From sle-security-updates at lists.suse.com Wed May 2 11:08:16 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 2 May 2012 19:08:16 +0200 (CEST) Subject: SUSE-SU-2012:0580-1: important: Security update for Mozilla Firefox Message-ID: <20120502170816.26BD532402@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0580-1 Rating: important References: #758408 Cross-References: CVE-2011-3062 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. It includes two new package versions. Description: MozillaFirefox was updated to the 10.0.4 ESR release to fix various bugs and security issues. * MFSA 2012-20: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. Christian Holler a reported memory safety and security problem affecting Firefox 11. (CVE-2012-0468) Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay reported memory safety problems and crashes that affect Firefox ESR and Firefox 11. (CVE-2012-0467) * MFSA 2012-22 / CVE-2012-0469: Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. When it is destroyed, this causes a use-after-free, which is potentially exploitable. * MFSA 2012-23 / CVE-2012-0470: Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found a heap corruption in gfxImageSurface which allows for invalid frees and possible remote code execution. This happens due to float error, resulting from graphics values being passed through different number systems. * MFSA 2012-24 / CVE-2012-0471: Anne van Kesteren of Opera Software found a multi-octet encoding issue where certain octets will destroy the following octets in the processing of some multibyte character sets. This can leave users vulnerable to cross-site scripting (XSS) attacks on maliciously crafted web pages. * MFSA 2012-25 / CVE-2012-0472: Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. This is created by using cairo-dwrite to attempt to render fonts on an unsupported code path. This corruption causes a potentially exploitable crash on affected systems. * MFSA 2012-26 / CVE-2012-0473: Mozilla community member Matias Juntunen discovered an error in WebGLBuffer where FindMaxElementInSubArray receives wrong template arguments from FindMaxUshortElement. This bug causes maximum index to be computed incorrectly within WebGL.drawElements, allowing the reading of illegal video memory. * MFSA 2012-27 / CVE-2012-0474: Security researchers Jordi Chancel and Eddy Bordi reported that they could short-circuit page loads to show the address of a different site than what is loaded in the window in the addressbar. Security researcher Chris McGowen independently reported the same flaw, and further demonstrated that this could lead to loading scripts from the attacker's site, leaving users vulnerable to cross-site scripting (XSS) attacks. * MFSA 2012-28 / CVE-2012-0475: Security researcher Simone Fabiano reported that if a cross-site XHR or WebSocket is opened on a web server on a non-standard port for web traffic while using an IPv6 address, the browser will send an ambiguous origin headers if the IPv6 address contains at least 2 consecutive 16-bit fields of zeroes. If there is an origin access control list that uses IPv6 literals, this issue could be used to bypass these access controls on the server. * MFSA 2012-29 / CVE-2012-0477: Security researcher Masato Kinugawa found that during the decoding of ISO-2022-KR and ISO-2022-CN character sets, characters near 1024 bytes are treated incorrectly, either doubling or deleting bytes. On certain pages it might be possible for an attacker to pad the output of the page such that these errors fall in the right place to affect the structure of the page, allowing for cross-site script (XSS) injection. * MFSA 2012-30 / CVE-2012-0478: Mozilla community member Ms2ger found an image rendering issue with WebGL when texImage2D uses use JSVAL_TO_OBJECT on arbitrary objects. This can lead to a crash on a maliciously crafted web page. While there is no evidence that this is directly exploitable, there is a possibility of remote code execution. * MFSA 2012-31 / CVE-2011-3062: Mateusz Jurczyk of the Google Security Team discovered an off-by-one error in the OpenType Sanitizer using the Address Sanitizer tool. This can lead to an out-of-bounds read and execution of an uninitialized function pointer during parsing and possible remote code execution. * MFSA 2012-32 / CVE-2011-1187: Security researcher Daniel Divricean reported that a defect in the error handling of javascript errors can leak the file names and location of javascript files on a server, leading to inadvertent information disclosure and a vector for further attacks. * MFSA 2012-33 / CVE-2012-0479: Security researcher Jeroen van der Gun reported that if RSS or Atom XML invalid content is loaded over HTTPS, the addressbar updates to display the new location of the loaded resource, including SSL indicators, while the main window still displays the previously loaded content. This allows for phishing attacks where a malicious page can spoof the identify of another seemingly secure site. Security Issue references: * CVE-2012-0468 * CVE-2012-0469 * CVE-2012-0470 * CVE-2012-0471 * CVE-2012-0472 * CVE-2012-0473 * CVE-2012-0474 * CVE-2012-0477 * CVE-2012-0478 * CVE-2011-3062 * CVE-2012-0479 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-firefox-201204-6224 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-firefox-201204-6224 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-firefox-201204-6224 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-firefox-201204-6224 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-firefox-201204-6224 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-firefox-201204-6224 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-firefox-201204-6224 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.13.4]: mozilla-nss-devel-3.13.4-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.13.4]: mozilla-nss-devel-3.13.4-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.4 and 3.13.4]: MozillaFirefox-10.0.4-0.3.3 MozillaFirefox-translations-10.0.4-0.3.3 libfreebl3-3.13.4-0.2.1 mozilla-nss-3.13.4-0.2.1 mozilla-nss-tools-3.13.4-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 3.13.4]: libfreebl3-32bit-3.13.4-0.2.1 mozilla-nss-32bit-3.13.4-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 3.13.4]: libfreebl3-x86-3.13.4-0.2.1 mozilla-nss-x86-3.13.4-0.2.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 10.0.4 and 3.13.4]: MozillaFirefox-10.0.4-0.3.3 MozillaFirefox-translations-10.0.4-0.3.3 libfreebl3-3.13.4-0.2.1 mozilla-nss-3.13.4-0.2.1 mozilla-nss-tools-3.13.4-0.2.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version: 3.13.4]: libfreebl3-32bit-3.13.4-0.2.1 mozilla-nss-32bit-3.13.4-0.2.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.4 and 3.13.4]: MozillaFirefox-10.0.4-0.3.3 MozillaFirefox-translations-10.0.4-0.3.3 libfreebl3-3.13.4-0.2.1 mozilla-nss-3.13.4-0.2.1 mozilla-nss-tools-3.13.4-0.2.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64) [New Version: 3.13.4]: libfreebl3-32bit-3.13.4-0.2.1 mozilla-nss-32bit-3.13.4-0.2.1 - SUSE Linux Enterprise Server 11 SP1 (ia64) [New Version: 3.13.4]: libfreebl3-x86-3.13.4-0.2.1 mozilla-nss-x86-3.13.4-0.2.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 10.0.4 and 3.13.4]: MozillaFirefox-10.0.4-0.3.3 MozillaFirefox-translations-10.0.4-0.3.3 libfreebl3-3.13.4-0.2.1 mozilla-nss-3.13.4-0.2.1 mozilla-nss-tools-3.13.4-0.2.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 3.13.4]: libfreebl3-32bit-3.13.4-0.2.1 mozilla-nss-32bit-3.13.4-0.2.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 10.0.4 and 3.13.4]: MozillaFirefox-10.0.4-0.3.3 MozillaFirefox-translations-10.0.4-0.3.3 libfreebl3-3.13.4-0.2.1 mozilla-nss-3.13.4-0.2.1 mozilla-nss-tools-3.13.4-0.2.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 3.13.4]: libfreebl3-32bit-3.13.4-0.2.1 mozilla-nss-32bit-3.13.4-0.2.1 References: http://support.novell.com/security/cve/CVE-2011-3062.html http://support.novell.com/security/cve/CVE-2012-0468.html http://support.novell.com/security/cve/CVE-2012-0469.html http://support.novell.com/security/cve/CVE-2012-0470.html http://support.novell.com/security/cve/CVE-2012-0471.html http://support.novell.com/security/cve/CVE-2012-0472.html http://support.novell.com/security/cve/CVE-2012-0473.html http://support.novell.com/security/cve/CVE-2012-0474.html http://support.novell.com/security/cve/CVE-2012-0477.html http://support.novell.com/security/cve/CVE-2012-0478.html http://support.novell.com/security/cve/CVE-2012-0479.html https://bugzilla.novell.com/758408 http://download.novell.com/patch/finder/?keywords=4473f09d5e15471e41452b71ff4dd645 From sle-security-updates at lists.suse.com Mon May 7 09:08:20 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 7 May 2012 17:08:20 +0200 (CEST) Subject: SUSE-SU-2012:0591-1: important: Security update for Samba Message-ID: <20120507150820.A843E3240C@maintenance.suse.de> SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0591-1 Rating: important References: #757080 #757576 Cross-References: CVE-2012-2111 Affected Products: SUSE Linux Enterprise Server 10 GPLv3 Extras ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of Samba fixes the following security issue: * CVE-2012-2111: Ensure that users cannot hand out their own privileges to everyone, only administrators are allowed to do that. Security Issue reference: * CVE-2012-2111 Package List: - SUSE Linux Enterprise Server 10 GPLv3 Extras (i586 ia64 ppc s390x x86_64): libnetapi-devel-3.4.3-0.43.1 libnetapi0-3.4.3-0.43.1 libtalloc-devel-3.4.3-0.43.1 libtalloc1-3.4.3-0.43.1 libtdb-devel-3.4.3-0.43.1 libtdb1-3.4.3-0.43.1 libwbclient-devel-3.4.3-0.43.1 libwbclient0-3.4.3-0.43.1 samba-gplv3-3.4.3-0.43.1 samba-gplv3-client-3.4.3-0.43.1 samba-gplv3-krb-printing-3.4.3-0.43.1 samba-gplv3-winbind-3.4.3-0.43.1 - SUSE Linux Enterprise Server 10 GPLv3 Extras (noarch): samba-gplv3-doc-3.4.3-0.43.1 References: http://support.novell.com/security/cve/CVE-2012-2111.html https://bugzilla.novell.com/757080 https://bugzilla.novell.com/757576 http://download.novell.com/patch/finder/?keywords=ef33002197942af3c4259067710592e2 From sle-security-updates at lists.suse.com Sat May 19 19:08:19 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 20 May 2012 03:08:19 +0200 (CEST) Subject: SUSE-SU-2012:0592-1: critical: Security update for flash-player Message-ID: <20120520010819.457873240B@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0592-1 Rating: critical References: #757428 #758645 #760777 Cross-References: CVE-2012-0779 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. It includes one version update. Description: Flash Player was updated to version 11.2.202.233, fixing a critical security problem. This update also fixes a problem with NVIDIA accelerated drivers and swapped blue/red colors, and also a printing regression introduced by a previous update. Security Issue reference: * CVE-2012-0779 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-flash-player-6253 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-flash-player-6253 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.235]: flash-player-11.2.202.235-0.3.