From sle-security-updates at lists.suse.com Mon Sep 3 13:08:31 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 3 Sep 2012 21:08:31 +0200 (CEST) Subject: SUSE-SU-2012:1095-1: moderate: Security update for libxml2 Message-ID: <20120903190831.8D61D3224A@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1095-1 Rating: moderate References: #769184 Cross-References: CVE-2012-2807 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes several libxml2 integer overflows which could have been used to crash libxml2 parsers or potentially execute code. Security Issues: * CVE-2012-2807 Contraindications: Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-libxml2-6571 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-libxml2-6571 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-libxml2-6571 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-libxml2-6571 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-libxml2-6571 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-libxml2-6571 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-libxml2-6571 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.19.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.19.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.19.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.19.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.19.1 libxml2-doc-2.7.6-0.19.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.19.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libxml2-x86-2.7.6-0.19.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): libxml2-2.7.6-0.19.1 libxml2-doc-2.7.6-0.19.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): libxml2-32bit-2.7.6-0.19.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.19.1 libxml2-doc-2.7.6-0.19.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.19.1 - SUSE Linux Enterprise Server 11 SP1 (ia64): libxml2-x86-2.7.6-0.19.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libxml2-2.7.6-0.19.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libxml2-32bit-2.7.6-0.19.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): libxml2-2.7.6-0.19.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): libxml2-32bit-2.7.6-0.19.1 References: http://support.novell.com/security/cve/CVE-2012-2807.html https://bugzilla.novell.com/769184 http://download.novell.com/patch/finder/?keywords=c69ade5ac86ea5a8948f19bc2bc6b237 From sle-security-updates at lists.suse.com Thu Sep 6 12:08:27 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 6 Sep 2012 20:08:27 +0200 (CEST) Subject: SUSE-SU-2012:1077-2: moderate: Security update for nut Message-ID: <20120906180827.3F9953225D@maintenance.suse.de> SUSE Security Update: Security update for nut ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1077-2 Rating: moderate References: #764699 Cross-References: CVE-2012-2944 Affected Products: SUSE Linux Enterprise Server 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of nut fixes a denial of service flaw that could have been exploited by remote attackers to cause an application crash of upsd. Security Issue reference: * CVE-2012-2944 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc x86_64): nut-2.0.3-20.10.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): nut-2.0.3-20.10.1 References: http://support.novell.com/security/cve/CVE-2012-2944.html https://bugzilla.novell.com/764699 http://download.novell.com/patch/finder/?keywords=59049173f724dbe51f76a9dd1f317dc8 From sle-security-updates at lists.suse.com Thu Sep 6 14:08:31 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 6 Sep 2012 22:08:31 +0200 (CEST) Subject: SUSE-SU-2012:1095-2: moderate: Security update for libxml2 Message-ID: <20120906200831.543C53225C@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1095-2 Rating: moderate References: #769184 Cross-References: CVE-2012-2807 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes libxml2 integer overflows.( CVE-2012-2807) Security Issue reference: * CVE-2012-2807 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): libxml2-2.6.23-15.33.17 libxml2-devel-2.6.23-15.33.17 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): libxml2-32bit-2.6.23-15.33.17 libxml2-devel-32bit-2.6.23-15.33.17 - SUSE Linux Enterprise Server 10 SP4 (ia64): libxml2-x86-2.6.23-15.33.17 - SUSE Linux Enterprise Server 10 SP4 (ppc): libxml2-64bit-2.6.23-15.33.17 libxml2-devel-64bit-2.6.23-15.33.17 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): libxml2-2.6.23-15.33.17 libxml2-devel-2.6.23-15.33.17 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): libxml2-32bit-2.6.23-15.33.17 libxml2-devel-32bit-2.6.23-15.33.17 References: http://support.novell.com/security/cve/CVE-2012-2807.html https://bugzilla.novell.com/769184 http://download.novell.com/patch/finder/?keywords=e380dcebcb29c98b9351f36692fef4a7 From sle-security-updates at lists.suse.com Thu Sep 6 14:08:33 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 6 Sep 2012 22:08:33 +0200 (CEST) Subject: SUSE-SU-2012:1129-1: important: Security update for Xen Message-ID: <20120906200833.1B34032258@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1129-1 Rating: important References: #777084 #777090 Cross-References: CVE-2012-3494 CVE-2012-3515 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: XEN was updated to fix multiple bugs and security issues. The following security issues have been fixed: * CVE-2012-3494: xen: hypercall set_debugreg vulnerability (XSA-12) * CVE-2012-3515: xen: Qemu VT100 emulation vulnerability (XSA-17) Security Issue references: * CVE-2012-3494 * CVE-2012-3515 Indications: Everyone using XEN should update. Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 x86_64): xen-3.2.3_17040_28-0.6.13.5 xen-devel-3.2.3_17040_28-0.6.13.5 xen-doc-html-3.2.3_17040_28-0.6.13.5 xen-doc-pdf-3.2.3_17040_28-0.6.13.5 xen-doc-ps-3.2.3_17040_28-0.6.13.5 xen-kmp-debug-3.2.3_17040_28_2.6.16.60_0.83.169-0.6.13.5 xen-kmp-default-3.2.3_17040_28_2.6.16.60_0.83.169-0.6.13.5 xen-kmp-kdump-3.2.3_17040_28_2.6.16.60_0.83.169-0.6.13.5 xen-kmp-smp-3.2.3_17040_28_2.6.16.60_0.83.169-0.6.13.5 xen-libs-3.2.3_17040_28-0.6.13.5 xen-tools-3.2.3_17040_28-0.6.13.5 xen-tools-domU-3.2.3_17040_28-0.6.13.5 xen-tools-ioemu-3.2.3_17040_28-0.6.13.5 - SUSE Linux Enterprise Server 10 SP3 LTSS (x86_64): xen-libs-32bit-3.2.3_17040_28-0.6.13.5 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586): xen-kmp-bigsmp-3.2.3_17040_28_2.6.16.60_0.83.169-0.6.13.5 xen-kmp-kdumppae-3.2.3_17040_28_2.6.16.60_0.83.169-0.6.13.5 xen-kmp-vmi-3.2.3_17040_28_2.6.16.60_0.83.169-0.6.13.5 xen-kmp-vmipae-3.2.3_17040_28_2.6.16.60_0.83.169-0.6.13.5 References: http://support.novell.com/security/cve/CVE-2012-3494.html http://support.novell.com/security/cve/CVE-2012-3515.html https://bugzilla.novell.com/777084 https://bugzilla.novell.com/777090 http://download.novell.com/patch/finder/?keywords=b08cee9a947266299a47b5d55046f727 From sle-security-updates at lists.suse.com Thu Sep 6 14:08:35 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 6 Sep 2012 22:08:35 +0200 (CEST) Subject: SUSE-SU-2012:1130-1: important: Security update for PHP5 Message-ID: <20120906200835.04A483225D@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1130-1 Rating: important References: #775852 Affected Products: SUSE Linux Enterprise Server 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update changes the default configuration to use FilesMatch with 'SetHandler' rather than 'AddHandler' to protect weakly written web applications from content confusion. Since this is a hardening measure, no CVE was assigned. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): apache2-mod_php5-5.2.14-0.38.1 php5-5.2.14-0.38.1 php5-bcmath-5.2.14-0.38.1 php5-bz2-5.2.14-0.38.1 php5-calendar-5.2.14-0.38.1 php5-ctype-5.2.14-0.38.1 php5-curl-5.2.14-0.38.1 php5-dba-5.2.14-0.38.1 php5-dbase-5.2.14-0.38.1 php5-devel-5.2.14-0.38.1 php5-dom-5.2.14-0.38.1 php5-exif-5.2.14-0.38.1 php5-fastcgi-5.2.14-0.38.1 php5-ftp-5.2.14-0.38.1 php5-gd-5.2.14-0.38.1 php5-gettext-5.2.14-0.38.1 php5-gmp-5.2.14-0.38.1 php5-hash-5.2.14-0.38.1 php5-iconv-5.2.14-0.38.1 php5-imap-5.2.14-0.38.1 php5-json-5.2.14-0.38.1 php5-ldap-5.2.14-0.38.1 php5-mbstring-5.2.14-0.38.1 php5-mcrypt-5.2.14-0.38.1 php5-mhash-5.2.14-0.38.1 php5-mysql-5.2.14-0.38.1 php5-ncurses-5.2.14-0.38.1 php5-odbc-5.2.14-0.38.1 php5-openssl-5.2.14-0.38.1 php5-pcntl-5.2.14-0.38.1 php5-pdo-5.2.14-0.38.1 php5-pear-5.2.14-0.38.1 php5-pgsql-5.2.14-0.38.1 php5-posix-5.2.14-0.38.1 php5-pspell-5.2.14-0.38.1 php5-shmop-5.2.14-0.38.1 php5-snmp-5.2.14-0.38.1 php5-soap-5.2.14-0.38.1 php5-sockets-5.2.14-0.38.1 php5-sqlite-5.2.14-0.38.1 php5-suhosin-5.2.14-0.38.1 php5-sysvmsg-5.2.14-0.38.1 php5-sysvsem-5.2.14-0.38.1 php5-sysvshm-5.2.14-0.38.1 php5-tokenizer-5.2.14-0.38.1 php5-wddx-5.2.14-0.38.1 php5-xmlreader-5.2.14-0.38.1 php5-xmlrpc-5.2.14-0.38.1 php5-xsl-5.2.14-0.38.1 php5-zlib-5.2.14-0.38.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): apache2-mod_php5-5.2.14-0.38.1 php5-5.2.14-0.38.1 php5-bcmath-5.2.14-0.38.1 php5-bz2-5.2.14-0.38.1 php5-calendar-5.2.14-0.38.1 php5-ctype-5.2.14-0.38.1 php5-curl-5.2.14-0.38.1 php5-dba-5.2.14-0.38.1 php5-dbase-5.2.14-0.38.1 php5-devel-5.2.14-0.38.1 php5-dom-5.2.14-0.38.1 php5-exif-5.2.14-0.38.1 php5-fastcgi-5.2.14-0.38.1 php5-ftp-5.2.14-0.38.1 php5-gd-5.2.14-0.38.1 php5-gettext-5.2.14-0.38.1 php5-gmp-5.2.14-0.38.1 php5-hash-5.2.14-0.38.1 php5-iconv-5.2.14-0.38.1 php5-imap-5.2.14-0.38.1 php5-ldap-5.2.14-0.38.1 php5-mbstring-5.2.14-0.38.1 php5-mcrypt-5.2.14-0.38.1 php5-mhash-5.2.14-0.38.1 php5-mysql-5.2.14-0.38.1 php5-ncurses-5.2.14-0.38.1 php5-odbc-5.2.14-0.38.1 php5-openssl-5.2.14-0.38.1 php5-pcntl-5.2.14-0.38.1 php5-pdo-5.2.14-0.38.1 php5-pear-5.2.14-0.38.1 php5-pgsql-5.2.14-0.38.1 php5-posix-5.2.14-0.38.1 php5-pspell-5.2.14-0.38.1 php5-shmop-5.2.14-0.38.1 php5-snmp-5.2.14-0.38.1 php5-soap-5.2.14-0.38.1 php5-sockets-5.2.14-0.38.1 php5-sqlite-5.2.14-0.38.1 php5-suhosin-5.2.14-0.38.1 php5-sysvmsg-5.2.14-0.38.1 php5-sysvsem-5.2.14-0.38.1 php5-sysvshm-5.2.14-0.38.1 php5-tidy-5.2.14-0.38.1 php5-tokenizer-5.2.14-0.38.1 php5-wddx-5.2.14-0.38.1 php5-xmlreader-5.2.14-0.38.1 php5-xmlrpc-5.2.14-0.38.1 php5-xsl-5.2.14-0.38.1 php5-zlib-5.2.14-0.38.1 References: https://bugzilla.novell.com/775852 http://download.novell.com/patch/finder/?keywords=6bcc0e41be00989b383aaa71edda8620 From sle-security-updates at lists.suse.com Fri Sep 7 07:08:35 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Sep 2012 15:08:35 +0200 (CEST) Subject: SUSE-SU-2012:1132-1: important: Security update for Xen Message-ID: <20120907130835.AC4D43225D@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1132-1 Rating: important References: #776300 #776995 #777084 #777086 #777088 #777090 #777091 Cross-References: CVE-2012-3494 CVE-2012-3495 CVE-2012-3496 CVE-2012-3498 CVE-2012-3515 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. It includes one version update. Description: XEN was updated 4.1.3 to fix multiple bugs and security issues. The following security issues have been fixed: * CVE-2012-3494: xen: hypercall set_debugreg vulnerability (XSA-12) * CVE-2012-3495: xen: hypercall physdev_get_free_pirq vulnerability (XSA-13) * CVE-2012-3496: xen: XENMEM_populate_physmap DoS vulnerability (XSA-14) * CVE-2012-3498: xen: PHYSDEVOP_map_pirq index vulnerability (XSA-16) * CVE-2012-3515: xen: Qemu VT100 emulation vulnerability (XSA-17) Also the following bugs have been fixed: * pvscsi support of attaching Luns - bnc#776995 The following related bugs in vm-install 0.5.12 have been fixed: * bnc#776300 - vm-install does not pass --extra-args in --upgrade * Add for support Open Enterprise Server 11 * Add support for Windows 8 and Windows Server 2012 * Add support for Ubuntu 12 (Precise Pangolin) Security Issue references: * CVE-2012-3496 * CVE-2012-3494 * CVE-2012-3495 * CVE-2012-3498 * CVE-2012-3515 Indications: Everyone using XEN should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xen-201209-6748 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xen-201209-6748 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xen-201209-6748 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xen-201209-6748 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): xen-devel-4.1.3_02-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xen-kmp-trace-4.1.3_02_3.0.38_0.5-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): xen-kmp-default-4.1.3_02_3.0.38_0.5-0.5.1 xen-kmp-trace-4.1.3_02_3.0.38_0.5-0.5.1 xen-libs-4.1.3_02-0.5.1 xen-tools-domU-4.1.3_02-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (x86_64) [New