Marcus Updateinfo to OVAL Converter 5.5 2013-08-14T17:14:44 openSUSE 12.1 Update Empty. openSUSE 12.1 Update A denial of service attack (NULL ptr dereference) in claws mail was fixed. openSUSE 12.1 Update This version upgrade to 1.11.5 fixed various security and non-security issues. openSUSE 12.1 Update This update fixes a remotely exploitable overflow in DKIM handling. openSUSE 12.1 - Update to version 0.1.15: + This release fixes an important security bug: CVE-2011-4349. + New Features: - Add a native driver for the Hughski ColorHug hardware - Export cd-math as three projects are now using it + Bugfixes: - Documentation fixes and improvements - Do not crash the daemon if adding the device to the db failed - Do not match any sensor device with a kernel driver - Don't be obscure when the user passes a device-id to colormgr - Fix a memory leak when getting properties from a device - Fix colormgr device-get-default-profile - Fix some conection bugs in colormgr - Fix some potential SQL injections - Make gusb optional - Only use the udev USB helper if the PID and VID have matches - Output the Huey calibration matrices when dumping the sensor - Changes from version 0.1.14: + New Features: - Add defines for the i1 Display 3 - Add two more DATA_source values to the specification - Align the output from colormgr get-devices and get-profiles - Allow cd-fix-profile to append and edit new metadata + Bugfixes: - Ensure non-native device are added with no driver module - Split the sensor and device udev code + Updated translations. - Run the colord daemon as user colord: + Add colord-polkit-annotate-owner.patch: add org.freedesktop.policykit.owner annotations to policy file so that running as colord user works. + Add a %pre script to create the colord user. + Add pwdutils Requires(pre), to make sure we can create the user. + Pass --with-daemon-user=colord to configure. + Package /var/lib/colord with the right user. + Add calls to autoreconf and intltoolize, as needed by above patch. openSUSE 12.1 Update Specially-crafted commits could trigger a heap-based buffer overflow openSUSE 12.1 Update Mozilla Firefox, Thunderbird and XULRunner were updated to 16.0.2. Mozilla Seamonkey was updated to 2.13.2. Tracker bug: bnc#786522 A security issues was fixed: * MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196 (bmo#800666, bmo#793121, bmo#802557) Fixes for Location object issues The update also brings back Obsoletes for libproxy's mozjs plugin for distributions before 12.2 to avoid crashes openSUSE 12.1 Update Specially-crafted commits can cause code to be executed on the clients due to improperly quoted arguments. openSUSE 12.1 - bnc#732323 (pretty bug number!) - CVE-2011-4345 XSS flaw for IE6/7 in japanese locale openSUSE 12.1 Update This update of ruby fixed multiple SAFE level bypass flaws. openSUSE 12.1 Update Some potential mcrypt buffer overflows in the commandline tool were fixed, which could lead to early aborts of mcrypt. Due to FORTIFY_SOURCE catching such cases, it would have only aborted mcrypt with a buffer overflow backtrace. openSUSE 12.1 - fix KDC null pointer dereference in TGS handling (MITKRB5-SA-2011-007, bnc#730393) CVE-2011-1530 - fix KDC HA feature introduced with implementing KDC poll (RT#6951) - fix minor error messages for the IAKERB GSSAPI mechanism (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020) - fix KDC null pointer dereference in TGS handling (MITKRB5-SA-2011-007, bnc#730393) CVE-2011-1530 - fix KDC HA feature introduced with implementing KDC poll (RT#6951, bnc#731648) - fix minor error messages for the IAKERB GSSAPI mechanism (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020) openSUSE 12.1 Update This update of plib fixed two stack-based buffer overflows. openSUSE 12.1 Update This update of phpMyAdmin is a version upgrade to 3.5.3.0 to fix multiple XSS flaws. openSUSE 12.1 Update This Opera 12.10 security update fixes following security issues: -an issue that could cause Opera not to correctly check for certificate revocation; -an issue where CORS requests could incorrectly retrieve contents of cross origin pages; -an issue where data URIs could be used to facilitate Cross-Site Scripting; -a high severity issue, as reported by Gareth Heyes; details will be disclosed at a later date -an issue where specially crafted SVG images could allow execution of arbitrary code; -a moderate severity issue, as reported by the Google Security Group; details will be disclosed at a later date Full changelog available at: http://www.opera.com/docs/changelogs/unix/1210 openSUSE 12.1 Update LibreOffice was updated to 3.5.4.13 to fix various bugs and security issues: - NULL pointer dereference (bnc#778669, CVE-2012-4233) - bullet-color-pptx-import.diff: bullets should have same color as following text by default; missing part of the fix (bnc#734733) - update to suse-3.5.4.13 (SUSE 3.5 bugfix release 13, based on upstream 3.5.6-rc2) * polygon fill rule (bnc#759172) * open XML in Writer (bnc#777181) * undo in text objects (fdo#36138) * broken numbering level (bnc#760019) * better MathML detection (bnc#774921) * pictures in DOCX import (bnc#772094) * collapsing border painting (fdo#39415) * better DOCX text box export (fdo#45724) * hidden