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 11.2.202.235]: flash-player-11.2.202.235-0.3.1 References: http://support.novell.com/security/cve/CVE-2012-0779.html https://bugzilla.novell.com/757428 https://bugzilla.novell.com/758645 https://bugzilla.novell.com/760777 http://download.novell.com/patch/finder/?keywords=29ba5e8ed6a94441fe290e408bfb7b94 From sle-security-updates at lists.suse.com Tue May 8 09:08:44 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 May 2012 17:08:44 +0200 (CEST) Subject: SUSE-SU-2012:0592-2: critical: Security update for flash-player Message-ID: <20120508150844.285933240B@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0592-2 Rating: critical References: #757428 #758645 #760777 Cross-References: CVE-2012-0779 Affected Products: SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. It includes one version update. Description: Flash Player was updated to version 11.2.202.233, fixing a critical security problem. Security Issue reference: * CVE-2012-0779 Package List: - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 11.2.202.235]: flash-player-11.2.202.235-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-0779.html https://bugzilla.novell.com/757428 https://bugzilla.novell.com/758645 https://bugzilla.novell.com/760777 http://download.novell.com/patch/finder/?keywords=025c02b675ee613406e80e984dac238c From sle-security-updates at lists.suse.com Tue May 8 18:08:17 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 9 May 2012 02:08:17 +0200 (CEST) Subject: SUSE-SU-2012:0598-1: critical: Security update for PHP5 Message-ID: <20120509000817.487753240C@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0598-1 Rating: critical References: #752030 #753778 #760536 Cross-References: CVE-2012-1172 CVE-2012-1823 CVE-2012-2311 Affected Products: SUSE Linux Enterprise Server 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update fixes several security issues in PHP5: * CVE-2012-1172: A directory traversal bug has been fixed in php5. * CVE-2012-1823, CVE-2012-2311: A command injection was possible when PHP5 was operated in CGI mode using commandline options. This problem does not affect PHP5 in the normal Apache module mode setup. * Also a pack/unpacking bug on big endian 64bit architectures (ppc64 and s390x) has been fixed. bnc#753778 Security Issue references: * CVE-2012-1172 * CVE-2012-1823 * CVE-2012-2311 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): apache2-mod_php5-5.2.14-0.32.1 php5-5.2.14-0.32.1 php5-bcmath-5.2.14-0.32.1 php5-bz2-5.2.14-0.32.1 php5-calendar-5.2.14-0.32.1 php5-ctype-5.2.14-0.32.1 php5-curl-5.2.14-0.32.1 php5-dba-5.2.14-0.32.1 php5-dbase-5.2.14-0.32.1 php5-devel-5.2.14-0.32.1 php5-dom-5.2.14-0.32.1 php5-exif-5.2.14-0.32.1 php5-fastcgi-5.2.14-0.32.1 php5-ftp-5.2.14-0.32.1 php5-gd-5.2.14-0.32.1 php5-gettext-5.2.14-0.32.1 php5-gmp-5.2.14-0.32.1 php5-hash-5.2.14-0.32.1 php5-iconv-5.2.14-0.32.1 php5-imap-5.2.14-0.32.1 php5-json-5.2.14-0.32.1 php5-ldap-5.2.14-0.32.1 php5-mbstring-5.2.14-0.32.1 php5-mcrypt-5.2.14-0.32.1 php5-mhash-5.2.14-0.32.1 php5-mysql-5.2.14-0.32.1 php5-ncurses-5.2.14-0.32.1 php5-odbc-5.2.14-0.32.1 php5-openssl-5.2.14-0.32.1 php5-pcntl-5.2.14-0.32.1 php5-pdo-5.2.14-0.32.1 php5-pear-5.2.14-0.32.1 php5-pgsql-5.2.14-0.32.1 php5-posix-5.2.14-0.32.1 php5-pspell-5.2.14-0.32.1 php5-shmop-5.2.14-0.32.1 php5-snmp-5.2.14-0.32.1 php5-soap-5.2.14-0.32.1 php5-sockets-5.2.14-0.32.1 php5-sqlite-5.2.14-0.32.1 php5-suhosin-5.2.14-0.32.1 php5-sysvmsg-5.2.14-0.32.1 php5-sysvsem-5.2.14-0.32.1 php5-sysvshm-5.2.14-0.32.1 php5-tokenizer-5.2.14-0.32.1 php5-wddx-5.2.14-0.32.1 php5-xmlreader-5.2.14-0.32.1 php5-xmlrpc-5.2.14-0.32.1 php5-xsl-5.2.14-0.32.1 php5-zlib-5.2.14-0.32.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): apache2-mod_php5-5.2.14-0.32.1 php5-5.2.14-0.32.1 php5-bcmath-5.2.14-0.32.1 php5-bz2-5.2.14-0.32.1 php5-calendar-5.2.14-0.32.1 php5-ctype-5.2.14-0.32.1 php5-curl-5.2.14-0.32.1 php5-dba-5.2.14-0.32.1 php5-dbase-5.2.14-0.32.1 php5-devel-5.2.14-0.32.1 php5-dom-5.2.14-0.32.1 php5-exif-5.2.14-0.32.1 php5-fastcgi-5.2.14-0.32.1 php5-ftp-5.2.14-0.32.1 php5-gd-5.2.14-0.32.1 php5-gettext-5.2.14-0.32.1 php5-gmp-5.2.14-0.32.1 php5-hash-5.2.14-0.32.1 php5-iconv-5.2.14-0.32.1 php5-imap-5.2.14-0.32.1 php5-ldap-5.2.14-0.32.1 php5-mbstring-5.2.14-0.32.1 php5-mcrypt-5.2.14-0.32.1 php5-mhash-5.2.14-0.32.1 php5-mysql-5.2.14-0.32.1 php5-ncurses-5.2.14-0.32.1 php5-odbc-5.2.14-0.32.1 php5-openssl-5.2.14-0.32.1 php5-pcntl-5.2.14-0.32.1 php5-pdo-5.2.14-0.32.1 php5-pear-5.2.14-0.32.1 php5-pgsql-5.2.14-0.32.1 php5-posix-5.2.14-0.32.1 php5-pspell-5.2.14-0.32.1 php5-shmop-5.2.14-0.32.1 php5-snmp-5.2.14-0.32.1 php5-soap-5.2.14-0.32.1 php5-sockets-5.2.14-0.32.1 php5-sqlite-5.2.14-0.32.1 php5-suhosin-5.2.14-0.32.1 php5-sysvmsg-5.2.14-0.32.1 php5-sysvsem-5.2.14-0.32.1 php5-sysvshm-5.2.14-0.32.1 php5-tidy-5.2.14-0.32.1 php5-tokenizer-5.2.14-0.32.1 php5-wddx-5.2.14-0.32.1 php5-xmlreader-5.2.14-0.32.1 php5-xmlrpc-5.2.14-0.32.1 php5-xsl-5.2.14-0.32.1 php5-zlib-5.2.14-0.32.1 References: http://support.novell.com/security/cve/CVE-2012-1172.html http://support.novell.com/security/cve/CVE-2012-1823.html http://support.novell.com/security/cve/CVE-2012-2311.html https://bugzilla.novell.com/752030 https://bugzilla.novell.com/753778 https://bugzilla.novell.com/760536 http://download.novell.com/patch/finder/?keywords=4c521fa4b1380a2123c60bdf8e191643 From sle-security-updates at lists.suse.com Tue May 8 22:08:16 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 9 May 2012 06:08:16 +0200 (CEST) Subject: SUSE-SU-2012:0598-2: critical: Security update for PHP5 Message-ID: <20120509040816.8653C3240F@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0598-2 Rating: critical References: #752030 #753778 #760536 Cross-References: CVE-2012-1172 CVE-2012-1823 CVE-2012-2311 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes one version update. Description: This update fixes several security issues in PHP5: * CVE-2012-1172: A directory traversal bug has been fixed in PHP5. * CVE-2012-1823, CVE-2012-2311: A command injection was possible when PHP5 was operated in CGI mode using commandline options. This problem does not affect PHP5 in the normal apache module mode setup. * Also a pack/unpacking bug on big endian 64bit architectures (ppc64 and s390x) has been fixed. bnc#753778 Security Issue references: * CVE-2012-1172 * CVE-2012-1823 * CVE-2012-2311 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-apache2-mod_php5-6252 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-apache2-mod_php5-6252 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-apache2-mod_php5-6252 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-apache2-mod_php5-6252 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-apache2-mod_php5-6252 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.2.14]: php5-devel-5.2.14-0.7.30.38.1 php5-imap-5.2.14-0.7.30.38.1 php5-ncurses-5.2.14-0.7.30.38.1 php5-posix-5.2.14-0.7.30.38.1 php5-readline-5.2.14-0.7.30.38.1 php5-sockets-5.2.14-0.7.30.38.1 php5-sqlite-5.2.14-0.7.30.38.1 php5-tidy-5.2.14-0.7.30.38.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.38.1 php5-5.2.14-0.7.30.38.1 php5-bcmath-5.2.14-0.7.30.38.1 php5-bz2-5.2.14-0.7.30.38.1 php5-calendar-5.2.14-0.7.30.38.1 php5-ctype-5.2.14-0.7.30.38.1 php5-curl-5.2.14-0.7.30.38.1 php5-dba-5.2.14-0.7.30.38.1 php5-dbase-5.2.14-0.7.30.38.1 php5-dom-5.2.14-0.7.30.38.1 php5-exif-5.2.14-0.7.30.38.1 php5-fastcgi-5.2.14-0.7.30.38.1 php5-ftp-5.2.14-0.7.30.38.1 php5-gd-5.2.14-0.7.30.38.1 php5-gettext-5.2.14-0.7.30.38.1 php5-gmp-5.2.14-0.7.30.38.1 php5-hash-5.2.14-0.7.30.38.1 php5-iconv-5.2.14-0.7.30.38.1 php5-json-5.2.14-0.7.30.38.1 php5-ldap-5.2.14-0.7.30.38.1 php5-mbstring-5.2.14-0.7.30.38.1 php5-mcrypt-5.2.14-0.7.30.38.1 php5-mysql-5.2.14-0.7.30.38.1 php5-odbc-5.2.14-0.7.30.38.1 php5-openssl-5.2.14-0.7.30.38.1 php5-pcntl-5.2.14-0.7.30.38.1 php5-pdo-5.2.14-0.7.30.38.1 php5-pear-5.2.14-0.7.30.38.1 php5-pgsql-5.2.14-0.7.30.38.1 php5-pspell-5.2.14-0.7.30.38.1 php5-shmop-5.2.14-0.7.30.38.1 php5-snmp-5.2.14-0.7.30.38.1 php5-soap-5.2.14-0.7.30.38.1 php5-suhosin-5.2.14-0.7.30.38.1 php5-sysvmsg-5.2.14-0.7.30.38.1 php5-sysvsem-5.2.14-0.7.30.38.1 php5-sysvshm-5.2.14-0.7.30.38.1 php5-tokenizer-5.2.14-0.7.30.38.1 php5-wddx-5.2.14-0.7.30.38.1 php5-xmlreader-5.2.14-0.7.30.38.1 php5-xmlrpc-5.2.14-0.7.30.38.1 php5-xmlwriter-5.2.14-0.7.30.38.1 php5-xsl-5.2.14-0.7.30.38.1 php5-zip-5.2.14-0.7.30.38.1 php5-zlib-5.2.14-0.7.30.38.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.2.14]: php5-devel-5.2.14-0.7.30.38.1 php5-imap-5.2.14-0.7.30.38.1 php5-ncurses-5.2.14-0.7.30.38.1 php5-posix-5.2.14-0.7.30.38.1 php5-readline-5.2.14-0.7.30.38.1 php5-sockets-5.2.14-0.7.30.38.1 php5-sqlite-5.2.14-0.7.30.38.1 php5-tidy-5.2.14-0.7.30.38.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.38.1 php5-5.2.14-0.7.30.38.1 php5-bcmath-5.2.14-0.7.30.38.1 php5-bz2-5.2.14-0.7.30.38.1 php5-calendar-5.2.14-0.7.30.38.1 php5-ctype-5.2.14-0.7.30.38.1 php5-curl-5.2.14-0.7.30.38.1 php5-dba-5.2.14-0.7.30.38.1 php5-dbase-5.2.14-0.7.30.38.1 php5-dom-5.2.14-0.7.30.38.1 php5-exif-5.2.14-0.7.30.38.1 php5-fastcgi-5.2.14-0.7.30.38.1 php5-ftp-5.2.14-0.7.30.38.1 php5-gd-5.2.14-0.7.30.38.1 php5-gettext-5.2.14-0.7.30.38.1 php5-gmp-5.2.14-0.7.30.38.1 php5-hash-5.2.14-0.7.30.38.1 php5-iconv-5.2.14-0.7.30.38.1 php5-json-5.2.14-0.7.30.38.1 php5-ldap-5.2.14-0.7.30.38.1 php5-mbstring-5.2.14-0.7.30.38.1 php5-mcrypt-5.2.14-0.7.30.38.1 php5-mysql-5.2.14-0.7.30.38.1 php5-odbc-5.2.14-0.7.30.38.1 php5-openssl-5.2.14-0.7.30.38.1 php5-pcntl-5.2.14-0.7.30.38.1 php5-pdo-5.2.14-0.7.30.38.1 php5-pear-5.2.14-0.7.30.38.1 php5-pgsql-5.2.14-0.7.30.38.1 php5-pspell-5.2.14-0.7.30.38.1 php5-shmop-5.2.14-0.7.30.38.1 php5-snmp-5.2.14-0.7.30.38.1 php5-soap-5.2.14-0.7.30.38.1 php5-suhosin-5.2.14-0.7.30.38.1 php5-sysvmsg-5.2.14-0.7.30.38.1 php5-sysvsem-5.2.14-0.7.30.38.1 php5-sysvshm-5.2.14-0.7.30.38.1 php5-tokenizer-5.2.14-0.7.30.38.1 php5-wddx-5.2.14-0.7.30.38.1 php5-xmlreader-5.2.14-0.7.30.38.1 php5-xmlrpc-5.2.14-0.7.30.38.1 php5-xmlwriter-5.2.14-0.7.30.38.1 php5-xsl-5.2.14-0.7.30.38.1 php5-zip-5.2.14-0.7.30.38.1 php5-zlib-5.2.14-0.7.30.38.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.38.1 php5-5.2.14-0.7.30.38.1 php5-bcmath-5.2.14-0.7.30.38.1 php5-bz2-5.2.14-0.7.30.38.1 php5-calendar-5.2.14-0.7.30.38.1 php5-ctype-5.2.14-0.7.30.38.1 php5-curl-5.2.14-0.7.30.38.1 php5-dba-5.2.14-0.7.30.38.1 php5-dbase-5.2.14-0.7.30.38.1 php5-dom-5.2.14-0.7.30.38.1 php5-exif-5.2.14-0.7.30.38.1 php5-fastcgi-5.2.14-0.7.30.38.1 php5-ftp-5.2.14-0.7.30.38.1 php5-gd-5.2.14-0.7.30.38.1 php5-gettext-5.2.14-0.7.30.38.1 php5-gmp-5.2.14-0.7.30.38.1 php5-hash-5.2.14-0.7.30.38.1 php5-iconv-5.2.14-0.7.30.38.1 php5-json-5.2.14-0.7.30.38.1 php5-ldap-5.2.14-0.7.30.38.1 php5-mbstring-5.2.14-0.7.30.38.1 php5-mcrypt-5.2.14-0.7.30.38.1 php5-mysql-5.2.14-0.7.30.38.1 php5-odbc-5.2.14-0.7.30.38.1 php5-openssl-5.2.14-0.7.30.38.1 php5-pcntl-5.2.14-0.7.30.38.1 php5-pdo-5.2.14-0.7.30.38.1 php5-pear-5.2.14-0.7.30.38.1 php5-pgsql-5.2.14-0.7.30.38.1 php5-pspell-5.2.14-0.7.30.38.1 php5-shmop-5.2.14-0.7.30.38.1 php5-snmp-5.2.14-0.7.30.38.1 php5-soap-5.2.14-0.7.30.38.1 php5-suhosin-5.2.14-0.7.30.38.1 php5-sysvmsg-5.2.14-0.7.30.38.1 php5-sysvsem-5.2.14-0.7.30.38.1 php5-sysvshm-5.2.14-0.7.30.38.1 php5-tokenizer-5.2.14-0.7.30.38.1 php5-wddx-5.2.14-0.7.30.38.1 php5-xmlreader-5.2.14-0.7.30.38.1 php5-xmlrpc-5.2.14-0.7.30.38.1 php5-xmlwriter-5.2.14-0.7.30.38.1 php5-xsl-5.2.14-0.7.30.38.1 php5-zip-5.2.14-0.7.30.38.1 php5-zlib-5.2.14-0.7.30.38.