Version: 0.5.12]: vm-install-0.5.12-0.5.1 xen-4.1.3_02-0.5.1 xen-doc-html-4.1.3_02-0.5.1 xen-doc-pdf-4.1.3_02-0.5.1 xen-libs-32bit-4.1.3_02-0.5.1 xen-tools-4.1.3_02-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 0.5.12]: vm-install-0.5.12-0.5.3 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xen-kmp-default-4.1.3_02_3.0.38_0.5-0.5.1 xen-kmp-trace-4.1.3_02_3.0.38_0.5-0.5.1 xen-libs-4.1.3_02-0.5.1 xen-tools-domU-4.1.3_02-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 0.5.12]: vm-install-0.5.12-0.5.1 xen-4.1.3_02-0.5.1 xen-doc-html-4.1.3_02-0.5.1 xen-doc-pdf-4.1.3_02-0.5.1 xen-libs-32bit-4.1.3_02-0.5.1 xen-tools-4.1.3_02-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 0.5.12]: vm-install-0.5.12-0.5.3 References: http://support.novell.com/security/cve/CVE-2012-3494.html http://support.novell.com/security/cve/CVE-2012-3495.html http://support.novell.com/security/cve/CVE-2012-3496.html http://support.novell.com/security/cve/CVE-2012-3498.html http://support.novell.com/security/cve/CVE-2012-3515.html https://bugzilla.novell.com/776300 https://bugzilla.novell.com/776995 https://bugzilla.novell.com/777084 https://bugzilla.novell.com/777086 https://bugzilla.novell.com/777088 https://bugzilla.novell.com/777090 https://bugzilla.novell.com/777091 http://download.novell.com/patch/finder/?keywords=2940fd614757e4aece023d8a6e626af3 From sle-security-updates at lists.suse.com Fri Sep 7 08:08:24 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Sep 2012 16:08:24 +0200 (CEST) Subject: SUSE-SU-2012:1133-1: important: Security update for Xen Message-ID: <20120907140824.9FA1B3225C@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1133-1 Rating: important References: #777084 #777090 Cross-References: CVE-2012-3494 CVE-2012-3495 CVE-2012-3496 CVE-2012-3498 CVE-2012-3515 CVE-2012-3516 Affected Products: SUSE Linux Enterprise Server 10 SP2 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: XEN was updated to fix multiple bugs and security issues. The following security issues have been fixed: * CVE-2012-3494: xen: hypercall set_debugreg vulnerability (XSA-12) * CVE-2012-3515: xen: Qemu VT100 emulation vulnerability (XSA-17) Security Issue references: * CVE-2012-3496 * CVE-2012-3494 * CVE-2012-3495 * CVE-2012-3498 * CVE-2012-3516 * CVE-2012-3515 Indications: Everyone using XEN should update. Package List: - SUSE Linux Enterprise Server 10 SP2 (i586 x86_64): xen-3.2.0_16718_26-0.10.1 xen-devel-3.2.0_16718_26-0.10.1 xen-doc-html-3.2.0_16718_26-0.10.1 xen-doc-pdf-3.2.0_16718_26-0.10.1 xen-doc-ps-3.2.0_16718_26-0.10.1 xen-kmp-debug-3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1 xen-kmp-default-3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1 xen-kmp-kdump-3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1 xen-kmp-smp-3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1 xen-libs-3.2.0_16718_26-0.10.1 xen-tools-3.2.0_16718_26-0.10.1 xen-tools-domU-3.2.0_16718_26-0.10.1 xen-tools-ioemu-3.2.0_16718_26-0.10.1 - SUSE Linux Enterprise Server 10 SP2 (x86_64): xen-libs-32bit-3.2.0_16718_26-0.10.1 - SUSE Linux Enterprise Server 10 SP2 (i586): xen-kmp-bigsmp-3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1 References: http://support.novell.com/security/cve/CVE-2012-3494.html http://support.novell.com/security/cve/CVE-2012-3495.html http://support.novell.com/security/cve/CVE-2012-3496.html http://support.novell.com/security/cve/CVE-2012-3498.html http://support.novell.com/security/cve/CVE-2012-3515.html http://support.novell.com/security/cve/CVE-2012-3516.html https://bugzilla.novell.com/777084 https://bugzilla.novell.com/777090 http://download.novell.com/patch/finder/?keywords=6779ef884a44335e87986cb4684ebd15 From sle-security-updates at lists.suse.com Fri Sep 7 12:08:40 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Sep 2012 20:08:40 +0200 (CEST) Subject: SUSE-SU-2012:1135-1: important: Security update for Xen Message-ID: <20120907180840.5CC913225F@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1135-1 Rating: important References: #762484 #777084 #777090 Cross-References: CVE-2012-2625 CVE-2012-3494 CVE-2012-3515 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: XEN was updated to fix multiple bugs and security issues. The following security issues have been fixed: * CVE-2012-3494: xen: hypercall set_debugreg vulnerability (XSA-12) * CVE-2012-3515: xen: Qemu VT100 emulation vulnerability (XSA-17) * CVE-2012-2625: xen: pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel, leading to denial of service Security Issue references: * CVE-2012-3494 * CVE-2012-3515 * CVE-2012-2625 Indications: Everyone using XEN should update. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64): xen-3.2.3_17040_40-0.7.2 xen-devel-3.2.3_17040_40-0.7.2 xen-doc-html-3.2.3_17040_40-0.7.2 xen-doc-pdf-3.2.3_17040_40-0.7.2 xen-doc-ps-3.2.3_17040_40-0.7.2 xen-kmp-debug-3.2.3_17040_40_2.6.16.60_0.97.32-0.7.2 xen-kmp-default-3.2.3_17040_40_2.6.16.60_0.97.32-0.7.2 xen-kmp-kdump-3.2.3_17040_40_2.6.16.60_0.97.32-0.7.2 xen-kmp-smp-3.2.3_17040_40_2.6.16.60_0.97.32-0.7.2 xen-libs-3.2.3_17040_40-0.7.2 xen-tools-3.2.3_17040_40-0.7.2 xen-tools-domU-3.2.3_17040_40-0.7.2 xen-tools-ioemu-3.2.3_17040_40-0.7.2 - SUSE Linux Enterprise Server 10 SP4 (x86_64): xen-libs-32bit-3.2.3_17040_40-0.7.2 - SUSE Linux Enterprise Server 10 SP4 (i586): xen-kmp-bigsmp-3.2.3_17040_40_2.6.16.60_0.97.32-0.7.2 xen-kmp-kdumppae-3.2.3_17040_40_2.6.16.60_0.97.32-0.7.2 xen-kmp-vmi-3.2.3_17040_40_2.6.16.60_0.97.32-0.7.2 xen-kmp-vmipae-3.2.3_17040_40_2.6.16.60_0.97.32-0.7.2 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): xen-3.2.3_17040_40-0.7.2 xen-devel-3.2.3_17040_40-0.7.2 xen-doc-html-3.2.3_17040_40-0.7.2 xen-doc-pdf-3.2.3_17040_40-0.7.2 xen-doc-ps-3.2.3_17040_40-0.7.2 xen-kmp-default-3.2.3_17040_40_2.6.16.60_0.97.32-0.7.2 xen-kmp-smp-3.2.3_17040_40_2.6.16.60_0.97.32-0.7.2 xen-libs-3.2.3_17040_40-0.7.2 xen-tools-3.2.3_17040_40-0.7.2 xen-tools-domU-3.2.3_17040_40-0.7.2 xen-tools-ioemu-3.2.3_17040_40-0.7.2 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): xen-libs-32bit-3.2.3_17040_40-0.7.2 - SUSE Linux Enterprise Desktop 10 SP4 (i586): xen-kmp-bigsmp-3.2.3_17040_40_2.6.16.60_0.97.32-0.7.2 - SLE SDK 10 SP4 (i586 x86_64): xen-3.2.3_17040_40-0.7.2 xen-devel-3.2.3_17040_40-0.7.2 xen-kmp-debug-3.2.3_17040_40_2.6.16.60_0.97.32-0.7.2 xen-kmp-kdump-3.2.3_17040_40_2.6.16.60_0.97.32-0.7.2 xen-libs-3.2.3_17040_40-0.7.2 xen-tools-3.2.3_17040_40-0.7.2 xen-tools-ioemu-3.2.3_17040_40-0.7.2 - SLE SDK 10 SP4 (x86_64): xen-libs-32bit-3.2.3_17040_40-0.7.2 References: http://support.novell.com/security/cve/CVE-2012-2625.html http://support.novell.com/security/cve/CVE-2012-3494.html http://support.novell.com/security/cve/CVE-2012-3515.html https://bugzilla.novell.com/762484 https://bugzilla.novell.com/777084 https://bugzilla.novell.com/777090 http://download.novell.com/patch/finder/?keywords=7abce5ad0bd27a8e2084fe946c37389f From sle-security-updates at lists.suse.com Tue Sep 11 22:08:34 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 12 Sep 2012 06:08:34 +0200 (CEST) Subject: SUSE-SU-2012:1147-1: moderate: Security update for inn Message-ID: <20120912040834.803D23225E@maintenance.suse.de> SUSE Security Update: Security update for inn ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1147-1 Rating: moderate References: #776967 Cross-References: CVE-2012-3523 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A STARTTLS injection issue has been fixed in inn. CVE-2012-3523 has been assigned to this issue. Security Issue reference: * CVE-2012-3523 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-inn-6774 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-inn-6774 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-inn-6774 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): inn-devel-2.4.2-170.21.3.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): inn-2.4.2-170.21.3.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): inn-2.4.2-170.21.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): inn-2.4.2-170.21.3.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): inn-2.4.2-20.9.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): inn-2.4.2-20.9.1 References: http://support.novell.com/security/cve/CVE-2012-3523.html https://bugzilla.novell.com/776967 http://download.novell.com/patch/finder/?keywords=052e129a0b795031695c195c312556aa http://download.novell.com/patch/finder/?keywords=f03ecff3fb6680aa0bf3baf1d92ae965 From sle-security-updates at lists.suse.com Tue Sep 11 22:08:36 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 12 Sep 2012 06:08:36 +0200 (CEST) Subject: SUSE-SU-2012:1148-1: critical: Security update for OpenJDK Message-ID: <20120912040836.45ED332262@maintenance.suse.de> SUSE Security Update: Security update for OpenJDK ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1148-1 Rating: critical References: #777499 Cross-References: CVE-2012-0547 CVE-2012-1682 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The following security issues have been fixed: * S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder * S7163201, CVE-2012-0547: Simplify toolkit internals references Security Issue references: * CVE-2012-1682 * CVE-2012-0547 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-java-1_6_0-openjdk-6772 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b24.1.11.4-0.3.1 java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.4-0.3.1 java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.4-0.3.1 References: http://support.novell.com/security/cve/CVE-2012-0547.html http://support.novell.com/security/cve/CVE-2012-1682.html https://bugzilla.novell.com/777499 http://download.novell.com/patch/finder/?keywords=3a2f76ea954e211ebdec523673a69595 From sle-security-updates at lists.suse.com Tue Sep 11 23:08:32 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 12 Sep 2012 07:08:32 +0200 (CEST) Subject: SUSE-SU-2012:1149-1: important: Security update for compat-openssl097g Message-ID: <20120912050832.3739E32260@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl097g ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1149-1 Rating: important References: #758060 Cross-References: CVE-2012-2110 Affected Products: SUSE Linux Enterprise for SAP Applications 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This compat-openssl097g rollup update contains various security fixes: * CVE-2012-2131,CVE-2012-2110: incorrect integer conversions in OpenSSL could have resulted in memory corruption during buffer management operations. Security Issue reference: * CVE-2012-2110 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise for SAP Applications 11 SP2: zypper in -t patch slesapp2-compat-openssl097g-6749 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-compat-openssl097g-6749 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise for SAP Applications 11 SP2 (x86_64): compat-openssl097g-0.9.7g-146.22.1 compat-openssl097g-32bit-0.9.7g-146.22.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): compat-openssl097g-0.9.7g-13.23.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): compat-openssl097g-32bit-0.9.7g-13.23.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): compat-openssl097g-x86-0.9.7g-13.23.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): compat-openssl097g-64bit-0.9.7g-13.23.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): compat-openssl097g-0.9.7g-146.22.1 compat-openssl097g-32bit-0.9.7g-146.22.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): compat-openssl097g-0.9.7g-13.23.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): compat-openssl097g-32bit-0.9.7g-13.23.1 References: http://support.novell.com/security/cve/CVE-2012-2110.html https://bugzilla.novell.com/758060 http://download.novell.com/patch/finder/?keywords=6f04264f0709c1dee299245669fdda7c http://download.novell.com/patch/finder/?keywords=acfbe9a056a9163e512e971404eb3aaa From sle-security-updates at lists.suse.com Wed Sep 12 12:08:35 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 12 Sep 2012 20:08:35 +0200 (CEST) Subject: SUSE-SU-2012:1155-1: important: Security update for dbus-1 Message-ID: <20120912180835.F261C32263@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1155-1 Rating: important References: #697105 #764047 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update fixes a vulnerability in the DBUS auto-launching feature that allowed local users to execute arbitrary programs as root. CVE-2012-3524 has been assigned to this issue. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-dbus-1-6733 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-dbus-1-6733 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-dbus-1-6733 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-dbus-1-6733 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): dbus-1-devel-1.2.10-3.25.1 dbus-1-devel-doc-1.2.10-3.25.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): dbus-1-1.2.10-3.25.1 dbus-1-x11-1.2.10-3.25.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): dbus-1-32bit-1.2.10-3.25.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): dbus-1-1.2.10-3.25.1 dbus-1-x11-1.2.10-3.25.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): dbus-1-32bit-1.2.10-3.25.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): dbus-1-x86-1.2.10-3.25.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): dbus-1-1.2.10-3.25.1 dbus-1-x11-1.2.10-3.25.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): dbus-1-32bit-1.2.10-3.25.1 References: https://bugzilla.novell.com/697105 https://bugzilla.novell.com/764047 http://download.novell.com/patch/finder/?keywords=67554744e53055e253dbe3ef2cceb035 From sle-security-updates at lists.suse.com Wed Sep 12 16:09:06 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 13 Sep 2012 00:09:06 +0200 (CEST) Subject: SUSE-SU-2012:1156-1: important: Security update for PHP5 Message-ID: <20120912220906.2680732257@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1156-1 Rating: important References: #775852 #778003 Cross-References: CVE-2011-1398 CVE-2011-4388 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes CVE-2011-1398 and CVE-2011-4388 (header injection via CR). This update also changes the default configuration to use FilesMatch with 'SetHandler' rather than 'AddHandler' to protect weakly written web applications from content confusion. Since this is a hardening measure, no CVE was assigned. Security Issue references: * CVE-2011-1398 * CVE-2011-4388 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-apache2-mod_php53-6778 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-apache2-mod_php53-6778 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-apache2-mod_php53-6778 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.8-0.39.1 php53-imap-5.3.8-0.39.1 php53-posix-5.3.8-0.39.1 php53-readline-5.3.8-0.39.1 php53-sockets-5.3.8-0.39.1 php53-sqlite-5.3.8-0.39.1 php53-tidy-5.3.8-0.39.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): apache2-mod_php53-5.3.8-0.39.1 php53-5.3.8-0.39.1 php53-bcmath-5.3.8-0.39.1 php53-bz2-5.3.8-0.39.1 php53-calendar-5.3.8-0.39.1 php53-ctype-5.3.8-0.39.1 php53-curl-5.3.8-0.39.1 php53-dba-5.3.8-0.39.1 php53-dom-5.3.8-0.39.1 php53-exif-5.3.8-0.39.1 php53-fastcgi-5.3.8-0.39.1 php53-fileinfo-5.3.8-0.39.1 php53-ftp-5.3.8-0.39.1 php53-gd-5.3.8-0.39.1 php53-gettext-5.3.8-0.39.1 php53-gmp-5.3.8-0.39.1 php53-iconv-5.3.8-0.39.1 php53-intl-5.3.8-0.39.1 php53-json-5.3.8-0.39.1 php53-ldap-5.3.8-0.39.1 php53-mbstring-5.3.8-0.39.1 php53-mcrypt-5.3.8-0.39.1 php53-mysql-5.3.8-0.39.1 php53-odbc-5.3.8-0.39.1 php53-openssl-5.3.8-0.39.1 php53-pcntl-5.3.8-0.39.1 php53-pdo-5.3.8-0.39.1 php53-pear-5.3.8-0.39.1 php53-pgsql-5.3.8-0.39.1 php53-pspell-5.3.8-0.39.1 php53-shmop-5.3.8-0.39.1 php53-snmp-5.3.8-0.39.1 php53-soap-5.3.8-0.39.1 php53-suhosin-5.3.8-0.39.1 php53-sysvmsg-5.3.8-0.39.1 php53-sysvsem-5.3.8-0.39.1 php53-sysvshm-5.3.8-0.39.1 php53-tokenizer-5.3.8-0.39.1 php53-wddx-5.3.8-0.39.1 php53-xmlreader-5.3.8-0.39.1 php53-xmlrpc-5.3.8-0.39.1 php53-xmlwriter-5.3.8-0.39.1 php53-xsl-5.3.8-0.39.1 php53-zip-5.3.8-0.39.1 php53-zlib-5.3.8-0.39.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.8-0.39.1 php53-5.3.8-0.39.1 php53-bcmath-5.3.8-0.39.1 php53-bz2-5.3.8-0.39.1 php53-calendar-5.3.8-0.39.1 php53-ctype-5.3.8-0.39.1 php53-curl-5.3.8-0.39.1 php53-dba-5.3.8-0.39.1 php53-dom-5.3.8-0.39.1 php53-exif-5.3.8-0.39.1 php53-fastcgi-5.3.8-0.39.1 php53-fileinfo-5.3.8-0.39.1 php53-ftp-5.3.8-0.39.1 php53-gd-5.3.8-0.39.1 php53-gettext-5.3.8-0.39.1 php53-gmp-5.3.8-0.39.1 php53-iconv-5.3.8-0.39.1 php53-intl-5.3.8-0.39.1 php53-json-5.3.8-0.39.1 php53-ldap-5.3.8-0.39.1 php53-mbstring-5.3.8-0.39.1 php53-mcrypt-5.3.8-0.39.1 php53-mysql-5.3.8-0.39.1 php53-odbc-5.3.8-0.39.1 php53-openssl-5.3.8-0.39.1 php53-pcntl-5.3.8-0.39.1 php53-pdo-5.3.8-0.39.1 php53-pear-5.3.8-0.39.1 php53-pgsql-5.3.8-0.39.1 php53-pspell-5.3.8-0.39.1 php53-shmop-5.3.8-0.39.1 php53-snmp-5.3.8-0.39.1 php53-soap-5.3.8-0.39.1 php53-suhosin-5.3.8-0.39.1 php53-sysvmsg-5.3.8-0.39.1 php53-sysvsem-5.3.8-0.39.1 php53-sysvshm-5.3.8-0.39.1 php53-tokenizer-5.3.8-0.39.1 php53-wddx-5.3.8-0.39.1 php53-xmlreader-5.3.8-0.39.1 php53-xmlrpc-5.3.8-0.39.1 php53-xmlwriter-5.3.8-0.39.1 php53-xsl-5.3.8-0.39.1 php53-zip-5.3.8-0.39.1 php53-zlib-5.3.8-0.39.1 References: http://support.novell.com/security/cve/CVE-2011-1398.html http://support.novell.com/security/cve/CVE-2011-4388.html https://bugzilla.novell.com/775852 https://bugzilla.novell.com/778003 http://download.novell.com/patch/finder/?keywords=196b574ae446447dd5589365670d4c11 From sle-security-updates at lists.suse.com Wed Sep 12 17:08:38 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 13 Sep 2012 01:08:38 +0200 (CEST) Subject: SUSE-SU-2012:1157-1: important: Security update for Mozilla Firefox Message-ID: <20120912230838.B288632257@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1157-1 Rating: important References: #777588 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes three new package versions. Description: MozillaFirefox was updated to 10.0.7ESR release, fixing a lot of bugs and security problems. The following security issues have been addressed: * MFSA 2012-57: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * CVE-2012-1971: Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, and Jason Smith reported memory safety problems and crashes that affect Firefox 14. * CVE-2012-1970: Gary Kwong, Christian Holler, Jesse Ruderman, John Schoenick, Vladimir Vukicevic and Daniel Holbert reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 14. * MFSA 2012-58: Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. o Heap-use-after-free in nsHTMLEditor::CollapseAdjacentTextNodes CVE-2012-1972 o Heap-use-after-free in nsObjectLoadingContent::LoadObject CVE-2012-1973 o Heap-use-after-free in gfxTextRun::CanBreakLineBefore CVE-2012-1974 o Heap-use-after-free in PresShell::CompleteMove CVE-2012-1975 o Heap-use-after-free in nsHTMLSelectElement::SubmitNamesValues CVE-2012-1976 o Heap-use-after-free in MediaStreamGraphThreadRunnable::Run() CVE-2012-3956 o Heap-buffer-overflow in nsBlockFrame::MarkLineDirty CVE-2012-3957 o Heap-use-after-free in nsHTMLEditRules::DeleteNonTableElements CVE-2012-3958 o Heap-use-after-free in nsRangeUpdater::SelAdjDeleteNode CVE-2012-3959 o Heap-use-after-free in mozSpellChecker::SetCurrentDictionary CVE-2012-3960 o Heap-use-after-free in RangeData::~RangeData CVE-2012-3961 o Bad iterator in text runs CVE-2012-3962 o use after free in js::gc::MapAllocToTraceKind CVE-2012-3963 o Heap-use-after-free READ 8 in gfxTextRun::GetUserData CVE-2012-3964 * MFSA 2012-59 / CVE-2012-1956: Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting (XSS) attacks. * MFSA 2012-60 / CVE-2012-3965: Security researcher Mariusz Mlynski reported that when a page opens a new tab, a subsequent window can then be opened that can be navigated to about:newtab, a chrome privileged page. Once about:newtab is loaded, the special context can potentially be used to escalate privilege, allowing for arbitrary code execution on the local system in a maliciously crafted attack. * MFSA 2012-61 / CVE-2012-3966: Security researcher Frederic Hoguin reported two related issues with the decoding of bitmap (.BMP) format images embedded in icon (.ICO) format files. When processing a negative "height" header value for the bitmap image, a memory corruption can be induced, allowing an attacker to write random memory and cause a crash. This crash may be potentially exploitable. * MFSA 2012-62: Security researcher miaubiz used the Address Sanitizer tool to discover two WebGL issues. The first issue is a use-after-free when WebGL shaders are called after being destroyed. The second issue exposes a problem with Mesa drivers on Linux, leading to a potentially exploitable crash. o use after free, webgl fragment shader deleted by accessor CVE-2012-3968 o stack scribbling with 4-byte values choosable among a few values, when using more than 16 sampler uniforms, on Mesa, with all drivers CVE-2012-3967 * MFSA 2012-63: Security researcher Arthur Gerkis used the Address Sanitizer tool to find two issues involving Scalable Vector Graphics (SVG) files. The first issue is a buffer overflow in Gecko's SVG filter code when the sum of two values is too large to be stored as a signed 32-bit integer, causing the function to write past the end of an array. The second issue is a use-after-free when an element with a "requiredFeatures" attribute is moved between documents. In that situation, the internal representation of the "requiredFeatures" value could be freed prematurely. Both issues are potentially exploitable. o Heap-buffer-overflow in nsSVGFEMorphologyElement::Filter CVE-2012-3969 o Heap-use-after-free in nsTArray_base::Length() CVE-2012-3970 * MFSA 2012-64 / CVE-2012-3971: Using the Address Sanitizer tool, Mozilla security researcher Christoph Diehl discovered two memory corruption issues involving the Graphite 2 library used in Mozilla products. Both of these issues can cause a potentially exploitable crash. These problems were fixed in the Graphite 2 library, which has been updated for Mozilla products. * MFSA 2012-65 / CVE-2012-3972: Security research Nicolas Gregoire used the Address Sanitizer tool to discover an out-of-bounds read in the format-number feature of XSLT, which can cause inaccurate formatting of numbers and information leakage. This is not directly exploitable. * MFSA 2012-66 / CVE-2012-3973: Mozilla security researcher Mark Goodwin discovered an issue with the Firefox developer tools' debugger. If remote debugging is disabled, but the experimental HTTPMonitor extension has been installed and enabled, a remote user can connect to and use the remote debugging service through the port used by HTTPMonitor. A remote-enabled flag has been added to resolve this problem and close the port unless debugging is explicitly enabled. * MFSA 2012-67 / CVE-2012-3974: Security researcher Masato Kinugawa reported that if a crafted executable is placed in the root partition on a Windows file system, the Firefox and Thunderbird installer will launch this program after a standard installation instead of Firefox or Thunderbird, running this program with the user's privileges. * MFSA 2012-68 / CVE-2012-3975: Security researcher vsemozhetbyt reported that when the DOMParser is used to parse text/html data in a Firefox extension, linked resources within this HTML data will be loaded. If the data being parsed in the extension is untrusted, it could lead to information leakage and can potentially be combined with other attacks to become exploitable. * MFSA 2012-69 / CVE-2012-3976: Security researcher Mark Poticha reported an issue where incorrect SSL certificate information can be displayed on the addressbar, showing the SSL data for a previous site while another has been loaded. This is caused by two onLocationChange events being fired out of the expected order, leading to the displayed certificate data to not be updated. This can be used for phishing attacks by allowing the user to input form or other data on a newer, attacking, site while the credentials of an older site appear on the addressbar. * MFSA 2012-70 / CVE-2012-3978: Mozilla security researcher moz_bug_r_a4 reported that certain security checks in the location object can be bypassed if chrome code is called content in a specific manner. This allowed for the loading of restricted content. This can be combined with other issues to become potentially exploitable. * MFSA 2012-71 / CVE-2012-3979: Mozilla developer Blake Kaplan reported that __android_log_print is called insecurely in places. If a malicious web page used a dump() statement with a specially crafted string, it can trigger a potentially exploitable crash. This vulnerability only affects Firefox for Android. * MFSA 2012-72 / CVE-2012-3980: Security researcher Colby Russell discovered that eval in the web console can execute injected code with chrome privileges, leading to the running of malicious code in a privileged context. This allows for arbitrary code execution through a malicious web page if the web console is invoked