2383 * CVE-2013-1557 * CVE-2013-1537 * CVE-2013-2440 * CVE-2013-2429 * CVE-2013-2430 * CVE-2013-1563 * CVE-2013-2394 * CVE-2013-0401 * CVE-2013-2424 * CVE-2013-2419 * CVE-2013-2417 * CVE-2013-2418 * CVE-2013-1540 * CVE-2013-2433 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-java-1_7_0-ibm-7921 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-java-1_7_0-ibm-7921 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-java-1_7_0-ibm-7921 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-devel-1.7.0_sr4.2-0.6.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): java-1_7_0-ibm-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-alsa-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-jdbc-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-plugin-1.7.0_sr4.2-0.6.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-jdbc-1.7.0_sr4.2-0.6.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-plugin-1.7.0_sr4.2-0.6.1 References: http://support.novell.com/security/cve/CVE-2013-0401.html http://support.novell.com/security/cve/CVE-2013-1491.html http://support.novell.com/security/cve/CVE-2013-1537.html http://support.novell.com/security/cve/CVE-2013-1540.html http://support.novell.com/security/cve/CVE-2013-1557.html http://support.novell.com/security/cve/CVE-2013-1563.html http://support.novell.com/security/cve/CVE-2013-1569.html http://support.novell.com/security/cve/CVE-2013-2383.html http://support.novell.com/security/cve/CVE-2013-2384.html http://support.novell.com/security/cve/CVE-2013-2394.html http://support.novell.com/security/cve/CVE-2013-2417.html http://support.novell.com/security/cve/CVE-2013-2418.html http://support.novell.com/security/cve/CVE-2013-2419.html http://support.novell.com/security/cve/CVE-2013-2420.html http://support.novell.com/security/cve/CVE-2013-2422.html http://support.novell.com/security/cve/CVE-2013-2424.html http://support.novell.com/security/cve/CVE-2013-2429.html http://support.novell.com/security/cve/CVE-2013-2430.html http://support.novell.com/security/cve/CVE-2013-2432.html http://support.novell.com/security/cve/CVE-2013-2433.html http://support.novell.com/security/cve/CVE-2013-2435.html http://support.novell.com/security/cve/CVE-2013-2440.html https://bugzilla.novell.com/592934 https://bugzilla.novell.com/819285 https://bugzilla.novell.com/819288 http://download.novell.com/patch/finder/?keywords=735ff60a60ece53569a56a53ea726bcd From sle-security-updates at lists.suse.com Wed Jul 3 11:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 3 Jul 2013 19:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1058-2: Security update for gpg2 Message-ID: <20130703170411.3ECA03213F@maintenance.suse.de> SUSE Security Update: Security update for gpg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1058-2 Rating: low References: #780943 #798465 #808958 Cross-References: CVE-2012-6085 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for gpg2 provides the following fixes: * #780943: Set proper file permissions when en/de-crypting files. * #798465: Fix an issue that could cause corruption of the public keys database. (CVE-2012-6085) * #808958: Select proper ciphers when running in FIPS mode. Security Issue reference: * CVE-2012-6085 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-gpg2-7919 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-gpg2-7919 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-gpg2-7919 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): gpg2-2.0.9-25.33.33.5 gpg2-lang-2.0.9-25.33.33.5 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): gpg2-2.0.9-25.33.33.5 gpg2-lang-2.0.9-25.33.33.5 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): gpg2-2.0.9-25.33.33.5 gpg2-lang-2.0.9-25.33.33.5 References: http://support.novell.com/security/cve/CVE-2012-6085.html https://bugzilla.novell.com/780943 https://bugzilla.novell.com/798465 https://bugzilla.novell.com/808958 http://download.novell.com/patch/finder/?keywords=fa49b353b606098b10b9beb0800c9c56 From sle-security-updates at lists.suse.com Thu Jul 4 14:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jul 2013 22:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1060-2: important: Security update for GnuTLS Message-ID: <20130704200410.7C3BC321EA@maintenance.suse.de> SUSE Security Update: Security update for GnuTLS ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1060-2 Rating: important References: #821818 Cross-References: CVE-2013-2116 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of GnuTLS fixes a regression introduced by the previous update that could have resulted in a Denial of Service (application crash). Security Issue reference: * CVE-2013-2116 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-gnutls-7918 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-gnutls-7918 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-gnutls-7918 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-gnutls-7918 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-gnutls-7918 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libgnutls-devel-2.4.1-24.39.47.1 libgnutls-extra-devel-2.4.1-24.39.47.1 libgnutls-extra26-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): gnutls-2.4.1-24.39.47.1 libgnutls-extra26-2.4.1-24.39.47.1 libgnutls26-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libgnutls26-32bit-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): gnutls-2.4.1-24.39.47.1 libgnutls-extra26-2.4.1-24.39.47.1 libgnutls26-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libgnutls26-32bit-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libgnutls26-x86-2.4.1-24.39.47.1 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): libgnutls-extra26-2.4.1-24.39.47.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): gnutls-2.4.1-24.39.47.1 libgnutls26-2.4.1-24.39.47.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libgnutls26-32bit-2.4.1-24.39.47.1 References: http://support.novell.com/security/cve/CVE-2013-2116.html https://bugzilla.novell.com/821818 http://download.novell.com/patch/finder/?keywords=adf9719f0b0ed0da7989b5e53af8854c From sle-security-updates at lists.suse.com Fri Jul 5 10:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Jul 2013 18:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1150-1: important: Security update for openswan Message-ID: <20130705160411.8401332245@maintenance.suse.de> SUSE Security Update: Security update for openswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1150-1 Rating: important References: #824316 Cross-References: CVE-2013-2053 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This openswan update fixes a remote buffer overflow issue (bnc#824316 / CVE-2013-2053). Security Issue reference: * CVE-2013-2053 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-openswan-7925 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-openswan-7925 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): openswan-2.6.16-1.38.1 openswan-doc-2.6.16-1.38.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): openswan-2.6.16-1.38.1 openswan-doc-2.6.16-1.38.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): openswan-2.4.4-18.21.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): openswan-2.4.4-18.21.1 References: http://support.novell.com/security/cve/CVE-2013-2053.html https://bugzilla.novell.com/824316 http://download.novell.com/patch/finder/?keywords=4e623ae4a993ce51b1b6b7d9b96ebcb5 http://download.novell.com/patch/finder/?keywords=f043270acc009a30fe4516ffd47e47d9 From sle-security-updates at lists.suse.com Fri Jul 5 13:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Jul 2013 21:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1151-1: important: Security update for Linux kernel Message-ID: <20130705190411.3C2FF32240@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1151-1 Rating: important References: #825657 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 2 kernel was respun with the 3.0.80 update to fix a severe compatibility problem with kernel module packages (KMPs) like e.g. drbd. An incompatible ABI change could lead to those modules not correctly working or crashing on loading and is fixed by this update. Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kernel-7954 slessp2-kernel-7960 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kernel-7954 slessp2-kernel-7957 slessp2-kernel-7958 slessp2-kernel-7959 slessp2-kernel-7960 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-kernel-7954 sleshasp2-kernel-7957 sleshasp2-kernel-7958 sleshasp2-kernel-7959 sleshasp2-kernel-7960 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kernel-7954 sledsp2-kernel-7960 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.80]: kernel-default-3.0.80-0.7.1 kernel-default-base-3.0.80-0.7.1 kernel-default-devel-3.0.80-0.7.1 kernel-source-3.0.80-0.7.1 kernel-syms-3.0.80-0.7.1 kernel-trace-3.0.80-0.7.1 kernel-trace-base-3.0.80-0.7.1 kernel-trace-devel-3.0.80-0.7.1 kernel-xen-devel-3.0.80-0.7.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xen-kmp-trace-4.1.5_02_3.0.80_0.7-0.5.18 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.80]: kernel-pae-3.0.80-0.7.1 kernel-pae-base-3.0.80-0.7.1 kernel-pae-devel-3.0.80-0.7.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.80]: kernel-default-3.0.80-0.7.1 kernel-default-base-3.0.80-0.7.1 kernel-default-devel-3.0.80-0.7.1 kernel-source-3.0.80-0.7.1 kernel-syms-3.0.80-0.7.1 kernel-trace-3.0.80-0.7.1 kernel-trace-base-3.0.80-0.7.1 kernel-trace-devel-3.0.80-0.7.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.80]: kernel-ec2-3.0.80-0.7.1 kernel-ec2-base-3.0.80-0.7.1 kernel-ec2-devel-3.0.80-0.7.1 kernel-xen-3.0.80-0.7.1 kernel-xen-base-3.0.80-0.7.1 kernel-xen-devel-3.0.80-0.7.1 - SUSE Linux Enterprise Server 11 SP2 (x86_64): xen-kmp-default-4.1.5_02_3.0.80_0.7-0.5.18 xen-kmp-trace-4.1.5_02_3.0.80_0.7-0.5.18 - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.80]: kernel-default-man-3.0.80-0.7.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.80]: kernel-ppc64-3.0.80-0.7.1 kernel-ppc64-base-3.0.80-0.7.1 kernel-ppc64-devel-3.0.80-0.7.1 - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.80]: kernel-pae-3.0.80-0.7.1 kernel-pae-base-3.0.80-0.7.1 kernel-pae-devel-3.0.80-0.7.1 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.80_0.7-2.18.51 cluster-network-kmp-trace-1.4_3.0.80_0.7-2.18.51 gfs2-kmp-default-2_3.0.80_0.7-0.7.81 gfs2-kmp-trace-2_3.0.80_0.7-0.7.81 ocfs2-kmp-default-1.6_3.0.80_0.7-0.11.50 ocfs2-kmp-trace-1.6_3.0.80_0.7-0.11.50 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.80_0.7-2.18.51 gfs2-kmp-xen-2_3.0.80_0.7-0.7.81 ocfs2-kmp-xen-1.6_3.0.80_0.7-0.11.50 - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.80_0.7-2.18.51 gfs2-kmp-ppc64-2_3.0.80_0.7-0.7.81 ocfs2-kmp-ppc64-1.6_3.0.80_0.7-0.11.50 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586): cluster-network-kmp-pae-1.4_3.0.80_0.7-2.18.51 gfs2-kmp-pae-2_3.0.80_0.7-0.7.81 ocfs2-kmp-pae-1.6_3.0.80_0.7-0.11.50 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.80]: kernel-default-3.0.80-0.7.1 kernel-default-base-3.0.80-0.7.1 kernel-default-devel-3.0.80-0.7.1 kernel-default-extra-3.0.80-0.7.1 kernel-source-3.0.80-0.7.1 kernel-syms-3.0.80-0.7.1 kernel-trace-3.0.80-0.7.1 kernel-trace-base-3.0.80-0.7.1 kernel-trace-devel-3.0.80-0.7.1 kernel-trace-extra-3.0.80-0.7.1 kernel-xen-3.0.80-0.7.1 kernel-xen-base-3.0.80-0.7.1 kernel-xen-devel-3.0.80-0.7.1 kernel-xen-extra-3.0.80-0.7.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xen-kmp-default-4.1.5_02_3.0.80_0.7-0.5.18 xen-kmp-trace-4.1.5_02_3.0.80_0.7-0.5.18 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.80]: kernel-pae-3.0.80-0.7.1 kernel-pae-base-3.0.80-0.7.1 kernel-pae-devel-3.0.80-0.7.1 kernel-pae-extra-3.0.80-0.7.1 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): ext4-writeable-kmp-default-0_3.0.80_0.7-0.14.62 ext4-writeable-kmp-trace-0_3.0.80_0.7-0.14.62 kernel-default-extra-3.0.80-0.7.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.80_0.7-0.14.62 kernel-xen-extra-3.0.80-0.7.1 - SLE 11 SERVER Unsupported Extras (ppc64): ext4-writeable-kmp-ppc64-0_3.0.80_0.7-0.14.62 kernel-ppc64-extra-3.0.80-0.7.1 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.80_0.7-0.14.62 kernel-pae-extra-3.0.80-0.7.1 References: https://bugzilla.novell.com/825657 http://download.novell.com/patch/finder/?keywords=2933fc1d318570fd29fc9c882118e2f9 http://download.novell.com/patch/finder/?keywords=3979393609bc7fc0060c84d8f6c614c9 http://download.novell.com/patch/finder/?keywords=42ff2be8ec2fb21f7d494600848c4ad6 http://download.novell.com/patch/finder/?keywords=511f063f92e4fd065bc4f18cd512dd97 http://download.novell.com/patch/finder/?keywords=75d8104813f10db3bb35f4b6cf167e3b http://download.novell.com/patch/finder/?keywords=8e023846e9b2123c71d7008b4f22b419 http://download.novell.com/patch/finder/?keywords=94d76106e50952487c5aea15fedb7f6b http://download.novell.com/patch/finder/?keywords=af79d110bc75684f84ac6baab338862e http://download.novell.com/patch/finder/?keywords=b60e1d289121ae78ca5a36000a3bcd58 http://download.novell.com/patch/finder/?keywords=f868176ad335455918aedbb9666e1a3c From sle-security-updates at lists.suse.com Fri Jul 5 14:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Jul 2013 22:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1152-1: important: Security update for Mozilla Firefox Message-ID: <20130705200411.2254E32232@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1152-1 Rating: important References: #792432 #813026 #819204 #825935 Cross-References: CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1697 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. It includes one version update. Description: Mozilla Firefox has been updated to the 17.0.7 ESR version, which fixes bugs and security fixes. * MFSA 2013-49: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Jesse Ruderman, and Andrew McCreight reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 21. (CVE-2013-1682) * MFSA 2013-50: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release. o Heap-use-after-free in mozilla::dom::HTMLMediaElement::LookupMediaElementURITable (CVE-2013-1684) o Heap-use-after-free in nsIDocument::GetRootElement (CVE-2013-1685) o Heap-use-after-free in mozilla::ResetDir (CVE-2013-1686) * MFSA 2013-51 / CVE-2013-1687: Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be bypassed by web content to access privileged methods, leading to a cross-site scripting (XSS) attack from privileged pages. * MFSA 2013-53 / CVE-2013-1690: Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable. * MFSA 2013-54 / CVE-2013-1692: Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes agains the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests. * MFSA 2013-55 / CVE-2013-1693: Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure. * MFSA 2013-59 / CVE-2013-1697: Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values. * MFSA 2013-30: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, and Joe Drew reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 19. (CVE-2013-0788) * MFSA 2013-31 / CVE-2013-0800: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading to a potentially exploitable crash in some instances. * MFSA 2013-32 / CVE-2013-0799: Security researcher Frederic Hoguin discovered that the Mozilla Maintenance Service on Windows was vulnerable to a buffer overflow. This system is used to update software without invoking the User Account Control (UAC) prompt. The Mozilla Maintenance Service is configured to allow unprivileged users to start it with arbitrary arguments. By manipulating the data passed in these arguments, an attacker can execute arbitrary code with the system privileges used by the service. This issue requires local file system access to be exploitable. * MFSA 2013-34 / CVE-2013-0797: Security researcher Ash reported an issue with the Mozilla Updater. The Mozilla Updater can be made to load a malicious local DLL file in a privileged context through either the Mozilla Maintenance Service or independently on systems that do not use the service. This occurs when the DLL file is placed in a specific location on the local system before the Mozilla Updater is run. Local file system access is necessary in order for this issue to be exploitable. * MFSA 2013-35 / CVE-2013-0796: Security researcher miaubiz used the Address Sanitizer tool to discover a crash in WebGL rendering when memory is freed that has not previously been allocated. This issue only affects Linux users who have Intel Mesa graphics drivers. The resulting crash could be potentially exploitable. * MFSA 2013-36 / CVE-2013-0795: Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers (SOW) and clone a protected node. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code. * MFSA 2013-37 / CVE-2013-0794: Security researcher shutdown reported a method for removing the origin indication on tab-modal dialog boxes in combination with browser navigation. This could allow an attacker's dialog to overlay a page and show another site's content. This can be used for phishing by allowing users to enter data into a modal prompt dialog on an attacking, site while appearing to be from the displayed site. * MFSA 2013-38 / CVE-2013-0793: Security researcher Mariusz Mlynski reported a method to use browser navigations through history to load an arbitrary website with that page's baseURI property pointing to another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the browser. This allows for a cross-site scripting (XSS) attack or the theft of data through a phishing attack. * MFSA 2013-39 / CVE-2013-0792: Mozilla community member Tobias Schula reported that if gfx.color_management.enablev4 preference is enabled manually in about:config, some grayscale PNG images will be rendered incorrectly and cause memory corruption during PNG decoding when certain color profiles are in use. A crafted PNG image could use this flaw to leak data through rendered images drawing from random memory. By default, this preference is not enabled. * MFSA 2013-40 / CVE-2013-0791: Mozilla community member Ambroz Bizjak reported an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) libary when decoding a certificate. When this occurs, it will lead to memory corruption and a non-exploitable crash. * MFSA 2013-41: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References o Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, and Jeff Walden reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 20. o Bob Clary, Ben Turner, Benoit Jacob, Bobby Holley, Christoph Diehl, Christian Holler, Andrew McCreight, Gary Kwong, Jason Orendorff, Jesse Ruderman, Matt Wobensmith, and Mats Palmgren reported memory safety problems and crashes that affect Firefox 20. * MFSA 2013-42 / CVE-2013-1670: Security researcher Cody Crews reported a method to call a content level constructor that allows for this constructor to have chrome privileged accesss. This affects chrome object wrappers (COW) and allows for write actions on objects when only read actions should be allowed. This can lead to cross-site scripting (XSS) attacks. * MFSA 2013-43 / CVE-2013-1671: Mozilla security researcher moz_bug_r_a4 reported a mechanism to exploit the control when set to the file type in order to get the full path. This can lead to information leakage and could be combined with other exploits to target attacks on the local file system. * MFSA 2013-44 / CVE-2013-1672: Security researcher Seb Patane reported an issue with the Mozilla Maintenance Service on Windows. This issue allows unprivileged users to local privilege escalation through the system privileges used by the service when interacting with local malicious software. This allows the user to bypass integrity checks leading to local privilege escalation. Local file system access is necessary in order for this issue to be exploitable and it cannot be triggered through web content. * MFSA 2013-45: Security researcher Robert Kugler discovered that in some instances the Mozilla Maintenance Service on Windows will be vulnerable to some previously fixed privilege escalation attacks that allowed for local privilege escalation. This was caused by the Mozilla Updater not updating Windows Registry entries for the Mozilla Maintenance Service, which fixed the earlier issues present if Firefox 12 had been installed. New installations of Firefox after version 12 are not affected by this issue. Local file system access is necessary in order for this issue to be exploitable and it cannot be triggered through web content. References: - old MozillaMaintenance Service registry entry not updated leading to Trusted Path Privilege Escalation (CVE-2013-1673) - Possible Arbitrary Code Execution by Update Service (CVE-2012-1942) * MFSA 2013-46 / CVE-2013-1674: Security researcher Nils reported a use-after-free when resizing video while playing. This could allow for arbitrary code execution. * MFSA 2013-47 / CVE-2013-1675: Mozilla community member Ms2ger discovered that some DOMSVGZoomEvent functions are used without being properly initialized, causing uninitialized memory to be used when they are called by web content. This could lead to a information leakage to sites depending on the contents of this uninitialized memory. * MFSA 2013-48: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and invalid write problems rated as moderate to critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free flaws in dir=auto code introduced during Firefox development. These were fixed before general release. References o Out of Bounds Read in SelectionIterator::GetNextSegment (CVE-2013-1676) o Out-of-bound read in gfxSkipCharsIterator::SetOffsets (CVE-2013-1677)) o Invalid write in _cairo_xlib_surface_add_glyph (CVE-2013-1678) o Heap-use-after-free in mozilla::plugins::child::_geturlnotify (CVE-2013-1679) o Heap-use-after-free in nsFrameList::FirstChild (CVE-2013-1680) o Heap-use-after-free in nsContentUtils::RemoveScriptBlocker (CVE-2013-1681) * CVE-2012-1942 * CVE-2013-0788 * CVE-2013-0791 * CVE-2013-0792 * CVE-2013-0793 * CVE-2013-0794 * CVE-2013-0795 * CVE-2013-0796 * CVE-2013-0797 * CVE-2013-0798 * CVE-2013-0799 * CVE-2013-0800 * CVE-2013-0801 * CVE-2013-1669 * CVE-2013-1670 * CVE-2013-1671 * CVE-2013-1672 * CVE-2013-1673 * CVE-2013-1674 * CVE-2013-1675 * CVE-2013-1676 * CVE-2013-1677 * CVE-2013-1678 * CVE-2013-1679 * CVE-2013-1680 * CVE-2013-1681 * CVE-2013-1682 * CVE-2013-1684 * CVE-2013-1685 * CVE-2013-1686 * CVE-2013-1687 * CVE-2013-1690 * CVE-2013-1692 * CVE-2013-1693 * CVE-2013-1697 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-firefox-20130628-8001 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-firefox-20130628-8001 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-firefox-20130628-8001 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-firefox-20130628-8001 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-17.0.7esr-0.8.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 17.0.7esr]: MozillaFirefox-17.0.7esr-0.8.1 MozillaFirefox-translations-17.0.7esr-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 17.0.7esr]: MozillaFirefox-17.0.7esr-0.8.1 MozillaFirefox-branding-SLED-7-0.12.1 MozillaFirefox-translations-17.0.7esr-0.8.