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.38.1 php5-5.2.14-0.7.30.38.1 php5-bcmath-5.2.14-0.7.30.38.1 php5-bz2-5.2.14-0.7.30.38.1 php5-calendar-5.2.14-0.7.30.38.1 php5-ctype-5.2.14-0.7.30.38.1 php5-curl-5.2.14-0.7.30.38.1 php5-dba-5.2.14-0.7.30.38.1 php5-dbase-5.2.14-0.7.30.38.1 php5-dom-5.2.14-0.7.30.38.1 php5-exif-5.2.14-0.7.30.38.1 php5-fastcgi-5.2.14-0.7.30.38.1 php5-ftp-5.2.14-0.7.30.38.1 php5-gd-5.2.14-0.7.30.38.1 php5-gettext-5.2.14-0.7.30.38.1 php5-gmp-5.2.14-0.7.30.38.1 php5-hash-5.2.14-0.7.30.38.1 php5-iconv-5.2.14-0.7.30.38.1 php5-json-5.2.14-0.7.30.38.1 php5-ldap-5.2.14-0.7.30.38.1 php5-mbstring-5.2.14-0.7.30.38.1 php5-mcrypt-5.2.14-0.7.30.38.1 php5-mysql-5.2.14-0.7.30.38.1 php5-odbc-5.2.14-0.7.30.38.1 php5-openssl-5.2.14-0.7.30.38.1 php5-pcntl-5.2.14-0.7.30.38.1 php5-pdo-5.2.14-0.7.30.38.1 php5-pear-5.2.14-0.7.30.38.1 php5-pgsql-5.2.14-0.7.30.38.1 php5-pspell-5.2.14-0.7.30.38.1 php5-shmop-5.2.14-0.7.30.38.1 php5-snmp-5.2.14-0.7.30.38.1 php5-soap-5.2.14-0.7.30.38.1 php5-suhosin-5.2.14-0.7.30.38.1 php5-sysvmsg-5.2.14-0.7.30.38.1 php5-sysvsem-5.2.14-0.7.30.38.1 php5-sysvshm-5.2.14-0.7.30.38.1 php5-tokenizer-5.2.14-0.7.30.38.1 php5-wddx-5.2.14-0.7.30.38.1 php5-xmlreader-5.2.14-0.7.30.38.1 php5-xmlrpc-5.2.14-0.7.30.38.1 php5-xmlwriter-5.2.14-0.7.30.38.1 php5-xsl-5.2.14-0.7.30.38.1 php5-zip-5.2.14-0.7.30.38.1 php5-zlib-5.2.14-0.7.30.38.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.38.1 php5-5.2.14-0.7.30.38.1 php5-bcmath-5.2.14-0.7.30.38.1 php5-bz2-5.2.14-0.7.30.38.1 php5-calendar-5.2.14-0.7.30.38.1 php5-ctype-5.2.14-0.7.30.38.1 php5-curl-5.2.14-0.7.30.38.1 php5-dba-5.2.14-0.7.30.38.1 php5-dbase-5.2.14-0.7.30.38.1 php5-dom-5.2.14-0.7.30.38.1 php5-exif-5.2.14-0.7.30.38.1 php5-fastcgi-5.2.14-0.7.30.38.1 php5-ftp-5.2.14-0.7.30.38.1 php5-gd-5.2.14-0.7.30.38.1 php5-gettext-5.2.14-0.7.30.38.1 php5-gmp-5.2.14-0.7.30.38.1 php5-hash-5.2.14-0.7.30.38.1 php5-iconv-5.2.14-0.7.30.38.1 php5-json-5.2.14-0.7.30.38.1 php5-ldap-5.2.14-0.7.30.38.1 php5-mbstring-5.2.14-0.7.30.38.1 php5-mcrypt-5.2.14-0.7.30.38.1 php5-mysql-5.2.14-0.7.30.38.1 php5-odbc-5.2.14-0.7.30.38.1 php5-openssl-5.2.14-0.7.30.38.1 php5-pcntl-5.2.14-0.7.30.38.1 php5-pdo-5.2.14-0.7.30.38.1 php5-pear-5.2.14-0.7.30.38.1 php5-pgsql-5.2.14-0.7.30.38.1 php5-pspell-5.2.14-0.7.30.38.1 php5-shmop-5.2.14-0.7.30.38.1 php5-snmp-5.2.14-0.7.30.38.1 php5-soap-5.2.14-0.7.30.38.1 php5-suhosin-5.2.14-0.7.30.38.1 php5-sysvmsg-5.2.14-0.7.30.38.1 php5-sysvsem-5.2.14-0.7.30.38.1 php5-sysvshm-5.2.14-0.7.30.38.1 php5-tokenizer-5.2.14-0.7.30.38.1 php5-wddx-5.2.14-0.7.30.38.1 php5-xmlreader-5.2.14-0.7.30.38.1 php5-xmlrpc-5.2.14-0.7.30.38.1 php5-xmlwriter-5.2.14-0.7.30.38.1 php5-xsl-5.2.14-0.7.30.38.1 php5-zip-5.2.14-0.7.30.38.1 php5-zlib-5.2.14-0.7.30.38.1 References: http://support.novell.com/security/cve/CVE-2012-1172.html http://support.novell.com/security/cve/CVE-2012-1823.html http://support.novell.com/security/cve/CVE-2012-2311.html https://bugzilla.novell.com/752030 https://bugzilla.novell.com/753778 https://bugzilla.novell.com/760536 http://download.novell.com/patch/finder/?keywords=2f2ba1954f1a36ab698da6e60a2d5ca9 From sle-security-updates at lists.suse.com Wed May 9 12:08:13 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 9 May 2012 20:08:13 +0200 (CEST) Subject: SUSE-SU-2012:0602-1: important: Security update for IBM Java 1.6.0 Message-ID: <20120509180813.3E6B23240F@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 1.6.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0602-1 Rating: important References: #755397 #758470 Cross-References: CVE-2011-3389 CVE-2011-3557 CVE-2011-3560 CVE-2011-3563 CVE-2012-0498 CVE-2012-0499 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Java 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: IBM Java 1.5.0 has been updated to SR13-FP1, fixing various security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ Security Issue references: * CVE-2012-0502 * CVE-2012-0503 * CVE-2012-0506 * CVE-2012-0507 * CVE-2011-3563 * CVE-2012-0498 * CVE-2012-0499 * CVE-2012-0501 * CVE-2012-0505 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ppc s390x x86_64): java-1_5_0-ibm-1.5.0_sr13.1-0.8.3 java-1_5_0-ibm-devel-1.5.0_sr13.1-0.8.3 java-1_5_0-ibm-fonts-1.5.0_sr13.1-0.8.3 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): java-1_5_0-ibm-32bit-1.5.0_sr13.1-0.8.3 java-1_5_0-ibm-devel-32bit-1.5.0_sr13.1-0.8.3 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc): java-1_5_0-ibm-jdbc-1.5.0_sr13.1-0.8.3 java-1_5_0-ibm-plugin-1.5.0_sr13.1-0.8.3 - SUSE Linux Enterprise Server 10 SP4 (x86_64): java-1_5_0-ibm-alsa-32bit-1.5.0_sr13.1-0.8.3 - SUSE Linux Enterprise Server 10 SP4 (i586): java-1_5_0-ibm-alsa-1.5.0_sr13.1-0.8.3 - SUSE Linux Enterprise Server 10 SP4 (ppc): java-1_5_0-ibm-64bit-1.5.0_sr13.1-0.8.3 - SUSE Linux Enterprise Java 10 SP4 (i586 ppc s390x x86_64): java-1_5_0-ibm-1.5.0_sr13.1-0.8.3 java-1_5_0-ibm-devel-1.5.0_sr13.1-0.8.3 java-1_5_0-ibm-fonts-1.5.0_sr13.1-0.8.3 - SUSE Linux Enterprise Java 10 SP4 (ppc): java-1_5_0-ibm-jdbc-1.5.0_sr13.1-0.8.3 java-1_5_0-ibm-plugin-1.5.0_sr13.1-0.8.3 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): java-1_5_0-ibm-1.5.0_sr13.1-0.8.3 java-1_5_0-ibm-demo-1.5.0_sr13.1-0.8.3 java-1_5_0-ibm-devel-1.5.0_sr13.1-0.8.3 java-1_5_0-ibm-fonts-1.5.0_sr13.1-0.8.3 java-1_5_0-ibm-src-1.5.0_sr13.1-0.8.3 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): java-1_5_0-ibm-32bit-1.5.0_sr13.1-0.8.3 java-1_5_0-ibm-alsa-32bit-1.5.0_sr13.1-0.8.3 java-1_5_0-ibm-devel-32bit-1.5.0_sr13.1-0.8.3 - SUSE Linux Enterprise Desktop 10 SP4 (i586): java-1_5_0-ibm-alsa-1.5.0_sr13.1-0.8.3 java-1_5_0-ibm-jdbc-1.5.0_sr13.1-0.8.3 java-1_5_0-ibm-plugin-1.5.0_sr13.1-0.8.3 References: http://support.novell.com/security/cve/CVE-2011-3389.html http://support.novell.com/security/cve/CVE-2011-3557.html http://support.novell.com/security/cve/CVE-2011-3560.html http://support.novell.com/security/cve/CVE-2011-3563.html http://support.novell.com/security/cve/CVE-2012-0498.html http://support.novell.com/security/cve/CVE-2012-0499.html http://support.novell.com/security/cve/CVE-2012-0501.html http://support.novell.com/security/cve/CVE-2012-0502.html http://support.novell.com/security/cve/CVE-2012-0503.html http://support.novell.com/security/cve/CVE-2012-0505.html http://support.novell.com/security/cve/CVE-2012-0506.html http://support.novell.com/security/cve/CVE-2012-0507.html https://bugzilla.novell.com/755397 https://bugzilla.novell.com/758470 http://download.novell.com/patch/finder/?keywords=37f9fa06a81529e81613e3989bd55358 From sle-security-updates at lists.suse.com Wed May 9 13:08:17 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 9 May 2012 21:08:17 +0200 (CEST) Subject: SUSE-SU-2012:0603-1: important: Security update for IBM Java 1.6.0 Message-ID: <20120509190817.2147432414@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 1.6.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0603-1 Rating: important References: #752306 #758470 Cross-References: CVE-2011-3563 CVE-2011-5035 CVE-2012-0497 CVE-2012-0498 CVE-2012-0499 CVE-2012-0500 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Java 11 SP1 SUSE Linux Enterprise Java 10 SP4 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: IBM Java 1.6.0 has been updated to SR10-FP1, fixing various security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ Security Issue references: * CVE-2012-0502 * CVE-2012-0503 * CVE-2012-0506 * CVE-2012-0507 * CVE-2011-3563 * CVE-2012-0500 * CVE-2012-0497 * CVE-2012-0498 * CVE-2012-0499 * CVE-2012-0500 * CVE-2012-0501 * CVE-2012-0505 * CVE-2011-5035 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-java-1_6_0-ibm-6225 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-java-1_6_0-ibm-6225 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-java-1_6_0-ibm-6225 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-java-1_6_0-ibm-6225 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-java-1_6_0-ibm-6225 - SUSE Linux Enterprise Java 11 SP1: zypper in -t patch slejsp1-java-1_6_0-ibm-6225 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-devel-1.6.0_sr10.1-0.3.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): java-1_6_0-ibm-1.6.0_sr10.1-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr10.1-0.3.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-devel-1.6.0_sr10.1-0.3.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64): java-1_6_0-ibm-1.6.0_sr10.1-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr10.1-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr10.1-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr10.1-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr10.1-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr10.1-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586): java-1_6_0-ibm-alsa-1.6.0_sr10.1-0.3.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): java-1_6_0-ibm-1.6.0_sr10.1-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr10.1-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr10.1-0.3.1 java-1_6_0-ibm-plugin-1.6.0_sr10.1-0.3.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586): java-1_6_0-ibm-alsa-1.6.0_sr10.1-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr10.1-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr10.1-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr10.1-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr10.1-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (i586): java-1_6_0-ibm-alsa-1.6.0_sr10.1-0.3.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc s390x x86_64): java-1_6_0-ibm-1.6.0_sr10.1-0.11.1 java-1_6_0-ibm-devel-1.6.0_sr10.1-0.11.1 java-1_6_0-ibm-fonts-1.6.0_sr10.1-0.11.1 java-1_6_0-ibm-jdbc-1.6.0_sr10.1-0.11.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64): java-1_6_0-ibm-plugin-1.6.0_sr10.1-0.11.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): java-1_6_0-ibm-32bit-1.6.0_sr10.1-0.11.1 java-1_6_0-ibm-devel-32bit-1.6.0_sr10.1-0.11.1 - SUSE Linux Enterprise Server 10 SP4 (x86_64): java-1_6_0-ibm-alsa-32bit-1.6.0_sr10.1-0.11.1 java-1_6_0-ibm-plugin-32bit-1.6.0_sr10.1-0.11.1 - SUSE Linux Enterprise Server 10 SP4 (i586): java-1_6_0-ibm-alsa-1.6.0_sr10.1-0.11.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): java-1_6_0-ibm-64bit-1.6.0_sr10.1-0.11.1 - SUSE Linux Enterprise Java 11 SP1 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr10.1-0.3.1 java-1_6_0-ibm-devel-1.6.0_sr10.1-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr10.1-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr10.1-0.3.1 - SUSE Linux Enterprise Java 11 SP1 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr10.1-0.3.1 - SUSE Linux Enterprise Java 11 SP1 (i586): java-1_6_0-ibm-alsa-1.6.0_sr10.1-0.3.1 - SUSE Linux Enterprise Java 10 SP4 (x86_64): java-1_6_0-ibm-1.6.0_sr10.1-0.11.1 java-1_6_0-ibm-devel-1.6.0_sr10.1-0.11.1 java-1_6_0-ibm-fonts-1.6.0_sr10.1-0.11.1 java-1_6_0-ibm-jdbc-1.6.0_sr10.1-0.11.1 java-1_6_0-ibm-plugin-1.6.0_sr10.1-0.11.1 References: http://support.novell.com/security/cve/CVE-2011-3563.html http://support.novell.com/security/cve/CVE-2011-5035.html http://support.novell.com/security/cve/CVE-2012-0497.html http://support.novell.com/security/cve/CVE-2012-0498.html http://support.novell.com/security/cve/CVE-2012-0499.html http://support.novell.com/security/cve/CVE-2012-0500.html http://support.novell.com/security/cve/CVE-2012-0501.html http://support.novell.com/security/cve/CVE-2012-0502.html http://support.novell.com/security/cve/CVE-2012-0503.html http://support.novell.com/security/cve/CVE-2012-0505.html http://support.novell.com/security/cve/CVE-2012-0506.html http://support.novell.com/security/cve/CVE-2012-0507.html https://bugzilla.novell.com/752306 https://bugzilla.novell.com/758470 http://download.novell.com/patch/finder/?keywords=3e69c82d3033515d0a8d556f0d82fee8 http://download.novell.com/patch/finder/?keywords=4a2ddc2bdb6d3293049475e3953c66b1 From sle-security-updates at lists.suse.com Wed May 9 14:08:15 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 9 May 2012 22:08:15 +0200 (CEST) Subject: SUSE-SU-2012:0604-1: critical: Security update for PHP5 Message-ID: <20120509200815.577FC32414@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0604-1 Rating: critical References: #752030 #760536 Cross-References: CVE-2012-1172 CVE-2012-1823 CVE-2012-2311 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update fixes several security issues in PHP5: * CVE-2012-1172: A directory traversal bug has been fixed in PHP5 * CVE-2012-1823, CVE-2012-2311: A command injection was possible when PHP5 was operated in CGI mode using commandline options. This problem does not affect PHP5 in the normal Apache module mode setup. Security Issue references: * CVE-2012-1172 * CVE-2012-1823 * CVE-2012-2311 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-apache2-mod_php53-6251 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-apache2-mod_php53-6251 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-apache2-mod_php53-6251 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.8-0.27.1 php53-imap-5.3.8-0.27.1 php53-posix-5.3.8-0.27.1 php53-readline-5.3.8-0.27.1 php53-sockets-5.3.8-0.27.1 php53-sqlite-5.3.8-0.27.1 php53-tidy-5.3.8-0.27.