by the user. Indications: Please install this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-firefox-201208-6763 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-firefox-201208-6763 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-firefox-201208-6763 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-firefox-201208-6763 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.13.6 and 4.9.2]: mozilla-nspr-devel-4.9.2-0.6.1 mozilla-nss-devel-3.13.6-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 10.0.7,3.13.6 and 4.9.2]: MozillaFirefox-10.0.7-0.3.1 MozillaFirefox-translations-10.0.7-0.3.1 libfreebl3-3.13.6-0.5.1 mozilla-nspr-4.9.2-0.6.1 mozilla-nss-3.13.6-0.5.1 mozilla-nss-tools-3.13.6-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 3.13.6 and 4.9.2]: libfreebl3-32bit-3.13.6-0.5.1 mozilla-nspr-32bit-4.9.2-0.6.1 mozilla-nss-32bit-3.13.6-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.7,3.13.6 and 4.9.2]: MozillaFirefox-10.0.7-0.3.1 MozillaFirefox-branding-SLED-7-0.6.7.80 MozillaFirefox-translations-10.0.7-0.3.1 libfreebl3-3.13.6-0.5.1 mozilla-nspr-4.9.2-0.6.1 mozilla-nss-3.13.6-0.5.1 mozilla-nss-tools-3.13.6-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 3.13.6 and 4.9.2]: libfreebl3-32bit-3.13.6-0.5.1 mozilla-nspr-32bit-4.9.2-0.6.1 mozilla-nss-32bit-3.13.6-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 3.13.6 and 4.9.2]: libfreebl3-x86-3.13.6-0.5.1 mozilla-nspr-x86-4.9.2-0.6.1 mozilla-nss-x86-3.13.6-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 10.0.7,3.13.6 and 4.9.2]: MozillaFirefox-10.0.7-0.3.1 MozillaFirefox-branding-SLED-7-0.6.7.80 MozillaFirefox-translations-10.0.7-0.3.1 libfreebl3-3.13.6-0.5.1 mozilla-nspr-4.9.2-0.6.1 mozilla-nss-3.13.6-0.5.1 mozilla-nss-tools-3.13.6-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 3.13.6 and 4.9.2]: libfreebl3-32bit-3.13.6-0.5.1 mozilla-nspr-32bit-4.9.2-0.6.1 mozilla-nss-32bit-3.13.6-0.5.1 References: https://bugzilla.novell.com/777588 http://download.novell.com/patch/finder/?keywords=eb74965ce2354d47597681ee9cf49621 From sle-security-updates at lists.suse.com Thu Sep 13 14:08:29 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 13 Sep 2012 22:08:29 +0200 (CEST) Subject: SUSE-SU-2012:1162-1: important: Security update for Xen Message-ID: <20120913200829.E89053225E@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1162-1 Rating: important References: #776995 #777084 #777090 #777091 Cross-References: CVE-2012-3494 CVE-2012-3496 CVE-2012-3515 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: XEN was updated to fix multiple bugs and security issues. The following security issues have been fixed: * CVE-2012-3494: xen: hypercall set_debugreg vulnerability (XSA-12) * CVE-2012-3496: xen: XENMEM_populate_physmap DoS vulnerability (XSA-14) * CVE-2012-3515: xen: Qemu VT100 emulation vulnerability (XSA-17) Also the following bugs have been fixed: * pvscsi support of attaching Luns - bnc#776995 Security Issue references: * CVE-2012-3496 * CVE-2012-3494 * CVE-2012-3515 Indications: Everyone using XEN should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-xen-201209-6746 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64): xen-4.0.3_21548_10-0.5.1 xen-doc-html-4.0.3_21548_10-0.5.1 xen-doc-pdf-4.0.3_21548_10-0.5.1 xen-kmp-default-4.0.3_21548_10_2.6.32.59_0.7-0.5.1 xen-kmp-trace-4.0.3_21548_10_2.6.32.59_0.7-0.5.1 xen-libs-4.0.3_21548_10-0.5.1 xen-tools-4.0.3_21548_10-0.5.1 xen-tools-domU-4.0.3_21548_10-0.5.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586): xen-kmp-pae-4.0.3_21548_10_2.6.32.59_0.7-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-3494.html http://support.novell.com/security/cve/CVE-2012-3496.html http://support.novell.com/security/cve/CVE-2012-3515.html https://bugzilla.novell.com/776995 https://bugzilla.novell.com/777084 https://bugzilla.novell.com/777090 https://bugzilla.novell.com/777091 http://download.novell.com/patch/finder/?keywords=60ffb0200ab44cd2c5b21cf2c325f4a5 From sle-security-updates at lists.suse.com Thu Sep 13 18:08:29 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Sep 2012 02:08:29 +0200 (CEST) Subject: SUSE-SU-2012:1167-1: important: Security update for Mozilla Firefox Message-ID: <20120914000829.E34A23225E@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1167-1 Rating: important References: #684069 #769762 #777588 Cross-References: CVE-2012-1956 CVE-2012-1970 CVE-2012-1971 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3965 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3973 CVE-2012-3974 CVE-2012-3975 CVE-2012-3976 CVE-2012-3978 CVE-2012-3979 CVE-2012-3980 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes 32 vulnerabilities is now available. It includes three new package versions. Description: MozillaFirefox was updated to 10.0.7ESR release, fixing a lot of bugs and security problems. The following security issues have been addressed: * MFSA 2012-57: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * CVE-2012-1971: Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, and Jason Smith reported memory safety problems and crashes that affect Firefox 14. * CVE-2012-1970: Gary Kwong, Christian Holler, Jesse Ruderman, John Schoenick, Vladimir Vukicevic and Daniel Holbert reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 14. * MFSA 2012-58: Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. o Heap-use-after-free in nsHTMLEditor::CollapseAdjacentTextNodes CVE-2012-1972 o Heap-use-after-free in nsObjectLoadingContent::LoadObject CVE-2012-1973 o Heap-use-after-free in gfxTextRun::CanBreakLineBefore CVE-2012-1974 o Heap-use-after-free in PresShell::CompleteMove CVE-2012-1975 o Heap-use-after-free in nsHTMLSelectElement::SubmitNamesValues CVE-2012-1976 o Heap-use-after-free in MediaStreamGraphThreadRunnable::Run() CVE-2012-3956 o Heap-buffer-overflow in nsBlockFrame::MarkLineDirty CVE-2012-3957 o Heap-use-after-free in nsHTMLEditRules::DeleteNonTableElements CVE-2012-3958 o Heap-use-after-free in nsRangeUpdater::SelAdjDeleteNode CVE-2012-3959 o Heap-use-after-free in mozSpellChecker::SetCurrentDictionary CVE-2012-3960 o Heap-use-after-free in RangeData::~RangeData CVE-2012-3961 o Bad iterator in text runs CVE-2012-3962 o use after free in js::gc::MapAllocToTraceKind CVE-2012-3963 o Heap-use-after-free READ 8 in gfxTextRun::GetUserData CVE-2012-3964 * MFSA 2012-59 / CVE-2012-1956: Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting (XSS) attacks. * MFSA 2012-60 / CVE-2012-3965: Security researcher Mariusz Mlynski reported that when a page opens a new tab, a subsequent window can then be opened that can be navigated to about:newtab, a chrome privileged page. Once about:newtab is loaded, the special context can potentially be used to escalate privilege, allowing for arbitrary code execution on the local system in a maliciously crafted attack. * MFSA 2012-61 / CVE-2012-3966: Security researcher Frederic Hoguin reported two related issues with the decoding of bitmap (.BMP) format images embedded in icon (.ICO) format files. When processing a negative "height" header value for the bitmap image, a memory corruption can be induced, allowing an attacker to write random memory and cause a crash. This crash may be potentially exploitable. * MFSA 2012-62: Security researcher miaubiz used the Address Sanitizer tool to discover two WebGL issues. The first issue is a use-after-free when WebGL shaders are called after being destroyed. The second issue exposes a problem with Mesa drivers on Linux, leading to a potentially exploitable crash. o use after free, webgl fragment shader deleted by accessor CVE-2012-3968 o stack scribbling with 4-byte values choosable among a few values, when using more than 16 sampler uniforms, on Mesa, with all drivers CVE-2012-3967 * MFSA 2012-63: Security researcher Arthur Gerkis used the Address Sanitizer tool to find two issues involving Scalable Vector Graphics (SVG) files. The first issue is a buffer overflow in Gecko's SVG filter code when the sum of two values is too large to be stored as a signed 32-bit integer, causing the function to write past the end of an array. The second issue is a use-after-free when an element with a "requiredFeatures" attribute is moved between documents. In that situation, the internal representation of the "requiredFeatures" value could be freed prematurely. Both issues are potentially exploitable. o Heap-buffer-overflow in nsSVGFEMorphologyElement::Filter CVE-2012-3969 o Heap-use-after-free in nsTArray_base::Length() CVE-2012-3970 * MFSA 2012-64 / CVE-2012-3971: Using the Address Sanitizer tool, Mozilla security researcher Christoph Diehl discovered two memory corruption issues involving the Graphite 2 library used in Mozilla products. Both of these issues can cause a potentially exploitable crash. These problems were fixed in the Graphite 2 library, which has been updated for Mozilla products. * MFSA 2012-65 / CVE-2012-3972: Security research Nicolas Gregoire used the Address Sanitizer tool to discover an out-of-bounds read in the format-number feature of XSLT, which can cause inaccurate formatting of numbers and information leakage. This is not directly exploitable. * MFSA 2012-66 / CVE-2012-3973: Mozilla security researcher Mark Goodwin discovered an issue with the Firefox developer tools' debugger. If remote debugging is disabled, but the experimental HTTPMonitor extension has been installed and enabled, a remote user can connect to and use the remote debugging service through the port used by HTTPMonitor. A remote-enabled flag has been added to resolve this problem and close the port unless debugging is explicitly enabled. * MFSA 2012-67 / CVE-2012-3974: Security researcher Masato Kinugawa reported that if a crafted executable is placed in the root partition on a Windows file system, the Firefox and Thunderbird installer will launch this program after a standard installation instead of Firefox or Thunderbird, running this program with the user's privileges. * MFSA 2012-68 / CVE-2012-3975: Security researcher vsemozhetbyt reported that when the DOMParser is used to parse text/html data in a Firefox extension, linked resources within this HTML data will be loaded. If the data being parsed in the extension is untrusted, it could lead to information leakage and can potentially be combined with other attacks to become exploitable. * MFSA 2012-69 / CVE-2012-3976: Security researcher Mark Poticha reported an issue where incorrect SSL certificate information can be displayed on the addressbar, showing the SSL data for a previous site while another has been loaded. This is caused by two onLocationChange events being fired out of the expected order, leading to the displayed certificate data to not be updated. This can be used for phishing attacks by allowing the user to input form or other data on a newer, attacking, site while the credentials of an older site appear on the addressbar. * MFSA 2012-70 / CVE-2012-3978: Mozilla security researcher moz_bug_r_a4 reported that certain security checks in the location object can be bypassed if chrome code is called content in a specific manner. This allowed for the loading of restricted content. This can be combined with other issues to become potentially exploitable. * MFSA 2012-71 / CVE-2012-3979: Mozilla developer Blake Kaplan reported that __android_log_print is called insecurely in places. If a malicious web page used a dump() statement with a specially crafted string, it can trigger a potentially exploitable crash. This vulnerability only affects Firefox for Android. * MFSA 2012-72 / CVE-2012-3980: Security researcher Colby Russell discovered that eval in the web console can execute injected code with chrome privileges, leading to the running of malicious code in a privileged context. This allows for arbitrary code execution through a malicious web page if the web console is invoked by the user. Security Issue references: * CVE-2012-1971 * CVE-2012-1970 * CVE-2012-1972 * CVE-2012-1973 * CVE-2012-1974 * CVE-2012-1975 * CVE-2012-1976 * CVE-2012-3956 * CVE-2012-3957 * CVE-2012-3958 * CVE-2012-3959 * CVE-2012-3960 * CVE-2012-3961 * CVE-2012-3962 * CVE-2012-3963 * CVE-2012-3964 * CVE-2012-1956 * CVE-2012-3965 * CVE-2012-3966 * CVE-2012-3968 * CVE-2012-3967 * CVE-2012-3969 * CVE-2012-3970 * CVE-2012-3971 * CVE-2012-3972 * CVE-2012-3973 * CVE-2012-3974 * CVE-2012-3975 * CVE-2012-3976 * CVE-2012-3978 * CVE-2012-3979 * CVE-2012-3980 Indications: Please install this update. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.13.6 and 4.9.2]: firefox3-cairo-1.2.4-0.8.1 mozilla-nspr-4.9.2-0.9.1 mozilla-nspr-devel-4.9.2-0.9.1 mozilla-nss-3.13.6-0.8.1 mozilla-nss-devel-3.13.6-0.8.1 mozilla-nss-tools-3.13.6-0.8.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x) [New Version: 7]: MozillaFirefox-10.0.7-0.5.1 MozillaFirefox-branding-SLED-7-0.8.31 MozillaFirefox-translations-10.0.7-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 3.13.6 and 4.9.2]: firefox3-cairo-32bit-1.2.4-0.8.1 mozilla-nspr-32bit-4.9.2-0.9.1 mozilla-nss-32bit-3.13.6-0.8.1 - SUSE Linux Enterprise Server 10 SP4 (ia64) [New Version: 3.13.6 and 4.9.2]: mozilla-nspr-x86-4.9.2-0.9.1 mozilla-nss-x86-3.13.6-0.8.1 - SUSE Linux Enterprise Server 10 SP4 (ppc) [New Version: 3.13.6 and 4.9.2]: mozilla-nspr-64bit-4.9.2-0.9.1 mozilla-nss-64bit-3.13.6-0.8.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 3.13.6 and 4.9.2]: firefox3-cairo-1.2.4-0.8.1 mozilla-nspr-4.9.2-0.9.1 mozilla-nspr-devel-4.9.2-0.9.1 mozilla-nss-3.13.6-0.8.1 mozilla-nss-devel-3.13.6-0.8.1 mozilla-nss-tools-3.13.6-0.8.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 3.13.6 and 4.9.2]: firefox3-cairo-32bit-1.2.4-0.8.1 mozilla-nspr-32bit-4.9.2-0.9.1 mozilla-nss-32bit-3.13.6-0.8.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 7]: MozillaFirefox-10.0.7-0.5.1 MozillaFirefox-branding-SLED-7-0.8.31 MozillaFirefox-translations-10.0.7-0.5.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.13.6]: firefox3-cairo-devel-1.2.4-0.8.1 firefox3-cairo-doc-1.2.4-0.8.1 mozilla-nss-tools-3.13.6-0.8.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x): MozillaFirefox-branding-upstream-10.0.7-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-1956.html http://support.novell.com/security/cve/CVE-2012-1970.html http://support.novell.com/security/cve/CVE-2012-1971.html http://support.novell.com/security/cve/CVE-2012-1972.html http://support.novell.com/security/cve/CVE-2012-1973.html http://support.novell.com/security/cve/CVE-2012-1974.html http://support.novell.com/security/cve/CVE-2012-1975.html http://support.novell.com/security/cve/CVE-2012-1976.html http://support.novell.com/security/cve/CVE-2012-3956.html http://support.novell.com/security/cve/CVE-2012-3957.html http://support.novell.com/security/cve/CVE-2012-3958.html http://support.novell.com/security/cve/CVE-2012-3959.html http://support.novell.com/security/cve/CVE-2012-3960.html http://support.novell.com/security/cve/CVE-2012-3961.html http://support.novell.com/security/cve/CVE-2012-3962.html http://support.novell.com/security/cve/CVE-2012-3963.html http://support.novell.com/security/cve/CVE-2012-3964.html http://support.novell.com/security/cve/CVE-2012-3965.html http://support.novell.com/security/cve/CVE-2012-3966.html http://support.novell.com/security/cve/CVE-2012-3967.html http://support.novell.com/security/cve/CVE-2012-3968.html http://support.novell.com/security/cve/CVE-2012-3969.html http://support.novell.com/security/cve/CVE-2012-3970.html http://support.novell.com/security/cve/CVE-2012-3971.html http://support.novell.com/security/cve/CVE-2012-3972.html http://support.novell.com/security/cve/CVE-2012-3973.html http://support.novell.com/security/cve/CVE-2012-3974.html http://support.novell.com/security/cve/CVE-2012-3975.html http://support.novell.com/security/cve/CVE-2012-3976.html http://support.novell.com/security/cve/CVE-2012-3978.html http://support.novell.com/security/cve/CVE-2012-3979.html http://support.novell.com/security/cve/CVE-2012-3980.html https://bugzilla.novell.com/684069 https://bugzilla.novell.com/769762 https://bugzilla.novell.com/777588 http://download.novell.com/patch/finder/?keywords=3d961c9ba7250844680b248327a712ac From sle-security-updates at lists.suse.com Thu Sep 13 18:08:27 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Sep 2012 02:08:27 +0200 (CEST) Subject: SUSE-SU-2012:1156-2: important: Security update for PHP5 Message-ID: <20120914000827.EE17132260@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1156-2 Rating: important References: #775852 #778003 Cross-References: CVE-2011-1398 CVE-2011-4388 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes CVE-2011-1398 and CVE-2011-4388 (header injection via CR). This update also changes the default configuration to use FilesMatch with 'SetHandler' rather than 'AddHandler' to protect weakly written web applications from content confusion. Since this is a hardening measure, no CVE was assigned. Security Issue references: * CVE-2011-1398 * CVE-2011-4388 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-apache2-mod_php5-6777 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-apache2-mod_php5-6777 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-apache2-mod_php5-6777 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): php5-devel-5.2.14-0.7.30.46.1 php5-imap-5.2.14-0.7.30.46.1 php5-ncurses-5.2.14-0.7.30.46.1 php5-posix-5.2.14-0.7.30.46.1 php5-readline-5.2.14-0.7.30.46.1 php5-sockets-5.2.14-0.7.30.46.1 php5-sqlite-5.2.14-0.7.30.46.1 php5-tidy-5.2.14-0.7.30.46.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): apache2-mod_php5-5.2.14-0.7.30.46.1 php5-5.2.14-0.7.30.46.1 php5-bcmath-5.2.14-0.7.30.46.1 php5-bz2-5.2.14-0.7.30.46.1 php5-calendar-5.2.14-0.7.30.46.1 php5-ctype-5.2.14-0.7.30.46.1 php5-curl-5.2.14-0.7.30.46.1 php5-dba-5.2.14-0.7.30.46.1 php5-dbase-5.2.14-0.7.30.46.1 php5-dom-5.2.14-0.7.30.46.1 php5-exif-5.2.14-0.7.30.46.1 php5-fastcgi-5.2.14-0.7.30.46.1 php5-ftp-5.2.14-0.7.30.46.1 php5-gd-5.2.14-0.7.30.46.1 php5-gettext-5.2.14-0.7.30.46.1 php5-gmp-5.2.14-0.7.30.46.1 php5-hash-5.2.14-0.7.30.46.1 php5-iconv-5.2.14-0.7.30.46.1 php5-json-5.2.14-0.7.30.46.1 php5-ldap-5.2.14-0.7.30.46.1 php5-mbstring-5.2.14-0.7.30.46.1 php5-mcrypt-5.2.14-0.7.30.46.1 php5-mysql-5.2.14-0.7.30.46.1 php5-odbc-5.2.14-0.7.30.46.1 php5-openssl-5.2.14-0.7.30.46.1 php5-pcntl-5.2.14-0.7.30.46.1 php5-pdo-5.2.14-0.7.30.46.1 php5-pear-5.2.14-0.7.30.46.1 php5-pgsql-5.2.14-0.7.30.46.1 php5-pspell-5.2.14-0.7.30.46.1 php5-shmop-5.2.14-0.7.30.46.1 php5-snmp-5.2.14-0.7.30.46.1 php5-soap-5.2.14-0.7.30.46.1 php5-suhosin-5.2.14-0.7.30.46.1 php5-sysvmsg-5.2.14-0.7.30.46.1 php5-sysvsem-5.2.14-0.7.30.46.1 php5-sysvshm-5.2.14-0.7.30.46.1 php5-tokenizer-5.2.14-0.7.30.46.1 php5-wddx-5.2.14-0.7.30.46.1 php5-xmlreader-5.2.14-0.7.30.46.1 php5-xmlrpc-5.2.14-0.7.30.46.1 php5-xmlwriter-5.2.14-0.7.30.46.1 php5-xsl-5.2.14-0.7.30.46.1 php5-zip-5.2.14-0.7.30.46.1 php5-zlib-5.2.14-0.7.30.46.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): apache2-mod_php5-5.2.14-0.7.30.46.1 php5-5.2.14-0.7.30.46.1 php5-bcmath-5.2.14-0.7.30.46.1 php5-bz2-5.2.14-0.7.30.46.1 php5-calendar-5.2.14-0.7.30.46.1 php5-ctype-5.2.14-0.7.30.46.1 php5-curl-5.2.14-0.7.30.46.1 php5-dba-5.2.14-0.7.30.46.1 php5-dbase-5.2.14-0.7.30.46.1 php5-dom-5.2.14-0.7.30.46.1 php5-exif-5.2.14-0.7.30.46.1 php5-fastcgi-5.2.14-0.7.30.46.1 php5-ftp-5.2.14-0.7.30.46.1 php5-gd-5.2.14-0.7.30.46.1 php5-gettext-5.2.14-0.7.30.46.1 php5-gmp-5.2.14-0.7.30.46.1 php5-hash-5.2.14-0.7.30.46.1 php5-iconv-5.2.14-0.7.30.46.1 php5-json-5.2.14-0.7.30.46.1 php5-ldap-5.2.14-0.7.30.46.1 php5-mbstring-5.2.14-0.7.30.46.1 php5-mcrypt-5.2.14-0.7.30.46.1 php5-mysql-5.2.14-0.7.30.46.1 php5-odbc-5.2.14-0.7.30.46.1 php5-openssl-5.2.14-0.7.30.46.1 php5-pcntl-5.2.14-0.7.30.46.1 php5-pdo-5.2.14-0.7.30.46.1 php5-pear-5.2.14-0.7.30.46.1 php5-pgsql-5.2.14-0.7.30.46.1 php5-pspell-5.2.14-0.7.30.46.1 php5-shmop-5.2.14-0.7.30.46.1 php5-snmp-5.2.14-0.7.30.46.1 php5-soap-5.2.14-0.7.30.46.1 php5-suhosin-5.2.14-0.7.30.46.1 php5-sysvmsg-5.2.14-0.7.30.46.1 php5-sysvsem-5.2.14-0.7.30.46.1 php5-sysvshm-5.2.14-0.7.30.46.1 php5-tokenizer-5.2.14-0.7.30.46.1 php5-wddx-5.2.14-0.7.30.46.1 php5-xmlreader-5.2.14-0.7.30.46.1 php5-xmlrpc-5.2.14-0.7.30.46.1 php5-xmlwriter-5.2.14-0.7.30.46.1 php5-xsl-5.2.14-0.7.30.46.1 php5-zip-5.2.14-0.7.30.46.1 php5-zlib-5.2.14-0.7.30.46.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php5-5.2.14-0.7.30.46.1 php5-5.2.14-0.7.30.46.1 php5-bcmath-5.2.14-0.7.30.46.1 php5-bz2-5.2.14-0.7.30.46.1 php5-calendar-5.2.14-0.7.30.46.1 php5-ctype-5.2.14-0.7.30.46.1 php5-curl-5.2.14-0.7.30.46.1 php5-dba-5.2.14-0.7.30.46.1 php5-dbase-5.2.14-0.7.30.46.1 php5-dom-5.2.14-0.7.30.46.1 php5-exif-5.2.14-0.7.30.46.1 php5-fastcgi-5.2.14-0.7.30.46.1 php5-ftp-5.2.14-0.7.30.46.1 php5-gd-5.2.14-0.7.30.46.1 php5-gettext-5.2.14-0.7.30.46.1 php5-gmp-5.2.14-0.7.30.46.1 php5-hash-5.2.14-0.7.30.46.1 php5-iconv-5.2.14-0.7.30.46.1 php5-json-5.2.14-0.7.30.46.1 php5-ldap-5.2.14-0.7.30.46.1 php5-mbstring-5.2.14-0.7.30.46.1 php5-mcrypt-5.2.14-0.7.30.46.1 php5-mysql-5.2.14-0.7.30.46.1 php5-odbc-5.2.14-0.7.30.46.1 php5-openssl-5.2.14-0.7.30.46.1 php5-pcntl-5.2.14-0.7.30.46.1 php5-pdo-5.2.14-0.7.30.46.1 php5-pear-5.2.14-0.7.30.46.1 php5-pgsql-5.2.14-0.7.30.46.1 php5-pspell-5.2.14-0.7.30.46.1 php5-shmop-5.2.14-0.7.30.46.1 php5-snmp-5.2.14-0.7.30.46.1 php5-soap-5.2.14-0.7.30.46.1 php5-suhosin-5.2.14-0.7.30.46.1 php5-sysvmsg-5.2.14-0.7.30.46.1 php5-sysvsem-5.2.14-0.7.30.46.1 php5-sysvshm-5.2.14-0.7.30.46.1 php5-tokenizer-5.2.14-0.7.30.46.1 php5-wddx-5.2.14-0.7.30.46.1 php5-xmlreader-5.2.14-0.7.30.46.1 php5-xmlrpc-5.2.14-0.7.30.46.1 php5-xmlwriter-5.2.14-0.7.30.46.1 php5-xsl-5.2.14-0.7.30.46.1 php5-zip-5.2.14-0.7.30.46.1 php5-zlib-5.2.14-0.7.30.46.1 References: http://support.novell.com/security/cve/CVE-2011-1398.html http://support.novell.com/security/cve/CVE-2011-4388.html https://bugzilla.novell.com/775852 https://bugzilla.novell.com/778003 http://download.novell.com/patch/finder/?keywords=0759510e67ebbcbf558fe4298c9251a6 From sle-security-updates at lists.suse.com Thu Sep 13 18:08:31 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Sep 2012 02:08:31 +0200 (CEST) Subject: SUSE-SU-2012:1155-2: important: Security update for dbus-1 Message-ID: <20120914000831.B039432265@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1155-2 Rating: important References: #697105 #764047 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update fixes a vulnerability in the DBUS auto-launching feature that allowed local users to execute arbitrary programs as root. CVE-2012-3524 has been assigned to this issue. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-dbus-1-6750 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): dbus-1-1.2.10-3.25.2 dbus-1-x11-1.2.10-3.25.2 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64): dbus-1-32bit-1.2.10-3.25.2 References: https://bugzilla.novell.com/697105 https://bugzilla.novell.com/764047 http://download.novell.com/patch/finder/?keywords=31465364238b4fa9b84b97edb4ca39c4 From sle-security-updates at lists.suse.com Thu Sep 13 19:08:28 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Sep 2012 03:08:28 +0200 (CEST) Subject: SUSE-SU-2012:1168-1: moderate: Security update for wireshark Message-ID: <20120914010828.A9BAA32268@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1168-1 Rating: moderate References: #772738 #776083 Cross-References: CVE-2012-4048 CVE-2012-4049 CVE-2012-4285 CVE-2012-4288 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4296 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. It includes one version update. Description: wireshark was updated to 1.4.15 to fix multiple security issues. Issues fixed: * fix bnc#776038(CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4296, CVE-2012-4291, CVE-2012-4292, CVE-2012-4293, CVE-2012-4290), bnc#772738 (CVE-2012-4048, CVE-2012-4049)(fixed upstream) * Security fixes: o wnpa-sec-2012-13 The DCP ETSI dissector could trigger a zero division. Reported by Laurent Butti. (Bug 7566) o wnpa-sec-2012-15 The XTP dissector could go into an infinite loop. Reported by Ben Schmidt. (Bug 7571) o wnpa-sec-2012-17 The AFP dissector could go into a large loop. Reported by Stefan Cornelius. (Bug 7603) o wnpa-sec-2012-18 The RTPS2 dissector could overflow a buffer. Reported by Laurent Butti. (Bug 7568) o wnpa-sec-2012-20 The CIP dissector could exhaust system memory. Reported y Ben Schmidt. (Bug 7570) o wnpa-sec-2012-21 The STUN dissector could crash. Reported by Laurent Butti. (Bug 7569) o wnpa-sec-2012-22 The EtherCAT Mailbox dissector could abort. Reported by Laurent Butti. (Bug 7562) o wnpa-sec-2012-23 The CTDB dissector could go into a large loop. Reported by Ben Schmidt. (Bug 7573) * Bug fixes: o Wireshark crashes on opening very short NFS pcap file. (Bug 7498) * Updated Protocol Support o AFP, Bluetooth L2CAP, CIP, CTDB, DCP ETSI, EtherCAT Mailbox, FC Link Control LISP, NFS, RTPS2, SCTP, STUN, XTP Security Issue references: * CVE-2012-4048 * CVE-2012-4049 * CVE-2012-4285 * CVE-2012-4288 * CVE-2012-4289 * CVE-2012-4296 * CVE-2012-4291 * CVE-2012-4292 * CVE-2012-4293 * CVE-2012-4290CVE-2012-4048 * CVE-2012-4049 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-wireshark-6760 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-wireshark-6760 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-wireshark-6760 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-wireshark-6760 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.4.15]: wireshark-devel-1.4.15-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 1.4.15]: wireshark-1.4.15-0.