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 17.0.7esr]: MozillaFirefox-17.0.7esr-0.8.1 MozillaFirefox-branding-SLED-7-0.12.1 MozillaFirefox-translations-17.0.7esr-0.8.1 References: http://support.novell.com/security/cve/CVE-2013-1682.html http://support.novell.com/security/cve/CVE-2013-1684.html http://support.novell.com/security/cve/CVE-2013-1685.html http://support.novell.com/security/cve/CVE-2013-1686.html http://support.novell.com/security/cve/CVE-2013-1687.html http://support.novell.com/security/cve/CVE-2013-1690.html http://support.novell.com/security/cve/CVE-2013-1692.html http://support.novell.com/security/cve/CVE-2013-1693.html http://support.novell.com/security/cve/CVE-2013-1697.html https://bugzilla.novell.com/792432 https://bugzilla.novell.com/813026 https://bugzilla.novell.com/819204 https://bugzilla.novell.com/825935 http://download.novell.com/patch/finder/?keywords=2c55ef365e2022c62abed41b2a31ed0f From sle-security-updates at lists.suse.com Fri Jul 5 14:04:15 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Jul 2013 22:04:15 +0200 (CEST) Subject: SUSE-SU-2013:1153-1: important: Security update for Mozilla Firefox Message-ID: <20130705200415.89CCE32246@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1153-1 Rating: important References: #825935 Cross-References: CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1697 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. It includes two new package versions. Description: Mozilla Firefox has been updated to the 17.0.7 ESR version, which fixes bugs and security issues. * MFSA 2013-49: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Jesse Ruderman, and Andrew McCreight reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 21. (CVE-2013-1682) * MFSA 2013-50: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release. o Heap-use-after-free in mozilla::dom::HTMLMediaElement::LookupMediaElementURITable (CVE-2013-1684) o Heap-use-after-free in nsIDocument::GetRootElement (CVE-2013-1685) o Heap-use-after-free in mozilla::ResetDir (CVE-2013-1686) * MFSA 2013-51 / CVE-2013-1687: Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be bypassed by web content to access privileged methods, leading to a cross-site scripting (XSS) attack from privileged pages. * MFSA 2013-53 / CVE-2013-1690: Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable. * MFSA 2013-54 / CVE-2013-1692: Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes agains the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests. * MFSA 2013-55 / CVE-2013-1693: Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure. * MFSA 2013-59 / CVE-2013-1697: Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values. Security Issue references: * CVE-2013-1682 * CVE-2013-1684 * CVE-2013-1685 * CVE-2013-1686 * CVE-2013-1687 * CVE-2013-1690 * CVE-2013-1692 * CVE-2013-1693 * CVE-2013-1697 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-firefox-20130628-7976 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-firefox-20130628-7976 - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS: zypper in -t patch slessp1-firefox-20130628-7977 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-firefox-20130628-7977 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-firefox-20130628-7976 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 17.0.7esr]: MozillaFirefox-17.0.7esr-0.3.1 MozillaFirefox-translations-17.0.7esr-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 17.0.7esr]: MozillaFirefox-17.0.7esr-0.3.1 MozillaFirefox-branding-SLED-7-0.6.9.31 MozillaFirefox-translations-17.0.7esr-0.3.1 - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64) [New Version: 17.0.7esr]: MozillaFirefox-17.0.7esr-0.3.1 MozillaFirefox-translations-17.0.7esr-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 17.0.7esr and 7]: MozillaFirefox-17.0.7esr-0.3.1 MozillaFirefox-branding-SLED-7-0.6.9.31 MozillaFirefox-translations-17.0.7esr-0.3.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x) [New Version: 17.0.7esr and 7]: MozillaFirefox-17.0.7esr-0.6.1 MozillaFirefox-branding-SLED-7-0.10.28 MozillaFirefox-translations-17.0.7esr-0.6.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 17.0.7esr]: MozillaFirefox-17.0.7esr-0.3.1 MozillaFirefox-branding-SLED-7-0.6.9.31 MozillaFirefox-translations-17.0.7esr-0.3.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 17.0.7esr and 7]: MozillaFirefox-17.0.7esr-0.6.1 MozillaFirefox-branding-SLED-7-0.10.28 MozillaFirefox-translations-17.0.7esr-0.6.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x): MozillaFirefox-branding-upstream-17.0.7esr-0.6.1 References: http://support.novell.com/security/cve/CVE-2013-1682.html http://support.novell.com/security/cve/CVE-2013-1684.html http://support.novell.com/security/cve/CVE-2013-1685.html http://support.novell.com/security/cve/CVE-2013-1686.html http://support.novell.com/security/cve/CVE-2013-1687.html http://support.novell.com/security/cve/CVE-2013-1690.html http://support.novell.com/security/cve/CVE-2013-1692.html http://support.novell.com/security/cve/CVE-2013-1693.html http://support.novell.com/security/cve/CVE-2013-1697.html https://bugzilla.novell.com/825935 http://download.novell.com/patch/finder/?keywords=061026413fe3bb69a7f42e0b70363e4a http://download.novell.com/patch/finder/?keywords=1133af3aaf996a7684d227efbb12bd71 http://download.novell.com/patch/finder/?keywords=7d0f6003f49140e3d5ad8c675f178612 From sle-security-updates at lists.suse.com Mon Jul 8 12:04:15 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Jul 2013 20:04:15 +0200 (CEST) Subject: SUSE-SU-2013:1161-1: important: Security update for ceph-kmp Message-ID: <20130708180415.2811532249@maintenance.suse.de> SUSE Security Update: Security update for ceph-kmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1161-1 Rating: important References: #750047 #756193 #826350 Cross-References: CVE-2013-1059 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This ceph-kmp update fixes a libceph NULL function pointer dereference. Here is the full list of changes: * bug#826350 - libceph NULL function pointer dereference (CVE-2013-1059) * bug#750047 - marking ceph-kmp as supported * bug#756193 - fix for libceph crash Security Issue reference: * CVE-2013-1059 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-ceph-kmp-default-7980 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (x86_64): ceph-kmp-default-0_3.0.80_0.7-0.12.3.1 ceph-kmp-xen-0_3.0.80_0.7-0.12.3.1 References: http://support.novell.com/security/cve/CVE-2013-1059.html https://bugzilla.novell.com/750047 https://bugzilla.novell.com/756193 https://bugzilla.novell.com/826350 http://download.novell.com/patch/finder/?keywords=ad2569858e79b7b06c24f42a786aaf32 From sle-security-updates at lists.suse.com Tue Jul 9 12:04:12 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Jul 2013 20:04:12 +0200 (CEST) Subject: SUSE-SU-2013:1165-1: moderate: Security update for libcurl4 Message-ID: <20130709180412.73A8132248@maintenance.suse.de> SUSE Security Update: Security update for libcurl4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1165-1 Rating: moderate References: #742306 #814655 #824517 Cross-References: CVE-2010-4180 CVE-2011-3389 CVE-2013-1944 CVE-2013-2174 Affected Products: SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update of curl fixes several security issues: * libcurl URL decode buffer boundary flaw (bnc#824517 / CVE-2013-2174) * cookie domain tailmatch (bnc#814655 / CVE-2013-1944) * curl sets SSL_OP_ALL (bnc#742306 / CVE-2011-3389) * When SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier (CVE-2010-4180) Security Issue references: * CVE-2010-4180 * CVE-2011-3389 * CVE-2013-1944 * CVE-2013-2174 Package List: - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): libcurl4-32bit-7.19.0-11.6.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586): libcurl4-7.19.0-11.6.1 References: http://support.novell.com/security/cve/CVE-2010-4180.html http://support.novell.com/security/cve/CVE-2011-3389.html http://support.novell.com/security/cve/CVE-2013-1944.html http://support.novell.com/security/cve/CVE-2013-2174.html https://bugzilla.novell.com/742306 https://bugzilla.novell.com/814655 https://bugzilla.novell.com/824517 http://download.novell.com/patch/finder/?keywords=e3950ab87a0b449a0d3d8313b4086042 From sle-security-updates at lists.suse.com Tue Jul 9 12:04:16 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Jul 2013 20:04:16 +0200 (CEST) Subject: SUSE-SU-2013:1166-1: moderate: Security update for compat-curl2 Message-ID: <20130709180416.9CAAC3224A@maintenance.suse.de> SUSE Security Update: Security update for compat-curl2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1166-1 Rating: moderate References: #824517 Cross-References: CVE-2013-2174 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of compat-curl2 fixes a security vulnerability: * libcurl URL decode buffer boundary flaw (bnc#824517 / CVE-2013-2174) Security Issue reference: * CVE-2013-2174 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-curl-7932 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-curl-7867 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-curl-7932 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-curl-7932 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-curl-7867 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-curl-7867 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-curl-7932 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-curl-7867 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.28.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.20.27.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): curl-7.19.7-1.28.1 libcurl4-7.19.7-1.28.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libcurl4-32bit-7.19.7-1.28.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.28.1 libcurl4-7.19.7-1.28.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.28.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libcurl4-x86-7.19.7-1.28.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): curl-7.19.7-1.20.27.1 libcurl4-7.19.7-1.20.27.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libcurl4-32bit-7.19.7-1.20.27.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.20.27.1 libcurl4-7.19.7-1.20.27.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.20.27.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libcurl4-x86-7.19.7-1.20.27.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): compat-curl2-7.11.0-20.11.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): compat-curl2-32bit-7.11.0-20.11.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): compat-curl2-x86-7.11.0-20.11.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): compat-curl2-64bit-7.11.0-20.11.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): curl-7.19.7-1.28.1 libcurl4-7.19.7-1.28.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libcurl4-32bit-7.19.7-1.28.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): curl-7.19.7-1.20.27.1 libcurl4-7.19.7-1.20.27.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libcurl4-32bit-7.19.7-1.20.27.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): compat-curl2-7.11.0-20.11.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): compat-curl2-32bit-7.11.0-20.11.1 References: http://support.novell.com/security/cve/CVE-2013-2174.html https://bugzilla.novell.com/824517 http://download.novell.com/patch/finder/?keywords=08501b52d2872aa5cb15654bf0e2cc4b http://download.novell.com/patch/finder/?keywords=48e7e826323b1b9622eb2146f1b17768 http://download.novell.com/patch/finder/?keywords=ee2bedaf7e993baa8b03465c84047236 From sle-security-updates at lists.suse.com Wed Jul 10 11:04:15 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Jul 2013 19:04:15 +0200 (CEST) Subject: SUSE-SU-2013:1166-2: moderate: Security update for curl Message-ID: <20130710170415.93F0A3213D@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1166-2 Rating: moderate References: #824517 Cross-References: CVE-2013-2174 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of curl fixes several security issues. * libcurl URL decode buffer boundary flaw (bnc#824517 / CVE-2013-2174) Security Issue reference: * CVE-2013-2174 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): curl-7.15.1-19.30.1 curl-devel-7.15.1-19.30.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): curl-32bit-7.15.1-19.30.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): curl-x86-7.15.1-19.30.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): curl-64bit-7.15.1-19.30.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): curl-7.15.1-19.30.1 curl-devel-7.15.1-19.30.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): curl-32bit-7.15.1-19.30.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): curl-devel-7.15.1-19.30.1 References: http://support.novell.com/security/cve/CVE-2013-2174.html https://bugzilla.novell.com/824517 http://download.novell.com/patch/finder/?keywords=36472a9fc55e64701eef885c5ac34ebd From sle-security-updates at lists.suse.com Wed Jul 10 11:04:19 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Jul 2013 19:04:19 +0200 (CEST) Subject: SUSE-SU-2013:1174-1: important: Security update for icedtea-web Message-ID: <20130710170419.3E4F93224C@maintenance.suse.de> SUSE Security Update: Security update for icedtea-web ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1174-1 Rating: important References: #815596 #818768 #825880 Cross-References: CVE-2012-3422 CVE-2012-3423 CVE-2013-1926 CVE-2013-1927 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. It includes one version update. Description: This update to IcedTea-Web 1.4 provides the following fixes and enhancements: * Security updates o CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path o CVE-2013-1927, RH884705: fixed gifar vulnerabilit o CVE-2012-3422, RH840592: Potential read from an uninitialized memory location o CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings o CVE-2013-1927, RH884705: fixed gifar vulnerability o CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. * NetX o PR1027: DownloadService is not supported by IcedTea-Web o PR725: JNLP applications will prompt for creating desktop shortcuts every time they are run o PR1292: Javaws does not resolve versioned jar names with periods correctly o PR580: http://www.horaoficial.cl/ loads improperly. * Plugin o PR1106: Buffer overflow in plugin table- o PR1166: Embedded JNLP File is not supported in applet tag o PR1217: Add command line arguments for plugins o PR1189: Icedtea-plugin requires code attribute when using jnlp_href o PR1198: JSObject is not passed to javascript correctly o PR1260: IcedTea-Web should not rely on GTK o PR1157: Applets can hang browser after fatal exception o PR580: http://www.horaoficial.cl/ loads improperly o PR1260: IcedTea-Web should not rely on GTK o PR1157: Applets can hang browser after fatal exception. * Common o PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered o PR955: regression: SweetHome3D fails to run o PR1145: IcedTea-Web can cause ClassCircularityError o PR1161: X509VariableTrustManager does not work correctly with OpenJDK7 o PR822: Applets fail to load if jars have different signers o PR1186: System.getProperty("deployment.user.security.trusted.cacerts ") is null o PR909: The Java applet at http://de.gosupermodel.com/games/wardrobegame.jsp fails o PR1299: WebStart doesn't read socket proxy settings from firefox correctly. * Added cs, de, pl localization * Splash screen for javaws and plugin * Better error reporting for plugin via Error-splash-screen * All IcedTea-Web dialogues are centered to middle of active screen * Download indicator made compact for more then one jar * User can select its own JVM via itw-settings and deploy.properties * Added extended applets security settings and dialogue * Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized * Fixed a build failure with older xulrunner * Changed strict openjdk6 dependencies to anything java-openjdk >= 1.6.0. Security Issue references: * CVE-2013-1926 * CVE-2013-1927 * CVE-2012-3422 * CVE-2012-3423 * CVE-2013-1927 * CVE-2013-1926 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-icedtea-web-7981 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.4]: icedtea-web-1.4-0.10.1 References: http://support.novell.com/security/cve/CVE-2012-3422.html http://support.novell.com/security/cve/CVE-2012-3423.html http://support.novell.com/security/cve/CVE-2013-1926.html http://support.novell.com/security/cve/CVE-2013-1927.html https://bugzilla.novell.com/815596 https://bugzilla.novell.com/818768 https://bugzilla.novell.com/825880 http://download.novell.com/patch/finder/?keywords=e2d8b10b4253bb88de271814cd974a83 From sle-security-updates at lists.suse.com Wed Jul 10 16:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Jul 2013 00:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1175-1: important: Security update for Mesa Message-ID: <20130710220411.F1F3D32248@maintenance.suse.de> SUSE Security Update: Security update for Mesa ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1175-1 Rating: important References: #828007 Cross-References: CVE-2013-1872 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A memory corruption in the Mesa Intel drivers (OOB read/write) has been fixed. (CVE-2013-1872) This could have been potentially exploited by remote attackers who would have been able to inject 3d graphics into the attacked desktop. Security Issue reference: * CVE-2013-1872 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-Mesa-8011 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-Mesa-8011 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-Mesa-8011 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-Mesa-8011 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): Mesa-devel-9.0.3-0.19.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): Mesa-devel-32bit-9.0.3-0.19.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): Mesa-9.0.3-0.19.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): Mesa-32bit-9.0.3-0.19.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): Mesa-9.0.3-0.19.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): Mesa-32bit-9.0.3-0.19.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): Mesa-x86-9.0.3-0.19.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): Mesa-9.0.3-0.19.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): Mesa-32bit-9.0.3-0.19.1 References: http://support.novell.com/security/cve/CVE-2013-1872.html https://bugzilla.novell.com/828007 http://download.novell.com/patch/finder/?keywords=550a68dfd6351cc111370056d69f61a0 From sle-security-updates at lists.suse.com Thu Jul 11 13:04:12 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Jul 2013 21:04:12 +0200 (CEST) Subject: SUSE-SU-2013:1182-1: important: kernel update for SLE11 SP3 Message-ID: <20130711190412.608C13224C@maintenance.suse.de> SUSE Security Update: kernel update for SLE11 SP3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1182-1 Rating: important References: #763968 #773837 #785901 #797090 #797727 #801427 #803320 #804482 #804609 #805804 #806976 #808015 #808136 #808837 #808855 #809130 #809895 #809975 #810722 #812281 #812332 #812526 #812974 #813604 #813922 #815356 #816451 #817035 #817377 #818047 #818371 #818465 #819018 #819195 #819523 #819610 #819655 #820172 #820434 #821052 #821070 #821235 #821799 #821859 #821930 #822066 #822077 #822080 #822164 #822340 #822431 #822722 #822825 #823082 #823223 #823342 #823386 #823597 #823795 #824159 #825037 #825591 #825657 #825696 #826186 Cross-References: CVE-2013-0160 CVE-2013-1774 CVE-2013-1979 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3232 CVE-2013-3234 CVE-2013-3235 Affected Products: SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 50 fixes is now available. Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.82 and to fix various bugs and security issues. Following security issues were fixed: CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. CVE-2013-0160: Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed again by updating accessed/modified time on the pty devices in resolution of 8 seconds, so that idle time detection can still work. CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3227: The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3076: The crypto API in the Linux kernel did not initialize certain length variables, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel used incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application. A kernel information leak via tkill/tgkill was fixed. Following non security bugs were fixed: S/390: - af_iucv: Missing man page (bnc#825037, LTC#94825). - iucv: fix kernel panic at reboot (bnc#825037, LTC#93803). - kernel: lost IPIs on CPU hotplug (bnc#825037, LTC#94784). - dasd: Add missing descriptions for dasd timeout messages (bnc#825037, LTC#94762). - dasd: Fix hanging device after resume with internal error 13 (bnc#825037, LTC#94554). - cio: Suppress 2nd path verification during resume (bnc#825037, LTC#94554). - vmcp: Missing man page (bnc#825037, LTC#94453). - kernel: 3215 console crash (bnc#825037, LTC#94302). - netiucv: Hold rtnl between name allocation and device registration (bnc#824159). - s390/ftrace: fix mcount adjustment (bnc#809895). HyperV: - Drivers: hv: Fix a bug in get_vp_index(). - hyperv: Fix a compiler warning in netvsc_send(). - Tools: hv: Fix a checkpatch warning. - tools: hv: skip iso9660 mounts in hv_vss_daemon. - tools: hv: use FIFREEZE/FITHAW in hv_vss_daemon. - tools: hv: use getmntent in hv_vss_daemon. - Tools: hv: Fix a checkpatch warning. - tools: hv: fix checks for origin of netlink message in hv_vss_daemon. - Tools: hv: fix warnings in hv_vss_daemon. - x86, hyperv: Handle Xen emulation of Hyper-V more gracefully. - hyperv: Fix a kernel warning from netvsc_linkstatus_callback(). - Drivers: hv: balloon: make local functions static. - tools: hv: daemon should check type of received Netlink msg. - tools: hv: daemon setsockopt should use options macros. - tools: hv: daemon should subscribe only to CN_KVP_IDX group. - driver: hv: remove cast for kmalloc return value. - hyperv: use 3.4 as LIC version string (bnc#822431). BTRFS: - btrfs: flush delayed inodes if we are short on space (bnc#801427). - btrfs: rework shrink_delalloc (bnc#801427). - btrfs: fix our overcommit math (bnc#801427). - btrfs: delay block group item insertion (bnc#801427). - btrfs: remove bytes argument from do_chunk_alloc (bnc#801427). - btrfs: run delayed refs first when out of space (bnc#801427). - btrfs: do not commit instead of overcommitting (bnc#801427). - btrfs: do not take inode delalloc mutex if we are a free space inode (bnc#801427). - btrfs: fix chunk allocation error handling (bnc#801427). - btrfs: remove extent mapping if we fail to add chunk (bnc#801427). - btrfs: do not overcommit if we do not have enough space for global rsv (bnc#801427). - btrfs: rework the overcommit logic to be based on the total size (bnc#801427). - btrfs: steal from global reserve if we are cleaning up orphans (bnc#801427). - btrfs: clear chunk_alloc flag on retryable failure (bnc#801427). - btrfs: use reserved space for creating a snapshot (bnc#801427). - btrfs: cleanup to make the function btrfs_delalloc_reserve_metadata more logic (bnc#801427). - btrfs: fix space leak when we fail to reserve metadata space (bnc#801427). - btrfs: fix space accounting for unlink and rename (bnc#801427). - btrfs: allocate new chunks if the space is not enough for global rsv (bnc#801427). - btrfs: various abort cleanups (bnc#812526 bnc#801427). - btrfs: simplify unlink reservations (bnc#801427). XFS: - xfs: Move allocation stack switch up to xfs_bmapi (bnc#815356). - xfs: introduce XFS_BMAPI_STACK_SWITCH (bnc#815356). - xfs: zero allocation_args on the kernel stack (bnc#815356). - xfs: fix debug_object WARN at xfs_alloc_vextent() (bnc#815356). - xfs: do not defer metadata allocation to the workqueue (bnc#815356). - xfs: introduce an allocation workqueue (bnc#815356). - xfs: fix race while discarding buffers [V4] (bnc#815356 (comment 36)). - xfs: Serialize file-extending direct IO (bnc#818371). - xfs: Do not allocate new buffers on every call to _xfs_buf_find (bnc#763968). - xfs: fix buffer lookup race on allocation failure (bnc#763968). ALSA: - Fix VT1708 jack detection on SLEPOS machines (bnc#813922). - ALSA: hda - Avoid choose same converter for unused pins (bnc#826186). - ALSA: hda - Cache the MUX selection for generic HDMI (bnc#826186). - ALSA: hda - Haswell converter power state D0 verify (bnc#826186). - ALSA: hda - Do not take unresponsive D3 transition too serious (bnc#823597). - ALSA: hda - Introduce bit flags to snd_hda_codec_read/write() (bnc#823597). - ALSA: hda - Check CORB overflow (bnc#823597). - ALSA: hda - Check validity of CORB/RIRB WP reads (bnc#823597). - ALSA: hda - Fix system panic when DMA > 40 bits for Nvidia audio controllers (bnc#818465). - ALSA: hda - Add hint for