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): apache2-mod_php53-5.3.8-0.27.1 php53-5.3.8-0.27.1 php53-bcmath-5.3.8-0.27.1 php53-bz2-5.3.8-0.27.1 php53-calendar-5.3.8-0.27.1 php53-ctype-5.3.8-0.27.1 php53-curl-5.3.8-0.27.1 php53-dba-5.3.8-0.27.1 php53-dom-5.3.8-0.27.1 php53-exif-5.3.8-0.27.1 php53-fastcgi-5.3.8-0.27.1 php53-fileinfo-5.3.8-0.27.1 php53-ftp-5.3.8-0.27.1 php53-gd-5.3.8-0.27.1 php53-gettext-5.3.8-0.27.1 php53-gmp-5.3.8-0.27.1 php53-iconv-5.3.8-0.27.1 php53-intl-5.3.8-0.27.1 php53-json-5.3.8-0.27.1 php53-ldap-5.3.8-0.27.1 php53-mbstring-5.3.8-0.27.1 php53-mcrypt-5.3.8-0.27.1 php53-mysql-5.3.8-0.27.1 php53-odbc-5.3.8-0.27.1 php53-openssl-5.3.8-0.27.1 php53-pcntl-5.3.8-0.27.1 php53-pdo-5.3.8-0.27.1 php53-pear-5.3.8-0.27.1 php53-pgsql-5.3.8-0.27.1 php53-pspell-5.3.8-0.27.1 php53-shmop-5.3.8-0.27.1 php53-snmp-5.3.8-0.27.1 php53-soap-5.3.8-0.27.1 php53-suhosin-5.3.8-0.27.1 php53-sysvmsg-5.3.8-0.27.1 php53-sysvsem-5.3.8-0.27.1 php53-sysvshm-5.3.8-0.27.1 php53-tokenizer-5.3.8-0.27.1 php53-wddx-5.3.8-0.27.1 php53-xmlreader-5.3.8-0.27.1 php53-xmlrpc-5.3.8-0.27.1 php53-xmlwriter-5.3.8-0.27.1 php53-xsl-5.3.8-0.27.1 php53-zip-5.3.8-0.27.1 php53-zlib-5.3.8-0.27.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.8-0.27.1 php53-5.3.8-0.27.1 php53-bcmath-5.3.8-0.27.1 php53-bz2-5.3.8-0.27.1 php53-calendar-5.3.8-0.27.1 php53-ctype-5.3.8-0.27.1 php53-curl-5.3.8-0.27.1 php53-dba-5.3.8-0.27.1 php53-dom-5.3.8-0.27.1 php53-exif-5.3.8-0.27.1 php53-fastcgi-5.3.8-0.27.1 php53-fileinfo-5.3.8-0.27.1 php53-ftp-5.3.8-0.27.1 php53-gd-5.3.8-0.27.1 php53-gettext-5.3.8-0.27.1 php53-gmp-5.3.8-0.27.1 php53-iconv-5.3.8-0.27.1 php53-intl-5.3.8-0.27.1 php53-json-5.3.8-0.27.1 php53-ldap-5.3.8-0.27.1 php53-mbstring-5.3.8-0.27.1 php53-mcrypt-5.3.8-0.27.1 php53-mysql-5.3.8-0.27.1 php53-odbc-5.3.8-0.27.1 php53-openssl-5.3.8-0.27.1 php53-pcntl-5.3.8-0.27.1 php53-pdo-5.3.8-0.27.1 php53-pear-5.3.8-0.27.1 php53-pgsql-5.3.8-0.27.1 php53-pspell-5.3.8-0.27.1 php53-shmop-5.3.8-0.27.1 php53-snmp-5.3.8-0.27.1 php53-soap-5.3.8-0.27.1 php53-suhosin-5.3.8-0.27.1 php53-sysvmsg-5.3.8-0.27.1 php53-sysvsem-5.3.8-0.27.1 php53-sysvshm-5.3.8-0.27.1 php53-tokenizer-5.3.8-0.27.1 php53-wddx-5.3.8-0.27.1 php53-xmlreader-5.3.8-0.27.1 php53-xmlrpc-5.3.8-0.27.1 php53-xmlwriter-5.3.8-0.27.1 php53-xsl-5.3.8-0.27.1 php53-zip-5.3.8-0.27.1 php53-zlib-5.3.8-0.27.1 References: http://support.novell.com/security/cve/CVE-2012-1172.html http://support.novell.com/security/cve/CVE-2012-1823.html http://support.novell.com/security/cve/CVE-2012-2311.html https://bugzilla.novell.com/752030 https://bugzilla.novell.com/760536 http://download.novell.com/patch/finder/?keywords=62b6d31a520c266c62fd06d0be6c0dda From sle-security-updates at lists.suse.com Mon May 14 08:08:28 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 14 May 2012 16:08:28 +0200 (CEST) Subject: SUSE-SU-2012:0616-1: important: Security update for Linux kernel Message-ID: <20120514140828.2800E32429@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0616-1 Rating: important References: #611264 #617344 #624072 #652942 #668194 #676204 #688079 #693639 #697920 #700449 #704280 #713148 #714507 #716850 #717994 #719793 #720374 #721366 #727834 #729247 #731809 #733761 #734300 #734900 #737326 #738210 #738503 #738528 #738679 #740180 #740895 #740969 #742210 #742358 #743209 #743619 #744163 #744658 #745422 #745699 #745832 #745929 #746980 #747028 #747430 #747445 #748112 #748279 #748812 #749342 #749569 #749886 #750079 #750171 #751322 #751844 #751880 #752491 #752634 #752972 #755178 #755537 #756448 #756840 #757917 #758532 #758813 #759544 Cross-References: CVE-2011-1083 CVE-2011-4086 CVE-2011-4622 CVE-2012-0045 CVE-2012-0879 CVE-2012-1090 CVE-2012-1097 CVE-2012-2133 Affected Products: SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise High Availability Extension 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 60 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 SP1 kernel have been updated to the 2.6.32.59 stable release to fix a lot of bugs and security issues. The following security issues have been fixed: * CVE-2012-2133: A use after free bug in hugetlb support could be used by local attackers to crash the system. * CVE-2012-1097: A null pointer dereference bug in the regsets proc file could be used by local attackers to perhaps crash the system. With mmap_min_addr is set and enabled, exploitation is unlikely. * CVE-2012-0879: A reference counting issue in CLONE_IO could be used by local attackers to cause a denial of service (out of memory). * CVE-2012-1090: A file handle leak in CIFS code could be used by local attackers to crash the system. * CVE-2011-1083: Large nested epoll chains could be used by local attackers to cause a denial of service (excessive CPU consumption). * CVE-2011-4622: When using KVM, programming a PIT timer without a irqchip configuration, can be used to crash the kvm guest. This likely can be done only by a privileged guest user. * CVE-2012-0045: A KVM 32bit guest crash in "syscall" opcode handling was fixed that could be caused by local attackers. * CVE-2011-4086: Fixed a oops in jbd/jbd2 that could be caused by specific filesystem access patterns. The following non-security issues have been fixed: X86: * x86: fix the initialization of physnode_map (bnc#748112). * x86: Allow bootmem reserves at greater than 8G node offset within a node (bnc#740895). * x86, tsc: Fix SMI induced variation in quick_pit_calibrate(). (bnc#751322) * x86, efi: Work around broken firmware. (bnc#714507) BONDING: * bonding: update speed/duplex for NETDEV_CHANGE (bnc#752634). * bonding: comparing a u8 with -1 is always false (bnc#752634). * bonding: start slaves with link down for ARP monitor (bnc#752634). * bonding: send gratuitous ARP for all addresses (bnc#752491). XFS: * xfs: Fix excessive inode syncing when project quota is exceeded (bnc#756448). * xfs: Fix oops on IO error during xlog_recover_process_iunlinks() (bnc#716850). SCSI: * scsi/ses: Handle non-unique element descriptors (bnc#749342, bnc#617344). * scsi/sd: mark busy sd majors as allocated (bug#744658). * scsi: Check for invalid sdev in scsi_prep_state_check() (bnc#734300). MD/RAID: * md: fix possible corruption of array metadata on shutdown. * md: ensure changes to write-mostly are reflected in metadata (bnc#755178). * md: do not set md arrays to readonly on shutdown (bnc#740180, bnc#713148, bnc#734900). XEN: * smpboot: adjust ordering of operations. * x86-64: provide a memset() that can deal with 4Gb or above at a time (bnc#738528). * blkfront: properly fail packet requests (bnc#745929). * Update Xen patches to 2.6.32.57. * xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. * xenbus_dev: add missing error checks to watch handling. * Refresh other Xen patches (bnc#652942, bnc#668194, bnc#688079). * fix Xen-specific kABI issue in Linux 2.6.19. NFS: * NFSD: Fill in WCC data for REMOVE, RMDIR, MKNOD, and MKDIR (bnc#751880). * nfs: Include SYNC flag when comparing mount options with NOAC flag (bnc#745422). * NFS returns EIO for EDQUOT and others (bnc#747028). * lockd: fix arg parsing for grace_period and timeout (bnc#733761). * nfs: allow nfs4leasetime to be set before starting servers (bnc#733761). * nfs: handle d_revalidate of dot correctly (bnc#731809). S/390: * ctcmpc: use correct idal word list for ctcmpc (bnc#750171,LTC#79264). * qeth: synchronize discipline module loading (bnc#747430,LTC#78788). * qdio: avoid race leading to stall when tolerating CQ (bnc#737326,LTC#76599). * kernel: no storage key operations for invalid page table entries (bnc#737326,LTC#77697). OTHER: * tlan: add cast needed for proper 64 bit operation (bnc#756840). * dl2k: Tighten ioctl permissions (bnc#758813). * tg3: Fix RSS ring refill race condition (bnc#757917). * usbhid: fix error handling of not enough bandwidth (bnc#704280). * pagecache limit: Fix the shmem deadlock (bnc#755537). * tty_audit: fix tty_audit_add_data live lock on audit disabled (bnc#721366). * ixgbe: driver sets all WOL flags upon initialization so that machine is powered on as soon at it is switched off (bnc#693639) * PCI: Set device power state to PCI_D0 for device without native PM support (bnc#752972). * dlm: Do not allocate a fd for peeloff (bnc#729247). * sctp: Export sctp_do_peeloff (bnc#729247). * epoll: Do not limit non-nested epoll paths (bnc#676204). * mlx4: Limit MSI-X vector allocation (bnc#624072). * mlx4: Changing interrupt scheme (bnc#624072). * mlx4_en: Assigning TX irq per ring (bnc#624072). * mlx4_en: Restoring RX buffer pointer in case of failure (bnc#624072). * mlx4_en: using new mlx4 interrupt scheme (bnc#624072). * igb: Fix for Alt MAC Address feature on 82580 and later devices (bnc#746980). * igb: Power down link when interface is down (bnc#745699). * igb: use correct bits to identify if managability is enabled (bnc#743209). * intel_agp: Do not oops with zero stolen memory (bnc#738679). * agp: fix scratch page cleanup (bnc#738679). * hugetlb: add generic definition of NUMA_NO_NODE (bnc#751844). * sched: Fix proc_sched_set_task() (bnc#717994). * PM: Print a warning if firmware is requested when tasks are frozen (bnc#749886). * PM / Sleep: Fix freezer failures due to racy usermodehelper_is_disabled() (bnc#749886). * PM / Sleep: Fix read_unlock_usermodehelper() call (bnc#749886). * firmware loader: allow builtin firmware load even if usermodehelper is disabled (bnc#749886). * PM / Hibernate: Enable usermodehelpers in software_resume() error path (bnc#744163). * ipv6: Allow inet6_dump_addr() to handle more than 64 addresses (bnc#748279). * ipv6: fix refcnt problem related to POSTDAD state (bnc#743619). * be2net: change to show correct physical link status (bnc#727834). * be2net: changes to properly provide phy details (bnc#727834). * aio: fix race between io_destroy() and io_submit() (bnc#747445 bnc#611264). * intel-iommu: Check for identity mapping candidate using system dma mask (bnc#700449). * intel-iommu: Dont cache iova above 32bit (bnc#700449). * intel-iommu: Add domain check in domain_remove_one_dev_info (bnc#700449). * intel-iommu: Provide option to enable 64-bit IOMMU pass through mode (bnc#700449). * intel-iommu: Remove Host Bridge devices from identity mapping (bnc#700449). * intel-iommu: Speed up processing of the identity_mapping function (bnc#700449). * intel-iommu: Use coherent DMA mask when requested (bnc#700449). * 1: Fix accounting of softirq time when idle (bnc#719793). * driver-core: fix race between device_register and driver_register (bnc#742358). * dcache: patches.fixes/large-hash-dcache_init-fix.patch: Fix oops when initializing large hash on > 16TB machine (bnc#742210). * kdump: Save PG_compound or PG_head value in VMCOREINFO (bnc#738503). * Update config files: disable NET_9P_RDMA (bnc#720374). * cdc-wdm: fix race leading leading to memory corruption (bnc#759544). Security Issue references: * CVE-2011-1083 * CVE-2011-4086 * CVE-2011-4622 * CVE-2012-0045 * CVE-2012-0879 * CVE-2012-1090 * CVE-2012-1097 * CVE-2012-2133 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-kernel-6227 slessp1-kernel-6228 slessp1-kernel-6229 slessp1-kernel-6238 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-kernel-6227 slessp1-kernel-6230 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-kernel-6227 slessp1-kernel-6228 slessp1-kernel-6229 slessp1-kernel-6230 slessp1-kernel-6238 - SUSE Linux Enterprise High Availability Extension 11 SP1: zypper in -t patch sleshasp1-kernel-6227 sleshasp1-kernel-6228 sleshasp1-kernel-6229 sleshasp1-kernel-6230 sleshasp1-kernel-6238 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-kernel-6227 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-kernel-6227 sledsp1-kernel-6230 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x): btrfs-kmp-default-0_2.6.32.59_0.3-0.3.92 ext4dev-kmp-default-0_2.6.32.59_0.3-7.9.59 ext4dev-kmp-trace-0_2.6.32.59_0.3-7.9.59 - SUSE Linux Enterprise Server 11 SP2 (ppc64): ext4dev-kmp-ppc64-0_2.6.32.59_0.3-7.9.59 - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 2.6.32.59]: btrfs-kmp-pae-0_2.6.32.59_0.3-0.3.92 btrfs-kmp-xen-0_2.6.32.59_0.3-0.3.92 ext4dev-kmp-pae-0_2.6.32.59_0.3-7.9.59 ext4dev-kmp-xen-0_2.6.32.59_0.3-7.9.59 hyper-v-kmp-default-0_2.6.32.59_0.3-0.18.16 hyper-v-kmp-pae-0_2.6.32.59_0.3-0.18.16 hyper-v-kmp-trace-0_2.6.32.59_0.3-0.18.16 kernel-ec2-2.6.32.59-0.3.1 kernel-ec2-base-2.6.32.59-0.3.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 2.6.32.59]: btrfs-kmp-default-0_2.6.32.59_0.3-0.3.92 ext4dev-kmp-default-0_2.6.32.59_0.3-7.9.59 ext4dev-kmp-trace-0_2.6.32.59_0.3-7.9.59 hyper-v-kmp-default-0_2.6.32.59_0.3-0.18.16 hyper-v-kmp-trace-0_2.6.32.59_0.3-0.18.16 kernel-default-2.6.32.59-0.3.1 kernel-default-base-2.6.32.59-0.3.1 kernel-default-devel-2.6.32.59-0.3.1 kernel-source-2.6.32.59-0.3.1 kernel-syms-2.6.32.59-0.3.1 kernel-trace-2.6.32.59-0.3.1 kernel-trace-base-2.6.32.59-0.3.1 kernel-trace-devel-2.6.32.59-0.3.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586) [New Version: 2.6.32.59]: btrfs-kmp-pae-0_2.6.32.59_0.3-0.3.92 ext4dev-kmp-pae-0_2.6.32.59_0.3-7.9.59 hyper-v-kmp-pae-0_2.6.32.59_0.3-0.18.16 kernel-pae-2.6.32.59-0.3.1 kernel-pae-base-2.6.32.59-0.3.1 kernel-pae-devel-2.6.32.59-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.32.59]: btrfs-kmp-default-0_2.6.32.59_0.3-0.3.92 ext4dev-kmp-default-0_2.6.32.59_0.3-7.9.59 ext4dev-kmp-trace-0_2.6.32.59_0.3-7.9.59 kernel-default-2.6.32.59-0.3.1 kernel-default-base-2.6.32.59-0.3.1 kernel-default-devel-2.6.32.59-0.3.1 kernel-source-2.6.32.59-0.3.1 kernel-syms-2.6.32.59-0.3.1 kernel-trace-2.6.32.59-0.3.1 kernel-trace-base-2.6.32.59-0.3.1 kernel-trace-devel-2.6.32.59-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (i586 x86_64) [New Version: 2.6.32.59]: btrfs-kmp-xen-0_2.6.32.59_0.3-0.3.92 ext4dev-kmp-xen-0_2.6.32.59_0.3-7.9.59 hyper-v-kmp-default-0_2.6.32.59_0.3-0.18.16 hyper-v-kmp-trace-0_2.6.32.59_0.3-0.18.16 kernel-ec2-2.6.32.59-0.3.1 kernel-ec2-base-2.6.32.59-0.3.1 kernel-ec2-devel-2.6.32.59-0.3.1 kernel-xen-2.6.32.59-0.3.1 kernel-xen-base-2.6.32.59-0.3.1 kernel-xen-devel-2.6.32.59-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (s390x) [New Version: 2.6.32.59]: kernel-default-man-2.6.32.59-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64) [New Version: 2.6.32.59]: ext4dev-kmp-ppc64-0_2.6.32.59_0.3-7.9.59 kernel-ppc64-2.6.32.59-0.3.1 kernel-ppc64-base-2.6.32.59-0.3.1 kernel-ppc64-devel-2.6.32.59-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (i586) [New Version: 2.6.32.59]: btrfs-kmp-pae-0_2.6.32.59_0.3-0.3.92 ext4dev-kmp-pae-0_2.6.32.59_0.3-7.9.59 hyper-v-kmp-pae-0_2.6.32.59_0.3-0.18.16 kernel-pae-2.6.32.59-0.3.1 kernel-pae-base-2.6.32.59-0.3.1 kernel-pae-devel-2.6.32.59-0.3.1 - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_2.6.32.59_0.3-2.5.45 cluster-network-kmp-trace-1.4_2.6.32.59_0.3-2.5.45 gfs2-kmp-default-2_2.6.32.59_0.3-0.2.91 gfs2-kmp-trace-2_2.6.32.59_0.3-0.2.91 ocfs2-kmp-default-1.6_2.6.32.59_0.3-0.4.2.45 ocfs2-kmp-trace-1.6_2.6.32.59_0.3-0.4.2.45 - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 x86_64): cluster-network-kmp-xen-1.4_2.6.32.59_0.3-2.5.45 gfs2-kmp-xen-2_2.6.32.59_0.3-0.2.91 ocfs2-kmp-xen-1.6_2.6.32.59_0.3-0.4.2.45 - SUSE Linux Enterprise High Availability Extension 11 SP1 (ppc64): cluster-network-kmp-ppc64-1.4_2.6.32.59_0.3-2.5.45 gfs2-kmp-ppc64-2_2.6.32.59_0.3-0.2.91 ocfs2-kmp-ppc64-1.6_2.6.32.59_0.3-0.4.2.45 - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586): cluster-network-kmp-pae-1.4_2.6.32.59_0.3-2.5.45 gfs2-kmp-pae-2_2.6.32.59_0.3-0.2.91 ocfs2-kmp-pae-1.6_2.6.32.59_0.3-0.4.2.45 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 2.6.32.59]: btrfs-kmp-default-0_2.6.32.59_0.3-0.3.92 btrfs-kmp-pae-0_2.6.32.59_0.3-0.3.92 btrfs-kmp-xen-0_2.6.32.59_0.3-0.3.92 hyper-v-kmp-default-0_2.6.32.59_0.3-0.18.16 hyper-v-kmp-pae-0_2.6.32.59_0.3-0.18.16 kernel-desktop-devel-2.6.32.59-0.3.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 2.6.32.59]: btrfs-kmp-default-0_2.6.32.59_0.3-0.3.92 btrfs-kmp-xen-0_2.6.32.59_0.3-0.3.92 hyper-v-kmp-default-0_2.6.32.59_0.3-0.18.16 kernel-default-2.6.32.59-0.3.1 kernel-default-base-2.6.32.59-0.3.1 kernel-default-devel-2.6.32.59-0.3.1 kernel-default-extra-2.6.32.59-0.3.1 kernel-desktop-devel-2.6.32.59-0.3.1 kernel-source-2.6.32.59-0.3.1 kernel-syms-2.6.32.59-0.3.1 kernel-trace-devel-2.6.32.59-0.3.1 kernel-xen-2.6.32.59-0.3.1 kernel-xen-base-2.6.32.59-0.3.1 kernel-xen-devel-2.6.32.59-0.3.1 kernel-xen-extra-2.6.32.59-0.3.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 2.6.32.59]: btrfs-kmp-pae-0_2.6.32.59_0.3-0.3.92 hyper-v-kmp-pae-0_2.6.32.59_0.3-0.18.16 kernel-pae-2.6.32.59-0.3.1 kernel-pae-base-2.6.32.59-0.3.1 kernel-pae-devel-2.6.32.59-0.3.1 kernel-pae-extra-2.6.32.59-0.3.1 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-2.6.32.59-0.3.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): kernel-xen-extra-2.6.32.59-0.3.1 - SLE 11 SERVER Unsupported Extras (ppc64): kernel-ppc64-extra-2.6.32.59-0.3.1 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-2.6.32.59-0.3.1 References: http://support.novell.com/security/cve/CVE-2011-1083.html http://support.novell.com/security/cve/CVE-2011-4086.html http://support.novell.com/security/cve/CVE-2011-4622.html http://support.novell.com/security/cve/CVE-2012-0045.html http://support.novell.com/security/cve/CVE-2012-0879.html http://support.novell.com/security/cve/CVE-2012-1090.html http://support.novell.com/security/cve/CVE-2012-1097.html http://support.novell.com/security/cve/CVE-2012-2133.html https://bugzilla.novell.com/611264 https://bugzilla.novell.com/617344 https://bugzilla.novell.com/624072 https://bugzilla.novell.com/652942 https://bugzilla.novell.com/668194 https://bugzilla.novell.com/676204 https://bugzilla.novell.com/688079 https://bugzilla.novell.com/693639 https://bugzilla.novell.com/697920 https://bugzilla.novell.com/700449 https://bugzilla.novell.com/704280 https://bugzilla.novell.com/713148 https://bugzilla.novell.com/714507 https://bugzilla.novell.com/716850 https://bugzilla.novell.com/717994 https://bugzilla.novell.com/719793 https://bugzilla.novell.com/720374 https://bugzilla.novell.com/721366 https://bugzilla.novell.com/727834 https://bugzilla.novell.com/729247 https://bugzilla.novell.com/731809 https://bugzilla.novell.com/733761 https://bugzilla.novell.com/734300 https://bugzilla.novell.com/734900 https://bugzilla.novell.com/737326 https://bugzilla.novell.com/738210 https://bugzilla.novell.com/738503 https://bugzilla.novell.com/738528 https://bugzilla.novell.com/738679 https://bugzilla.novell.com/740180 https://bugzilla.novell.com/740895 https://bugzilla.novell.com/740969 https://bugzilla.novell.com/742210 https://bugzilla.novell.com/742358 https://bugzilla.novell.com/743209 https://bugzilla.novell.com/743619 https://bugzilla.novell.com/744163 https://bugzilla.novell.com/744658 https://bugzilla.novell.com/745422 https://bugzilla.novell.com/745699 https://bugzilla.novell.com/745832 https://bugzilla.novell.com/745929 https://bugzilla.novell.com/746980 https://bugzilla.novell.com/747028 https://bugzilla.novell.com/747430 https://bugzilla.novell.com/747445 https://bugzilla.novell.com/748112 https://bugzilla.novell.com/748279 https://bugzilla.novell.com/748812 https://bugzilla.novell.com/749342 https://bugzilla.novell.com/749569 https://bugzilla.novell.com/749886 https://bugzilla.novell.com/750079 https://bugzilla.novell.com/750171 https://bugzilla.novell.com/751322 https://bugzilla.novell.com/751844 https://bugzilla.novell.com/751880 https://bugzilla.novell.com/752491 https://bugzilla.novell.com/752634 https://bugzilla.novell.com/752972 https://bugzilla.novell.com/755178 https://bugzilla.novell.com/755537 https://bugzilla.novell.com/756448 https://bugzilla.novell.com/756840 https://bugzilla.novell.com/757917 https://bugzilla.novell.com/758532 https://bugzilla.novell.com/758813 https://bugzilla.novell.com/759544 http://download.novell.com/patch/finder/?keywords=1e4adcc13979f6e0edae89a1f83efe4b http://download.novell.com/patch/finder/?keywords=53329dfb9cc84e6d2bc6d1f418dd371c http://download.novell.com/patch/finder/?keywords=58369efceea971820d4fcd4d5a7c2ef6 http://download.novell.com/patch/finder/?keywords=59f23e0836e0df248ae14c769ecdd7d3 http://download.novell.com/patch/finder/?keywords=763d59c2691aa9de51f489118dbe394c http://download.novell.com/patch/finder/?keywords=a1f901b5aa53a2ebe1c8ee72b5bf4f77 http://download.novell.com/patch/finder/?keywords=aec0b832ae76838da3b2076f7d59e991 http://download.novell.com/patch/finder/?keywords=c9182ab9f8793390d7283366086c5f96 http://download.novell.com/patch/finder/?keywords=eb828a35b91422d320f8c3f2f81d2876 http://download.novell.com/patch/finder/?keywords=efd514eca66da8be4a95dffed72779e5 From sle-security-updates at lists.suse.com Wed May 16 13:08:16 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 16 May 2012 21:08:16 +0200 (CEST) Subject: SUSE-SU-2012:0623-1: important: Security update for openssl Message-ID: <20120516190816.45EAF3242B@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0623-1 Rating: important References: #755395 #758060 Cross-References: CVE-2012-2110 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: This update of openssl fixes an integer conversation issue which could cause a heap-based memory corruption (CVE-2012-2110 ). Additionally, a check for negative buffer length values was added ( CVE-2012-2131 ) and the stack made non-executable by marking the enhanced Intel SSSE3 assembler code as not needing executable stack. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-libopenssl-devel-6245 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-libopenssl-devel-6245 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-libopenssl-devel-6245 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-libopenssl-devel-6245 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-libopenssl-devel-6245 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-libopenssl-devel-6245 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-libopenssl-devel-6245 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl-devel-0.9.8j-0.36.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl-devel-0.9.8j-0.36.