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 1.4.15]: wireshark-1.4.15-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.4.15]: wireshark-1.4.15-0.2.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): wireshark-1.4.15-0.5.1 wireshark-devel-1.4.15-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.4.15]: wireshark-1.4.15-0.2.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): wireshark-1.4.15-0.5.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): wireshark-devel-1.4.15-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-4048.html http://support.novell.com/security/cve/CVE-2012-4049.html http://support.novell.com/security/cve/CVE-2012-4285.html http://support.novell.com/security/cve/CVE-2012-4288.html http://support.novell.com/security/cve/CVE-2012-4289.html http://support.novell.com/security/cve/CVE-2012-4290.html http://support.novell.com/security/cve/CVE-2012-4291.html http://support.novell.com/security/cve/CVE-2012-4292.html http://support.novell.com/security/cve/CVE-2012-4293.html http://support.novell.com/security/cve/CVE-2012-4296.html https://bugzilla.novell.com/772738 https://bugzilla.novell.com/776083 http://download.novell.com/patch/finder/?keywords=75d97363523ecd7bd6791dfb7f73ba84 http://download.novell.com/patch/finder/?keywords=8c97d5c98c64afe228e7a248367ecd19 From sle-security-updates at lists.suse.com Fri Sep 14 14:08:22 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Sep 2012 22:08:22 +0200 (CEST) Subject: SUSE-SU-2012:1177-1: important: Security update for IBM Java Message-ID: <20120914200822.ECEB232268@maintenance.suse.de> SUSE Security Update: Security update for IBM Java ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1177-1 Rating: important References: #666744 #778629 Cross-References: CVE-2012-1713 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Java 11 SP2 SUSE Linux Enterprise Java 10 SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: IBM Java 1.4.2 was updated to SR13 FP13 fixing bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ Also the following bug has been fixed: * fix bnc#666744: mark all configuration files as %config(noreplace) Security Issue references: * CVE-2012-1717 * CVE-2012-1713 * CVE-2012-1719 * CVE-2012-1718 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-java-1_4_2-ibm-6791 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-java-1_4_2-ibm-6791 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-java-1_4_2-ibm-6791 - SUSE Linux Enterprise Java 11 SP2: zypper in -t patch slejsp2-java-1_4_2-ibm-6791 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): java-1_4_2-ibm-devel-1.4.2_sr13.13-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): java-1_4_2-ibm-1.4.2_sr13.13-0.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): java-1_4_2-ibm-1.4.2_sr13.13-0.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.13-0.2.1 java-1_4_2-ibm-plugin-1.4.2_sr13.13-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.13-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.13-0.2.1 java-1_4_2-ibm-plugin-1.4.2_sr13.13-0.2.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.13-0.5.1 java-1_4_2-ibm-devel-1.4.2_sr13.13-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc): java-1_4_2-ibm-jdbc-1.4.2_sr13.13-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (i586): java-1_4_2-ibm-plugin-1.4.2_sr13.13-0.5.1 - SUSE Linux Enterprise Java 11 SP2 (i586 ppc64 s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.13-0.2.1 - SUSE Linux Enterprise Java 11 SP2 (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.13-0.2.1 java-1_4_2-ibm-plugin-1.4.2_sr13.13-0.2.1 - SUSE Linux Enterprise Java 10 SP4 (i586 ia64 ppc s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.13-0.5.1 java-1_4_2-ibm-devel-1.4.2_sr13.13-0.5.1 - SUSE Linux Enterprise Java 10 SP4 (i586 ppc): java-1_4_2-ibm-jdbc-1.4.2_sr13.13-0.5.1 - SUSE Linux Enterprise Java 10 SP4 (i586): java-1_4_2-ibm-plugin-1.4.2_sr13.13-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-1713.html http://support.novell.com/security/cve/CVE-2012-1717.html http://support.novell.com/security/cve/CVE-2012-1718.html http://support.novell.com/security/cve/CVE-2012-1719.html https://bugzilla.novell.com/666744 https://bugzilla.novell.com/778629 http://download.novell.com/patch/finder/?keywords=1178840a855fef3bb3fdb1b51b3e979e http://download.novell.com/patch/finder/?keywords=e7a13fdccafdcc81cd4c6d1340a24a02 From sle-security-updates at lists.suse.com Mon Sep 17 18:08:26 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Sep 2012 02:08:26 +0200 (CEST) Subject: SUSE-SU-2012:1199-1: critical: Security update for bind Message-ID: <20120918000826.CA7D73225C@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1199-1 Rating: critical References: #780157 Cross-References: CVE-2012-4244 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: The bind nameserver was updated to version 9.6-ESV-R7-P3 to fix a single security problem, where loading a zone file could have caused an assertion (abort) of the named service. (CVE-2012-4244) Security Issue reference: * CVE-2012-4244 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-bind-6830 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-bind-6830 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-bind-6830 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-bind-6829 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-bind-6830 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.6ESVR7P3]: bind-devel-9.6ESVR7P3-0.9.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64) [New Version: 9.6ESVR7P3]: bind-devel-32bit-9.6ESVR7P3-0.9.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 9.6ESVR7P3]: bind-9.6ESVR7P3-0.9.1 bind-chrootenv-9.6ESVR7P3-0.9.1 bind-doc-9.6ESVR7P3-0.9.1 bind-libs-9.6ESVR7P3-0.9.1 bind-utils-9.6ESVR7P3-0.9.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 9.6ESVR7P3]: bind-libs-32bit-9.6ESVR7P3-0.9.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.6ESVR7P3]: bind-9.6ESVR7P3-0.9.1 bind-chrootenv-9.6ESVR7P3-0.9.1 bind-doc-9.6ESVR7P3-0.9.1 bind-libs-9.6ESVR7P3-0.9.1 bind-utils-9.6ESVR7P3-0.9.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 9.6ESVR7P3]: bind-libs-32bit-9.6ESVR7P3-0.9.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 9.6ESVR7P3]: bind-libs-x86-9.6ESVR7P3-0.9.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 9.6ESVR7P3]: bind-9.6ESVR7P3-0.2.1 bind-chrootenv-9.6ESVR7P3-0.2.1 bind-doc-9.6ESVR7P3-0.2.1 bind-libs-9.6ESVR7P3-0.2.1 bind-utils-9.6ESVR7P3-0.2.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 9.6ESVR7P3]: bind-libs-32bit-9.6ESVR7P3-0.2.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 9.6ESVR7P3]: bind-9.6ESVR7P3-0.7.1 bind-chrootenv-9.6ESVR7P3-0.7.1 bind-devel-9.6ESVR7P3-0.7.1 bind-doc-9.6ESVR7P3-0.7.1 bind-libs-9.6ESVR7P3-0.7.1 bind-utils-9.6ESVR7P3-0.7.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 9.6ESVR7P3]: bind-libs-32bit-9.6ESVR7P3-0.7.1 - SUSE Linux Enterprise Server 10 SP4 (ia64) [New Version: 9.6ESVR7P3]: bind-libs-x86-9.6ESVR7P3-0.7.1 - SUSE Linux Enterprise Server 10 SP4 (ppc) [New Version: 9.6ESVR7P3]: bind-devel-64bit-9.6ESVR7P3-0.7.1 bind-libs-64bit-9.6ESVR7P3-0.7.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 9.6ESVR7P3]: bind-libs-9.6ESVR7P3-0.9.1 bind-utils-9.6ESVR7P3-0.9.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 9.6ESVR7P3]: bind-libs-32bit-9.6ESVR7P3-0.9.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 9.6ESVR7P3]: bind-libs-9.6ESVR7P3-0.7.1 bind-utils-9.6ESVR7P3-0.7.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 9.6ESVR7P3]: bind-libs-32bit-9.6ESVR7P3-0.7.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 9.6ESVR7P3]: bind-9.6ESVR7P3-0.7.1 bind-chrootenv-9.6ESVR7P3-0.7.1 bind-devel-9.6ESVR7P3-0.7.1 bind-doc-9.6ESVR7P3-0.7.1 - SLE SDK 10 SP4 (ppc) [New Version: 9.6ESVR7P3]: bind-devel-64bit-9.6ESVR7P3-0.7.1 References: http://support.novell.com/security/cve/CVE-2012-4244.html https://bugzilla.novell.com/780157 http://download.novell.com/patch/finder/?keywords=32ca5e50f79b64a5f382bb2f2821acc6 http://download.novell.com/patch/finder/?keywords=653f2615ead76ad071e80d02ed0eec68 http://download.novell.com/patch/finder/?keywords=bb3d26829ba24ee792a2ebab623e8edb From sle-security-updates at lists.suse.com Tue Sep 18 07:08:33 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Sep 2012 15:08:33 +0200 (CEST) Subject: SUSE-SU-2012:1202-1: important: Security update for kvm Message-ID: <20120918130833.A452832269@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1202-1 Rating: important References: #764526 #777084 Cross-References: CVE-2012-2652 CVE-2012-3515 Affected Products: SUSE Studio Extension for System z 1.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The kvm qemu vt100 emulation was affected by a problem where specific vt100 sequences could have been used by guest users to affect the host. (CVE-2012-3515 aka XSA-17). Also a temp file race has been fixed. (CVE-2012-2652) Security Issue references: * CVE-2012-3515 * CVE-2012-2652 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Extension for System z 1.2: zypper in -t patch slestso12-kvm-6757 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Extension for System z 1.2 (s390x): kvm-0.12.5-1.24.1 References: http://support.novell.com/security/cve/CVE-2012-2652.html http://support.novell.com/security/cve/CVE-2012-3515.html https://bugzilla.novell.com/764526 https://bugzilla.novell.com/777084 http://download.novell.com/patch/finder/?keywords=6b43defa8e26ed8a89d3eb005dcc2e9d From sle-security-updates at lists.suse.com Tue Sep 18 07:08:35 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Sep 2012 15:08:35 +0200 (CEST) Subject: SUSE-SU-2012:1149-2: important: Security update for compat-openssl097g Message-ID: <20120918130835.4590B32269@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl097g ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1149-2 Rating: important References: #758060 Cross-References: CVE-2012-2110 Affected Products: SUSE Linux Enterprise for SAP Applications 11 SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This compat-openssl097g rollup update contains various security fixes: * CVE-2012-2131,CVE-2012-2110: incorrect integer conversions in OpenSSL can result in memory corruption during buffer management operations. Security Issue reference: * CVE-2012-2110 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise for SAP Applications 11 SP1: zypper in -t patch slesapp1-compat-openssl097g-6759 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise for SAP Applications 11 SP1 (x86_64): compat-openssl097g-0.9.7g-146.22.1 compat-openssl097g-32bit-0.9.7g-146.22.1 References: http://support.novell.com/security/cve/CVE-2012-2110.html https://bugzilla.novell.com/758060 http://download.novell.com/patch/finder/?keywords=63d3bb985d9697c7284e64028ed49208 From sle-security-updates at lists.suse.com Tue Sep 18 07:08:36 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Sep 2012 15:08:36 +0200 (CEST) Subject: SUSE-SU-2012:1203-1: important: Security update for qemu Message-ID: <20120918130836.D97C432269@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1203-1 Rating: important References: #777084 Cross-References: CVE-2012-3515 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Point of Service 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The qemu vt100 emulation is affected by a problem where specific vt100 sequences could have been used by guest users to affect the host. (CVE-2012-3515 aka XSA-17). Security Issue references: * CVE-2012-3515 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-qemu-6765 - SUSE Linux Enterprise Point of Service 11 SP2: zypper in -t patch sleposp2-qemu-6765 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): qemu-0.10.1-0.5.7.1 - SUSE Linux Enterprise Point of Service 11 SP2 (i586 x86_64): qemu-0.10.1-0.5.7.1 References: http://support.novell.com/security/cve/CVE-2012-3515.html https://bugzilla.novell.com/777084 http://download.novell.com/patch/finder/?keywords=45d591cd12cb693b0321ffa2839e5a66 From sle-security-updates at lists.suse.com Tue Sep 18 07:08:38 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Sep 2012 15:08:38 +0200 (CEST) Subject: SUSE-SU-2012:1204-1: important: Security update for IBM Java Message-ID: <20120918130838.7E48232269@maintenance.suse.de> SUSE Security Update: Security update for IBM Java ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1204-1 Rating: important References: #666744 #771808 #773021 #778629 Cross-References: CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1725 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Java 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: IBM Java 1.5.0 was updated to SR14 fixing bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ Also three bugs have been fixed: * fix bnc#771808: create symlink /usr/bin/javaws properly * fix bnc#666744: mark all configuration files as %config(noreplace) * fix bnc#773021: add code removing fonts symlink to baselibs.conf Security Issue references: * CVE-2012-1717 * CVE-2012-1716 * CVE-2012-1713 * CVE-2012-1719 * CVE-2012-1718 * CVE-2012-1725 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ppc s390x x86_64): java-1_5_0-ibm-1.5.0_sr14.0-0.9.1 java-1_5_0-ibm-devel-1.5.0_sr14.0-0.9.1 java-1_5_0-ibm-fonts-1.5.0_sr14.0-0.9.