suppressing lower cap for IDT codecs (bnc#812332). - ALSA: hda - Enable mic-mute LED on more HP laptops (bnc#821859). Direct Rendering Manager (DRM): - drm/i915: Add wait_for in init_ring_common (bnc#813604). - drm/i915: Mark the ringbuffers as being in the GTT domain (bnc#813604). - drm/edid: Do not print messages regarding stereo or csync by default (bnc #821235). - drm/i915: force full modeset if the connector is in DPMS OFF mode (bnc #809975). - drm/i915/sdvo: Use &intel_sdvo->ddc instead of intel_sdvo->i2c for DDC (bnc #808855). - drm/mm: fix dump table BUG. (bnc#808837) - drm/i915: Clear the stolen fb before enabling (bnc#808015). XEN: - xen/netback: Update references (bnc#823342). - xen: Check for insane amounts of requests on the ring. - Update Xen patches to 3.0.82. - netback: do not disconnect frontend when seeing oversize packet. - netfront: reduce gso_max_size to account for max TCP header. - netfront: fix kABI after "reduce gso_max_size to account for max TCP header". Other: - x86, efi: retry ExitBootServices() on failure (bnc#823386). - x86/efi: Fix dummy variable buffer allocation (bnc#822080). - ext4: avoid hang when mounting non-journal filesystems with orphan list (bnc#817377). - mm: compaction: Scan PFN caching KABI workaround (Fix KABI breakage (bnc#825657)). - autofs4 - fix get_next_positive_subdir() (bnc#819523). - ocfs2: Add bits_wanted while calculating credits in ocfs2_calc_extend_credits (bnc#822077). - writeback: Avoid needless scanning of b_dirty list (bnc#819018). - writeback: Do not sort b_io list only because of block device inode (bnc#819018). - re-enable io tracing (bnc#785901). - pciehp: Corrected the old mismatching DMI strings. - SUNRPC: Prevent an rpc_task wakeup race (bnc#825591). - tg3: Prevent system hang during repeated EEH errors (bnc#822066). - scsi_dh_alua: multipath failover fails with error 15 (bnc#825696). - Do not switch camera on HP EB 8780 (bnc#797090). - Do not switch webcam for HP EB 8580w (bnc#797090). - mm: fixup compilation error due to an asm write through a const pointer. (bnc#823795) - do not switch cam port on HP EliteBook 840 (bnc#822164). - net/sunrpc: xpt_auth_cache should be ignored when expired (bnc#803320). - sunrpc/cache: ensure items removed from cache do not have pending upcalls (bnc#803320). - sunrpc/cache: remove races with queuing an upcall (bnc#803320). - sunrpc/cache: use cache_fresh_unlocked consistently and correctly (bnc#803320). - KVM: x86: emulate movdqa (bnc#821070). - KVM: x86: emulator: add support for vector alignment (bnc#821070). - KVM: x86: emulator: expand decode flags to 64 bits (bnc#821070). - xhci - correct comp_mode_recovery_timer on return from hibernate (bnc#808136). - md/raid10 enough fixes (bnc#773837). - lib/Makefile: Fix oid_registry build dependency (bnc#823223). - Update config files: disable IP_PNP (bnc#822825) - Fix kABI breakage for addition of snd_hda_bus.no_response_fallback (bnc#823597). - Disable efi pstore by default (bnc#804482 bnc#820172). - md: Fix problem with GET_BITMAP_FILE returning wrong status (bnc#812974). - bnx2x: Fix bridged GSO for 57710/57711 chips (bnc#819610). - USB: xHCI: override bogus bulk wMaxPacketSize values (bnc#823082). - BTUSB: Add MediaTek bluetooth MT76x0E support (bnc#797727 bnc#822340). - qlge: Update version to 1.00.00.32 (bnc#819195). - qlge: Fix ethtool autoneg advertising (bnc#819195). - qlge: Fix receive path to drop error frames (bnc#819195). - qlge: remove NETIF_F_TSO6 flag (bnc#819195). - remove init of dev->perm_addr in drivers (bnc#819195). - drivers/net: fix up function prototypes after __dev* removals (bnc#819195). - qlge: remove __dev* attributes (bnc#819195). - drivers: ethernet: qlogic: qlge_dbg.c: Fixed a coding style issue (bnc#819195). - cxgb4: Force uninitialized state if FW_ON_ADAPTER is < FW_VERSION and we are the MASTER_PF (bnc#809130). - USB: UHCI: fix for suspend of virtual HP controller (bnc#817035). - timer_list: Convert timer list to be a proper seq_file (bnc#818047). - timer_list: Split timer_list_show_tickdevices (bnc#818047). - sched: Fix /proc/sched_debug failure on very very large systems (bnc#818047). - sched: Fix /proc/sched_stat failure on very very large systems (bnc#818047). - reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). - libfc: do not exch_done() on invalid sequence ptr (bnc#810722). - netfilter: ip6t_LOG: fix logging of packet mark (bnc#821930). - virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID (bnc#819655). - HWPOISON: fix misjudgement of page_action() for errors on mlocked pages (Memory failure RAS (bnc#821799)). - HWPOISON: check dirty flag to match against clean page (Memory failure RAS (bnc#821799)). - HWPOISON: change order of error_states elements (Memory failure RAS (bnc#821799)). - mm: hwpoison: fix action_result() to print out dirty/clean (Memory failure RAS (bnc#821799)). - mm: mmu_notifier: re-fix freed page still mapped in secondary MMU (bnc#821052). - Do not switch webcams in some HP ProBooks to XHCI (bnc#805804). - Do not switch BT on HP ProBook 4340 (bnc#812281). - mm: memory_dev_init make sure nmi watchdog does not trigger while registering memory sections (bnc#804609, bnc#820434). - mm: compaction: Restart compaction from near where it left off - mm: compaction: cache if a pageblock was scanned and no pages were isolated - mm: compaction: clear PG_migrate_skip based on compaction and reclaim activity - mm: compaction: Scan PFN caching KABI workaround - mm: page_allocator: Remove first_pass guard - mm: vmscan: do not stall on writeback during memory compaction Cache compaction restart points for faster compaction cycles (bnc#816451) Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SLE 11 SERVER Unsupported Extras (ppc64 s390x x86_64): kernel-default-extra-3.0.82-0.7.9 - SLE 11 SERVER Unsupported Extras (x86_64): kernel-xen-extra-3.0.82-0.7.9 - SLE 11 SERVER Unsupported Extras (ppc64): kernel-ppc64-extra-3.0.82-0.7.9 References: http://support.novell.com/security/cve/CVE-2013-0160.html http://support.novell.com/security/cve/CVE-2013-1774.html http://support.novell.com/security/cve/CVE-2013-1979.html http://support.novell.com/security/cve/CVE-2013-3076.html http://support.novell.com/security/cve/CVE-2013-3222.html http://support.novell.com/security/cve/CVE-2013-3223.html http://support.novell.com/security/cve/CVE-2013-3224.html http://support.novell.com/security/cve/CVE-2013-3225.html http://support.novell.com/security/cve/CVE-2013-3227.html http://support.novell.com/security/cve/CVE-2013-3228.html http://support.novell.com/security/cve/CVE-2013-3229.html http://support.novell.com/security/cve/CVE-2013-3231.html http://support.novell.com/security/cve/CVE-2013-3232.html http://support.novell.com/security/cve/CVE-2013-3234.html http://support.novell.com/security/cve/CVE-2013-3235.html https://bugzilla.novell.com/763968 https://bugzilla.novell.com/773837 https://bugzilla.novell.com/785901 https://bugzilla.novell.com/797090 https://bugzilla.novell.com/797727 https://bugzilla.novell.com/801427 https://bugzilla.novell.com/803320 https://bugzilla.novell.com/804482 https://bugzilla.novell.com/804609 https://bugzilla.novell.com/805804 https://bugzilla.novell.com/806976 https://bugzilla.novell.com/808015 https://bugzilla.novell.com/808136 https://bugzilla.novell.com/808837 https://bugzilla.novell.com/808855 https://bugzilla.novell.com/809130 https://bugzilla.novell.com/809895 https://bugzilla.novell.com/809975 https://bugzilla.novell.com/810722 https://bugzilla.novell.com/812281 https://bugzilla.novell.com/812332 https://bugzilla.novell.com/812526 https://bugzilla.novell.com/812974 https://bugzilla.novell.com/813604 https://bugzilla.novell.com/813922 https://bugzilla.novell.com/815356 https://bugzilla.novell.com/816451 https://bugzilla.novell.com/817035 https://bugzilla.novell.com/817377 https://bugzilla.novell.com/818047 https://bugzilla.novell.com/818371 https://bugzilla.novell.com/818465 https://bugzilla.novell.com/819018 https://bugzilla.novell.com/819195 https://bugzilla.novell.com/819523 https://bugzilla.novell.com/819610 https://bugzilla.novell.com/819655 https://bugzilla.novell.com/820172 https://bugzilla.novell.com/820434 https://bugzilla.novell.com/821052 https://bugzilla.novell.com/821070 https://bugzilla.novell.com/821235 https://bugzilla.novell.com/821799 https://bugzilla.novell.com/821859 https://bugzilla.novell.com/821930 https://bugzilla.novell.com/822066 https://bugzilla.novell.com/822077 https://bugzilla.novell.com/822080 https://bugzilla.novell.com/822164 https://bugzilla.novell.com/822340 https://bugzilla.novell.com/822431 https://bugzilla.novell.com/822722 https://bugzilla.novell.com/822825 https://bugzilla.novell.com/823082 https://bugzilla.novell.com/823223 https://bugzilla.novell.com/823342 https://bugzilla.novell.com/823386 https://bugzilla.novell.com/823597 https://bugzilla.novell.com/823795 https://bugzilla.novell.com/824159 https://bugzilla.novell.com/825037 https://bugzilla.novell.com/825591 https://bugzilla.novell.com/825657 https://bugzilla.novell.com/825696 https://bugzilla.novell.com/826186 http://download.novell.com/patch/finder/?keywords=9deafe882b5e3b5f0df9f5075f0d6114 http://download.novell.com/patch/finder/?keywords=bdd1cc737ed1a109b28b077184acad08 http://download.novell.com/patch/finder/?keywords=ddd472e1f756fe2a224c4a247ce90bef From sle-security-updates at lists.suse.com Thu Jul 11 22:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jul 2013 06:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1183-1: moderate: Security update for xorg-x11 Message-ID: <20130712040411.06E1E32249@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1183-1 Rating: moderate References: #815451 #821663 #821664 #821665 #821667 #821668 #821669 #821670 #821671 #824294 Cross-References: CVE-2013-1981 CVE-2013-1982 CVE-2013-1983 CVE-2013-1984 CVE-2013-1985 CVE-2013-1987 CVE-2013-1988 CVE-2013-1989 CVE-2013-1990 CVE-2013-1991 CVE-2013-1992 CVE-2013-1995 CVE-2013-1996 CVE-2013-1997 CVE-2013-1998 CVE-2013-1999 CVE-2013-2000 CVE-2013-2001 CVE-2013-2002 CVE-2013-2003 CVE-2013-2004 CVE-2013-2005 CVE-2013-2062 CVE-2013-2063 CVE-2013-2066 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: This update of xorg-x11 fixes several security vulnerabilities. * Bug 815451- X.Org Security Advisory: May 23, 2013 * Bug 821664 - libX11 * Bug 821671 - libXv * Bug 821670 - libXt * Bug 821669 - libXrender * Bug 821668 - libXp * Bug 821667 - libXfixes * Bug 821665 - libXext * Bug 821663 - libFS, libXcursor, libXi, libXinerama, libXRes, libXtst, libXvMC, libXxf86dga, libXxf86vm, libdmx Security Issue references: * CVE-2013-1981 * CVE-2013-1982 * CVE-2013-1983 * CVE-2013-1984 * CVE-2013-1985 * CVE-2013-1987 * CVE-2013-1988 * CVE-2013-1989 * CVE-2013-1990 * CVE-2013-1991 * CVE-2013-1992 * CVE-2013-1995 * CVE-2013-1996 * CVE-2013-1997 * CVE-2013-1998 * CVE-2013-1999 * CVE-2013-2000 * CVE-2013-2001 * CVE-2013-2002 * CVE-2013-2003 * CVE-2013-2004 * CVE-2013-2005 * CVE-2013-2062 * CVE-2013-2063 * CVE-2013-2066 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): xorg-x11-6.9.0-50.84.4 xorg-x11-Xnest-6.9.0-50.84.4 xorg-x11-Xvfb-6.9.0-50.84.4 xorg-x11-Xvnc-6.9.0-50.84.4 xorg-x11-devel-6.9.0-50.84.4 xorg-x11-doc-6.9.0-50.84.4 xorg-x11-fonts-100dpi-6.9.0-50.84.4 xorg-x11-fonts-75dpi-6.9.0-50.84.4 xorg-x11-fonts-cyrillic-6.9.0-50.84.4 xorg-x11-fonts-scalable-6.9.0-50.84.4 xorg-x11-fonts-syriac-6.9.0-50.84.4 xorg-x11-libs-6.9.0-50.84.4 xorg-x11-man-6.9.0-50.84.4 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc x86_64): xorg-x11-sdk-6.9.0-50.84.4 xorg-x11-server-6.9.0-50.84.4 xorg-x11-server-glx-6.9.0-50.84.4 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): xorg-x11-devel-32bit-6.9.0-50.84.4 xorg-x11-libs-32bit-6.9.0-50.84.4 - SUSE Linux Enterprise Server 10 SP4 (ia64): xorg-x11-libs-x86-6.9.0-50.84.4 - SUSE Linux Enterprise Server 10 SP4 (ppc): xorg-x11-devel-64bit-6.9.0-50.84.4 xorg-x11-libs-64bit-6.9.0-50.84.4 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): xorg-x11-6.9.0-50.84.4 xorg-x11-Xnest-6.9.0-50.84.4 xorg-x11-Xvfb-6.9.0-50.84.4 xorg-x11-Xvnc-6.9.0-50.84.4 xorg-x11-devel-6.9.0-50.84.4 xorg-x11-fonts-100dpi-6.9.0-50.84.4 xorg-x11-fonts-75dpi-6.9.0-50.84.4 xorg-x11-fonts-cyrillic-6.9.0-50.84.4 xorg-x11-fonts-scalable-6.9.0-50.84.4 xorg-x11-fonts-syriac-6.9.0-50.84.4 xorg-x11-libs-6.9.0-50.84.4 xorg-x11-man-6.9.0-50.84.4 xorg-x11-server-6.9.0-50.84.4 xorg-x11-server-glx-6.9.0-50.84.4 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): xorg-x11-devel-32bit-6.9.0-50.84.4 xorg-x11-libs-32bit-6.9.0-50.84.4 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): xorg-x11-Xvfb-6.9.0-50.84.4 xorg-x11-doc-6.9.0-50.84.4 - SLE SDK 10 SP4 (i586 ia64 ppc x86_64): xorg-x11-sdk-6.9.0-50.84.4 References: http://support.novell.com/security/cve/CVE-2013-1981.html http://support.novell.com/security/cve/CVE-2013-1982.html http://support.novell.com/security/cve/CVE-2013-1983.html http://support.novell.com/security/cve/CVE-2013-1984.html http://support.novell.com/security/cve/CVE-2013-1985.html http://support.novell.com/security/cve/CVE-2013-1987.html http://support.novell.com/security/cve/CVE-2013-1988.html http://support.novell.com/security/cve/CVE-2013-1989.html http://support.novell.com/security/cve/CVE-2013-1990.html http://support.novell.com/security/cve/CVE-2013-1991.html http://support.novell.com/security/cve/CVE-2013-1992.html http://support.novell.com/security/cve/CVE-2013-1995.html http://support.novell.com/security/cve/CVE-2013-1996.html http://support.novell.com/security/cve/CVE-2013-1997.html http://support.novell.com/security/cve/CVE-2013-1998.html http://support.novell.com/security/cve/CVE-2013-1999.html http://support.novell.com/security/cve/CVE-2013-2000.html http://support.novell.com/security/cve/CVE-2013-2001.html http://support.novell.com/security/cve/CVE-2013-2002.html http://support.novell.com/security/cve/CVE-2013-2003.html http://support.novell.com/security/cve/CVE-2013-2004.html http://support.novell.com/security/cve/CVE-2013-2005.html http://support.novell.com/security/cve/CVE-2013-2062.html http://support.novell.com/security/cve/CVE-2013-2063.html http://support.novell.com/security/cve/CVE-2013-2066.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821663 https://bugzilla.novell.com/821664 https://bugzilla.novell.com/821665 https://bugzilla.novell.com/821667 https://bugzilla.novell.com/821668 https://bugzilla.novell.com/821669 https://bugzilla.novell.com/821670 https://bugzilla.novell.com/821671 https://bugzilla.novell.com/824294 http://download.novell.com/patch/finder/?keywords=0d0adbe855f0a576da72ba4a295c3364 From sle-security-updates at lists.suse.com Fri Jul 12 00:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jul 2013 08:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1182-2: important: Security update for Linux kernel Message-ID: <20130712060411.E84A43224C@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1182-2 Rating: important References: #763968 #773837 #785901 #797090 #797727 #801427 #803320 #804482 #804609 #805804 #806976 #808015 #808136 #808837 #808855 #809130 #809895 #809975 #810722 #812281 #812332 #812526 #812974 #813604 #813922 #815356 #816451 #817035 #817377 #818047 #818371 #818465 #819018 #819195 #819523 #819610 #819655 #820172 #820434 #821052 #821070 #821235 #821799 #821859 #821930 #822066 #822077 #822080 #822164 #822340 #822431 #822722 #822825 #823082 #823223 #823342 #823386 #823597 #823795 #824159 #825037 #825591 #825657 #825696 #826186 Cross-References: CVE-2013-0160 CVE-2013-1774 CVE-2013-1979 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3232 CVE-2013-3234 CVE-2013-3235 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 50 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to 3.0.82 and to fix various bugs and security issues. The following security issues have been fixed: * CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. * CVE-2013-0160: Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed again by updating accessed/modified time on the pty devices in resolution of 8 seconds, so that idle time detection can still work. * CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3227: The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3076: The crypto API in the Linux kernel did not initialize certain length variables, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. * CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel used incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application. * A kernel information leak via tkill/tgkill was fixed. The following non-security bugs have been fixed: S/390: * af_iucv: Missing man page (bnc#825037, LTC#94825). * iucv: fix kernel panic at reboot (bnc#825037, LTC#93803). * kernel: lost IPIs on CPU hotplug (bnc#825037, LTC#94784). * dasd: Add missing descriptions for dasd timeout messages (bnc#825037, LTC#94762). * dasd: Fix hanging device after resume with internal error 13 (bnc#825037, LTC#94554). * cio: Suppress 2nd path verification during resume (bnc#825037, LTC#94554). * vmcp: Missing man page (bnc#825037, LTC#94453). * kernel: 3215 console crash (bnc#825037, LTC#94302). * netiucv: Hold rtnl between name allocation and device registration (bnc#824159). * s390/ftrace: fix mcount adjustment (bnc#809895). HyperV: * Drivers: hv: Fix a bug in get_vp_index(). * hyperv: Fix a compiler warning in netvsc_send(). * Tools: hv: Fix a checkpatch warning. * tools: hv: skip iso9660 mounts in hv_vss_daemon. * tools: hv: use FIFREEZE/FITHAW in hv_vss_daemon. * tools: hv: use getmntent in hv_vss_daemon. * Tools: hv: Fix a checkpatch warning. * tools: hv: fix checks for origin of netlink message in hv_vss_daemon. * Tools: hv: fix warnings in hv_vss_daemon. * x86, hyperv: Handle Xen emulation of Hyper-V more gracefully. * hyperv: Fix a kernel warning from netvsc_linkstatus_callback(). * Drivers: hv: balloon: make local functions static. * tools: hv: daemon should check type of received Netlink msg. * tools: hv: daemon setsockopt should use options macros. * tools: hv: daemon should subscribe only to CN_KVP_IDX group. * driver: hv: remove cast for kmalloc return value. * hyperv: use 3.4 as LIC version string (bnc#822431). BTRFS: * btrfs: flush delayed inodes if we are short on space (bnc#801427). * btrfs: rework shrink_delalloc (bnc#801427). * btrfs: fix our overcommit math (bnc#801427). * btrfs: delay block group item insertion (bnc#801427). * btrfs: remove bytes argument from do_chunk_alloc (bnc#801427). * btrfs: run delayed refs first when out of space (bnc#801427). * btrfs: do not commit instead of overcommitting (bnc#801427). * btrfs: do not take inode delalloc mutex if we are a free space inode (bnc#801427). * btrfs: fix chunk allocation error handling (bnc#801427). * btrfs: remove extent mapping if we fail to add chunk (bnc#801427). * btrfs: do not overcommit if we do not have enough space for global rsv (bnc#801427). * btrfs: rework the overcommit logic to be based on the total size (bnc#801427). * btrfs: steal from global reserve if we are cleaning up orphans (bnc#801427). * btrfs: clear chunk_alloc flag on retryable failure (bnc#801427). * btrfs: use reserved space for creating a snapshot (bnc#801427). * btrfs: cleanup to make the function btrfs_delalloc_reserve_metadata more logic (bnc#801427). * btrfs: fix space leak when we fail to reserve metadata space (bnc#801427). * btrfs: fix space accounting for unlink and rename (bnc#801427). * btrfs: allocate new chunks if the space is not enough for global rsv (bnc#801427). * btrfs: various abort cleanups (bnc#812526 bnc#801427). * btrfs: simplify unlink reservations (bnc#801427). XFS: * xfs: Move allocation stack switch up to xfs_bmapi (bnc#815356). * xfs: introduce XFS_BMAPI_STACK_SWITCH (bnc#815356). * xfs: zero allocation_args on the kernel stack (bnc#815356). * xfs: fix debug_object WARN at xfs_alloc_vextent() (bnc#815356). * xfs: do not defer metadata allocation to the workqueue (bnc#815356). * xfs: introduce an allocation workqueue (bnc#815356). * xfs: fix race while discarding buffers [V4] (bnc#815356 (comment 36)). * xfs: Serialize file-extending direct IO (bnc#818371). * xfs: Do not allocate new buffers on every call to _xfs_buf_find (bnc#763968). * xfs: fix buffer lookup race on allocation failure (bnc#763968). ALSA: * Fix VT1708 jack detection on SLEPOS machines (bnc#813922). * ALSA: hda - Avoid choose same converter for unused pins (bnc#826186). * ALSA: hda - Cache the MUX selection for generic HDMI (bnc#826186). * ALSA: hda - Haswell converter power state D0 verify (bnc#826186). * ALSA: hda - Do not take unresponsive D3 transition too serious (bnc#823597). * ALSA: hda - Introduce bit flags to snd_hda_codec_read/write() (bnc#823597). * ALSA: hda - Check CORB overflow (bnc#823597). * ALSA: hda - Check validity of CORB/RIRB WP reads (bnc#823597). * ALSA: hda - Fix system panic when DMA > 40 bits for Nvidia audio controllers (bnc#818465). * ALSA: hda - Add hint for suppressing lower cap for IDT codecs (bnc#812332). * ALSA: hda - Enable mic-mute LED on more HP laptops (bnc#821859). Direct Rendering Manager (DRM): * drm/i915: Add wait_for in init_ring_common (bnc#813604). * drm/i915: Mark the ringbuffers as being in the GTT domain (bnc#813604). * drm/edid: Do not print messages regarding stereo or csync by default (bnc #821235). * drm/i915: force full modeset if the connector is in DPMS OFF mode (bnc #809975). * drm/i915/sdvo: Use &intel_sdvo->ddc instead of intel_sdvo->i2c for DDC (bnc #808855). * drm/mm: fix dump table BUG. (bnc#808837) * drm/i915: Clear the stolen fb before enabling (bnc#808015). XEN: * xen/netback: Update references (bnc#823342). * xen: Check for insane amounts of requests on the ring. * Update Xen patches to 3.0.82. * netback: do not disconnect frontend when seeing oversize packet. * netfront: reduce gso_max_size to account for max TCP header. * netfront: fix kABI after "reduce gso_max_size to account for max TCP header". Other: * x86, efi: retry ExitBootServices() on failure (bnc#823386). * x86/efi: Fix dummy variable buffer allocation (bnc#822080). * ext4: avoid hang when mounting non-journal filesystems with orphan list (bnc#817377). * mm: compaction: Scan PFN caching KABI workaround (Fix KABI breakage (bnc#825657)). * autofs4 - fix get_next_positive_subdir() (bnc#819523). * ocfs2: Add bits_wanted while calculating credits in ocfs2_calc_extend_credits (bnc#822077). * writeback: Avoid needless scanning of b_dirty list (bnc#819018). * writeback: Do not sort b_io list only because of block device inode (bnc#819018). * re-enable io tracing (bnc#785901). * pciehp: Corrected the old mismatching DMI strings. * SUNRPC: Prevent an rpc_task wakeup race (bnc#825591). * tg3: Prevent system hang during repeated EEH errors (bnc#822066). * scsi_dh_alua: multipath failover fails with error 15 (bnc#825696). * Do not switch camera on HP EB 8780 (bnc#797090). * Do not switch webcam for HP EB 8580w (bnc#797090). * mm: fixup compilation error due to an asm write through a const pointer. (bnc#823795) * do not switch cam port on HP EliteBook 840 (bnc#822164). * net/sunrpc: xpt_auth_cache should be ignored when expired (bnc#803320). * sunrpc/cache: ensure items removed from cache do not have pending upcalls (bnc#803320). * sunrpc/cache: remove races with queuing an upcall (bnc#803320). * sunrpc/cache: use cache_fresh_unlocked consistently and correctly (bnc#803320). * KVM: x86: emulate movdqa (bnc#821070). * KVM: x86: emulator: add support for vector alignment (bnc#821070). * KVM: x86: emulator: expand decode flags to 64 bits (bnc#821070). * xhci - correct comp_mode_recovery_timer on return from hibernate (bnc#808136). * md/raid10 enough fixes (bnc#773837). * lib/Makefile: Fix oid_registry build dependency (bnc#823223). * Update config files: disable IP_PNP (bnc#822825) * Fix kABI breakage for addition of snd_hda_bus.no_response_fallback (bnc#823597). * Disable efi pstore by default (bnc#804482 bnc#820172). * md: Fix problem with GET_BITMAP_FILE returning wrong status (bnc#812974). * bnx2x: Fix bridged GSO for 57710/57711 chips (bnc#819610). * USB: xHCI: override bogus bulk wMaxPacketSize values (bnc#823082). * BTUSB: Add MediaTek bluetooth MT76x0E support (bnc#797727 bnc#822340). * qlge: Update version to 1.00.00.32 (bnc#819195). * qlge: Fix ethtool autoneg advertising (bnc#819195). * qlge: Fix receive path to drop error frames (bnc#819195). * qlge: remove NETIF_F_TSO6 flag (bnc#819195). * remove init of dev->perm_addr in drivers (bnc#819195). * drivers/net: fix up function prototypes after __dev* removals (bnc#819195). * qlge: remove __dev* attributes (bnc#819195). * drivers: ethernet: qlogic: qlge_dbg.c: Fixed a coding style issue (bnc#819195). * cxgb4: Force uninitialized state if FW_ON_ADAPTER is < FW_VERSION and we are the MASTER_PF (bnc#809130). * USB: UHCI: fix for suspend of virtual HP controller (bnc#817035). * timer_list: Convert timer list to be a proper seq_file (bnc#818047). * timer_list: Split timer_list_show_tickdevices (bnc#818047). * sched: Fix /proc/sched_debug failure on very very large systems (bnc#818047). * sched: Fix /proc/sched_stat failure on very very large systems (bnc#818047). * reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). * libfc: do not exch_done() on invalid sequence ptr (bnc#810722). * netfilter: ip6t_LOG: fix logging of packet mark (bnc#821930). * virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID (bnc#819655). * HWPOISON: fix misjudgement of page_action() for errors on mlocked pages (Memory failure RAS (bnc#821799)). * HWPOISON: check dirty flag to match against clean page (Memory failure RAS (bnc#821799)). * HWPOISON: change order of error_states elements (Memory failure RAS (bnc#821799)). * mm: hwpoison: fix action_result() to print out dirty/clean (Memory failure RAS (bnc#821799)). * mm: mmu_notifier: re-fix freed page still mapped in secondary MMU (bnc#821052). * Do not switch webcams in some HP ProBooks to XHCI (bnc#805804). * Do not switch BT on HP ProBook 4340 (bnc#812281). * mm: memory_dev_init make sure nmi watchdog does not trigger while registering memory sections (bnc#804609, bnc#820434). * mm: compaction: Restart compaction from near where it left off * mm: compaction: cache if a pageblock was scanned and no pages were isolated * mm: compaction: clear PG_migrate_skip based on compaction and reclaim activity * mm: compaction: Scan PFN caching KABI workaround * mm: page_allocator: Remove first_pass guard * mm: vmscan: do not stall on writeback during memory compaction Cache compaction restart points for faster compaction cycles (bnc#816451) Security Issue references: * CVE-2013-0160 * CVE-2013-1774 * CVE-2013-1979 * CVE-2013-3076 * CVE-2013-3222 * CVE-2013-3223 * CVE-2013-3224 * CVE-2013-3225 * CVE-2013-3227 * CVE-2013-3228 * CVE-2013-3229 * CVE-2013-3231 * CVE-2013-3232 * CVE-2013-3234 * CVE-2013-3235 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kernel-7991 slessp3-kernel-7992 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kernel-7991 slessp3-kernel-7992 slessp3-kernel-7993 slessp3-kernel-7994 slessp3-kernel-8000 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-kernel-7991 slehasp3-kernel-7992 slehasp3-kernel-7993 slehasp3-kernel-7994 slehasp3-kernel-8000 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kernel-7991 sledsp3-kernel-7992 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.82]: kernel-default-3.0.82-0.7.9 kernel-default-base-3.0.82-0.7.9 kernel-default-devel-3.0.82-0.7.9 kernel-source-3.0.82-0.7.9 kernel-syms-3.0.82-0.7.9 kernel-trace-3.0.82-0.7.9 kernel-trace-base-3.0.82-0.7.9 kernel-trace-devel-3.0.82-0.7.9 kernel-xen-devel-3.0.82-0.7.9 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.82]: kernel-pae-3.0.82-0.7.9 kernel-pae-base-3.0.82-0.7.9 kernel-pae-devel-3.0.82-0.7.9 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.82]: kernel-default-3.0.82-0.7.9 kernel-default-base-3.0.82-0.7.9 kernel-default-devel-3.0.82-0.7.9 kernel-source-3.0.82-0.7.9 kernel-syms-3.0.82-0.7.9 kernel-trace-3.0.82-0.7.9 kernel-trace-base-3.0.82-0.7.9 kernel-trace-devel-3.0.82-0.7.9 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.82]: kernel-ec2-3.0.82-0.7.9 kernel-ec2-base-3.0.82-0.7.9 kernel-ec2-devel-3.0.82-0.7.9 kernel-xen-3.0.82-0.7.9 kernel-xen-base-3.0.82-0.7.9 kernel-xen-devel-3.0.82-0.7.9 - SUSE Linux Enterprise Server 11 SP3 (x86_64): xen-kmp-default-4.2.2_04_3.0.82_0.7-0.9.3 - SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.82]: kernel-default-man-3.0.82-0.7.9 - SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.82]: kernel-ppc64-3.0.82-0.7.9 kernel-ppc64-base-3.0.82-0.7.9 kernel-ppc64-devel-3.0.82-0.7.9 - SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.82]: kernel-pae-3.0.82-0.7.9 kernel-pae-base-3.0.82-0.7.9 kernel-pae-devel-3.0.82-0.7.9 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.82_0.7-2.25.3 cluster-network-kmp-trace-1.4_3.0.82_0.7-2.25.3 gfs2-kmp-default-2_3.0.82_0.7-0.16.3 gfs2-kmp-trace-2_3.0.82_0.7-0.16.3 ocfs2-kmp-default-1.6_3.0.82_0.7-0.18.3 ocfs2-kmp-trace-1.6_3.0.82_0.7-0.18.3 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.82_0.7-2.25.3 gfs2-kmp-xen-2_3.0.82_0.7-0.16.3 ocfs2-kmp-xen-1.6_3.0.82_0.7-0.18.3 - SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.82_0.7-2.25.3 gfs2-kmp-ppc64-2_3.0.82_0.7-0.16.3 ocfs2-kmp-ppc64-1.6_3.0.82_0.7-0.18.3 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586): cluster-network-kmp-pae-1.4_3.0.82_0.7-2.25.3 gfs2-kmp-pae-2_3.0.82_0.7-0.16.3 ocfs2-kmp-pae-1.6_3.0.82_0.7-0.18.3 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.82]: kernel-default-3.0.82-0.7.9 kernel-default-base-3.0.82-0.7.9 kernel-default-devel-3.0.82-0.7.9 kernel-default-extra-3.0.82-0.7.9 kernel-source-3.0.82-0.7.9 kernel-syms-3.0.82-0.7.9 kernel-trace-devel-3.0.82-0.7.9 kernel-xen-3.0.82-0.7.9 kernel-xen-base-3.0.82-0.7.9 kernel-xen-devel-3.0.82-0.7.9 kernel-xen-extra-3.0.82-0.7.9 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): xen-kmp-default-4.2.2_04_3.0.82_0.7-0.9.3 - SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.82]: kernel-pae-3.0.82-0.7.9 kernel-pae-base-3.0.82-0.7.9 kernel-pae-devel-3.0.82-0.7.9 kernel-pae-extra-3.0.82-0.7.9 - SLE 11 SERVER Unsupported Extras (i586 ia64): kernel-default-extra-3.0.82-0.7.9 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-3.0.82-0.7.9 kernel-xen-extra-3.0.82-0.7.9 References: http://support.novell.com/security/cve/CVE-2013-0160.html http://support.novell.com/security/cve/CVE-2013-1774.html http://support.novell.com/security/cve/CVE-2013-1979.html http://support.novell.com/security/cve/CVE-2013-3076.html http://support.novell.com/security/cve/CVE-2013-3222.html http://support.novell.com/security/cve/CVE-2013-3223.html http://support.novell.com/security/cve/CVE-2013-3224.html http://support.novell.com/security/cve/CVE-2013-3225.html http://support.novell.com/security/cve/CVE-2013-3227.html http://support.novell.com/security/cve/CVE-2013-3228.html http://support.novell.com/security/cve/CVE-2013-3229.html http://support.novell.com/security/cve/CVE-2013-3231.html http://support.novell.com/security/cve/CVE-2013-3232.html http://support.novell.com/security/cve/CVE-2013-3234.html http://support.novell.com/security/cve/CVE-2013-3235.html https://bugzilla.novell.com/763968 https://bugzilla.novell.com/773837 https://bugzilla.novell.com/785901 https://bugzilla.novell.com/797090 https://bugzilla.novell.com/797727 https://bugzilla.novell.com/801427 https://bugzilla.novell.com/803320 https://bugzilla.novell.com/804482 https://bugzilla.novell.com/804609 https://bugzilla.novell.com/805804 https://bugzilla.novell.com/806976 https://bugzilla.novell.com/808015 https://bugzilla.novell.com/808136 https://bugzilla.novell.com/808837 https://bugzilla.novell.com/808855 https://bugzilla.novell.com/809130 https://bugzilla.novell.com/809895 https://bugzilla.novell.com/809975 https://bugzilla.novell.com/810722 https://bugzilla.novell.com/812281 https://bugzilla.novell.com/812332 https://bugzilla.novell.com/812526 https://bugzilla.novell.com/812974 https://bugzilla.novell.com/813604 https://bugzilla.novell.com/813922 https://bugzilla.novell.com/815356 https://bugzilla.novell.com/816451 https://bugzilla.novell.com/817035 https://bugzilla.novell.com/817377 https://bugzilla.novell.com/818047 https://bugzilla.novell.com/818371 https://bugzilla.novell.com/818465 https://bugzilla.novell.com/819018 https://bugzilla.novell.com/819195 https://bugzilla.novell.com/819523 https://bugzilla.novell.com/819610 https://bugzilla.novell.com/819655 https://bugzilla.novell.com/820172 https://bugzilla.novell.com/820434 https://bugzilla.novell.com/821052 https://bugzilla.novell.com/821070 https://bugzilla.novell.com/821235 https://bugzilla.novell.com/821799 https://bugzilla.novell.com/821859 https://bugzilla.novell.com/821930 https://bugzilla.novell.com/822066 https://bugzilla.novell.com/822077 https://bugzilla.novell.com/822080 https://bugzilla.novell.com/822164 https://bugzilla.novell.com/822340 https://bugzilla.novell.com/822431 https://bugzilla.novell.com/822722 https://bugzilla.novell.com/822825 https://bugzilla.novell.com/823082 https://bugzilla.novell.com/823223 https://bugzilla.novell.com/823342 https://bugzilla.novell.com/823386 https://bugzilla.novell.com/823597 https://bugzilla.novell.com/823795 https://bugzilla.novell.com/824159 https://bugzilla.novell.com/825037 https://bugzilla.novell.com/825591 https://bugzilla.novell.com/825657 https://bugzilla.novell.com/825696 https://bugzilla.novell.com/826186 http://download.novell.com/patch/finder/?keywords=49f7874a175529c59329baae054899e0 http://download.novell.com/patch/finder/?keywords=791cb1bb4aba7ca75e2e478593c653e9 http://download.novell.com/patch/finder/?keywords=7cb18c7bcebceb94dd2514f7fc68034b http://download.novell.com/patch/finder/?keywords=b2cd3e34903a77d5b7bee3e293386aec http://download.novell.com/patch/finder/?keywords=befc91a3baffe1e8ef34f3ebd0f9922b http://download.novell.com/patch/finder/?keywords=d52cf2180c196dd33a4180877ad434ff http://download.novell.com/patch/finder/?keywords=febfa3d8532573af9a9f2671f911e520 From sle-security-updates at lists.suse.com Fri Jul 12 00:04:16 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jul 2013 08:04:16 +0200 (CEST) Subject: SUSE-SU-2013:1098-2: moderate: Security update for Mesa Message-ID: <20130712060416.490BB3224C@maintenance.suse.de> SUSE Security Update: Security update for Mesa ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1098-2 Rating: moderate References: #815451 #821855 Cross-References: CVE-2013-1993 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of Mesa fixes multiple integer overflows. Security Issue reference: * CVE-2013-1993 Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): Mesa-6.4.2-19.20.2 Mesa-devel-6.4.2-19.20.2 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): Mesa-32bit-6.4.2-19.20.2 Mesa-devel-32bit-6.4.2-19.20.2 - SUSE Linux Enterprise Server 10 SP4 (ia64): Mesa-x86-6.4.2-19.20.2 - SUSE Linux Enterprise Server 10 SP4 (ppc): Mesa-64bit-6.4.2-19.20.2 Mesa-devel-64bit-6.4.2-19.20.2 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): Mesa-6.4.2-19.20.2 Mesa-devel-6.4.2-19.20.2 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): Mesa-32bit-6.4.2-19.20.2 Mesa-devel-32bit-6.4.2-19.20.2 References: http://support.novell.com/security/cve/CVE-2013-1993.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821855 http://download.novell.com/patch/finder/?keywords=ead44002505a3c1d8f81d2f879ef6d0c From sle-security-updates at lists.suse.com Fri Jul 12 13:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jul 2013 21:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1190-1: moderate: Security update for krb5 Message-ID: <20130712190410.9D05C32249@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1190-1 Rating: moderate References: #825985 Cross-References: CVE-2002-2443 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This krb5 update fixes a security issue. * kpasswd UDP ping-pong (bug#825985 / CVE-2002-2443) Security Issue reference: * CVE-2002-2443 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-krb5-7962 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-krb5-7968 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-krb5-7962 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-krb5-7962 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-krb5-7968 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-krb5-7968 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-krb5-7962 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-krb5-7968 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.56.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.56.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): krb5-server-1.6.3-133.49.56.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.56.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.56.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): krb5-server-1.6.3-133.49.56.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): krb5-1.6.3-133.49.56.1 krb5-apps-clients-1.6.3-133.49.56.1 krb5-apps-servers-1.6.3-133.49.56.1 krb5-client-1.6.3-133.49.56.1 krb5-server-1.6.3-133.49.56.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): krb5-32bit-1.6.3-133.49.56.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.56.1 krb5-apps-clients-1.6.3-133.49.56.1 krb5-apps-servers-1.6.3-133.49.56.1 krb5-client-1.6.3-133.49.56.1 krb5-server-1.6.3-133.49.56.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.56.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): krb5-x86-1.6.3-133.49.56.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): krb5-1.6.3-133.49.56.1 krb5-apps-clients-1.6.3-133.49.56.1 krb5-apps-servers-1.6.3-133.49.56.1 krb5-client-1.6.3-133.49.56.1 krb5-server-1.6.3-133.49.56.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): krb5-32bit-1.6.3-133.49.56.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.56.1 krb5-apps-clients-1.6.3-133.49.56.1 krb5-apps-servers-1.6.3-133.49.56.1 krb5-client-1.6.3-133.49.56.1 krb5-server-1.6.3-133.49.56.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.56.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): krb5-x86-1.6.3-133.49.56.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): krb5-1.4.3-19.49.53.1 krb5-apps-clients-1.4.3-19.49.53.1 krb5-apps-servers-1.4.3-19.49.53.1 krb5-client-1.4.3-19.49.53.1 krb5-devel-1.4.3-19.49.53.1 krb5-server-1.4.3-19.49.53.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): krb5-32bit-1.4.3-19.49.53.1 krb5-devel-32bit-1.4.3-19.49.53.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): krb5-x86-1.4.3-19.49.53.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): krb5-64bit-1.4.3-19.49.53.1 krb5-devel-64bit-1.4.3-19.49.53.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): krb5-1.6.3-133.49.56.1 krb5-client-1.6.3-133.49.56.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): krb5-32bit-1.6.3-133.49.56.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): krb5-1.6.3-133.49.56.1 krb5-client-1.6.3-133.49.56.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): krb5-32bit-1.6.3-133.49.56.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): krb5-1.4.3-19.49.53.1 krb5-client-1.4.3-19.49.53.1 krb5-devel-1.4.3-19.49.53.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): krb5-32bit-1.4.3-19.49.53.1 krb5-devel-32bit-1.4.3-19.49.53.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): krb5-apps-clients-1.4.3-19.49.53.1 krb5-apps-servers-1.4.3-19.49.53.1 krb5-server-1.4.3-19.49.53.1 References: http://support.novell.com/security/cve/CVE-2002-2443.html https://bugzilla.novell.com/825985 http://download.novell.com/patch/finder/?keywords=3dfdef1b01c0a222b10532e9cbb10514 http://download.novell.com/patch/finder/?keywords=879ff6dd0e1bb99ce692a47131264157 http://download.novell.com/patch/finder/?keywords=c39bdbe610296d79e3993188cd5996f5 From sle-security-updates at lists.suse.com Fri Jul 12 16:04:09 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 13 Jul 2013 00:04:09 +0200 (CEST) Subject: SUSE-SU-2013:1193-1: moderate: Security update for ibutils Message-ID: <20130712220409.C1C163224C@maintenance.suse.de> SUSE Security Update: Security update for ibutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1193-1 Rating: moderate References: #811660 Cross-References: CVE-2013-1894 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Various tmp races in ibdiagnet of ibutils have been fixed that could have been used by local attackers on machines where infiband was debugged to gain privileges. Security Issue reference: * CVE-2013-1894 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-ibutils-8030 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-ibutils-8029 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ibutils-8030 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ibutils-8030 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-ibutils-8029 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-ibutils-8029 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 x86_64): ibutils-devel-1.5.7-0.9.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 x86_64): ibutils-devel-32bit-1.5.7-0.9.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): ibutils-1.5.7-0.9.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64): ibutils-32bit-1.5.7-0.9.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 x86_64): ibutils-devel-1.5.4-0.7.7.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 x86_64): ibutils-devel-32bit-1.5.4-0.7.7.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): ibutils-1.5.4-0.7.7.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (x86_64): ibutils-32bit-1.5.4-0.7.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ibutils-1.5.7-0.9.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): ibutils-32bit-1.5.7-0.9.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 x86_64): ibutils-1.5.7-0.9.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 x86_64): ibutils-32bit-1.5.7-0.9.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ibutils-1.5.4-0.7.7.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): ibutils-32bit-1.5.4-0.7.7.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 x86_64): ibutils-1.5.4-0.7.7.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 x86_64): ibutils-32bit-1.5.4-0.7.7.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc x86_64): ibutils-1.5.4-0.13.1 ibutils-devel-1.5.4-0.13.1 - SUSE Linux Enterprise Server 10 SP4 (x86_64): ibutils-32bit-1.5.4-0.13.1 ibutils-devel-32bit-1.5.4-0.13.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): ibutils-x86-1.5.4-0.13.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): ibutils-64bit-1.5.4-0.13.1 ibutils-devel-64bit-1.5.4-0.13.1 References: http://support.novell.com/security/cve/CVE-2013-1894.html https://bugzilla.novell.com/811660 http://download.novell.com/patch/finder/?keywords=11524c8b32981c34ce1318862678fe36 http://download.novell.com/patch/finder/?keywords=8e5fb9360d3b7709308d0707088c7e0f http://download.novell.com/patch/finder/?keywords=da107ccc84270545004aae4885b15ce2 From sle-security-updates at lists.suse.com Thu Jul 18 15:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Jul 2013 23:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1213-1: important: Security update for flash-player Message-ID: <20130718210410.C157C3227E@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1213-1 Rating: important References: #828810 Cross-References: CVE-2013-3344 CVE-2013-3345 CVE-2013-3347 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes one version update. Description: Adobe flash-player has been updated to version 11.2.202.291 (ABSP13-17) which fixes bugs and security issues. This update fixes the following security issues: * a heap buffer overflow vulnerability that could have lead to code execution (CVE-2013-3344). * a memory corruption vulnerability that could have lead to code execution (CVE-2013-3345). * an integer overflow when resampling a user-supplied PCM buffer (CVE-2013-3347). Official advisory can be found on http://www.adobe.com/support/security/bulletins/apsb13-17.ht ml Security Issue references: * CVE-2013-3344 * CVE-2013-3345 * CVE-2013-3347 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-8039 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-flash-player-8038 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.297]: flash-player-11.2.202.297-0.3.1 flash-player-gnome-11.2.202.297-0.3.1 flash-player-kde4-11.2.202.297-0.3.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.297]: flash-player-11.2.202.297-0.3.1 flash-player-gnome-11.2.202.297-0.3.1 flash-player-kde4-11.2.202.297-0.3.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 11.2.202.297]: flash-player-11.2.202.297-0.5.2 References: http://support.novell.com/security/cve/CVE-2013-3344.html http://support.novell.com/security/cve/CVE-2013-3345.html http://support.novell.com/security/cve/CVE-2013-3347.html https://bugzilla.novell.com/828810 http://download.novell.com/patch/finder/?keywords=2a99ce6c544e43d5065f403d412927eb http://download.novell.com/patch/finder/?keywords=a62a96037c69a861417e569c4f78a0ff http://download.novell.com/patch/finder/?keywords=bda18521b2a6248c706df2f3b0650967 From sle-security-updates at lists.suse.com Thu Jul 18 15:04:14 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Jul 2013 23:04:14 +0200 (CEST) Subject: SUSE-SU-2013:1214-1: moderate: Security update for KVM Message-ID: <20130718210414.5D7163227E@maintenance.suse.de> SUSE Security Update: Security update for KVM ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1214-1 Rating: moderate References: #712137 #725008 #786813 #818182 #824340 Cross-References: CVE-2013-2007 Affected Products: SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update fixes a file permission issue with qga (the QEMU Guest Agent) from the qemu/kvm package and includes several bug-fixes. (bnc#818182) (CVE-2013-2007) (bnc#786813) (bnc#725008) (bnc#712137) (bnc#824340) Security Issues: * CVE-2013-2007 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kvm-7906 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kvm-7906 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): kvm-0.15.1-0.27.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): kvm-0.15.1-0.27.1 References: http://support.novell.com/security/cve/CVE-2013-2007.html https://bugzilla.novell.com/712137 https://bugzilla.novell.com/725008 https://bugzilla.novell.com/786813 https://bugzilla.novell.com/818182 https://bugzilla.novell.com/824340 http://download.novell.com/patch/finder/?keywords=ddb145f19c5e9d74a91e6259aa616b70 From sle-security-updates at lists.suse.com Thu Jul 18 15:04:25 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Jul 2013 23:04:25 +0200 (CEST) Subject: SUSE-SU-2013:1216-1: moderate: Security update for python-suds Message-ID: <20130718210425.342153227E@maintenance.suse.de> SUSE Security Update: Security update for python-suds ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1216-1 Rating: moderate References: #827568 Cross-References: CVE-2013-2217 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Insecure temporary directory usage in Python suds has been fixed. (CVE-2013-2217) Security Issue reference: * CVE-2013-2217 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-python-suds-8017 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (x86_64): python-suds-0.4-0.13.13.1 References: http://support.novell.com/security/cve/CVE-2013-2217.html https://bugzilla.novell.com/827568 http://download.novell.com/patch/finder/?keywords=202789db57b6ad14f82e3c817e5cb288 From sle-security-updates at lists.suse.com Thu Jul 18 15:04:29 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Jul 2013 23:04:29 +0200 (CEST) Subject: SUSE-SU-2013:1217-1: moderate: Security update for subversion Message-ID: <20130718210429.33E7C3227E@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1217-1 Rating: moderate References: #821505 Cross-References: CVE-2013-1968 CVE-2013-2112 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update of subversion fixes two potential DoS vulnerabilities (bug#821505, CVE-2013-1968, CVE-2013-2112). * Server-side bugfixes: o fix FSFS repository corruption due to newline in filename (issue #4340) o fix svnserve exiting when a client connection is aborted (r1482759) * Other tool improvements and bugfixes: o fix argument processing in contrib hook scripts (r1485350) Security Issues: * CVE-2013-1968 * CVE-2013-2112 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-subversion-7930 - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-subversion-7933 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-subversion-7930 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): subversion-1.6.17-1.17.