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-0.9.8j-0.36.1 openssl-0.9.8j-0.36.1 openssl-doc-0.9.8j-0.36.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.36.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 0.9.8j]: libopenssl0_9_8-x86-0.9.8j-0.36.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-0.9.8j-0.36.1 openssl-0.9.8j-0.36.1 openssl-doc-0.9.8j-0.36.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.36.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-0.9.8j-0.36.1 openssl-0.9.8j-0.36.1 openssl-doc-0.9.8j-0.36.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.36.1 - SUSE Linux Enterprise Server 11 SP1 (ia64) [New Version: 0.9.8j]: libopenssl0_9_8-x86-0.9.8j-0.36.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-0.9.8j-0.36.1 openssl-0.9.8j-0.36.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.36.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-0.9.8j-0.36.1 openssl-0.9.8j-0.36.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.36.1 References: http://support.novell.com/security/cve/CVE-2012-2110.html https://bugzilla.novell.com/755395 https://bugzilla.novell.com/758060 http://download.novell.com/patch/finder/?keywords=0878d39a7efb9cd5f0980f947362df0d From sle-security-updates at lists.suse.com Wed May 16 15:08:13 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 16 May 2012 23:08:13 +0200 (CEST) Subject: SUSE-SU-2012:0624-1: moderate: Security update for RPM Message-ID: <20120516210813.4AF253242B@maintenance.suse.de> SUSE Security Update: Security update for RPM ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0624-1 Rating: moderate References: #747225 #754281 #754284 #754285 Cross-References: CVE-2012-0060 CVE-2012-0061 CVE-2012-0815 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Server 10 SP3 LTSS SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: Multiple security vulnerabilities were reported in RPM which could have been exploited via specially crafted RPM files to cause a denial of service (application crash) or potentially allow attackers to execute arbitrary code. Additionally, a non-security issue has been fixed that could have caused a division by zero in cycles calculation under rare circumstances. Security Issue references: * CVE-2012-0815 * CVE-2012-0060 * CVE-2012-0061 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-popt-6191 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-popt-6186 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-popt-6191 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-popt-6191 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-popt-6186 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-popt-6186 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-popt-6191 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-popt-6186 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): popt-devel-1.7-37.50.6 rpm-devel-4.4.2.3-37.50.6 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): rpm-32bit-4.4.2.3-37.50.6 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64): popt-devel-32bit-1.7-37.50.6 rpm-devel-32bit-4.4.2.3-37.50.6 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ia64): rpm-x86-4.4.2.3-37.50.6 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): popt-devel-1.7-37.29.33.1 rpm-devel-4.4.2.3-37.29.33.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64): rpm-32bit-4.4.2.3-37.29.33.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64): popt-devel-32bit-1.7-37.29.33.1 rpm-devel-32bit-4.4.2.3-37.29.33.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ia64): rpm-x86-4.4.2.3-37.29.33.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): popt-1.7-37.50.6 rpm-4.4.2.3-37.50.6 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): popt-32bit-1.7-37.50.6 rpm-32bit-4.4.2.3-37.50.6 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): popt-1.7-37.50.6 rpm-4.4.2.3-37.50.6 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): popt-32bit-1.7-37.50.6 rpm-32bit-4.4.2.3-37.50.6 - SUSE Linux Enterprise Server 11 SP2 (ia64): popt-x86-1.7-37.50.6 rpm-x86-4.4.2.3-37.50.6 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): popt-1.7-37.29.33.1 rpm-4.4.2.3-37.29.33.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): popt-32bit-1.7-37.29.33.1 rpm-32bit-4.4.2.3-37.29.33.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): popt-1.7-37.29.33.1 rpm-4.4.2.3-37.29.33.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): popt-32bit-1.7-37.29.33.1 rpm-32bit-4.4.2.3-37.29.33.1 - SUSE Linux Enterprise Server 11 SP1 (ia64): popt-x86-1.7-37.29.33.1 rpm-x86-4.4.2.3-37.29.33.1 - SUSE Linux Enterprise Server 10 SP4 (ia64 ppc s390x x86_64): popt-1.7-271.46.16 popt-devel-1.7-271.46.16 rpm-4.4.2-43.46.16 rpm-devel-4.4.2-43.46.16 rpm-python-4.4.2-43.46.16 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): popt-32bit-1.7-271.46.16 popt-devel-32bit-1.7-271.46.16 - SUSE Linux Enterprise Server 10 SP4 (ia64): popt-x86-1.7-271.46.16 - SUSE Linux Enterprise Server 10 SP4 (ppc): popt-64bit-1.7-271.46.16 popt-devel-64bit-1.7-271.46.16 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): popt-1.7-271.37.42.36 popt-devel-1.7-271.37.42.36 rpm-4.4.2-43.38.42.36 rpm-devel-4.4.2-43.38.42.36 rpm-python-4.4.2-43.38.42.36 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): popt-32bit-1.7-271.37.42.36 popt-devel-32bit-1.7-271.37.42.36 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): popt-1.7-37.50.6 rpm-4.4.2.3-37.50.6 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): popt-32bit-1.7-37.50.6 rpm-32bit-4.4.2.3-37.50.6 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): popt-1.7-37.29.33.1 rpm-4.4.2.3-37.29.33.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): popt-32bit-1.7-37.29.33.1 rpm-32bit-4.4.2.3-37.29.33.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): popt-1.7-271.46.16 popt-32bit-1.7-271.46.16 popt-devel-1.7-271.46.16 popt-devel-32bit-1.7-271.46.16 rpm-4.4.2-43.46.16 rpm-devel-4.4.2-43.46.16 rpm-python-4.4.2-43.46.16 - SLE SDK 10 SP4 (ia64 ppc s390x x86_64): rpm-devel-4.4.2-43.46.16 References: http://support.novell.com/security/cve/CVE-2012-0060.html http://support.novell.com/security/cve/CVE-2012-0061.html http://support.novell.com/security/cve/CVE-2012-0815.html https://bugzilla.novell.com/747225 https://bugzilla.novell.com/754281 https://bugzilla.novell.com/754284 https://bugzilla.novell.com/754285 http://download.novell.com/patch/finder/?keywords=1b2d80812b6b10b1756aca4188945da6 http://download.novell.com/patch/finder/?keywords=61f3188b3d9e4127f71a5e83882d65ea http://download.novell.com/patch/finder/?keywords=a7ba4678f589652692e7c0375486a7a1 http://download.novell.com/patch/finder/?keywords=c95eac3fb537ad2e271b549a1dd78add From sle-security-updates at lists.suse.com Wed May 16 16:08:24 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 17 May 2012 00:08:24 +0200 (CEST) Subject: SUSE-SU-2012:0626-1: moderate: Security update for libxml2 Message-ID: <20120516220824.9D7DA3242A@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0626-1 Rating: moderate References: #748561 Cross-References: CVE-2012-0841 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of libxml2 fixes the hash table collision flaw which could be exploited by attackers to cause a Denial of Service (CVE-2012-0841 ). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-libxml2-5869 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-libxml2-5869 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-libxml2-5869 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-libxml2-5869 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-libxml2-5869 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-libxml2-5869 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-libxml2-5869 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.15.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.15.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.15.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.15.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.15.1 libxml2-doc-2.7.6-0.15.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.15.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libxml2-x86-2.7.6-0.15.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): libxml2-2.7.6-0.15.1 libxml2-doc-2.7.6-0.15.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): libxml2-32bit-2.7.6-0.15.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.15.1 libxml2-doc-2.7.6-0.15.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.15.1 - SUSE Linux Enterprise Server 11 SP1 (ia64): libxml2-x86-2.7.6-0.15.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): libxml2-2.6.23-15.29.1 libxml2-devel-2.6.23-15.29.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): libxml2-32bit-2.6.23-15.29.1 libxml2-devel-32bit-2.6.23-15.29.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): libxml2-x86-2.6.23-15.29.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): libxml2-64bit-2.6.23-15.29.1 libxml2-devel-64bit-2.6.23-15.29.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libxml2-2.7.6-0.15.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libxml2-32bit-2.7.6-0.15.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): libxml2-2.7.6-0.15.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): libxml2-32bit-2.7.6-0.15.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): libxml2-2.6.23-15.29.1 libxml2-devel-2.6.23-15.29.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): libxml2-32bit-2.6.23-15.29.1 libxml2-devel-32bit-2.6.23-15.29.1 References: http://support.novell.com/security/cve/CVE-2012-0841.html https://bugzilla.novell.com/748561 http://download.novell.com/patch/finder/?keywords=112677846e6a6622b20ff7c8177c0374 http://download.novell.com/patch/finder/?keywords=8710ea4a1a76636f485ed091d51d76c5 From sle-security-updates at lists.suse.com Tue May 22 17:08:18 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 23 May 2012 01:08:18 +0200 (CEST) Subject: SUSE-SU-2012:0637-1: important: Security update for openssl Message-ID: <20120522230818.43D7D32414@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0637-1 Rating: important References: #749735 #758060 Cross-References: CVE-2012-2110 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of openssl fixes an integer conversation issue which could cause a heap-based memory corruption (CVE-2012-2110 ). Additionally, a check for negative buffer length values was added ( CVE-2012-2131 ) and a memory leak when creating public keys fixed. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): openssl-0.9.8a-18.68.1 openssl-devel-0.9.8a-18.68.1 openssl-doc-0.9.8a-18.68.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): openssl-32bit-0.9.8a-18.68.1 openssl-devel-32bit-0.9.8a-18.68.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): openssl-x86-0.9.8a-18.68.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): openssl-64bit-0.9.8a-18.68.1 openssl-devel-64bit-0.9.8a-18.68.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): openssl-0.9.8a-18.68.1 openssl-devel-0.9.8a-18.68.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): openssl-32bit-0.9.8a-18.68.1 openssl-devel-32bit-0.9.8a-18.68.