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): java-1_5_0-ibm-32bit-1.5.0_sr14.0-0.9.1 java-1_5_0-ibm-devel-32bit-1.5.0_sr14.0-0.9.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc): java-1_5_0-ibm-jdbc-1.5.0_sr14.0-0.9.1 java-1_5_0-ibm-plugin-1.5.0_sr14.0-0.9.1 - SUSE Linux Enterprise Server 10 SP4 (x86_64): java-1_5_0-ibm-alsa-32bit-1.5.0_sr14.0-0.9.1 - SUSE Linux Enterprise Server 10 SP4 (i586): java-1_5_0-ibm-alsa-1.5.0_sr14.0-0.9.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): java-1_5_0-ibm-64bit-1.5.0_sr14.0-0.9.1 - SUSE Linux Enterprise Java 10 SP4 (i586 ppc s390x x86_64): java-1_5_0-ibm-1.5.0_sr14.0-0.9.1 java-1_5_0-ibm-devel-1.5.0_sr14.0-0.9.1 java-1_5_0-ibm-fonts-1.5.0_sr14.0-0.9.1 - SUSE Linux Enterprise Java 10 SP4 (ppc): java-1_5_0-ibm-jdbc-1.5.0_sr14.0-0.9.1 java-1_5_0-ibm-plugin-1.5.0_sr14.0-0.9.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): java-1_5_0-ibm-1.5.0_sr14.0-0.9.1 java-1_5_0-ibm-demo-1.5.0_sr14.0-0.9.1 java-1_5_0-ibm-devel-1.5.0_sr14.0-0.9.1 java-1_5_0-ibm-fonts-1.5.0_sr14.0-0.9.1 java-1_5_0-ibm-src-1.5.0_sr14.0-0.9.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): java-1_5_0-ibm-32bit-1.5.0_sr14.0-0.9.1 java-1_5_0-ibm-alsa-32bit-1.5.0_sr14.0-0.9.1 java-1_5_0-ibm-devel-32bit-1.5.0_sr14.0-0.9.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586): java-1_5_0-ibm-alsa-1.5.0_sr14.0-0.9.1 java-1_5_0-ibm-jdbc-1.5.0_sr14.0-0.9.1 java-1_5_0-ibm-plugin-1.5.0_sr14.0-0.9.1 References: http://support.novell.com/security/cve/CVE-2012-1713.html http://support.novell.com/security/cve/CVE-2012-1716.html http://support.novell.com/security/cve/CVE-2012-1717.html http://support.novell.com/security/cve/CVE-2012-1718.html http://support.novell.com/security/cve/CVE-2012-1719.html http://support.novell.com/security/cve/CVE-2012-1725.html https://bugzilla.novell.com/666744 https://bugzilla.novell.com/771808 https://bugzilla.novell.com/773021 https://bugzilla.novell.com/778629 http://download.novell.com/patch/finder/?keywords=458527f9aa3426cff56a9eb352661d4a From sle-security-updates at lists.suse.com Tue Sep 18 07:08:40 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Sep 2012 15:08:40 +0200 (CEST) Subject: SUSE-SU-2012:1205-1: important: Security update for kvm Message-ID: <20120918130840.1898C32269@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1205-1 Rating: important References: #770153 #772586 #777084 Cross-References: CVE-2012-3515 Affected Products: SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: The kvm qemu vt100 emulation was affected by a problem where specific vt100 sequences could have been used by guest users to affect the host. (CVE-2012-3515 aka XSA-17). Also the following non security bugs have been fixed: * permit qemu-kvm -device "?" even when no /dev/kvm (bnc#772586) * SLES11SP2 KVM Virtio: on kvm guest, scsi inquiry was still ok on the disabled subpaths. (bnc#770153) Security Issue reference: * CVE-2012-3515 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kvm-6755 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kvm-6755 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): kvm-0.15.1-0.23.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): kvm-0.15.1-0.23.1 References: http://support.novell.com/security/cve/CVE-2012-3515.html https://bugzilla.novell.com/770153 https://bugzilla.novell.com/772586 https://bugzilla.novell.com/777084 http://download.novell.com/patch/finder/?keywords=b915637aa6799bbb7d5d889b2accf22e From sle-security-updates at lists.suse.com Tue Sep 18 07:08:41 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Sep 2012 15:08:41 +0200 (CEST) Subject: SUSE-SU-2012:1206-1: moderate: Security update for openstack-keystone Message-ID: <20120918130841.8EEC932268@maintenance.suse.de> SUSE Security Update: Security update for openstack-keystone ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1206-1 Rating: moderate References: #779477 Cross-References: CVE-2012-4413 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The openstack Keystone component was updated to fix a security issue: * CVE-2012-4413: Fix that revoking of roles also invalidates already existing tokens. Security Issue reference: * CVE-2012-4413 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-openstack-keystone-6818 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (x86_64): openstack-keystone-2012.1+git.1345702665.a16a0ab-0.7.1 openstack-keystone-doc-2012.1+git.1345702665.a16a0ab-0.7.1 python-keystone-2012.1+git.1345702665.a16a0ab-0.7.1 References: http://support.novell.com/security/cve/CVE-2012-4413.html https://bugzilla.novell.com/779477 http://download.novell.com/patch/finder/?keywords=f7161c1467d10d3c4387b35fe8376f46 From sle-security-updates at lists.suse.com Tue Sep 18 13:08:25 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Sep 2012 21:08:25 +0200 (CEST) Subject: SUSE-SU-2012:1210-1: important: Security update for PHP5 Message-ID: <20120918190825.A288532260@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1210-1 Rating: important References: #778003 Affected Products: SUSE Linux Enterprise Server 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update fixes header code injection issues in PHP5 (CVE-2011-1398 and CVE-2011-4388). Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): apache2-mod_php5-5.2.14-0.40.1 php5-5.2.14-0.40.1 php5-bcmath-5.2.14-0.40.1 php5-bz2-5.2.14-0.40.1 php5-calendar-5.2.14-0.40.1 php5-ctype-5.2.14-0.40.1 php5-curl-5.2.14-0.40.1 php5-dba-5.2.14-0.40.1 php5-dbase-5.2.14-0.40.1 php5-devel-5.2.14-0.40.1 php5-dom-5.2.14-0.40.1 php5-exif-5.2.14-0.40.1 php5-fastcgi-5.2.14-0.40.1 php5-ftp-5.2.14-0.40.1 php5-gd-5.2.14-0.40.1 php5-gettext-5.2.14-0.40.1 php5-gmp-5.2.14-0.40.1 php5-hash-5.2.14-0.40.1 php5-iconv-5.2.14-0.40.1 php5-imap-5.2.14-0.40.1 php5-json-5.2.14-0.40.1 php5-ldap-5.2.14-0.40.1 php5-mbstring-5.2.14-0.40.1 php5-mcrypt-5.2.14-0.40.1 php5-mhash-5.2.14-0.40.1 php5-mysql-5.2.14-0.40.1 php5-ncurses-5.2.14-0.40.1 php5-odbc-5.2.14-0.40.1 php5-openssl-5.2.14-0.40.1 php5-pcntl-5.2.14-0.40.1 php5-pdo-5.2.14-0.40.1 php5-pear-5.2.14-0.40.1 php5-pgsql-5.2.14-0.40.1 php5-posix-5.2.14-0.40.1 php5-pspell-5.2.14-0.40.1 php5-shmop-5.2.14-0.40.1 php5-snmp-5.2.14-0.40.1 php5-soap-5.2.14-0.40.1 php5-sockets-5.2.14-0.40.1 php5-sqlite-5.2.14-0.40.1 php5-suhosin-5.2.14-0.40.1 php5-sysvmsg-5.2.14-0.40.1 php5-sysvsem-5.2.14-0.40.1 php5-sysvshm-5.2.14-0.40.1 php5-tokenizer-5.2.14-0.40.1 php5-wddx-5.2.14-0.40.1 php5-xmlreader-5.2.14-0.40.1 php5-xmlrpc-5.2.14-0.40.1 php5-xsl-5.2.14-0.40.1 php5-zlib-5.2.14-0.40.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): apache2-mod_php5-5.2.14-0.40.1 php5-5.2.14-0.40.1 php5-bcmath-5.2.14-0.40.1 php5-bz2-5.2.14-0.40.1 php5-calendar-5.2.14-0.40.1 php5-ctype-5.2.14-0.40.1 php5-curl-5.2.14-0.40.1 php5-dba-5.2.14-0.40.1 php5-dbase-5.2.14-0.40.1 php5-devel-5.2.14-0.40.1 php5-dom-5.2.14-0.40.1 php5-exif-5.2.14-0.40.1 php5-fastcgi-5.2.14-0.40.1 php5-ftp-5.2.14-0.40.1 php5-gd-5.2.14-0.40.1 php5-gettext-5.2.14-0.40.1 php5-gmp-5.2.14-0.40.1 php5-hash-5.2.14-0.40.1 php5-iconv-5.2.14-0.40.1 php5-imap-5.2.14-0.40.1 php5-ldap-5.2.14-0.40.1 php5-mbstring-5.2.14-0.40.1 php5-mcrypt-5.2.14-0.40.1 php5-mhash-5.2.14-0.40.1 php5-mysql-5.2.14-0.40.1 php5-ncurses-5.2.14-0.40.1 php5-odbc-5.2.14-0.40.1 php5-openssl-5.2.14-0.40.1 php5-pcntl-5.2.14-0.40.1 php5-pdo-5.2.14-0.40.1 php5-pear-5.2.14-0.40.1 php5-pgsql-5.2.14-0.40.1 php5-posix-5.2.14-0.40.1 php5-pspell-5.2.14-0.40.1 php5-shmop-5.2.14-0.40.1 php5-snmp-5.2.14-0.40.1 php5-soap-5.2.14-0.40.1 php5-sockets-5.2.14-0.40.1 php5-sqlite-5.2.14-0.40.1 php5-suhosin-5.2.14-0.40.1 php5-sysvmsg-5.2.14-0.40.1 php5-sysvsem-5.2.14-0.40.1 php5-sysvshm-5.2.14-0.40.1 php5-tidy-5.2.14-0.40.1 php5-tokenizer-5.2.14-0.40.1 php5-wddx-5.2.14-0.40.1 php5-xmlreader-5.2.14-0.40.1 php5-xmlrpc-5.2.14-0.40.1 php5-xsl-5.2.14-0.40.1 php5-zlib-5.2.14-0.40.1 References: https://bugzilla.novell.com/778003 http://download.novell.com/patch/finder/?keywords=fc148b307277a068b432ffd08c765241 From sle-security-updates at lists.suse.com Wed Sep 19 15:08:32 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Sep 2012 23:08:32 +0200 (CEST) Subject: SUSE-SU-2012:1222-1: important: Security update for ghostscript Message-ID: <20120919210832.274AB32269@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1222-1 Rating: important References: #779700 Cross-References: CVE-2012-4405 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes an array index error leading to a heap-based buffer overflow in ghostscript-library. CVE-2012-4405 has been assigned to this issue. Security Issue reference: * CVE-2012-4405 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-ghostscript-devel-6813 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-ghostscript-devel-6813 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-ghostscript-devel-6813 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-ghostscript-devel-6813 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): ghostscript-devel-8.62-32.34.1 ghostscript-ijs-devel-8.62-32.34.1 libgimpprint-devel-4.2.7-32.34.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ghostscript-fonts-other-8.62-32.34.1 ghostscript-fonts-rus-8.62-32.34.1 ghostscript-fonts-std-8.62-32.34.1 ghostscript-library-8.62-32.34.1 ghostscript-omni-8.62-32.34.1 ghostscript-x11-8.62-32.34.1 libgimpprint-4.2.7-32.34.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ghostscript-fonts-other-8.62-32.34.1 ghostscript-fonts-rus-8.62-32.34.1 ghostscript-fonts-std-8.62-32.34.1 ghostscript-library-8.62-32.34.1 ghostscript-omni-8.62-32.34.1 ghostscript-x11-8.62-32.34.1 libgimpprint-4.2.7-32.34.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): ghostscript-fonts-other-8.15.4-16.28.1 ghostscript-fonts-rus-8.15.4-16.28.1 ghostscript-fonts-std-8.15.4-16.28.1 ghostscript-library-8.15.4-16.28.1 ghostscript-omni-8.15.4-16.28.1 ghostscript-x11-8.15.4-16.28.1 libgimpprint-4.2.7-62.28.1 libgimpprint-devel-4.2.7-62.28.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): ghostscript-fonts-other-8.62-32.34.1 ghostscript-fonts-rus-8.62-32.34.1 ghostscript-fonts-std-8.62-32.34.1 ghostscript-library-8.62-32.34.1 ghostscript-omni-8.62-32.34.1 ghostscript-x11-8.62-32.34.1 libgimpprint-4.2.7-32.34.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): ghostscript-fonts-other-8.15.4-16.28.1 ghostscript-fonts-std-8.15.4-16.28.1 ghostscript-library-8.15.4-16.28.1 ghostscript-x11-8.15.4-16.28.1 libgimpprint-4.2.7-62.28.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): ghostscript-fonts-rus-8.15.4-16.28.1 ghostscript-omni-8.15.4-16.28.1 libgimpprint-devel-4.2.7-62.28.1 References: http://support.novell.com/security/cve/CVE-2012-4405.html https://bugzilla.novell.com/779700 http://download.novell.com/patch/finder/?keywords=16655a319f6c06a08b5e85f00894fcfd http://download.novell.com/patch/finder/?keywords=1dee9fbca1f306bbda3c4a660608088a From sle-security-updates at lists.suse.com Mon Sep 24 16:09:02 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 25 Sep 2012 00:09:02 +0200 (CEST) Subject: SUSE-SU-2012:1231-1: important: Security update for IBM Java Message-ID: <20120924220902.B761E32265@maintenance.suse.de> SUSE Security Update: Security update for IBM Java ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1231-1 Rating: important References: #780897 Cross-References: CVE-2012-0547 CVE-2012-0551 CVE-2012-1682 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1721 CVE-2012-1722 CVE-2012-1725 CVE-2012-1726 CVE-2012-3136 CVE-2012-4681 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Java 11 SP2 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: IBM Java 1.7.0 was updated to SR2 which fixes critical security issues. Security Issue references: * CVE-2012-4681 * CVE-2012-1682 * CVE-2012-3136 * CVE-2012-0547 * CVE-2012-0551 * CVE-2012-1717 * CVE-2012-1716 * CVE-2012-1713 * CVE-2012-1719 * CVE-2012-1718 * CVE-2012-1722 * CVE-2012-1721 * CVE-2012-1725 * CVE-2012-1726 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-java-1_7_0-ibm-6839 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-java-1_7_0-ibm-6839 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-java-1_7_0-ibm-6839 - SUSE Linux Enterprise Java 11 SP2: zypper in -t patch slejsp2-java-1_7_0-ibm-6839 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-devel-1.7.0_sr2.