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): subversion-1.6.17-1.17.1 subversion-devel-1.6.17-1.17.1 subversion-perl-1.6.17-1.17.1 subversion-python-1.6.17-1.17.1 subversion-server-1.6.17-1.17.1 subversion-tools-1.6.17-1.17.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): subversion-1.6.17-1.17.1 subversion-devel-1.6.17-1.17.1 subversion-perl-1.6.17-1.17.1 subversion-python-1.6.17-1.17.1 subversion-server-1.6.17-1.17.1 subversion-tools-1.6.17-1.17.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): subversion-1.3.1-1.24.1 subversion-devel-1.3.1-1.24.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): cvs2svn-1.3.0-30.24.1 subversion-1.3.1-1.24.1 subversion-devel-1.3.1-1.24.1 subversion-python-1.3.1-1.24.1 subversion-server-1.3.1-1.24.1 subversion-tools-1.3.1-1.24.1 viewcvs-1.0.5-0.24.1 References: http://support.novell.com/security/cve/CVE-2013-1968.html http://support.novell.com/security/cve/CVE-2013-2112.html https://bugzilla.novell.com/821505 http://download.novell.com/patch/finder/?keywords=36021bc879cc7c6cd3d36b5f76b9c22d http://download.novell.com/patch/finder/?keywords=64648aca6f33898d15cd8c0c4956232f http://download.novell.com/patch/finder/?keywords=f1e3ccee3d6965d85d10d4c4ff3e6746 From sle-security-updates at lists.suse.com Thu Jul 18 16:04:14 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Jul 2013 00:04:14 +0200 (CEST) Subject: SUSE-SU-2013:1219-1: important: Security update for nagios-nrpe, nagios-plugins-nrpe Message-ID: <20130718220414.CDAF43227E@maintenance.suse.de> SUSE Security Update: Security update for nagios-nrpe, nagios-plugins-nrpe ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1219-1 Rating: important References: #807241 Cross-References: CVE-2013-1362 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Nagios NRPE was updated to add more blacklisting to avoid shell injection via nagios request packets (CVE-2013-1362). Security Issues: * CVE-2013-1362 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-nagios-nrpe-8033 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-nagios-nrpe-8033 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-nagios-nrpe-8032 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-nagios-nrpe-8032 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): nagios-nrpe-2.12-24.4.8.1 nagios-nrpe-doc-2.12-24.4.8.1 nagios-plugins-nrpe-2.12-24.4.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): nagios-nrpe-2.12-24.4.8.1 nagios-nrpe-doc-2.12-24.4.8.1 nagios-plugins-nrpe-2.12-24.4.8.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): nagios-nrpe-2.12-24.4.8.1 nagios-nrpe-doc-2.12-24.4.8.1 nagios-plugins-nrpe-2.12-24.4.8.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): nagios-nrpe-2.12-24.4.8.1 nagios-nrpe-doc-2.12-24.4.8.1 nagios-plugins-nrpe-2.12-24.4.8.1 References: http://support.novell.com/security/cve/CVE-2013-1362.html https://bugzilla.novell.com/807241 http://download.novell.com/patch/finder/?keywords=c4f6ad63a4915b3a42859f58bb03e977 http://download.novell.com/patch/finder/?keywords=efb6b86f270013cd431764d840c290db From sle-security-updates at lists.suse.com Tue Jul 23 11:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Jul 2013 19:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1237-1: moderate: Security update for strongswan Message-ID: <20130723170410.F040632283@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1237-1 Rating: moderate References: #815236 Cross-References: CVE-2013-2944 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the ECDSA signature vulnerability in strongswan. CVE-2013-2944 has been assigned to this issue. Security Issue reference: * CVE-2013-2944 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-strongswan-7638 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-strongswan-7638 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-strongswan-7638 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): strongswan-4.4.0-6.17.2 strongswan-doc-4.4.0-6.17.2 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): strongswan-4.4.0-6.17.2 strongswan-doc-4.4.0-6.17.2 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): strongswan-4.4.0-6.17.2 strongswan-doc-4.4.0-6.17.2 References: http://support.novell.com/security/cve/CVE-2013-2944.html https://bugzilla.novell.com/815236 http://download.novell.com/patch/finder/?keywords=6135247f38554d1bc90baf3102f2b478 From sle-security-updates at lists.suse.com Tue Jul 23 14:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Jul 2013 22:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1238-1: important: Security update for java-1_6_0-openjdk Message-ID: <20130723200410.BB0FB32283@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1238-1 Rating: important References: #829708 Cross-References: CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2459 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes 26 vulnerabilities is now available. Description: java-1_6_0-openjdk has been updated to Icedtea6-1.12.6 version. Security fixes: * S6741606, CVE-2013-2407: Integrate Apache Santuario * S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls * S7170730, CVE-2013-2451: Improve Windows network stack support. * S8000638, CVE-2013-2450: Improve deserialization * S8000642, CVE-2013-2446: Better handling of objects for transportation * S8001032: Restrict object access * S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers * S8001034, CVE-2013-1500: Memory management improvements * S8001038, CVE-2013-2444: Resourcefully handle resources * S8001043: Clarify definition restrictions * S8001309: Better handling of annotation interfaces * S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost * S8001330, CVE-2013-2443: Improve on checking order * S8003703, CVE-2013-2412: Update RMI connection dialog box * S8004584: Augment applet contextualization * S8005007: Better glyph processing * S8006328, CVE-2013-2448: Improve robustness of sound classes * S8006611: Improve scripting * S8007467: Improve robustness of JMX internal APIs * S8007471: Improve MBean notifications * S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes * S8008120, CVE-2013-2457: Improve JMX class checking * S8008124, CVE-2013-2453: Better compliance testing * S8008128: Better API coherence for JMX * S8008132, CVE-2013-2456: Better serialization support * S8008585: Better JMX data handling * S8008593: Better URLClassLoader resource management * S8008603: Improve provision of JMX providers Security Issue references: * CVE-2013-2407 * CVE-2013-2445 * CVE-2013-2451 * CVE-2013-2450 * CVE-2013-2446 * CVE-2013-2452 * CVE-2013-1500 * CVE-2013-2444 * CVE-2013-2447 * CVE-2013-2443 * CVE-2013-2412 * CVE-2013-2448 * CVE-2013-2455 * CVE-2013-2457 * CVE-2013-2453 * CVE-2013-2456 * CVE-2013-2459 * CVE-2013-2470 * CVE-2013-2471 * CVE-2013-2472 * CVE-2013-2473 * CVE-2013-1571 * CVE-2013-2463 * CVE-2013-2465 * CVE-2013-2469 * CVE-2013-2461 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-java-1_6_0-openjdk-8084 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b27.1.12.6-0.2.1 java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.6-0.2.1 java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.6-0.2.1 References: http://support.novell.com/security/cve/CVE-2013-1500.html http://support.novell.com/security/cve/CVE-2013-1571.html http://support.novell.com/security/cve/CVE-2013-2407.html http://support.novell.com/security/cve/CVE-2013-2412.html http://support.novell.com/security/cve/CVE-2013-2443.html http://support.novell.com/security/cve/CVE-2013-2444.html http://support.novell.com/security/cve/CVE-2013-2445.html http://support.novell.com/security/cve/CVE-2013-2446.html http://support.novell.com/security/cve/CVE-2013-2447.html http://support.novell.com/security/cve/CVE-2013-2448.html http://support.novell.com/security/cve/CVE-2013-2450.html http://support.novell.com/security/cve/CVE-2013-2451.html http://support.novell.com/security/cve/CVE-2013-2452.html http://support.novell.com/security/cve/CVE-2013-2453.html http://support.novell.com/security/cve/CVE-2013-2455.html http://support.novell.com/security/cve/CVE-2013-2456.html http://support.novell.com/security/cve/CVE-2013-2457.html http://support.novell.com/security/cve/CVE-2013-2459.html http://support.novell.com/security/cve/CVE-2013-2461.html http://support.novell.com/security/cve/CVE-2013-2463.html http://support.novell.com/security/cve/CVE-2013-2465.html http://support.novell.com/security/cve/CVE-2013-2469.html http://support.novell.com/security/cve/CVE-2013-2470.html http://support.novell.com/security/cve/CVE-2013-2471.html http://support.novell.com/security/cve/CVE-2013-2472.html http://support.novell.com/security/cve/CVE-2013-2473.html https://bugzilla.novell.com/829708 http://download.novell.com/patch/finder/?keywords=15c3233f1a27346b71f59d90b204e778 From sle-security-updates at lists.suse.com Wed Jul 24 16:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Jul 2013 00:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1250-1: moderate: Security update for lcms2 Message-ID: <20130724220411.08E2B320DA@maintenance.suse.de> SUSE Security Update: Security update for lcms2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1250-1 Rating: moderate References: #826097 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: lcms2 has been updated to the version 2.5 which is a maintenance release to fix various security and other bugs. * User defined parametric curves can now be saved in ICC profiles. * RGB profiles using same tone curves for several channels are storing now only one copy of the curve * update black point detection algorithm to reflect ICC changes * Added new cmsPlugInTHR() and fixed some race conditions * Added error descriptions on cmsSmoothToneCurve * Several improvements in cgats parser. * Fixed devicelink generation for 8 bits * Added a reference for Mac MLU tag * Added a way to read the profile creator from header * Added identity curves support for write V2 LUT * Added TIFF Lab16 handling on tifficc * Fixed a bug in parametric curves * Rendering intent used when creating the transform is now propagated to profile header in cmsTransform2Devicelink. * Transform2Devicelink now keeps white point when guessing deviceclass is enabled * Added some checks for non-happy path, mostly failing mallocs (bnc#826097). For further changes please see the ChangeLog in the RPM. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-lcms2-8091 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-lcms2-8091 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 2.5]: liblcms2-devel-2.5-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2.5]: lcms2-2.5-0.7.1 liblcms2-2-2.5-0.7.1 References: https://bugzilla.novell.com/826097 http://download.novell.com/patch/finder/?keywords=3746092820e850d9766ee08526b7fa10 From sle-security-updates at lists.suse.com Wed Jul 24 19:04:09 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Jul 2013 03:04:09 +0200 (CEST) Subject: SUSE-SU-2013:1237-2: moderate: Security update for strongswan Message-ID: <20130725010409.C419E3208B@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1237-2 Rating: moderate References: #815236 Cross-References: CVE-2013-2944 Affected Products: SUSE Linux Enterprise Server 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the ECDSA signature vulnerability in strongswan. CVE-2013-2944 was assigned to this issue. Security Issue reference: * CVE-2013-2944 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): strongswan-4.4.0-6.13.2 strongswan-doc-4.4.0-6.13.2 References: http://support.novell.com/security/cve/CVE-2013-2944.html https://bugzilla.novell.com/815236 http://download.novell.com/patch/finder/?keywords=2390874895a97b266f9742fe8b0b4570 From sle-security-updates at lists.suse.com Thu Jul 25 06:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Jul 2013 14:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1251-1: moderate: Security update for glibc Message-ID: <20130725120411.8F69D321EA@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1251-1 Rating: moderate References: #676178 #691365 #767266 #770891 #775690 #796982 #813121 #828637 Cross-References: CVE-2010-4756 CVE-2011-1089 CVE-2012-3405 CVE-2012-3406 CVE-2012-3480 CVE-2013-1914 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves 6 vulnerabilities and has two fixes is now available. Description: This collective update for the GNU C library (glibc) provides the following fixes and enhancements: Security issues fixed: * Fix stack overflow in getaddrinfo with many results. (bnc#813121, CVE-2013-1914) * Fix a different stack overflow in getaddrinfo with many results. (bnc#828637) * Fix array overflow in floating point parser [bnc#775690] (CVE-2012-3480) * Fix strtod integer/buffer overflows [bnc#775690] (CVE-2012-3480) * Add patches for fix overflows in vfprintf. [bnc #770891, CVE-2012-3405, CVE-2012-3406] * Fix buffer overflow in glob. (bnc#691365) (CVE-2010-4756) * Flush stream in addmntent, to catch errors like reached file size limits. [bnc #676178, CVE-2011-1089] Bugs fixed: * Fix locking in _IO_cleanup. (bnc#796982) * Fix resolver when first query fails, but seconds succeeds. [bnc #767266] Security Issue references: * CVE-2013-1914 * CVE-2010-4756 * CVE-2012-3480 * CVE-2012-3405 * CVE-2012-3406 * CVE-2011-1089 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS: zypper in -t patch slessp1-glibc-8082 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-glibc-8082 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 i686 x86_64): glibc-2.11.1-0.50.1 glibc-devel-2.11.1-0.50.1 - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64): glibc-html-2.11.1-0.50.1 glibc-i18ndata-2.11.1-0.50.1 glibc-info-2.11.1-0.50.1 glibc-locale-2.11.1-0.50.1 glibc-profile-2.11.1-0.50.1 nscd-2.11.1-0.50.1 - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (x86_64): glibc-32bit-2.11.1-0.50.1 glibc-devel-32bit-2.11.1-0.50.1 glibc-locale-32bit-2.11.1-0.50.1 glibc-profile-32bit-2.11.1-0.50.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 i686 s390x x86_64): glibc-2.11.1-0.50.1 glibc-devel-2.11.1-0.50.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): glibc-html-2.11.1-0.50.1 glibc-i18ndata-2.11.1-0.50.1 glibc-info-2.11.1-0.50.1 glibc-locale-2.11.1-0.50.1 glibc-profile-2.11.1-0.50.1 nscd-2.11.1-0.50.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64): glibc-32bit-2.11.1-0.50.1 glibc-devel-32bit-2.11.1-0.50.1 glibc-locale-32bit-2.11.1-0.50.1 glibc-profile-32bit-2.11.1-0.50.1 References: http://support.novell.com/security/cve/CVE-2010-4756.html http://support.novell.com/security/cve/CVE-2011-1089.html http://support.novell.com/security/cve/CVE-2012-3405.html http://support.novell.com/security/cve/CVE-2012-3406.html http://support.novell.com/security/cve/CVE-2012-3480.html http://support.novell.com/security/cve/CVE-2013-1914.html https://bugzilla.novell.com/676178 https://bugzilla.novell.com/691365 https://bugzilla.novell.com/767266 https://bugzilla.novell.com/770891 https://bugzilla.novell.com/775690 https://bugzilla.novell.com/796982 https://bugzilla.novell.com/813121 https://bugzilla.novell.com/828637 http://download.novell.com/patch/finder/?keywords=0ed824f4616a590edd9c21331469673e From sle-security-updates at lists.suse.com Thu Jul 25 08:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Jul 2013 16:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1254-1: important: Security update for java-1_7_0-openjdk Message-ID: <20130725140411.CC8A8320DB@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1254-1 Rating: important References: #828665 Cross-References: CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 30 vulnerabilities is now available. Description: This update to icedtea-2.4.1 fixes various security issues: * S6741606, CVE-2013-2407: Integrate Apache Santuario * S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls * S7170730, CVE-2013-2451: Improve Windows network stack support. * S8000638, CVE-2013-2450: Improve deserialization * S8000642, CVE-2013-2446: Better handling of objects for transportation * S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers * S8001034, CVE-2013-1500: Memory management improvements * S8001038, CVE-2013-2444: Resourcefully handle resources * S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost * S8001330, CVE-2013-2443: Improve on checking order (non-Zero builds only) * S8003703, CVE-2013-2412: Update RMI connection dialog box * S8004288, CVE-2013-2449: (fs) Files.probeContentType problems * S8006328, CVE-2013-2448: Improve robustness of sound classes * S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes * S8008120, CVE-2013-2457: Improve JMX class checking * S8008124, CVE-2013-2453: Better compliance testing * S8008132, CVE-2013-2456: Better serialization support * S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606 * S8009057, CVE-2013-2448: Improve MIDI event handling * S8009071, CVE-2013-2459: Improve shape handling * S8009424, CVE-2013-2458: Adapt Nashorn to JSR-292 implementation change * S8009554, CVE-2013-2454: Improve SerialJavaObject.getFields * S8010209, CVE-2013-2460: Better provision of factories * S8011243, CVE-2013-2470: Improve ImagingLib * S8011248, CVE-2013-2471: Better Component Rasters * S8011253, CVE-2013-2472: Better Short Component Rasters * S8011257, CVE-2013-2473: Better Byte Component Rasters * S8012375, CVE-2013-1571: Improve Javadoc framing * S8012438, CVE-2013-2463: Better image validation * S8012597, CVE-2013-2465: Better image channel verification * S8012601, CVE-2013-2469: Better validation of image layouts * S8014281, CVE-2013-2461: Better checking of XML signature Security Issue references: * CVE-2013-2407 * CVE-2013-2445 * CVE-2013-2451 * CVE-2013-2450 * CVE-2013-2446 * CVE-2013-2452 * CVE-2013-1500 * CVE-2013-2444 * CVE-2013-2447 * CVE-2013-2443 * CVE-2013-2412 * CVE-2013-2449 * CVE-2013-2448 * CVE-2013-2455 * CVE-2013-2457 * CVE-2013-2453 * CVE-2013-2456 * CVE-2013-2459 * CVE-2013-2458 * CVE-2013-2454 * CVE-2013-2460 * CVE-2013-2470 * CVE-2013-2471 * CVE-2013-2472 * CVE-2013-2473 * CVE-2013-1571 * CVE-2013-2463 * CVE-2013-2465 * CVE-2013-2469 * CVE-2013-2461 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-java-1_7_0-openjdk-8090 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): java-1_7_0-openjdk-1.7.0.6-0.19.2 java-1_7_0-openjdk-demo-1.7.0.6-0.19.2 java-1_7_0-openjdk-devel-1.7.0.6-0.19.2 References: http://support.novell.com/security/cve/CVE-2013-1500.html http://support.novell.com/security/cve/CVE-2013-1571.html http://support.novell.com/security/cve/CVE-2013-2407.html http://support.novell.com/security/cve/CVE-2013-2412.html http://support.novell.com/security/cve/CVE-2013-2443.html http://support.novell.com/security/cve/CVE-2013-2444.html http://support.novell.com/security/cve/CVE-2013-2445.html http://support.novell.com/security/cve/CVE-2013-2446.html http://support.novell.com/security/cve/CVE-2013-2447.html http://support.novell.com/security/cve/CVE-2013-2448.html http://support.novell.com/security/cve/CVE-2013-2449.html http://support.novell.com/security/cve/CVE-2013-2450.html http://support.novell.com/security/cve/CVE-2013-2451.html http://support.novell.com/security/cve/CVE-2013-2452.html http://support.novell.com/security/cve/CVE-2013-2453.html http://support.novell.com/security/cve/CVE-2013-2454.html http://support.novell.com/security/cve/CVE-2013-2455.html http://support.novell.com/security/cve/CVE-2013-2456.html http://support.novell.com/security/cve/CVE-2013-2457.html http://support.novell.com/security/cve/CVE-2013-2458.html http://support.novell.com/security/cve/CVE-2013-2459.html http://support.novell.com/security/cve/CVE-2013-2460.html http://support.novell.com/security/cve/CVE-2013-2461.html http://support.novell.com/security/cve/CVE-2013-2463.html http://support.novell.com/security/cve/CVE-2013-2465.html http://support.novell.com/security/cve/CVE-2013-2469.html http://support.novell.com/security/cve/CVE-2013-2470.html http://support.novell.com/security/cve/CVE-2013-2471.html http://support.novell.com/security/cve/CVE-2013-2472.html http://support.novell.com/security/cve/CVE-2013-2473.html https://bugzilla.novell.com/828665 http://download.novell.com/patch/finder/?keywords=562c8781d83d70fa81f9b3c9c3f93137 From sle-security-updates at lists.suse.com Thu Jul 25 12:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Jul 2013 20:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1255-1: important: Security update for java-1_6_0-ibm Message-ID: <20130725180411.1F91832246@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1255-1 Rating: important References: #817062 #823034 #829212 Cross-References: CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2437 CVE-2013-2442 CVE-2013-2443 CVE-2013-2444 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2459 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2466 CVE-2013-2468 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3009 CVE-2013-3011 CVE-2013-3012 CVE-2013-3743 CVE-2013-4002 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Java 11 SP3 SUSE Linux Enterprise Java 10 SP4 ______________________________________________________________________________ An update that fixes 35 vulnerabilities is now available. Description: IBM Java 1.6.0 has been updated to SR14 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ Also the following bugs have been fixed: * add Europe/Busingen to tzmappings (bnc#817062) * mark files in jre/bin and bin/ as executable (bnc#823034) Security Issue references: * CVE-2013-3009 * CVE-2013-3011 * CVE-2013-3012 * CVE-2013-4002 * CVE-2013-2468 * CVE-2013-2469 * CVE-2013-2465 * CVE-2013-2464 * CVE-2013-2463 * CVE-2013-2473 * CVE-2013-2472 * CVE-2013-2471 * CVE-2013-2470 * CVE-2013-2459 * CVE-2013-2466 * CVE-2013-3743 * CVE-2013-2448 * CVE-2013-2442 * CVE-2013-2407 * CVE-2013-2454 * CVE-2013-2456 * CVE-2013-2453 * CVE-2013-2457 * CVE-2013-2455 * CVE-2013-2412 * CVE-2013-2443 * CVE-2013-2447 * CVE-2013-2437 * CVE-2013-2444 * CVE-2013-2452 * CVE-2013-2446 * CVE-2013-2450 * CVE-2013-1571 * CVE-2013-2451 * CVE-2013-1500 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-java-1_6_0-ibm-8105 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-java-1_6_0-ibm-8105 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-java-1_6_0-ibm-8105 - SUSE Linux Enterprise Java 11 SP3: zypper in -t patch slejsp3-java-1_6_0-ibm-8105 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-devel-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): java-1_6_0-ibm-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): java-1_6_0-ibm-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-plugin-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586): java-1_6_0-ibm-alsa-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Server 11 SP3 (i586): java-1_6_0-ibm-alsa-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc s390x x86_64): java-1_6_0-ibm-1.6.0_sr14.0-0.11.1 java-1_6_0-ibm-devel-1.6.0_sr14.0-0.11.1 java-1_6_0-ibm-fonts-1.6.0_sr14.0-0.11.1 java-1_6_0-ibm-jdbc-1.6.0_sr14.0-0.11.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64): java-1_6_0-ibm-plugin-1.6.0_sr14.0-0.11.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): java-1_6_0-ibm-32bit-1.6.0_sr14.0-0.11.1 java-1_6_0-ibm-devel-32bit-1.6.0_sr14.0-0.11.1 - SUSE Linux Enterprise Server 10 SP4 (x86_64): java-1_6_0-ibm-alsa-32bit-1.6.0_sr14.0-0.11.1 java-1_6_0-ibm-plugin-32bit-1.6.0_sr14.0-0.11.1 - SUSE Linux Enterprise Server 10 SP4 (i586): java-1_6_0-ibm-alsa-1.6.0_sr14.0-0.11.