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): openssl-doc-0.9.8a-18.68.1 References: http://support.novell.com/security/cve/CVE-2012-2110.html https://bugzilla.novell.com/749735 https://bugzilla.novell.com/758060 http://download.novell.com/patch/finder/?keywords=d67d562e97a943fd087f8fa61a2ad294 From sle-security-updates at lists.suse.com Fri May 25 14:08:13 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 25 May 2012 22:08:13 +0200 (CEST) Subject: SUSE-SU-2012:0640-1: moderate: Security update for xorg-x11-server-rdp Message-ID: <20120525200813.8207D3242C@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server-rdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0640-1 Rating: moderate References: #497578 #746949 Cross-References: CVE-2010-2240 CVE-2011-4028 CVE-2011-4029 Affected Products: SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update of xorg-x11-server-rdp fixes the following security issues: * CVE-2010-2240 - memory exhaustion flaw * CVE-2011-4028 / CVE-2011-4029 - race condition flaw Security Issue references: * CVE-2010-2240 * CVE-2011-4028 * CVE-2011-4029 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-xorg-x11-server-rdp-6113 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): xorg-x11-server-rdp-7.3.99-3.11.10.1 References: http://support.novell.com/security/cve/CVE-2010-2240.html http://support.novell.com/security/cve/CVE-2011-4028.html http://support.novell.com/security/cve/CVE-2011-4029.html https://bugzilla.novell.com/497578 https://bugzilla.novell.com/746949 http://download.novell.com/patch/finder/?keywords=f7f7c0c2c7fe902ca6a898cd7139d21c From sle-security-updates at lists.suse.com Fri May 25 14:08:16 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 25 May 2012 22:08:16 +0200 (CEST) Subject: SUSE-SU-2012:0641-1: moderate: Security update for sudo, sudo-debuginfo, sudo-debugsource Message-ID: <20120525200816.89F4F3242E@maintenance.suse.de> SUSE Security Update: Security update for sudo, sudo-debuginfo, sudo-debugsource ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0641-1 Rating: moderate References: #739214 #762327 Cross-References: CVE-2012-2337 Affected Products: SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: This update fixes a security problem in sudo: Multiple netmask values used in Host / Host_List configuration caused any host to be allowed access. (CVE-2012-2337) Also a bug in wildcard matching could allow too relaxed matches within subdirectories of the specified path so /usr/bin/* would also match /usr/bin/X11/*, which is probably not intended. The behaviour was aligned to the one described in the sudoers manpage Security Issues: * CVE-2012-2337 Contraindications: Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-sudo-6306 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-sudo-6306 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-sudo-6306 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-sudo-6306 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-sudo-6306 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.7.6p2]: sudo-1.7.6p2-0.2.8.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 1.7.6p2]: sudo-1.7.6p2-0.2.8.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.7.6p2]: sudo-1.7.6p2-0.2.8.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): sudo-1.6.9p23-0.14.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.7.6p2]: sudo-1.7.6p2-0.2.8.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 1.7.6p2]: sudo-1.7.6p2-0.2.8.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): sudo-1.6.9p23-0.14.1 References: http://support.novell.com/security/cve/CVE-2012-2337.html https://bugzilla.novell.com/739214 https://bugzilla.novell.com/762327 http://download.novell.com/patch/finder/?keywords=763144fd2d9bb1af8ff74b0b10f47530 http://download.novell.com/patch/finder/?keywords=e959f17b0299505d2a589c60fbdc17b5 From sle-security-updates at lists.suse.com Fri May 25 14:08:18 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 25 May 2012 22:08:18 +0200 (CEST) Subject: SUSE-SU-2012:0642-1: Security update for libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, python-32bit, python-base, python-base-32bit, python-base-debuginfo, python-base-debuginfo-32bit, python-base-debuginfo-x86, python-base-debugsource, python-base-x86, python-curses, python-debuginfo, python-debuginfo-32bit, python-debuginfo-x86, python-debugsource, python-demo, python-devel, python-doc, python-doc-pdf, python-gdbm, python-idle, python-tk, python-x86, python-xml Message-ID: <20120525200818.23D543242F@maintenance.suse.de> SUSE Security Update: Security update for libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, python-32bit, python-base, python-base-32bit, python-base-debuginfo, python-base-debuginfo-32bit, python-base-debuginfo-x86, python-base-debugsource, python-base-x86, python-curses, python-debuginfo, python-debuginfo-32bit, python-debuginfo-x86, python-debugsource, python-demo, python-devel, python-doc, python-doc-pdf, python-gdbm, python-idle, python-tk, python-x86, python-xml ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0642-1 Rating: low References: #744287 #747125 #748079 #751714 #751718 #752375 #754447 #754547 Cross-References: CVE-2011-1015 CVE-2011-1521 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has three fixes is now available. It includes one version update. Description: This update to python 2.6.8 fixes the following bugs, among others: * XMLRPC Server DoS (CVE-2012-0845, bnc#747125) * hash randomization issues (CVE-2012-1150, bnc#751718) * insecure creation of .pypirc (CVE-2011-4944, bnc#754447) * SimpleHTTPServer XSS (CVE-2011-1015, bnc#752375) * functions can accept unicode kwargs (bnc#744287) * python MainThread lacks ident (bnc#754547) * TypeError: waitpid() takes no keyword arguments (bnc#751714) * Source code exposure in CGIHTTPServer module (CVE-2011-1015, bnc#674646) * Insecure redirect processing in urllib2 (CVE-2011-1521, bnc#682554) The hash randomization fix is by default disabled to keep compatibility with existing python code when it extracts hashes. To enable the hash seed randomization you can use: - pass -R to the python interpreter commandline. - set the environment variable PYTHONHASHSEED=random to enable it for programs. You can also set this environment variable to a fixed hash seed by specifying a integer value between 0 and MAX_UINT. In generally enabling this is only needed when malicious third parties can inject values into your hash tables. The update to 2.6.8 also provides many compatibility fixes with OpenStack. Security Issues: * CVE-2011-1015 * CVE-2011-1521 * CVE-2011-4944 * CVE-2012-0845 * CVE-2012-1150 Contraindications: Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-python-randomisation-update-6310 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-python-randomisation-update-6310 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-python-randomisation-update-6310 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-python-randomisation-update-6310 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-python-randomisation-update-6310 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-python-randomisation-update-6310 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-python-randomisation-update-6310 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.8]: python-devel-2.6.8-0.13.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 2.6.8]: python-demo-2.6.8-0.13.1 python-gdbm-2.6.8-0.13.1 python-idle-2.6.8-0.13.1 python-tk-2.6.8-0.13.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (x86_64) [New Version: 2.6.8]: python-32bit-2.6.8-0.13.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (noarch): python-doc-2.6-8.13.2 python-doc-pdf-2.6-8.13.2 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.8]: python-devel-2.6.8-0.13.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64) [New Version: 2.6.8]: python-demo-2.6.8-0.13.1 python-gdbm-2.6.8-0.13.1 python-idle-2.6.8-0.13.1 python-tk-2.6.8-0.13.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (x86_64) [New Version: 2.6.8]: python-32bit-2.6.8-0.13.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (noarch): python-doc-2.6-8.13.2 python-doc-pdf-2.6-8.13.2 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.8]: libpython2_6-1_0-2.6.8-0.13.1 python-2.6.8-0.13.1 python-base-2.6.8-0.13.1 python-curses-2.6.8-0.13.1 python-demo-2.6.8-0.13.1 python-gdbm-2.6.8-0.13.1 python-idle-2.6.8-0.13.1 python-tk-2.6.8-0.13.1 python-xml-2.6.8-0.13.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 2.6.8]: libpython2_6-1_0-32bit-2.6.8-0.13.1 python-32bit-2.6.8-0.13.1 python-base-32bit-2.6.8-0.13.1 - SUSE Linux Enterprise Server 11 SP2 (noarch): python-doc-2.6-8.13.2 python-doc-pdf-2.6-8.13.2 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 2.6.8]: libpython2_6-1_0-x86-2.6.8-0.13.1 python-base-x86-2.6.8-0.13.1 python-x86-2.6.8-0.13.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 2.6.8]: libpython2_6-1_0-2.6.8-0.13.1 python-2.6.8-0.13.1 python-base-2.6.8-0.13.1 python-curses-2.6.8-0.13.1 python-demo-2.6.8-0.13.1 python-gdbm-2.6.8-0.13.1 python-idle-2.6.8-0.13.1 python-tk-2.6.8-0.13.1 python-xml-2.6.8-0.13.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version: 2.6.8]: libpython2_6-1_0-32bit-2.6.8-0.13.1 python-32bit-2.6.8-0.13.1 python-base-32bit-2.6.8-0.13.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (noarch): python-doc-2.6-8.13.2 python-doc-pdf-2.6-8.13.2 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.8]: libpython2_6-1_0-2.6.8-0.13.1 python-2.6.8-0.13.1 python-base-2.6.8-0.13.1 python-curses-2.6.8-0.13.1 python-demo-2.6.8-0.13.1 python-gdbm-2.6.8-0.13.1 python-idle-2.6.8-0.13.1 python-tk-2.6.8-0.13.1 python-xml-2.6.8-0.13.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64) [New Version: 2.6.8]: libpython2_6-1_0-32bit-2.6.8-0.13.1 python-32bit-2.6.8-0.13.1 python-base-32bit-2.6.8-0.13.1 - SUSE Linux Enterprise Server 11 SP1 (noarch): python-doc-2.6-8.13.2 python-doc-pdf-2.6-8.13.2 - SUSE Linux Enterprise Server 11 SP1 (ia64) [New Version: 2.6.8]: libpython2_6-1_0-x86-2.6.8-0.13.1 python-base-x86-2.6.8-0.13.1 python-x86-2.6.8-0.13.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 2.6.8]: libpython2_6-1_0-2.6.8-0.13.1 python-2.6.8-0.13.1 python-base-2.6.8-0.13.1 python-curses-2.6.8-0.13.1 python-devel-2.6.8-0.13.1 python-tk-2.6.8-0.13.1 python-xml-2.6.8-0.13.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 2.6.8]: libpython2_6-1_0-32bit-2.6.8-0.13.1 python-base-32bit-2.6.8-0.13.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 2.6.8]: libpython2_6-1_0-2.6.8-0.13.1 python-2.6.8-0.13.1 python-base-2.6.8-0.13.1 python-curses-2.6.8-0.13.1 python-devel-2.6.8-0.13.1 python-tk-2.6.8-0.13.1 python-xml-2.6.8-0.13.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 2.6.8]: libpython2_6-1_0-32bit-2.6.8-0.13.1 python-base-32bit-2.6.8-0.13.1 References: http://support.novell.com/security/cve/CVE-2011-1015.html http://support.novell.com/security/cve/CVE-2011-1521.html http://support.novell.com/security/cve/CVE-2011-4944.html http://support.novell.com/security/cve/CVE-2012-0845.html http://support.novell.com/security/cve/CVE-2012-1150.html https://bugzilla.novell.com/744287 https://bugzilla.novell.com/747125 https://bugzilla.novell.com/748079 https://bugzilla.novell.com/751714 https://bugzilla.novell.com/751718 https://bugzilla.novell.com/752375 https://bugzilla.novell.com/754447 https://bugzilla.novell.com/754547 http://download.novell.com/patch/finder/?keywords=e599234dabbae2d4ea50f08e56f1043f From sle-security-updates at lists.suse.com Fri May 25 16:08:26 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 26 May 2012 00:08:26 +0200 (CEST) Subject: SUSE-SU-2012:0643-1: moderate: Security update for python-pam Message-ID: <20120525220826.B34D83242C@maintenance.suse.de> SUSE Security Update: Security update for python-pam ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0643-1 Rating: moderate References: #751005 Cross-References: CVE-2012-1502 Affected Products: SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: python-pam was prone to a double-free issue which is fixed by this update. (CVE-2012-1502). Security Issues: * CVE-2012-1502 Contraindications: Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-python-pam-6025 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-python-pam-6025 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-python-pam-6025 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-python-pam-6025 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-python-pam-6025 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): python-pam-0.5.0-3.20.