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): java-1_7_0-ibm-1.7.0_sr2.0-0.5.1 java-1_7_0-ibm-jdbc-1.7.0_sr2.0-0.5.1 java-1_7_0-ibm-plugin-1.7.0_sr2.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586): java-1_7_0-ibm-alsa-1.7.0_sr2.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr2.0-0.5.1 java-1_7_0-ibm-jdbc-1.7.0_sr2.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): java-1_7_0-ibm-plugin-1.7.0_sr2.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586): java-1_7_0-ibm-alsa-1.7.0_sr2.0-0.5.1 - SUSE Linux Enterprise Java 11 SP2 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr2.0-0.5.1 java-1_7_0-ibm-devel-1.7.0_sr2.0-0.5.1 java-1_7_0-ibm-jdbc-1.7.0_sr2.0-0.5.1 - SUSE Linux Enterprise Java 11 SP2 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr2.0-0.5.1 java-1_7_0-ibm-plugin-1.7.0_sr2.0-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-0547.html http://support.novell.com/security/cve/CVE-2012-0551.html http://support.novell.com/security/cve/CVE-2012-1682.html http://support.novell.com/security/cve/CVE-2012-1713.html http://support.novell.com/security/cve/CVE-2012-1716.html http://support.novell.com/security/cve/CVE-2012-1717.html http://support.novell.com/security/cve/CVE-2012-1718.html http://support.novell.com/security/cve/CVE-2012-1719.html http://support.novell.com/security/cve/CVE-2012-1721.html http://support.novell.com/security/cve/CVE-2012-1722.html http://support.novell.com/security/cve/CVE-2012-1725.html http://support.novell.com/security/cve/CVE-2012-1726.html http://support.novell.com/security/cve/CVE-2012-3136.html http://support.novell.com/security/cve/CVE-2012-4681.html https://bugzilla.novell.com/780897 http://download.novell.com/patch/finder/?keywords=aedfce1f6badae90c6426f24723192e1 From sle-security-updates at lists.suse.com Tue Sep 25 14:08:30 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 25 Sep 2012 22:08:30 +0200 (CEST) Subject: SUSE-SU-2012:1244-1: moderate: Security update for jabberd Message-ID: <20120925200830.207B932265@maintenance.suse.de> SUSE Security Update: Security update for jabberd ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1244-1 Rating: moderate References: #777253 #777483 Cross-References: CVE-2012-3525 Affected Products: SUSE Manager Proxy 1.7 for SLE 11 SP2 SUSE Manager Proxy 1.2 for SLE 11 SP1 SUSE Manager 1.7 for SLE 11 SP2 SUSE Manager 1.2 for SLE 11 SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update fixes the possibility of unsolicited XMPP Dialback attacks. CVE-2012-3525 has been assigned to this issue. Security Issue reference: * CVE-2012-3525 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 1.7 for SLE 11 SP2: zypper in -t patch slemap17sp2-jabberd-6803 - SUSE Manager Proxy 1.2 for SLE 11 SP1: zypper in -t patch slemap12sp1-jabberd-6797 - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-jabberd-6803 - SUSE Manager 1.2 for SLE 11 SP1: zypper in -t patch sleman12sp1-jabberd-6797 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 1.7 for SLE 11 SP2 (x86_64): jabberd-2.2.11-0.10.1 jabberd-db-2.2.11-0.10.1 - SUSE Manager Proxy 1.2 for SLE 11 SP1 (x86_64): jabberd-2.2.11-0.10.1 jabberd-db-2.2.11-0.10.1 - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): jabberd-2.2.11-0.10.1 jabberd-db-2.2.11-0.10.1 - SUSE Manager 1.2 for SLE 11 SP1 (x86_64): jabberd-2.2.11-0.10.1 jabberd-db-2.2.11-0.10.1 References: http://support.novell.com/security/cve/CVE-2012-3525.html https://bugzilla.novell.com/777253 https://bugzilla.novell.com/777483 http://download.novell.com/patch/finder/?keywords=42e4ae23f21cf28f30db562583e0098c http://download.novell.com/patch/finder/?keywords=fbec18a2dcd82c968399264eb58547bb From sle-security-updates at lists.suse.com Fri Sep 28 04:08:31 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Sep 2012 12:08:31 +0200 (CEST) Subject: SUSE-SU-2012:1264-1: important: Security update for IBM Java Message-ID: <20120928100831.7372D32260@maintenance.suse.de> SUSE Security Update: Security update for IBM Java ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1264-1 Rating: important References: #666744 #771808 #773021 #778629 Affected Products: SUSE Linux Enterprise Java 11 SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: IBM Java 1.5.0 was updated to SR11 which fixes bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ Also three bugs have been fixed: * fix bnc#771808: create symlink /usr/bin/javaws properly * fix bnc#666744: mark all configuration files as %config(noreplace) * fix bnc#773021: add code removing fonts symlink to baselibs.conf Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Java 11 SP1: zypper in -t patch slejsp1-java-1_6_0-ibm-6792 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Java 11 SP1 (x86_64): java-1_6_0-ibm-1.6.0_sr11.0-0.3.1 java-1_6_0-ibm-devel-1.6.0_sr11.0-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr11.0-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr11.0-0.3.1 java-1_6_0-ibm-plugin-1.6.0_sr11.0-0.3.1 References: https://bugzilla.novell.com/666744 https://bugzilla.novell.com/771808 https://bugzilla.novell.com/773021 https://bugzilla.novell.com/778629 http://download.novell.com/patch/finder/?keywords=1a64b31e8705db74af1e182bf67ab075 From sle-security-updates at lists.suse.com Fri Sep 28 07:08:32 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Sep 2012 15:08:32 +0200 (CEST) Subject: SUSE-SU-2012:1265-1: important: Security update for IBM Java Message-ID: <20120928130832.8118E3226B@maintenance.suse.de> SUSE Security Update: Security update for IBM Java ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1265-1 Rating: important References: #666744 #771808 #773021 #778629 Cross-References: CVE-2012-0551 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1721 CVE-2012-1722 CVE-2012-1725 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Java 11 SP2 SUSE Linux Enterprise Java 10 SP4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: IBM Java 1.5.0 was updated to SR11 which fixes bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ Also three bugs have been fixed: * fix bnc#771808: create symlink /usr/bin/javaws properly * fix bnc#666744: mark all configuration files as %config(noreplace) * fix bnc#773021: add code removing fonts symlink to baselibs.conf Security Issue references: * CVE-2012-0551 * CVE-2012-1717 * CVE-2012-1716 * CVE-2012-1713 * CVE-2012-1719 * CVE-2012-1718 * CVE-2012-1722 * CVE-2012-1721 * CVE-2012-1725 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-java-1_6_0-ibm-6793 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-java-1_6_0-ibm-6793 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-java-1_6_0-ibm-6793 - SUSE Linux Enterprise Java 11 SP2: zypper in -t patch slejsp2-java-1_6_0-ibm-6793 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-devel-1.6.0_sr11.0-0.3.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): java-1_6_0-ibm-1.6.0_sr11.0-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr11.0-0.3.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): java-1_6_0-ibm-1.6.0_sr11.0-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr11.0-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr11.0-0.3.1 java-1_6_0-ibm-plugin-1.6.0_sr11.0-0.3.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586): java-1_6_0-ibm-alsa-1.6.0_sr11.0-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr11.0-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr11.0-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr11.0-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr11.0-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586): java-1_6_0-ibm-alsa-1.6.0_sr11.0-0.3.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc s390x x86_64): java-1_6_0-ibm-1.6.0_sr11.0-0.12.1 java-1_6_0-ibm-devel-1.6.0_sr11.0-0.12.1 java-1_6_0-ibm-fonts-1.6.0_sr11.0-0.12.1 java-1_6_0-ibm-jdbc-1.6.0_sr11.0-0.12.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64): java-1_6_0-ibm-plugin-1.6.0_sr11.0-0.12.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): java-1_6_0-ibm-32bit-1.6.0_sr11.0-0.12.1 java-1_6_0-ibm-devel-32bit-1.6.0_sr11.0-0.12.1 - SUSE Linux Enterprise Server 10 SP4 (x86_64): java-1_6_0-ibm-alsa-32bit-1.6.0_sr11.0-0.12.1 java-1_6_0-ibm-plugin-32bit-1.6.0_sr11.0-0.12.1 - SUSE Linux Enterprise Server 10 SP4 (i586): java-1_6_0-ibm-alsa-1.6.0_sr11.0-0.12.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): java-1_6_0-ibm-64bit-1.6.0_sr11.0-0.12.1 - SUSE Linux Enterprise Java 11 SP2 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr11.0-0.3.1 java-1_6_0-ibm-devel-1.6.0_sr11.0-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr11.0-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr11.0-0.3.1 - SUSE Linux Enterprise Java 11 SP2 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr11.0-0.3.1 - SUSE Linux Enterprise Java 11 SP2 (i586): java-1_6_0-ibm-alsa-1.6.0_sr11.0-0.3.1 - SUSE Linux Enterprise Java 10 SP4 (x86_64): java-1_6_0-ibm-1.6.0_sr11.0-0.12.1 java-1_6_0-ibm-devel-1.6.0_sr11.0-0.12.1 java-1_6_0-ibm-fonts-1.6.0_sr11.0-0.12.1 java-1_6_0-ibm-jdbc-1.6.0_sr11.0-0.12.1 java-1_6_0-ibm-plugin-1.6.0_sr11.0-0.12.1 References: http://support.novell.com/security/cve/CVE-2012-0551.html http://support.novell.com/security/cve/CVE-2012-1713.html http://support.novell.com/security/cve/CVE-2012-1716.html http://support.novell.com/security/cve/CVE-2012-1717.html http://support.novell.com/security/cve/CVE-2012-1718.html http://support.novell.com/security/cve/CVE-2012-1719.html http://support.novell.com/security/cve/CVE-2012-1721.html http://support.novell.com/security/cve/CVE-2012-1722.html http://support.novell.com/security/cve/CVE-2012-1725.html https://bugzilla.novell.com/666744 https://bugzilla.novell.com/771808 https://bugzilla.novell.com/773021 https://bugzilla.novell.com/778629 http://download.novell.com/patch/finder/?keywords=4fb1277536cb653f8dc14a0bfc04f1ed http://download.novell.com/patch/finder/?keywords=6c5cd876c149103233c3763ab3c16263 From sle-security-updates at lists.suse.com Fri Sep 28 11:08:55 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Sep 2012 19:08:55 +0200 (CEST) Subject: SUSE-SU-2012:1177-2: important: Security update for IBM Java Message-ID: <20120928170855.35FE032266@maintenance.suse.de> SUSE Security Update: Security update for IBM Java ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1177-2 Rating: important References: #666744 #778629 Cross-References: CVE-2012-1713 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 Affected Products: SUSE Linux Enterprise Java 11 SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: IBM Java 1.4.2 was updated to SR13-FP13 fixing bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ Also one bug has been fixed: * fix bnc#771808: create symlink /usr/bin/javaws properly Security Issue reference: * CVE-2012-1717 * CVE-2012-1713 * CVE-2012-1719 * CVE-2012-1718 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Java 11 SP1: zypper in -t patch slejsp1-java-1_4_2-ibm-6790 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Java 11 SP1 (i586 ia64 ppc64 s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.13-0.2.1 - SUSE Linux Enterprise Java 11 SP1 (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.13-0.2.1 java-1_4_2-ibm-plugin-1.4.2_sr13.13-0.2.1 References: http://support.novell.com/security/cve/CVE-2012-1713.html http://support.novell.com/security/cve/CVE-2012-1717.html http://support.novell.com/security/cve/CVE-2012-1718.html http://support.novell.com/security/cve/CVE-2012-1719.html https://bugzilla.novell.com/666744 https://bugzilla.novell.com/778629 http://download.novell.com/patch/finder/?keywords=88f0abae38503a32feb6c129bda878db