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): java-1_6_0-ibm-64bit-1.6.0_sr14.0-0.11.1 - SUSE Linux Enterprise Java 11 SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-devel-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Java 11 SP3 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Java 11 SP3 (i586): java-1_6_0-ibm-alsa-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Java 10 SP4 (x86_64): java-1_6_0-ibm-1.6.0_sr14.0-0.11.1 java-1_6_0-ibm-devel-1.6.0_sr14.0-0.11.1 java-1_6_0-ibm-fonts-1.6.0_sr14.0-0.11.1 java-1_6_0-ibm-jdbc-1.6.0_sr14.0-0.11.1 java-1_6_0-ibm-plugin-1.6.0_sr14.0-0.11.1 References: http://support.novell.com/security/cve/CVE-2013-1500.html http://support.novell.com/security/cve/CVE-2013-1571.html http://support.novell.com/security/cve/CVE-2013-2407.html http://support.novell.com/security/cve/CVE-2013-2412.html http://support.novell.com/security/cve/CVE-2013-2437.html http://support.novell.com/security/cve/CVE-2013-2442.html http://support.novell.com/security/cve/CVE-2013-2443.html http://support.novell.com/security/cve/CVE-2013-2444.html http://support.novell.com/security/cve/CVE-2013-2446.html http://support.novell.com/security/cve/CVE-2013-2447.html http://support.novell.com/security/cve/CVE-2013-2448.html http://support.novell.com/security/cve/CVE-2013-2450.html http://support.novell.com/security/cve/CVE-2013-2451.html http://support.novell.com/security/cve/CVE-2013-2452.html http://support.novell.com/security/cve/CVE-2013-2453.html http://support.novell.com/security/cve/CVE-2013-2454.html http://support.novell.com/security/cve/CVE-2013-2455.html http://support.novell.com/security/cve/CVE-2013-2456.html http://support.novell.com/security/cve/CVE-2013-2457.html http://support.novell.com/security/cve/CVE-2013-2459.html http://support.novell.com/security/cve/CVE-2013-2463.html http://support.novell.com/security/cve/CVE-2013-2464.html http://support.novell.com/security/cve/CVE-2013-2465.html http://support.novell.com/security/cve/CVE-2013-2466.html http://support.novell.com/security/cve/CVE-2013-2468.html http://support.novell.com/security/cve/CVE-2013-2469.html http://support.novell.com/security/cve/CVE-2013-2470.html http://support.novell.com/security/cve/CVE-2013-2471.html http://support.novell.com/security/cve/CVE-2013-2472.html http://support.novell.com/security/cve/CVE-2013-2473.html http://support.novell.com/security/cve/CVE-2013-3009.html http://support.novell.com/security/cve/CVE-2013-3011.html http://support.novell.com/security/cve/CVE-2013-3012.html http://support.novell.com/security/cve/CVE-2013-3743.html http://support.novell.com/security/cve/CVE-2013-4002.html https://bugzilla.novell.com/817062 https://bugzilla.novell.com/823034 https://bugzilla.novell.com/829212 http://download.novell.com/patch/finder/?keywords=2506266f7074154371238b0be5bf61f3 http://download.novell.com/patch/finder/?keywords=d4115b4339a15f88677fc83a534c4dc3 From sle-security-updates at lists.suse.com Thu Jul 25 12:04:15 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Jul 2013 20:04:15 +0200 (CEST) Subject: SUSE-SU-2013:1256-1: important: Security update for java-1_7_0-ibm Message-ID: <20130725180415.5EDBF32246@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1256-1 Rating: important References: #817062 #823034 #829212 Cross-References: CVE-2013-2400 CVE-2013-2407 CVE-2013-2442 CVE-2013-2448 CVE-2013-2453 CVE-2013-2454 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2462 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2466 CVE-2013-2468 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3006 CVE-2013-3007 CVE-2013-3008 CVE-2013-3009 CVE-2013-3010 CVE-2013-3011 CVE-2013-3012 CVE-2013-3743 CVE-2013-3744 CVE-2013-4002 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Java 11 SP3 ______________________________________________________________________________ An update that fixes 32 vulnerabilities is now available. Description: IBM Java 1.7.0 has been updated to SR5 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ Also the following bugs have been fixed: * add Europe/Busingen to tzmappings (bnc#817062) * mark files in jre/bin and bin/ as executable (bnc#823034) Security Issue references: * CVE-2013-3006 * CVE-2013-3007 * CVE-2013-3008 * CVE-2013-3009 * CVE-2013-3010 * CVE-2013-3011 * CVE-2013-3012 * CVE-2013-4002 * CVE-2013-2468 * CVE-2013-2469 * CVE-2013-2465 * CVE-2013-2464 * CVE-2013-2463 * CVE-2013-2473 * CVE-2013-2472 * CVE-2013-2471 * CVE-2013-2470 * CVE-2013-2459 * CVE-2013-2466 * CVE-2013-2462 * CVE-2013-2460 * CVE-2013-3743 * CVE-2013-2448 * CVE-2013-2442 * CVE-2013-2407 * CVE-2013-2454 * CVE-2013-2458 * CVE-2013-3744 * CVE-2013-2400 * CVE-2013-2456 * CVE-2013-2453 * CVE-2013-2457 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-java-1_7_0-ibm-8106 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-java-1_7_0-ibm-8106 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-java-1_7_0-ibm-8106 - SUSE Linux Enterprise Java 11 SP3: zypper in -t patch slejsp3-java-1_7_0-ibm-8106 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-devel-1.7.0_sr5.0-0.5.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): java-1_7_0-ibm-1.7.0_sr5.0-0.5.1 java-1_7_0-ibm-alsa-1.7.0_sr5.0-0.5.1 java-1_7_0-ibm-jdbc-1.7.0_sr5.0-0.5.1 java-1_7_0-ibm-plugin-1.7.0_sr5.0-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr5.0-0.5.1 java-1_7_0-ibm-jdbc-1.7.0_sr5.0-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr5.0-0.5.1 java-1_7_0-ibm-plugin-1.7.0_sr5.0-0.5.1 - SUSE Linux Enterprise Java 11 SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr5.0-0.5.1 java-1_7_0-ibm-devel-1.7.0_sr5.0-0.5.1 java-1_7_0-ibm-jdbc-1.7.0_sr5.0-0.5.1 - SUSE Linux Enterprise Java 11 SP3 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr5.0-0.5.1 java-1_7_0-ibm-plugin-1.7.0_sr5.0-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-2400.html http://support.novell.com/security/cve/CVE-2013-2407.html http://support.novell.com/security/cve/CVE-2013-2442.html http://support.novell.com/security/cve/CVE-2013-2448.html http://support.novell.com/security/cve/CVE-2013-2453.html http://support.novell.com/security/cve/CVE-2013-2454.html http://support.novell.com/security/cve/CVE-2013-2456.html http://support.novell.com/security/cve/CVE-2013-2457.html http://support.novell.com/security/cve/CVE-2013-2458.html http://support.novell.com/security/cve/CVE-2013-2459.html http://support.novell.com/security/cve/CVE-2013-2460.html http://support.novell.com/security/cve/CVE-2013-2462.html http://support.novell.com/security/cve/CVE-2013-2463.html http://support.novell.com/security/cve/CVE-2013-2464.html http://support.novell.com/security/cve/CVE-2013-2465.html http://support.novell.com/security/cve/CVE-2013-2466.html http://support.novell.com/security/cve/CVE-2013-2468.html http://support.novell.com/security/cve/CVE-2013-2469.html http://support.novell.com/security/cve/CVE-2013-2470.html http://support.novell.com/security/cve/CVE-2013-2471.html http://support.novell.com/security/cve/CVE-2013-2472.html http://support.novell.com/security/cve/CVE-2013-2473.html http://support.novell.com/security/cve/CVE-2013-3006.html http://support.novell.com/security/cve/CVE-2013-3007.html http://support.novell.com/security/cve/CVE-2013-3008.html http://support.novell.com/security/cve/CVE-2013-3009.html http://support.novell.com/security/cve/CVE-2013-3010.html http://support.novell.com/security/cve/CVE-2013-3011.html http://support.novell.com/security/cve/CVE-2013-3012.html http://support.novell.com/security/cve/CVE-2013-3743.html http://support.novell.com/security/cve/CVE-2013-3744.html http://support.novell.com/security/cve/CVE-2013-4002.html https://bugzilla.novell.com/817062 https://bugzilla.novell.com/823034 https://bugzilla.novell.com/829212 http://download.novell.com/patch/finder/?keywords=46b916003a346af0c68c6fa166dec2e7 From sle-security-updates at lists.suse.com Thu Jul 25 12:04:23 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Jul 2013 20:04:23 +0200 (CEST) Subject: SUSE-SU-2013:1257-1: important: Security update for java-1_7_0-ibm Message-ID: <20130725180423.3BEA032246@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1257-1 Rating: important References: #817062 #823034 #829212 Cross-References: CVE-2013-1500 CVE-2013-1571 CVE-2013-2400 CVE-2013-2407 CVE-2013-2412 CVE-2013-2437 CVE-2013-2442 CVE-2013-2443 CVE-2013-2444 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2462 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2466 CVE-2013-2468 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3006 CVE-2013-3007 CVE-2013-3008 CVE-2013-3009 CVE-2013-3010 CVE-2013-3011 CVE-2013-3012 CVE-2013-3743 CVE-2013-3744 CVE-2013-4002 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Java 11 SP2 ______________________________________________________________________________ An update that fixes 45 vulnerabilities is now available. Description: IBM Java 1.7.0 has been updated to SR5 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ Also the following bugs have been fixed: * add Europe/Busingen to tzmappings (bnc#817062) * mark files in jre/bin and bin/ as executable (bnc#823034) Security Issue references: * CVE-2013-3006 * CVE-2013-3007 * CVE-2013-3008 * CVE-2013-3009 * CVE-2013-3010 * CVE-2013-3011 * CVE-2013-3012 * CVE-2013-4002 * CVE-2013-2468 * CVE-2013-2469 * CVE-2013-2465 * CVE-2013-2464 * CVE-2013-2463 * CVE-2013-2473 * CVE-2013-2472 * CVE-2013-2471 * CVE-2013-2470 * CVE-2013-2459 * CVE-2013-2466 * CVE-2013-2462 * CVE-2013-2460 * CVE-2013-3743 * CVE-2013-2448 * CVE-2013-2442 * CVE-2013-2407 * CVE-2013-2454 * CVE-2013-2458 * CVE-2013-3744 * CVE-2013-2400 * CVE-2013-2456 * CVE-2013-2453 * CVE-2013-2457 * CVE-2013-2455 * CVE-2013-2412 * CVE-2013-2443 * CVE-2013-2447 * CVE-2013-2437 * CVE-2013-2444 * CVE-2013-2452 * CVE-2013-2446 * CVE-2013-2450 * CVE-2013-1571 * CVE-2013-2449 * CVE-2013-2451 * CVE-2013-1500 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-java-1_7_0-ibm-8108 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-java-1_7_0-ibm-8108 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-java-1_7_0-ibm-8108 - SUSE Linux Enterprise Java 11 SP2: zypper in -t patch slejsp2-java-1_7_0-ibm-8108 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-devel-1.7.0_sr5.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): java-1_7_0-ibm-1.7.0_sr5.0-0.5.1 java-1_7_0-ibm-alsa-1.7.0_sr5.0-0.5.1 java-1_7_0-ibm-jdbc-1.7.0_sr5.0-0.5.1 java-1_7_0-ibm-plugin-1.7.0_sr5.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr5.0-0.5.1 java-1_7_0-ibm-jdbc-1.7.0_sr5.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr5.0-0.5.1 java-1_7_0-ibm-plugin-1.7.0_sr5.0-0.5.1 - SUSE Linux Enterprise Java 11 SP2 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr5.0-0.5.1 java-1_7_0-ibm-devel-1.7.0_sr5.0-0.5.1 java-1_7_0-ibm-jdbc-1.7.0_sr5.0-0.5.1 - SUSE Linux Enterprise Java 11 SP2 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr5.0-0.5.1 java-1_7_0-ibm-plugin-1.7.0_sr5.0-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-1500.html http://support.novell.com/security/cve/CVE-2013-1571.html http://support.novell.com/security/cve/CVE-2013-2400.html http://support.novell.com/security/cve/CVE-2013-2407.html http://support.novell.com/security/cve/CVE-2013-2412.html http://support.novell.com/security/cve/CVE-2013-2437.html http://support.novell.com/security/cve/CVE-2013-2442.html http://support.novell.com/security/cve/CVE-2013-2443.html http://support.novell.com/security/cve/CVE-2013-2444.html http://support.novell.com/security/cve/CVE-2013-2446.html http://support.novell.com/security/cve/CVE-2013-2447.html http://support.novell.com/security/cve/CVE-2013-2448.html http://support.novell.com/security/cve/CVE-2013-2449.html http://support.novell.com/security/cve/CVE-2013-2450.html http://support.novell.com/security/cve/CVE-2013-2451.html http://support.novell.com/security/cve/CVE-2013-2452.html http://support.novell.com/security/cve/CVE-2013-2453.html http://support.novell.com/security/cve/CVE-2013-2454.html http://support.novell.com/security/cve/CVE-2013-2455.html http://support.novell.com/security/cve/CVE-2013-2456.html http://support.novell.com/security/cve/CVE-2013-2457.html http://support.novell.com/security/cve/CVE-2013-2458.html http://support.novell.com/security/cve/CVE-2013-2459.html http://support.novell.com/security/cve/CVE-2013-2460.html http://support.novell.com/security/cve/CVE-2013-2462.html http://support.novell.com/security/cve/CVE-2013-2463.html http://support.novell.com/security/cve/CVE-2013-2464.html http://support.novell.com/security/cve/CVE-2013-2465.html http://support.novell.com/security/cve/CVE-2013-2466.html http://support.novell.com/security/cve/CVE-2013-2468.html http://support.novell.com/security/cve/CVE-2013-2469.html http://support.novell.com/security/cve/CVE-2013-2470.html http://support.novell.com/security/cve/CVE-2013-2471.html http://support.novell.com/security/cve/CVE-2013-2472.html http://support.novell.com/security/cve/CVE-2013-2473.html http://support.novell.com/security/cve/CVE-2013-3006.html http://support.novell.com/security/cve/CVE-2013-3007.html http://support.novell.com/security/cve/CVE-2013-3008.html http://support.novell.com/security/cve/CVE-2013-3009.html http://support.novell.com/security/cve/CVE-2013-3010.html http://support.novell.com/security/cve/CVE-2013-3011.html http://support.novell.com/security/cve/CVE-2013-3012.html http://support.novell.com/security/cve/CVE-2013-3743.html http://support.novell.com/security/cve/CVE-2013-3744.html http://support.novell.com/security/cve/CVE-2013-4002.html https://bugzilla.novell.com/817062 https://bugzilla.novell.com/823034 https://bugzilla.novell.com/829212 http://download.novell.com/patch/finder/?keywords=d33fe1389ae24456dea9f1571dec1536 From sle-security-updates at lists.suse.com Fri Jul 26 12:04:12 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Jul 2013 20:04:12 +0200 (CEST) Subject: SUSE-SU-2013:1260-1: moderate: Security update for Ruby Message-ID: <20130726180412.C8C1132248@maintenance.suse.de> SUSE Security Update: Security update for Ruby ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1260-1 Rating: moderate References: #827265 Cross-References: CVE-2013-4073 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: Ruby failed to check hostnames correctly when setting up a SSL client connection. CVE-2013-4073 was assigned to this issue. Security Issue reference: * CVE-2013-4073 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-ruby19-8034 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64) [New Version: 1.9.3.p392]: ruby19-1.9.3.p392-0.11.1 ruby19-devel-1.9.3.p392-0.11.1 ruby19-devel-extra-1.9.3.p392-0.11.1 References: http://support.novell.com/security/cve/CVE-2013-4073.html https://bugzilla.novell.com/827265 http://download.novell.com/patch/finder/?keywords=29602d8d2a0529ad20f0ae53e3115f54 From sle-security-updates at lists.suse.com Sat Jul 27 09:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 27 Jul 2013 17:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1263-1: important: Security update for java-1_5_0-ibm Message-ID: <20130727150410.5E97032240@maintenance.suse.de> SUSE Security Update: Security update for java-1_5_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1263-1 Rating: important References: #817062 #823034 #829212 Cross-References: CVE-2013-1500 CVE-2013-1571 CVE-2013-2443 CVE-2013-2444 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2452 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2459 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3009 CVE-2013-3011 CVE-2013-3012 CVE-2013-3743 CVE-2013-4002 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Java 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes 27 vulnerabilities is now available. Description: IBM Java 1.5.0 has been updated to SR16-FP3 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ Also the following bug has been fixed: * add Europe/Busingen to tzmappings (bnc#817062) * mark files in jre/bin and bin/ as executable (bnc#823034) Security Issue references: * CVE-2013-3009 * CVE-2013-3011 * CVE-2013-3012 * CVE-2013-4002 * CVE-2013-2469 * CVE-2013-2465 * CVE-2013-2464 * CVE-2013-2463 * CVE-2013-2473 * CVE-2013-2472 * CVE-2013-2471 * CVE-2013-2470 * CVE-2013-2459 * CVE-2013-3743 * CVE-2013-2448 * CVE-2013-2454 * CVE-2013-2456 * CVE-2013-2457 * CVE-2013-2455 * CVE-2013-2443 * CVE-2013-2447 * CVE-2013-2444 * CVE-2013-2452 * CVE-2013-2446 * CVE-2013-2450 * CVE-2013-1571 * CVE-2013-1500 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ppc s390x x86_64): java-1_5_0-ibm-1.5.0_sr16.3-0.5.1 java-1_5_0-ibm-devel-1.5.0_sr16.3-0.5.1 java-1_5_0-ibm-fonts-1.5.0_sr16.3-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): java-1_5_0-ibm-32bit-1.5.0_sr16.3-0.5.1 java-1_5_0-ibm-devel-32bit-1.5.0_sr16.3-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc): java-1_5_0-ibm-jdbc-1.5.0_sr16.3-0.5.1 java-1_5_0-ibm-plugin-1.5.0_sr16.3-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (x86_64): java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.3-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (i586): java-1_5_0-ibm-alsa-1.5.0_sr16.3-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): java-1_5_0-ibm-64bit-1.5.0_sr16.3-0.5.1 - SUSE Linux Enterprise Java 10 SP4 (i586 ppc s390x x86_64): java-1_5_0-ibm-1.5.0_sr16.3-0.5.1 java-1_5_0-ibm-devel-1.5.0_sr16.3-0.5.1 java-1_5_0-ibm-fonts-1.5.0_sr16.3-0.5.1 - SUSE Linux Enterprise Java 10 SP4 (ppc): java-1_5_0-ibm-jdbc-1.5.0_sr16.3-0.5.1 java-1_5_0-ibm-plugin-1.5.0_sr16.3-0.5.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): java-1_5_0-ibm-1.5.0_sr16.3-0.5.1 java-1_5_0-ibm-demo-1.5.0_sr16.3-0.5.1 java-1_5_0-ibm-devel-1.5.0_sr16.3-0.5.1 java-1_5_0-ibm-fonts-1.5.0_sr16.3-0.5.1 java-1_5_0-ibm-src-1.5.0_sr16.3-0.5.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): java-1_5_0-ibm-32bit-1.5.0_sr16.3-0.5.1 java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.3-0.5.1 java-1_5_0-ibm-devel-32bit-1.5.0_sr16.3-0.5.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586): java-1_5_0-ibm-alsa-1.5.0_sr16.3-0.5.1 java-1_5_0-ibm-jdbc-1.5.0_sr16.3-0.5.1 java-1_5_0-ibm-plugin-1.5.0_sr16.3-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-1500.html http://support.novell.com/security/cve/CVE-2013-1571.html http://support.novell.com/security/cve/CVE-2013-2443.html http://support.novell.com/security/cve/CVE-2013-2444.html http://support.novell.com/security/cve/CVE-2013-2446.html http://support.novell.com/security/cve/CVE-2013-2447.html http://support.novell.com/security/cve/CVE-2013-2448.html http://support.novell.com/security/cve/CVE-2013-2450.html http://support.novell.com/security/cve/CVE-2013-2452.html http://support.novell.com/security/cve/CVE-2013-2454.html http://support.novell.com/security/cve/CVE-2013-2455.html http://support.novell.com/security/cve/CVE-2013-2456.html http://support.novell.com/security/cve/CVE-2013-2457.html http://support.novell.com/security/cve/CVE-2013-2459.html http://support.novell.com/security/cve/CVE-2013-2463.html http://support.novell.com/security/cve/CVE-2013-2464.html http://support.novell.com/security/cve/CVE-2013-2465.html http://support.novell.com/security/cve/CVE-2013-2469.html http://support.novell.com/security/cve/CVE-2013-2470.html http://support.novell.com/security/cve/CVE-2013-2471.html http://support.novell.com/security/cve/CVE-2013-2472.html http://support.novell.com/security/cve/CVE-2013-2473.html http://support.novell.com/security/cve/CVE-2013-3009.html http://support.novell.com/security/cve/CVE-2013-3011.html http://support.novell.com/security/cve/CVE-2013-3012.html http://support.novell.com/security/cve/CVE-2013-3743.html http://support.novell.com/security/cve/CVE-2013-4002.html https://bugzilla.novell.com/817062 https://bugzilla.novell.com/823034 https://bugzilla.novell.com/829212 http://download.novell.com/patch/finder/?keywords=4ed92cf0de9b3b679aefd2605f9c3f66 From sle-security-updates at lists.suse.com Sat Jul 27 09:04:15 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 27 Jul 2013 17:04:15 +0200 (CEST) Subject: SUSE-SU-2013:1255-2: important: Security update for java-1_6_0-ibm Message-ID: <20130727150415.B3A8432240@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1255-2 Rating: important References: #817062 #823034 #829212 Cross-References: CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2437 CVE-2013-2442 CVE-2013-2443 CVE-2013-2444 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2459 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2466 CVE-2013-2468 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3009 CVE-2013-3011 CVE-2013-3012 CVE-2013-3743 CVE-2013-4002 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Java 11 SP2 ______________________________________________________________________________ An update that fixes 35 vulnerabilities is now available. Description: IBM Java 1.6.0 has been updated to SR14 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ Also the following bugs have been fixed: * add Europe/Busingen to tzmappings (bnc#817062) * mark files in jre/bin and bin/ as executable (bnc#823034) Security Issue references: * CVE-2013-3009 * CVE-2013-3011 * CVE-2013-3012 * CVE-2013-4002 * CVE-2013-2468 * CVE-2013-2469 * CVE-2013-2465 * CVE-2013-2464 * CVE-2013-2463 * CVE-2013-2473 * CVE-2013-2472 * CVE-2013-2471 * CVE-2013-2470 * CVE-2013-2459 * CVE-2013-2466 * CVE-2013-3743 * CVE-2013-2448 * CVE-2013-2442 * CVE-2013-2407 * CVE-2013-2454 * CVE-2013-2456 * CVE-2013-2453 * CVE-2013-2457 * CVE-2013-2455 * CVE-2013-2412 * CVE-2013-2443 * CVE-2013-2447 * CVE-2013-2437 * CVE-2013-2444 * CVE-2013-2452 * CVE-2013-2446 * CVE-2013-2450 * CVE-2013-1571 * CVE-2013-2451 * CVE-2013-1500 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-java-1_6_0-ibm-8107 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-java-1_6_0-ibm-8107 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-java-1_6_0-ibm-8107 - SUSE Linux Enterprise Java 11 SP2: zypper in -t patch slejsp2-java-1_6_0-ibm-8107 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-devel-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): java-1_6_0-ibm-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): java-1_6_0-ibm-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-plugin-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586): java-1_6_0-ibm-alsa-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586): java-1_6_0-ibm-alsa-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Java 11 SP2 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-devel-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Java 11 SP2 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Java 11 SP2 (i586): java-1_6_0-ibm-alsa-1.6.0_sr14.0-0.3.1 References: http://support.novell.com/security/cve/CVE-2013-1500.html http://support.novell.com/security/cve/CVE-2013-1571.html http://support.novell.com/security/cve/CVE-2013-2407.html http://support.novell.com/security/cve/CVE-2013-2412.html http://support.novell.com/security/cve/CVE-2013-2437.html http://support.novell.com/security/cve/CVE-2013-2442.html http://support.novell.com/security/cve/CVE-2013-2443.html http://support.novell.com/security/cve/CVE-2013-2444.html http://support.novell.com/security/cve/CVE-2013-2446.html http://support.novell.com/security/cve/CVE-2013-2447.html http://support.novell.com/security/cve/CVE-2013-2448.html http://support.novell.com/security/cve/CVE-2013-2450.html http://support.novell.com/security/cve/CVE-2013-2451.html http://support.novell.com/security/cve/CVE-2013-2452.html http://support.novell.com/security/cve/CVE-2013-2453.html http://support.novell.com/security/cve/CVE-2013-2454.html http://support.novell.com/security/cve/CVE-2013-2455.html http://support.novell.com/security/cve/CVE-2013-2456.html http://support.novell.com/security/cve/CVE-2013-2457.html http://support.novell.com/security/cve/CVE-2013-2459.html http://support.novell.com/security/cve/CVE-2013-2463.html http://support.novell.com/security/cve/CVE-2013-2464.html http://support.novell.com/security/cve/CVE-2013-2465.html http://support.novell.com/security/cve/CVE-2013-2466.html http://support.novell.com/security/cve/CVE-2013-2468.html http://support.novell.com/security/cve/CVE-2013-2469.html http://support.novell.com/security/cve/CVE-2013-2470.html http://support.novell.com/security/cve/CVE-2013-2471.html http://support.novell.com/security/cve/CVE-2013-2472.html http://support.novell.com/security/cve/CVE-2013-2473.html http://support.novell.com/security/cve/CVE-2013-3009.html http://support.novell.com/security/cve/CVE-2013-3011.html http://support.novell.com/security/cve/CVE-2013-3012.html http://support.novell.com/security/cve/CVE-2013-3743.html http://support.novell.com/security/cve/CVE-2013-4002.html https://bugzilla.novell.com/817062 https://bugzilla.novell.com/823034 https://bugzilla.novell.com/829212 http://download.novell.com/patch/finder/?keywords=fb449952ea439a5cac5ed9583009a7ca From sle-security-updates at lists.suse.com Sat Jul 27 09:04:19 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 27 Jul 2013 17:04:19 +0200 (CEST) Subject: SUSE-SU-2013:1264-1: important: Security update for java-1_4_2-ibm Message-ID: <20130727150419.9D5D132240@maintenance.suse.de> SUSE Security Update: Security update for java-1_4_2-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1264-1 Rating: important References: #823034 #829212 Cross-References: CVE-2013-1500 CVE-2013-2446 CVE-2013-2447 CVE-2013-2450 CVE-2013-2452 CVE-2013-2456 CVE-2013-2459 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3009 CVE-2013-3011 CVE-2013-3012 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Java 11 SP2 SUSE Linux Enterprise Java 10 SP4 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. Description: IBM Java 1.4.2 has been updated to SR13-FP18 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ Also the following bug has been fixed: * mark files in jre/bin and bin/ as executable (bnc#823034) Security Issue references: * CVE-2013-3009 * CVE-2013-3011 * CVE-2013-3012 * CVE-2013-2469 * CVE-2013-2465 * CVE-2013-2464 * CVE-2013-2463 * CVE-2013-2473 * CVE-2013-2472 * CVE-2013-2471 * CVE-2013-2470 * CVE-2013-2459 * CVE-2013-2456 * CVE-2013-2447 * CVE-2013-2452 * CVE-2013-2446 * CVE-2013-2450 * CVE-2013-1500 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-java-1_4_2-ibm-8109 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-java-1_4_2-ibm-8109 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-java-1_4_2-ibm-8109 - SUSE Linux Enterprise Java 11 SP2: zypper in -t patch slejsp2-java-1_4_2-ibm-8109 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): java-1_4_2-ibm-devel-1.4.2_sr13.18-0.4.