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): python-pam-0.5.0-3.20.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): python-pam-0.5.0-3.20.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): python-pam-0.5.0-3.20.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): python-pam-0.5.0-3.20.1 References: http://support.novell.com/security/cve/CVE-2012-1502.html https://bugzilla.novell.com/751005 http://download.novell.com/patch/finder/?keywords=6bbfe04f6bc7c392340e64dce2392615 From sle-security-updates at lists.suse.com Fri May 25 16:08:28 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 26 May 2012 00:08:28 +0200 (CEST) Subject: SUSE-SU-2012:0644-1: moderate: Security update for xorg-x11-server-rdp Message-ID: <20120525220828.7C7693242D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server-rdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0644-1 Rating: moderate References: #746949 Cross-References: CVE-2010-2240 CVE-2011-4028 CVE-2011-4029 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update of xorg-x11-server-rdp fixed the following security issues: CVE-2010-2240 - memory exhaustion flaw CVE-2011-4028 / CVE-2011-4029 - race condition flaw Security Issues: * CVE-2010-2240 * CVE-2011-4028 * CVE-2011-4029 Contraindications: Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-server-rdp-6111 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-server-rdp-6111 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-xorg-x11-server-dmx-6112 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-xorg-x11-server-dmx-6112 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-xorg-x11-server-dmx-6112 sledsp2-xorg-x11-server-rdp-6111 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-xorg-x11-server-dmx-6112 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-server-rdp-7.3.99-3.18.2 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): xorg-x11-server-rdp-7.3.99-3.18.2 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): xorg-x11-server-dmx-7.3.99-17.11.1 - SUSE Linux Enterprise Server 11 SP1 (i586 x86_64): xorg-x11-server-dmx-7.3.99-17.11.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-server-dmx-7.3.99-17.11.1 xorg-x11-server-rdp-7.3.99-3.18.2 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): xorg-x11-server-dmx-7.3.99-17.11.1 References: http://support.novell.com/security/cve/CVE-2010-2240.html http://support.novell.com/security/cve/CVE-2011-4028.html http://support.novell.com/security/cve/CVE-2011-4029.html https://bugzilla.novell.com/746949 http://download.novell.com/patch/finder/?keywords=5ee149ba2fc8b7892f29b4e9d1937da4 http://download.novell.com/patch/finder/?keywords=c81bcbcc5f759c9ce82783eef07688a8 From sle-security-updates at lists.suse.com Tue May 29 09:08:15 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 29 May 2012 17:08:15 +0200 (CEST) Subject: SUSE-SU-2012:0643-2: moderate: Security update for python-pam Message-ID: <20120529150815.1D11432430@maintenance.suse.de> SUSE Security Update: Security update for python-pam ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0643-2 Rating: moderate References: #751005 Cross-References: CVE-2012-1502 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: python-pam was prone to a double-free issue which is fixed by the update (CVE-2012-1502) Security Issues: * CVE-2012-1502 Contraindications: Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): python-pam-0.5.0-2.7.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): python-pam-0.5.0-2.7.1 References: http://support.novell.com/security/cve/CVE-2012-1502.html https://bugzilla.novell.com/751005 http://download.novell.com/patch/finder/?keywords=8b8603c07c14f3887dda36dda9c6534c From sle-security-updates at lists.suse.com Wed May 30 15:08:16 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 30 May 2012 23:08:16 +0200 (CEST) Subject: SUSE-SU-2012:0674-1: important: Security update for openssl Message-ID: <20120530210816.A447A32430@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0674-1 Rating: important References: #739719 #742821 #748738 #749210 #749213 #749735 #751946 #758060 #761838 Cross-References: CVE-2006-7250 CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4619 CVE-2012-0050 CVE-2012-1165 CVE-2012-2110 CVE-2012-2131 CVE-2012-2333 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update of openssl fixes the following security issues: * Denial of Service or crash via CBC mode handling. (CVE-2012-2333 ) * Incorrect integer conversions that could result in memory corruption. (CVE-2012-2110 , CVE-2012-2131 ) * Potential memory leak in multithreaded key creation. * Symmetric crypto errors in PKCS7_decrypt. * Free headers after use in error message. * S/MIME verification may erroneously fail. * Tolerating bad MIME headers in ANS.1 parser. (CVE-2012-1165 , CVE-2006-7250 ) * DTLS DoS Attack. (CVE-2012-0050 ) * DTLS Plaintext Recovery Attack. (CVE-2011-4108 ) * Double-free in Policy Checks. (CVE-2011-4109 ) * Uninitialized SSL 3.0 Padding. (CVE-2011-4576 ) * SGC Restart DoS Attack. (CVE-2011-4619 ) Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): openssl-0.9.8a-18.45.63.1 openssl-devel-0.9.8a-18.45.63.1 openssl-doc-0.9.8a-18.45.63.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): openssl-32bit-0.9.8a-18.45.63.1 openssl-devel-32bit-0.9.8a-18.45.63.1 References: http://support.novell.com/security/cve/CVE-2006-7250.html http://support.novell.com/security/cve/CVE-2011-4108.html http://support.novell.com/security/cve/CVE-2011-4109.html http://support.novell.com/security/cve/CVE-2011-4576.html http://support.novell.com/security/cve/CVE-2011-4619.html http://support.novell.com/security/cve/CVE-2012-0050.html http://support.novell.com/security/cve/CVE-2012-1165.html http://support.novell.com/security/cve/CVE-2012-2110.html http://support.novell.com/security/cve/CVE-2012-2131.html http://support.novell.com/security/cve/CVE-2012-2333.html https://bugzilla.novell.com/739719 https://bugzilla.novell.com/742821 https://bugzilla.novell.com/748738 https://bugzilla.novell.com/749210 https://bugzilla.novell.com/749213 https://bugzilla.novell.com/749735 https://bugzilla.novell.com/751946 https://bugzilla.novell.com/758060 https://bugzilla.novell.com/761838 http://download.novell.com/patch/finder/?keywords=615504b4f83955616ed79d66c69aaaae From sle-security-updates at lists.suse.com Wed May 30 16:08:25 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 31 May 2012 00:08:25 +0200 (CEST) Subject: SUSE-SU-2012:0678-1: important: Security update for openssl Message-ID: <20120530220825.8964932430@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0678-1 Rating: important References: #749735 #761324 #761838 Cross-References: CVE-2012-2333 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. It includes one version update. Description: This update of openssl fixes the following denial of service vulnerabilities: * Denial of Service via CBC mode handling. (CVE-2012-2333 ) * A deadlock condition introduced by the previous memory leak fix due to entering a lock twice. This would only happen in multithreaded programs. In addition, openssl's cms subcommand (Crypthographic Message Syntax) has been enabled. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-libopenssl-devel-6350 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-libopenssl-devel-6350 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-libopenssl-devel-6350 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-libopenssl-devel-6350 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-libopenssl-devel-6350 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-libopenssl-devel-6350 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-libopenssl-devel-6350 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl-devel-0.9.8j-0.38.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl-devel-0.9.8j-0.38.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-0.9.8j-0.38.1 openssl-0.9.8j-0.38.1 openssl-doc-0.9.8j-0.38.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.38.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 0.9.8j]: libopenssl0_9_8-x86-0.9.8j-0.38.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-0.9.8j-0.38.1 openssl-0.9.8j-0.38.1 openssl-doc-0.9.8j-0.38.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.38.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-0.9.8j-0.38.1 openssl-0.9.8j-0.38.1 openssl-doc-0.9.8j-0.38.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.38.1 - SUSE Linux Enterprise Server 11 SP1 (ia64) [New Version: 0.9.8j]: libopenssl0_9_8-x86-0.9.8j-0.38.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-0.9.8j-0.38.1 openssl-0.9.8j-0.38.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.38.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-0.9.8j-0.38.1 openssl-0.9.8j-0.38.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.38.1 References: http://support.novell.com/security/cve/CVE-2012-2333.html https://bugzilla.novell.com/749735 https://bugzilla.novell.com/761324 https://bugzilla.novell.com/761838 http://download.novell.com/patch/finder/?keywords=6a3dc7cf4062c03f840c24ec20e76c62 From sle-security-updates at lists.suse.com Wed May 30 17:08:17 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 31 May 2012 01:08:17 +0200 (CEST) Subject: SUSE-SU-2012:0679-1: important: Security update for openssl Message-ID: <20120530230817.B998E3242E@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0679-1 Rating: important References: #749735 #761838 Cross-References: CVE-2012-2333 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of openssl fixes the following denial of service vulnerabilities: * Denial of Service via CBC mode handling. (CVE-2012-2333 ) * A deadlock condition introduced by the previous memory leak fix due to entering a lock twice. This would only happen in multithreaded programs. In addition, openssl's cms subcommand (Crypthographic Message Syntax) has been enabled. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): openssl-0.9.8a-18.70.5 openssl-devel-0.9.8a-18.70.5 openssl-doc-0.9.8a-18.70.5 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): openssl-32bit-0.9.8a-18.70.5 openssl-devel-32bit-0.9.8a-18.70.5 - SUSE Linux Enterprise Server 10 SP4 (ia64): openssl-x86-0.9.8a-18.70.5 - SUSE Linux Enterprise Server 10 SP4 (ppc): openssl-64bit-0.9.8a-18.70.5 openssl-devel-64bit-0.9.8a-18.70.5 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): openssl-0.9.8a-18.70.5 openssl-devel-0.9.8a-18.70.5 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): openssl-32bit-0.9.8a-18.70.5 openssl-devel-32bit-0.9.8a-18.70.5 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): openssl-doc-0.9.8a-18.70.5 References: http://support.novell.com/security/cve/CVE-2012-2333.html https://bugzilla.novell.com/749735 https://bugzilla.novell.com/761838 http://download.novell.com/patch/finder/?keywords=72e4e6bb5a3e9c48dd5cb873ce95abda