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): java-1_4_2-ibm-1.4.2_sr13.18-0.4.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): java-1_4_2-ibm-1.4.2_sr13.18-0.4.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.18-0.4.1 java-1_4_2-ibm-plugin-1.4.2_sr13.18-0.4.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.18-0.4.1 - SUSE Linux Enterprise Server 11 SP2 (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.18-0.4.1 java-1_4_2-ibm-plugin-1.4.2_sr13.18-0.4.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.18-0.7.1 java-1_4_2-ibm-devel-1.4.2_sr13.18-0.7.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc): java-1_4_2-ibm-jdbc-1.4.2_sr13.18-0.7.1 - SUSE Linux Enterprise Server 10 SP4 (i586): java-1_4_2-ibm-plugin-1.4.2_sr13.18-0.7.1 - SUSE Linux Enterprise Java 11 SP2 (i586 ppc64 s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.18-0.4.1 - SUSE Linux Enterprise Java 11 SP2 (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.18-0.4.1 java-1_4_2-ibm-plugin-1.4.2_sr13.18-0.4.1 - SUSE Linux Enterprise Java 10 SP4 (i586 ia64 ppc s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.18-0.7.1 java-1_4_2-ibm-devel-1.4.2_sr13.18-0.7.1 - SUSE Linux Enterprise Java 10 SP4 (i586 ppc): java-1_4_2-ibm-jdbc-1.4.2_sr13.18-0.7.1 - SUSE Linux Enterprise Java 10 SP4 (i586): java-1_4_2-ibm-plugin-1.4.2_sr13.18-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-1500.html http://support.novell.com/security/cve/CVE-2013-2446.html http://support.novell.com/security/cve/CVE-2013-2447.html http://support.novell.com/security/cve/CVE-2013-2450.html http://support.novell.com/security/cve/CVE-2013-2452.html http://support.novell.com/security/cve/CVE-2013-2456.html http://support.novell.com/security/cve/CVE-2013-2459.html http://support.novell.com/security/cve/CVE-2013-2463.html http://support.novell.com/security/cve/CVE-2013-2464.html http://support.novell.com/security/cve/CVE-2013-2465.html http://support.novell.com/security/cve/CVE-2013-2469.html http://support.novell.com/security/cve/CVE-2013-2470.html http://support.novell.com/security/cve/CVE-2013-2471.html http://support.novell.com/security/cve/CVE-2013-2472.html http://support.novell.com/security/cve/CVE-2013-2473.html http://support.novell.com/security/cve/CVE-2013-3009.html http://support.novell.com/security/cve/CVE-2013-3011.html http://support.novell.com/security/cve/CVE-2013-3012.html https://bugzilla.novell.com/823034 https://bugzilla.novell.com/829212 http://download.novell.com/patch/finder/?keywords=399735ab8d205f1101d90585a46d9b56 http://download.novell.com/patch/finder/?keywords=cee913adfb40cb03092c372e3c78ba19 From sle-security-updates at lists.suse.com Sat Jul 27 09:04:26 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 27 Jul 2013 17:04:26 +0200 (CEST) Subject: SUSE-SU-2013:1265-1: moderate: Security update for wireshark Message-ID: <20130727150426.10F9732240@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1265-1 Rating: moderate References: #813217 #816517 #816887 #820973 #824900 Cross-References: CVE-2013-2486 CVE-2013-2487 CVE-2013-3555 CVE-2013-3556 CVE-2013-3557 CVE-2013-3558 CVE-2013-3559 CVE-2013-3560 CVE-2013-3561 CVE-2013-3562 CVE-2013-4074 CVE-2013-4075 CVE-2013-4076 CVE-2013-4077 CVE-2013-4078 CVE-2013-4079 CVE-2013-4080 CVE-2013-4081 CVE-2013-4082 CVE-2013-4083 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. It includes one version update. Description: This wireshark version update to 1.8.8 includes several security and general bug fixes. Version update to 1.8.8 [bnc#824900]: * vulnerabilities fixed: o The CAPWAP dissector could crash. wnpa-sec-2013-32 CVE-2013-4074 o The GMR-1 BCCH dissector could crash. wnpa-sec-2013-33 CVE-2013-4075 o The PPP dissector could crash. wnpa-sec-2013-34 CVE-2013-4076 o The NBAP dissector could crash. wnpa-sec-2013-35 CVE-2013-4077 o The RDP dissector could crash. wnpa-sec-2013-36 CVE-2013-4078 o The GSM CBCH dissector could crash. wnpa-sec-2013-37 CVE-2013-4079 o The Assa Abloy R3 dissector could consume excessive memory and CPU. wnpa-sec-2013-38 CVE-2013-4080 o The HTTP dissector could overrun the stack. wnpa-sec-2013-39 CVE-2013-4081 o The Ixia IxVeriWave file parser could overflow the heap. wnpa-sec-2013-40 CVE-2013-4082 o The DCP ETSI dissector could crash. wnpa-sec-2013-41 CVE-2013-4083 * Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html Version update to 1.8.7 [bnc#813217, bnc#820973]: * vulnerabilities fixed: o The RELOAD dissector could go into an infinite loop. wnpa-sec-2013-23 CVE-2013-2486 CVE-2013-2487 o The GTPv2 dissector could crash. wnpa-sec-2013-24 o The ASN.1 BER dissector could crash. wnpa-sec-2013-25 o The PPP CCP dissector could crash. wnpa-sec-2013-26 o The DCP ETSI dissector could crash. wnpa-sec-2013-27 o The MPEG DSM-CC dissector could crash. wnpa-sec-2013-28 o The Websocket dissector could crash. wnpa-sec-2013-29 o The MySQL dissector could go into an infinite loop. wnpa-sec-2013-30 o The ETCH dissector could go into a large loop. wnpa-sec-2013-31 * Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.7.html Ohter bug fixes: * bnc#816517: 'Save As' Nokia libpcap corrupting the file * bnc#816887: wireshark crashed in 'SCTP' -> 'Prepare Filter for this Association' Security Issue references: * CVE-2013-2486 * CVE-2013-2487 * CVE-2013-3555 * CVE-2013-3556 * CVE-2013-3557 * CVE-2013-3558 * CVE-2013-3559 * CVE-2013-3560 * CVE-2013-3561 * CVE-2013-3562 * CVE-2013-3561 * CVE-2013-3561 * CVE-2013-4074 * CVE-2013-4075 * CVE-2013-4076 * CVE-2013-4077 * CVE-2013-4078 * CVE-2013-4079 * CVE-2013-4080 * CVE-2013-4081 * CVE-2013-4082 * CVE-2013-4083 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-wireshark-8045 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-wireshark-8044 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-wireshark-8045 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-wireshark-8045 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-wireshark-8044 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-wireshark-8044 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-wireshark-8045 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-wireshark-8044 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.8]: wireshark-devel-1.8.8-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 1.8.8]: wireshark-1.8.8-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.8]: wireshark-devel-1.8.8-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 1.8.8]: wireshark-1.8.8-0.2.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 1.8.8]: wireshark-1.8.8-0.2.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.8]: wireshark-1.8.8-0.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 1.8.8]: wireshark-1.8.8-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.8]: wireshark-1.8.8-0.2.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.8.8]: wireshark-1.8.8-0.2.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.8.8]: wireshark-1.8.8-0.2.1 References: http://support.novell.com/security/cve/CVE-2013-2486.html http://support.novell.com/security/cve/CVE-2013-2487.html http://support.novell.com/security/cve/CVE-2013-3555.html http://support.novell.com/security/cve/CVE-2013-3556.html http://support.novell.com/security/cve/CVE-2013-3557.html http://support.novell.com/security/cve/CVE-2013-3558.html http://support.novell.com/security/cve/CVE-2013-3559.html http://support.novell.com/security/cve/CVE-2013-3560.html http://support.novell.com/security/cve/CVE-2013-3561.html http://support.novell.com/security/cve/CVE-2013-3562.html http://support.novell.com/security/cve/CVE-2013-4074.html http://support.novell.com/security/cve/CVE-2013-4075.html http://support.novell.com/security/cve/CVE-2013-4076.html http://support.novell.com/security/cve/CVE-2013-4077.html http://support.novell.com/security/cve/CVE-2013-4078.html http://support.novell.com/security/cve/CVE-2013-4079.html http://support.novell.com/security/cve/CVE-2013-4080.html http://support.novell.com/security/cve/CVE-2013-4081.html http://support.novell.com/security/cve/CVE-2013-4082.html http://support.novell.com/security/cve/CVE-2013-4083.html https://bugzilla.novell.com/813217 https://bugzilla.novell.com/816517 https://bugzilla.novell.com/816887 https://bugzilla.novell.com/820973 https://bugzilla.novell.com/824900 http://download.novell.com/patch/finder/?keywords=01bde4a9b83d054d421819162ba7b352 http://download.novell.com/patch/finder/?keywords=9e62de2dfb272343bbe45e5f61e345fa From sle-security-updates at lists.suse.com Mon Jul 29 16:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Jul 2013 00:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1100-2: moderate: Security update for xorg-x11-libX11 Message-ID: <20130729220410.1323632240@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1100-2 Rating: moderate References: #815451 #821664 Cross-References: CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update of xorg-x11-libX11 fixes several security issues. Bug 815451/821664 CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 Security Issues: * CVE-2013-1981 * CVE-2013-1997 * CVE-2013-2004 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xorg-x11-libX11-7935 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-xorg-x11-libX11-7935 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xorg-x11-libX11-7935 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xorg-x11-libX11-7935 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-devel-7.4-5.11.11.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): xorg-x11-libX11-devel-32bit-7.4-5.11.11.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): xorg-x11-libX11-7.4-5.11.11.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): xorg-x11-libX11-32bit-7.4-5.11.11.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-7.4-5.11.11.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): xorg-x11-libX11-32bit-7.4-5.11.11.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): xorg-x11-libX11-x86-7.4-5.11.11.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): xorg-x11-libX11-7.4-5.11.11.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): xorg-x11-libX11-32bit-7.4-5.11.11.1 References: http://support.novell.com/security/cve/CVE-2013-1981.html http://support.novell.com/security/cve/CVE-2013-1997.html http://support.novell.com/security/cve/CVE-2013-2004.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821664 http://download.novell.com/patch/finder/?keywords=18c09be3783b0f72c649ee4e9e8e7f42 From sle-security-updates at lists.suse.com Mon Jul 29 16:04:14 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Jul 2013 00:04:14 +0200 (CEST) Subject: SUSE-SU-2013:1099-2: moderate: Security update for xorg-x11-libXext Message-ID: <20130729220414.2776432240@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXext ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1099-2 Rating: moderate References: #815451 #821665 Cross-References: CVE-2013-1982 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of xorg-x11-libXext fixes several integer overflow issues. Bug 815451/821665 CVE-2013-1982 Security Issues: * CVE-2013-1982 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xorg-x11-libXext-7931 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-xorg-x11-libXext-7931 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xorg-x11-libXext-7931 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xorg-x11-libXext-7931 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXext-devel-7.4-1.18.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): xorg-x11-libXext-devel-32bit-7.4-1.18.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): xorg-x11-libXext-7.4-1.18.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): xorg-x11-libXext-32bit-7.4-1.18.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXext-7.4-1.18.2 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): xorg-x11-libXext-32bit-7.4-1.18.2 - SUSE Linux Enterprise Server 11 SP3 (ia64): xorg-x11-libXext-x86-7.4-1.18.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): xorg-x11-libXext-7.4-1.18.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): xorg-x11-libXext-32bit-7.4-1.18.2 References: http://support.novell.com/security/cve/CVE-2013-1982.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821665 http://download.novell.com/patch/finder/?keywords=2518d7a22ec20c4db41fa63abeae4f84 From sle-security-updates at lists.suse.com Mon Jul 29 16:04:19 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Jul 2013 00:04:19 +0200 (CEST) Subject: SUSE-SU-2013:1095-2: moderate: Security update for xorg-x11-libXrender Message-ID: <20130729220419.D001D32240@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXrender ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1095-2 Rating: moderate References: #815451 #821669 Cross-References: CVE-2013-1987 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of xorg-x11-libXrender fixes several integer overflow issues. Bug 815451/821669 CVE-2013-1987 Security Issues: * CVE-2013-1987 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xorg-x11-libXrender-7939 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-xorg-x11-libXrender-7939 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xorg-x11-libXrender-7939 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xorg-x11-libXrender-7939 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXrender-devel-7.4-1.16.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): xorg-x11-libXrender-devel-32bit-7.4-1.16.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): xorg-x11-libXrender-7.4-1.16.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): xorg-x11-libXrender-32bit-7.4-1.16.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXrender-7.4-1.16.2 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): xorg-x11-libXrender-32bit-7.4-1.16.2 - SUSE Linux Enterprise Server 11 SP3 (ia64): xorg-x11-libXrender-x86-7.4-1.16.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): xorg-x11-libXrender-7.4-1.16.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): xorg-x11-libXrender-32bit-7.4-1.16.2 References: http://support.novell.com/security/cve/CVE-2013-1987.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821669 http://download.novell.com/patch/finder/?keywords=2765be2a03c13e81cedf83e40ae62f8c From sle-security-updates at lists.suse.com Mon Jul 29 17:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Jul 2013 01:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1260-2: moderate: Security update for ruby Message-ID: <20130729230410.7093B321EA@maintenance.suse.de> SUSE Security Update: Security update for ruby ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1260-2 Rating: moderate References: #827265 Cross-References: CVE-2013-4073 Affected Products: SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Ruby failed to check hostnames correctly when setting up a SSL client connection. CVE-2013-4073 was assigned to this issue. Security Issues: * CVE-2013-4073 Package List: - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): ruby-1.8.6.p369-0.16.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): ruby-1.8.6.p369-0.16.1 ruby-devel-1.8.6.p369-0.16.1 ruby-doc-html-1.8.6.p369-0.16.1 ruby-doc-ri-1.8.6.p369-0.16.1 ruby-examples-1.8.6.p369-0.16.1 ruby-test-suite-1.8.6.p369-0.16.1 ruby-tk-1.8.6.p369-0.16.1 References: http://support.novell.com/security/cve/CVE-2013-4073.html https://bugzilla.novell.com/827265 http://download.novell.com/patch/finder/?keywords=5ac82f78b15c4acb20e9a4af1b508de8 From sle-security-updates at lists.suse.com Mon Jul 29 17:04:14 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Jul 2013 01:04:14 +0200 (CEST) Subject: SUSE-SU-2013:1097-2: moderate: Security update for xorg-x11-libXfixes Message-ID: <20130729230414.1E432321EA@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXfixes ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1097-2 Rating: moderate References: #815451 #821667 Cross-References: CVE-2013-1983 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of xorg-x11-libXfixes fixed a integer overflow issue. Bug 815451/821667 CVE-2013-1983 Security Issues: * CVE-2013-1983 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xorg-x11-libXfixes-7937 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-xorg-x11-libXfixes-7937 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xorg-x11-libXfixes-7937 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xorg-x11-libXfixes-7937 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXfixes-devel-7.4-1.16.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): xorg-x11-libXfixes-devel-32bit-7.4-1.16.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): xorg-x11-libXfixes-7.4-1.16.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): xorg-x11-libXfixes-32bit-7.4-1.16.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXfixes-7.4-1.16.2 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): xorg-x11-libXfixes-32bit-7.4-1.16.2 - SUSE Linux Enterprise Server 11 SP3 (ia64): xorg-x11-libXfixes-x86-7.4-1.16.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): xorg-x11-libXfixes-7.4-1.16.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): xorg-x11-libXfixes-32bit-7.4-1.16.2 References: http://support.novell.com/security/cve/CVE-2013-1983.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821667 http://download.novell.com/patch/finder/?keywords=93c8b7ab05eafa7b08f144755368a71d From sle-security-updates at lists.suse.com Mon Jul 29 17:04:17 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Jul 2013 01:04:17 +0200 (CEST) Subject: SUSE-SU-2013:1104-2: moderate: Security update for xorg-x11-libXv Message-ID: <20130729230417.ABA78321EA@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXv ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1104-2 Rating: moderate References: #815451 #821671 Cross-References: CVE-2013-1989 CVE-2013-2066 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update of xorg-x11-libXv fixes several integer and buffer overflow issues. Bug 815451/821671 CVE-2013-1989/CVE-2013-2066 Security Issues: * CVE-2013-1989 * CVE-2013-2066 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xorg-x11-libXv-7943 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-xorg-x11-libXv-7943 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xorg-x11-libXv-7943 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xorg-x11-libXv-7943 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXv-devel-7.4-1.16.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): xorg-x11-libXv-devel-32bit-7.4-1.16.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): xorg-x11-libXv-7.4-1.16.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): xorg-x11-libXv-32bit-7.4-1.16.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXv-7.4-1.16.2 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): xorg-x11-libXv-32bit-7.4-1.16.2 - SUSE Linux Enterprise Server 11 SP3 (ia64): xorg-x11-libXv-x86-7.4-1.16.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): xorg-x11-libXv-7.4-1.16.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): xorg-x11-libXv-32bit-7.4-1.16.2 References: http://support.novell.com/security/cve/CVE-2013-1989.html http://support.novell.com/security/cve/CVE-2013-2066.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821671 http://download.novell.com/patch/finder/?keywords=37bcceb85480505f1de068e022d7408f From sle-security-updates at lists.suse.com Mon Jul 29 17:04:21 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Jul 2013 01:04:21 +0200 (CEST) Subject: SUSE-SU-2013:1101-2: moderate: Security update for xorg-x11-libXt Message-ID: <20130729230421.72782321EA@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXt ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1101-2 Rating: moderate References: #815451 #821670 Cross-References: CVE-2013-2002 CVE-2013-2005 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update of xorg-x11-libXt fixes several integer and buffer overflow issues. Bug 815451/821670 CVE-2013-2002/CVE-2013-2005 Security Issues: * CVE-2013-2002 * CVE-2013-2005 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xorg-x11-libXt-7940 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-xorg-x11-libXt-7940 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xorg-x11-libXt-7940 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xorg-x11-libXt-7940 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXt-devel-7.4-1.19.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): xorg-x11-libXt-devel-32bit-7.4-1.19.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): xorg-x11-libXt-7.4-1.19.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): xorg-x11-libXt-32bit-7.4-1.19.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXt-7.4-1.19.2 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): xorg-x11-libXt-32bit-7.4-1.19.2 - SUSE Linux Enterprise Server 11 SP3 (ia64): xorg-x11-libXt-x86-7.4-1.19.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): xorg-x11-libXt-7.4-1.19.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): xorg-x11-libXt-32bit-7.4-1.19.2 References: http://support.novell.com/security/cve/CVE-2013-2002.html http://support.novell.com/security/cve/CVE-2013-2005.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821670 http://download.novell.com/patch/finder/?keywords=2941d40198f708a04aedc59caccba8ff From sle-security-updates at lists.suse.com Mon Jul 29 17:04:26 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Jul 2013 01:04:26 +0200 (CEST) Subject: SUSE-SU-2013:1102-2: moderate: Security update for xorg-x11-libXp Message-ID: <20130729230426.D46F1321EA@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXp ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1102-2 Rating: moderate References: #815451 #821668 Cross-References: CVE-2013-2062 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of xorg-x11-libXp fixes several integer overflow issues. Bug 815451/821668 CVE-2013-2062 Security Issues: * CVE-2013-2062 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xorg-x11-libXp-7938 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-xorg-x11-libXp-7938 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xorg-x11-libXp-7938 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xorg-x11-libXp-7938 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXp-devel-7.4-1.18.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): xorg-x11-libXp-devel-32bit-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): xorg-x11-libXp-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): xorg-x11-libXp-32bit-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXp-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): xorg-x11-libXp-32bit-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): xorg-x11-libXp-x86-7.4-1.18.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): xorg-x11-libXp-7.4-1.18.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): xorg-x11-libXp-32bit-7.4-1.18.1 References: http://support.novell.com/security/cve/CVE-2013-2062.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821668 http://download.novell.com/patch/finder/?keywords=972011b953bf640461cbba5d1cd82d4f From sle-security-updates at lists.suse.com Mon Jul 29 17:04:30 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Jul 2013 01:04:30 +0200 (CEST) Subject: SUSE-SU-2013:1103-2: moderate: Security update for xorg-x11-libs Message-ID: <20130729230430.929FA321EA@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libs ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1103-2 Rating: moderate References: #815451 #821663 Cross-References: CVE-2013-1984 CVE-2013-1985 CVE-2013-1986 CVE-2013-1988 CVE-2013-1990 CVE-2013-1991 CVE-2013-1992 CVE-2013-1995 CVE-2013-1996 CVE-2013-1998 CVE-2013-1999 CVE-2013-2000 CVE-2013-2001 CVE-2013-2003 CVE-2013-2063 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update of xorg-x11-libs fixes several integer and buffer overflow issues. Bug 815451/821663 CVE-2013-1984 CVE-2013-1985 CVE-2013-1986 CVE-2013-1988 CVE-2013-1990 CVE-2013-1991 CVE-2013-1992 CVE-2013-1995 CVE-2013-1996 CVE-2013-1998 CVE-2013-1999 CVE-2013-2000 CVE-2013-2001 CVE-2013-2003 CVE-2013-2063 Security Issues: * CVE-2013-1984 * CVE-2013-1985 * CVE-2013-1986 * CVE-2013-1988 * CVE-2013-1990 * CVE-2013-1991 * CVE-2013-1992 * CVE-2013-1995 * CVE-2013-1996 * CVE-2013-1998 * CVE-2013-1999 * CVE-2013-2000 * CVE-2013-2001 * CVE-2013-2003 * CVE-2013-2063 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xorg-x11-devel-7944 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-xorg-x11-devel-7944 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xorg-x11-devel-7944 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xorg-x11-devel-7944 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-devel-7.4-8.26.38.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): xorg-x11-devel-32bit-7.4-8.26.38.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): xorg-x11-libs-7.4-8.26.38.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): xorg-x11-libs-32bit-7.4-8.26.38.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libs-7.4-8.26.38.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): xorg-x11-libs-32bit-7.4-8.26.38.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): xorg-x11-libs-x86-7.4-8.26.38.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): xorg-x11-libs-7.4-8.26.38.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): xorg-x11-libs-32bit-7.4-8.26.38.1 References: http://support.novell.com/security/cve/CVE-2013-1984.html http://support.novell.com/security/cve/CVE-2013-1985.html http://support.novell.com/security/cve/CVE-2013-1986.html http://support.novell.com/security/cve/CVE-2013-1988.html http://support.novell.com/security/cve/CVE-2013-1990.html http://support.novell.com/security/cve/CVE-2013-1991.html http://support.novell.com/security/cve/CVE-2013-1992.html http://support.novell.com/security/cve/CVE-2013-1995.html http://support.novell.com/security/cve/CVE-2013-1996.html http://support.novell.com/security/cve/CVE-2013-1998.html http://support.novell.com/security/cve/CVE-2013-1999.html http://support.novell.com/security/cve/CVE-2013-2000.html http://support.novell.com/security/cve/CVE-2013-2001.html http://support.novell.com/security/cve/CVE-2013-2003.html http://support.novell.com/security/cve/CVE-2013-2063.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821663 http://download.novell.com/patch/finder/?keywords=2d5dcd5bd8bbc27c0d647108435ab8e3 From sle-security-updates at lists.suse.com Tue Jul 30 09:04:08 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Jul 2013 17:04:08 +0200 (CEST) Subject: SUSE-SU-2013:1263-2: important: Security update for java-1_5_0-ibm Message-ID: <20130730150408.B445532245@maintenance.suse.de> SUSE Security Update: Security update for java-1_5_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1263-2 Rating: important References: #817062 #823034 #829212 Cross-References: CVE-2013-1500 CVE-2013-1571 CVE-2013-2443 CVE-2013-2444 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2452 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2459 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3009 CVE-2013-3011 CVE-2013-3012 CVE-2013-3743 CVE-2013-4002 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes 27 vulnerabilities is now available. Description: IBM Java 1.5.0 was updated to SR16-FP3 to fix bugs and security issues: CVE-2013-3009, CVE-2013-3011, CVE-2013-3012, CVE-2013-4002, CVE-2013-2469, CVE-2013-2465, CVE-2013-2464, CVE-2013-2463, CVE-2013-2473, CVE-2013-2472, CVE-2013-2471, CVE-2013-2470, CVE-2013-2459, CVE-2013-3743, CVE-2013-2448, CVE-2013-2454, CVE-2013-2456, CVE-2013-2457, CVE-2013-2455, CVE-2013-2443, CVE-2013-2447, CVE-2013-2444, CVE-2013-2452, CVE-2013-2446, CVE-2013-2450, CVE-2013-1571, CVE-2013-1500 Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ Additionally, the following bugs have been fixed: - Add Europe/Busingen to tzmappings (bnc#817062) - Mark files in jre/bin and bin/ as executable (bnc#823034). Security Issues: * CVE-2013-3009 * CVE-2013-3011 * CVE-2013-3012 * CVE-2013-2469 * CVE-2013-4002 * CVE-2013-2465 * CVE-2013-2464 * CVE-2013-2463 * CVE-2013-2473 * CVE-2013-2472 * CVE-2013-2471 * CVE-2013-2470 * CVE-2013-2459 * CVE-2013-3743 * CVE-2013-2448 * CVE-2013-2454 * CVE-2013-2457 * CVE-2013-2456 * CVE-2013-2455 * CVE-2013-2443 * CVE-2013-2444 * CVE-2013-2447 * CVE-2013-2452 * CVE-2013-2446 * CVE-2013-2450 * CVE-2013-1571 * CVE-2013-1500 Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): java-1_5_0-ibm-1.5.0_sr16.3-0.5.1 java-1_5_0-ibm-devel-1.5.0_sr16.3-0.5.1 java-1_5_0-ibm-fonts-1.5.0_sr16.3-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): java-1_5_0-ibm-32bit-1.5.0_sr16.3-0.5.1 java-1_5_0-ibm-devel-32bit-1.5.0_sr16.3-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (x86_64): java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.3-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586): java-1_5_0-ibm-alsa-1.5.0_sr16.3-0.5.1 java-1_5_0-ibm-jdbc-1.5.0_sr16.3-0.5.1 java-1_5_0-ibm-plugin-1.5.0_sr16.3-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-1500.html http://support.novell.com/security/cve/CVE-2013-1571.html http://support.novell.com/security/cve/CVE-2013-2443.html http://support.novell.com/security/cve/CVE-2013-2444.html http://support.novell.com/security/cve/CVE-2013-2446.html http://support.novell.com/security/cve/CVE-2013-2447.html http://support.novell.com/security/cve/CVE-2013-2448.html http://support.novell.com/security/cve/CVE-2013-2450.html http://support.novell.com/security/cve/CVE-2013-2452.html http://support.novell.com/security/cve/CVE-2013-2454.html http://support.novell.com/security/cve/CVE-2013-2455.html http://support.novell.com/security/cve/CVE-2013-2456.html http://support.novell.com/security/cve/CVE-2013-2457.html http://support.novell.com/security/cve/CVE-2013-2459.html http://support.novell.com/security/cve/CVE-2013-2463.html http://support.novell.com/security/cve/CVE-2013-2464.html http://support.novell.com/security/cve/CVE-2013-2465.html http://support.novell.com/security/cve/CVE-2013-2469.html http://support.novell.com/security/cve/CVE-2013-2470.html http://support.novell.com/security/cve/CVE-2013-2471.html http://support.novell.com/security/cve/CVE-2013-2472.html http://support.novell.com/security/cve/CVE-2013-2473.html http://support.novell.com/security/cve/CVE-2013-3009.html http://support.novell.com/security/cve/CVE-2013-3011.html http://support.novell.com/security/cve/CVE-2013-3012.html http://support.novell.com/security/cve/CVE-2013-3743.html http://support.novell.com/security/cve/CVE-2013-4002.html https://bugzilla.novell.com/817062 https://bugzilla.novell.com/823034 https://bugzilla.novell.com/829212 http://download.novell.com/patch/finder/?keywords=4829d9187c70595f2f4afabf4dcf6504 From sle-security-updates at lists.suse.com Tue Jul 30 11:04:09 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Jul 2013 19:04:09 +0200 (CEST) Subject: SUSE-SU-2013:1255-3: important: Security update for IBM Java 1.6.0 Message-ID: <20130730170409.2DC5232248@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 1.6.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1255-3 Rating: important References: #817062 #823034 #829212 Cross-References: CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2437 CVE-2013-2442 CVE-2013-2443 CVE-2013-2444 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2459 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2466 CVE-2013-2468 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3009 CVE-2013-3011 CVE-2013-3012 CVE-2013-3743 CVE-2013-4002 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that fixes 35 vulnerabilities is now available. Description: IBM Java 1.6.0 was updated to SR14 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ Also the following bugs have been fixed: * add Europe/Busingen to tzmappings (bnc#817062) * mark files in jre/bin and bin/ as executable (bnc#823034) Security Issue references: * CVE-2013-3009 * CVE-2013-3011 * CVE-2013-3012 * CVE-2013-4002 * CVE-2013-2468 * CVE-2013-2469 * CVE-2013-2465 * CVE-2013-2464 * CVE-2013-2463 * CVE-2013-2473 * CVE-2013-2472 * CVE-2013-2471 * CVE-2013-2470 * CVE-2013-2459 * CVE-2013-2466 * CVE-2013-3743 * CVE-2013-2448 * CVE-2013-2442 * CVE-2013-2407 * CVE-2013-2454 * CVE-2013-2456 * CVE-2013-2453 * CVE-2013-2457 * CVE-2013-2455 * CVE-2013-2412 * CVE-2013-2443 * CVE-2013-2447 * CVE-2013-2437 * CVE-2013-2444 * CVE-2013-2452 * CVE-2013-2446 * CVE-2013-2450 * CVE-2013-1571 * CVE-2013-2451 * CVE-2013-1500 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS: zypper in -t patch slessp1-java-1_6_0-ibm-8114 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-java-1_6_0-ibm-8114 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64): java-1_6_0-ibm-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-plugin-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr14.0-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr14.0-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr14.0-0.3.1 References: http://support.novell.com/security/cve/CVE-2013-1500.html http://support.novell.com/security/cve/CVE-2013-1571.html http://support.novell.com/security/cve/CVE-2013-2407.html http://support.novell.com/security/cve/CVE-2013-2412.html http://support.novell.com/security/cve/CVE-2013-2437.html http://support.novell.com/security/cve/CVE-2013-2442.html http://support.novell.com/security/cve/CVE-2013-2443.html http://support.novell.com/security/cve/CVE-2013-2444.html http://support.novell.com/security/cve/CVE-2013-2446.html http://support.novell.com/security/cve/CVE-2013-2447.html http://support.novell.com/security/cve/CVE-2013-2448.html http://support.novell.com/security/cve/CVE-2013-2450.html http://support.novell.com/security/cve/CVE-2013-2451.html http://support.novell.com/security/cve/CVE-2013-2452.html http://support.novell.com/security/cve/CVE-2013-2453.html http://support.novell.com/security/cve/CVE-2013-2454.html http://support.novell.com/security/cve/CVE-2013-2455.html http://support.novell.com/security/cve/CVE-2013-2456.html http://support.novell.com/security/cve/CVE-2013-2457.html http://support.novell.com/security/cve/CVE-2013-2459.html http://support.novell.com/security/cve/CVE-2013-2463.html http://support.novell.com/security/cve/CVE-2013-2464.html http://support.novell.com/security/cve/CVE-2013-2465.html http://support.novell.com/security/cve/CVE-2013-2466.html http://support.novell.com/security/cve/CVE-2013-2468.html http://support.novell.com/security/cve/CVE-2013-2469.html http://support.novell.com/security/cve/CVE-2013-2470.html http://support.novell.com/security/cve/CVE-2013-2471.html http://support.novell.com/security/cve/CVE-2013-2472.html http://support.novell.com/security/cve/CVE-2013-2473.html http://support.novell.com/security/cve/CVE-2013-3009.html http://support.novell.com/security/cve/CVE-2013-3011.html http://support.novell.com/security/cve/CVE-2013-3012.html http://support.novell.com/security/cve/CVE-2013-3743.html http://support.novell.com/security/cve/CVE-2013-4002.html https://bugzilla.novell.com/817062 https://bugzilla.novell.com/823034 https://bugzilla.novell.com/829212 http://download.novell.com/patch/finder/?keywords=6c8543f9239e4d607bb2deb278b06a48 From sle-security-updates at lists.suse.com Tue Jul 30 12:04:08 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Jul 2013 20:04:08 +0200 (CEST) Subject: SUSE-SU-2013:1260-3: moderate: Security update for ruby Message-ID: <20130730180408.B2CC532277@maintenance.suse.de> SUSE Security Update: Security update for ruby ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1260-3 Rating: moderate References: #827265 Cross-References: CVE-2013-4073 Affected Products: WebYaST 1.3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Ruby failed to check hostnames correctly when setting up a SSL client connection. CVE-2013-4073 was assigned to this issue. Security Issue reference: * CVE-2013-4073 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.3: zypper in -t patch slewyst13-ruby-8026 - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-ruby-8027 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-ruby-8026 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ruby-8027 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ruby-8027 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-ruby-8026 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-ruby-8026 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-ruby-8027 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-ruby-8026 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-ruby-8026 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.3 (i586 ia64 ppc64 s390x x86_64): ruby-devel-1.8.7.p357-0.9.11.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): ruby-devel-1.8.7.p357-0.9.11.1 ruby-doc-html-1.8.7.p357-0.9.11.1 ruby-doc-ri-1.8.7.p357-0.9.11.1 ruby-examples-1.8.7.p357-0.9.11.1 ruby-test-suite-1.8.7.p357-0.9.11.1 ruby-tk-1.8.7.p357-0.9.11.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): ruby-devel-1.8.7.p357-0.9.11.1 ruby-doc-html-1.8.7.p357-0.9.11.1 ruby-doc-ri-1.8.7.p357-0.9.11.1 ruby-examples-1.8.7.p357-0.9.11.1 ruby-test-suite-1.8.7.p357-0.9.11.1 ruby-tk-1.8.7.p357-0.9.11.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ruby-1.8.7.p357-0.9.11.1 ruby-doc-html-1.8.7.p357-0.9.11.1 ruby-tk-1.8.7.p357-0.9.11.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ruby-1.8.7.p357-0.9.11.1 ruby-doc-html-1.8.7.p357-0.9.11.1 ruby-tk-1.8.7.p357-0.9.11.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ruby-1.8.7.p357-0.9.11.1 ruby-doc-html-1.8.7.p357-0.9.11.1 ruby-tk-1.8.7.p357-0.9.11.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ruby-1.8.7.p357-0.9.11.1 ruby-doc-html-1.8.7.p357-0.9.11.1 ruby-tk-1.8.7.p357-0.9.11.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): ruby-1.8.7.p357-0.9.11.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): ruby-1.8.7.p357-0.9.11.1 - SUSE Lifecycle Management Server 1.3 (x86_64): ruby-devel-1.8.7.p357-0.9.11.1 References: http://support.novell.com/security/cve/CVE-2013-4073.html https://bugzilla.novell.com/827265 http://download.novell.com/patch/finder/?keywords=480d98ab926aa6d71214ec344385e860 http://download.novell.com/patch/finder/?keywords=dadfddbbfab29e11abd8155e45470f82 From sle-security-updates at lists.suse.com Tue Jul 30 14:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Jul 2013 22:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1276-1: moderate: Security update for wireshark Message-ID: <20130730200411.0586932277@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1276-1 Rating: moderate References: #816887 #820973 #824900 Cross-References: CVE-2013-2486 CVE-2013-2487 CVE-2013-3555 CVE-2013-3556 CVE-2013-3557 CVE-2013-3558 CVE-2013-3559 CVE-2013-3560 CVE-2013-3561 CVE-2013-3562 CVE-2013-4074 CVE-2013-4075 CVE-2013-4076 CVE-2013-4077 CVE-2013-4078 CVE-2013-4079 CVE-2013-4080 CVE-2013-4081 CVE-2013-4082 CVE-2013-4083 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This wireshark version update to 1.6.16 includes several security and general bug fixes. http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html * The CAPWAP dissector could crash. Discovered by Laurent Butti. (CVE-2013-4074) * The HTTP dissector could overrun the stack. Discovered by David Keeler. (CVE-2013-4081) * The DCP ETSI dissector could crash. (CVE-2013-4083) http://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html * The ASN.1 BER dissector could crash. ( CVE-2013-3556 CVE-2013-3557 ) The releases also fix various non-security issues. Additionally, a crash in processing SCTP filters has been fixed. (bug#816887) Security Issue references: * CVE-2013-2486 * CVE-2013-2487 * CVE-2013-3555 * CVE-2013-3556 * CVE-2013-3557 * CVE-2013-3558 * CVE-2013-3559 * CVE-2013-3560 * CVE-2013-3561 * CVE-2013-3562 * CVE-2013-3561 * CVE-2013-3561 * CVE-2013-4074 * CVE-2013-4075 * CVE-2013-4076 * CVE-2013-4077 * CVE-2013-4078 * CVE-2013-4079 * CVE-2013-4080 * CVE-2013-4081 * CVE-2013-4082 * CVE-2013-4083 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): wireshark-1.6.16-0.5.5 wireshark-devel-1.6.16-0.5.5 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): wireshark-1.6.16-0.5.5 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): wireshark-devel-1.6.16-0.5.5 References: http://support.novell.com/security/cve/CVE-2013-2486.html http://support.novell.com/security/cve/CVE-2013-2487.html http://support.novell.com/security/cve/CVE-2013-3555.html http://support.novell.com/security/cve/CVE-2013-3556.html http://support.novell.com/security/cve/CVE-2013-3557.html http://support.novell.com/security/cve/CVE-2013-3558.html http://support.novell.com/security/cve/CVE-2013-3559.html http://support.novell.com/security/cve/CVE-2013-3560.html http://support.novell.com/security/cve/CVE-2013-3561.html http://support.novell.com/security/cve/CVE-2013-3562.html http://support.novell.com/security/cve/CVE-2013-4074.html http://support.novell.com/security/cve/CVE-2013-4075.html http://support.novell.com/security/cve/CVE-2013-4076.html http://support.novell.com/security/cve/CVE-2013-4077.html http://support.novell.com/security/cve/CVE-2013-4078.html http://support.novell.com/security/cve/CVE-2013-4079.html http://support.novell.com/security/cve/CVE-2013-4080.html http://support.novell.com/security/cve/CVE-2013-4081.html http://support.novell.com/security/cve/CVE-2013-4082.html http://support.novell.com/security/cve/CVE-2013-4083.html https://bugzilla.novell.com/816887 https://bugzilla.novell.com/820973 https://bugzilla.novell.com/824900 http://download.novell.com/patch/finder/?keywords=cb4504a53f9b3d0625f514d688e2c947 From sle-security-updates at lists.suse.com Wed Jul 31 16:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 1 Aug 2013 00:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1285-1: important: Security update for PHP5 Message-ID: <20130731220410.2D7FE32278@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1285-1 Rating: important References: #807707 #828020 #829207 Cross-References: CVE-2013-1635 CVE-2013-1643 CVE-2013-4113 CVE-2013-4635 Affected Products: SUSE Linux Enterprise Server 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: The following security issues have been fixed: * CVE-2013-4635 (bnc#828020): o Integer overflow in SdnToJewish() * CVE-2013-1635 and CVE-2013-1643 (bnc#807707): o reading system files via untrusted SOAP input o soap.wsdl_cache_dir function did not honour PHP open_basedir * CVE-2013-4113 (bnc#829207): o heap corruption due to badly formed xml Security Issue references: * CVE-2013-4113 * CVE-2013-4635 * CVE-2013-1635 * CVE-2013-1643 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): apache2-mod_php5-5.2.14-0.42.1 php5-5.2.14-0.42.1 php5-bcmath-5.2.14-0.42.1 php5-bz2-5.2.14-0.42.1 php5-calendar-5.2.14-0.42.1 php5-ctype-5.2.14-0.42.1 php5-curl-5.2.14-0.42.1 php5-dba-5.2.14-0.42.1 php5-dbase-5.2.14-0.42.1 php5-devel-5.2.14-0.42.1 php5-dom-5.2.14-0.42.1 php5-exif-5.2.14-0.42.1 php5-fastcgi-5.2.14-0.42.1 php5-ftp-5.2.14-0.42.1 php5-gd-5.2.14-0.42.1 php5-gettext-5.2.14-0.42.1 php5-gmp-5.2.14-0.42.1 php5-hash-5.2.14-0.42.1 php5-iconv-5.2.14-0.42.1 php5-imap-5.2.14-0.42.1 php5-json-5.2.14-0.42.1 php5-ldap-5.2.14-0.42.1 php5-mbstring-5.2.14-0.42.1 php5-mcrypt-5.2.14-0.42.1 php5-mhash-5.2.14-0.42.1 php5-mysql-5.2.14-0.42.1 php5-ncurses-5.2.14-0.42.1 php5-odbc-5.2.14-0.42.1 php5-openssl-5.2.14-0.42.1 php5-pcntl-5.2.14-0.42.1 php5-pdo-5.2.14-0.42.1 php5-pear-5.2.14-0.42.1 php5-pgsql-5.2.14-0.42.1 php5-posix-5.2.14-0.42.1 php5-pspell-5.2.14-0.42.1 php5-shmop-5.2.14-0.42.1 php5-snmp-5.2.14-0.42.1 php5-soap-5.2.14-0.42.1 php5-sockets-5.2.14-0.42.1 php5-sqlite-5.2.14-0.42.1 php5-suhosin-5.2.14-0.42.1 php5-sysvmsg-5.2.14-0.42.1 php5-sysvsem-5.2.14-0.42.1 php5-sysvshm-5.2.14-0.42.1 php5-tokenizer-5.2.14-0.42.1 php5-wddx-5.2.14-0.42.1 php5-xmlreader-5.2.14-0.42.1 php5-xmlrpc-5.2.14-0.42.1 php5-xsl-5.2.14-0.42.1 php5-zlib-5.2.14-0.42.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): apache2-mod_php5-5.2.14-0.42.1 php5-5.2.14-0.42.1 php5-bcmath-5.2.14-0.42.1 php5-bz2-5.2.14-0.42.1 php5-calendar-5.2.14-0.42.1 php5-ctype-5.2.14-0.42.1 php5-curl-5.2.14-0.42.1 php5-dba-5.2.14-0.42.1 php5-dbase-5.2.14-0.42.1 php5-devel-5.2.14-0.42.1 php5-dom-5.2.14-0.42.1 php5-exif-5.2.14-0.42.1 php5-fastcgi-5.2.14-0.42.1 php5-ftp-5.2.14-0.42.1 php5-gd-5.2.14-0.42.1 php5-gettext-5.2.14-0.42.1 php5-gmp-5.2.14-0.42.1 php5-hash-5.2.14-0.42.1 php5-iconv-5.2.14-0.42.1 php5-imap-5.2.14-0.42.1 php5-ldap-5.2.14-0.42.1 php5-mbstring-5.2.14-0.42.1 php5-mcrypt-5.2.14-0.42.1 php5-mhash-5.2.14-0.42.1 php5-mysql-5.2.14-0.42.1 php5-ncurses-5.2.14-0.42.1 php5-odbc-5.2.14-0.42.1 php5-openssl-5.2.14-0.42.1 php5-pcntl-5.2.14-0.42.1 php5-pdo-5.2.14-0.42.1 php5-pear-5.2.14-0.42.1 php5-pgsql-5.2.14-0.42.1 php5-posix-5.2.14-0.42.1 php5-pspell-5.2.14-0.42.1 php5-shmop-5.2.14-0.42.1 php5-snmp-5.2.14-0.42.1 php5-soap-5.2.14-0.42.1 php5-sockets-5.2.14-0.42.1 php5-sqlite-5.2.14-0.42.1 php5-suhosin-5.2.14-0.42.1 php5-sysvmsg-5.2.14-0.42.1 php5-sysvsem-5.2.14-0.42.1 php5-sysvshm-5.2.14-0.42.1 php5-tidy-5.2.14-0.42.1 php5-tokenizer-5.2.14-0.42.1 php5-wddx-5.2.14-0.42.1 php5-xmlreader-5.2.14-0.42.1 php5-xmlrpc-5.2.14-0.42.1 php5-xsl-5.2.14-0.42.1 php5-zlib-5.2.14-0.42.1 References: http://support.novell.com/security/cve/CVE-2013-1635.html http://support.novell.com/security/cve/CVE-2013-1643.html http://support.novell.com/security/cve/CVE-2013-4113.html http://support.novell.com/security/cve/CVE-2013-4635.html https://bugzilla.novell.com/807707 https://bugzilla.novell.com/828020 https://bugzilla.novell.com/829207 http://download.novell.com/patch/finder/?keywords=512092ac1a057c2d35c038267a87ab52