text in PPTX import (bnc#759180) * slide notes in PPTX import (bnc#768027) * RTL paragraphs in DOC import (fdo#43398) * better vertical text imports (bnc#744510) * HYPERLINK field in DOCX import (fdo#51034) * shadow color on partial redraw (bnc#773515) * floating objects in DOCX import (bnc#775899) * graphite2 hyphenation regression (fdo#49486) * missing shape position and size (bnc#760997) * page style attributes in ODF import (fdo#38056) * browsing in Template dialog crasher (fdo#46249) * wrong master slide shape being used (bnc#758565) * page borders regression in ODT import (fdo#38056) * invalidate bound rect after drag&amp;drop (fdo#44534) * rotated shape margins in PPTX import (bnc#773048) * pasting into more than 1 sheet crasher (fdo#47311) * crashers in PPT/PPTX import (bnc#768027, bnc#774167 * missing footnote in DOCX/DOC/RTF export (fdo#46020) * checkbox no-label behaviour (fdo#51336, bnc#757602) * try somewhat harder to read w:position (bnc#773061) * FormatNumber can handle sal_uInt32 values (fdo#51793) * rectangle-paragraph tables in DOCX import (bnc#775899) * header and bullet in slideshow transition (bnc#759172) * default background color in DOC/DOCX export (fdo#45724) * font name / size attributes in DOCX import (bnc#774681) * zero rect. size causing wrong line positions (fdo#47434) * adjusted display of Bracket/BracePair in PPT (bnc#741480) * use Unicode functions for QuickStarter tooltip (fdo#52143) * TabRatio API and detect macro at group shape fixes (bnc#770708) * indented text in DOCX file does not wrap correctly (bnc#775906) * undocked toolbars do not show all icons in special ratio (fdo#47071) * cross-reference text when Caption order is Numbering first (fdo#50801) * bullet color same as following text by default (bnc#719988, bnc#734733) * misc RTF import fixes (rhbz#819304, fdo#49666, bnc#774681, fdo#51772, fdo#48033, fdo#52066, fdo#48335, fdo#48446, fdo#49892, fdo#46966) - update to libvisio 0.0.19: * file displays as blank page in Draw (fdo#50990) - use the vendor SUSE instead of Novell, Inc. - install-with-vendor-SUSE.diff: fix installation with the vendor "SUSE" openSUSE 12.1 Update Flash Player was updated to 11.2.202.251 (bnc#788450), fixing severe security issues: * CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5278, CVE-2012-5279, CVE-2012-5280 openSUSE 12.1 Opera version update to 11.60 openSUSE 12.1 Update This update of libotr fixed multiple buffer overflows. openSUSE 12.1 Update This update fixes the following issues for Hyper-V: The source code without this patch caused hv_kvp_daemon to exit when it processed a spoofed Netlink packet which has been sent from an untrusted local user. Now Netlink messages with a non-zero nl_pid source address are ignored and a warning is printed into the syslog. This fixes the previous change from CVE-2012-2669. openSUSE 12.1 Update This update fixes the following issues for wireshark: - Security update to 1.8.4: https://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html http://seclists.org/oss-sec/2012/q4/378 CVE-2012-5592 Wireshark #1 pcap-ng hostname disclosure (wnpa-sec-2012-30) CVE-2012-5593 Wireshark #2 DoS (infinite loop) in the USB dissector (wnpa-sec-2012-31) CVE-2012-5594 Wireshark #3 DoS (infinite loop) in the sFlow dissector (wnpa-sec-2012-32) CVE-2012-5595 Wireshark #4 DoS (infinite loop) in the SCTP dissector (wnpa-sec-2012-33) CVE-2012-5596 Wireshark #5 DoS (infinite loop) in the EIGRP dissector (wnpa-sec-2012-34) CVE-2012-5597 Wireshark #6 DoS (crash) in the ISAKMP dissector (wnpa-sec-2012-35) CVE-2012-5598 Wireshark #7 DoS (infinite loop) in the iSCSI dissector (wnpa-sec-2012-36) CVE-2012-5599 Wireshark #8 DoS (infinite loop) in the WTP dissector (wnpa-sec-2012-37) CVE-2012-5600 Wireshark #9 DoS (infinite loop) in the RTCP dissector (wnpa-sec-2012-38) CVE-2012-5601 Wireshark #10 DoS (infinite loop) in the 3GPP2 A11 dissector (wnpa-sec-2012-39) CVE-2012-5602 Wireshark #11 DoS (infinite loop) in the ICMPv6 dissector (wnpa-sec-2012-40) And also the bugfix: - bnc#780669: change wireshark.spec BuildRequires lua-devel to lua51-devel to fix lua-support in openSUSE 12.2 openSUSE 12.1 Update This security update of XEN fixes various bugs and security issues. - Upstream patch 26088-xend-xml-filesize-check.patch - bnc#787163 - CVE-2012-4544: xen: Domain builder Out-of- memory due to malicious kernel/ramdisk (XSA 25) CVE-2012-4544-xsa25.patch - bnc#779212 - CVE-2012-4411: XEN / qemu: guest administrator can access qemu monitor console (XSA-19) CVE-2012-4411-xsa19.patch - bnc#786516 - CVE-2012-4535: xen: Timer overflow DoS vulnerability CVE-2012-4535-xsa20.patch - bnc#786518 - CVE-2012-4536: xen: pirq range check DoS vulnerability CVE-2012-4536-xsa21.patch - bnc#786517 - CVE-2012-4537: xen: Memory mapping failure DoS vulnerability CVE-2012-4537-xsa22.patch - bnc#786519 - CVE-2012-4538: xen: Unhooking empty PAE entries DoS vulnerability CVE-2012-4538-xsa23.patch - bnc#786520 - CVE-2012-4539: xen: Grant table hypercall infinite loop DoS vulnerability CVE-2012-4539-xsa24.patch - bnc#784087 - L3: Xen BUG at io_apic.c:129 26102-x86-IOAPIC-legacy-not-first.patch - Upstream patches from Jan 26054-x86-AMD-perf-ctr-init.patch 26055-x86-oprof-hvm-mode.patch 26056-page-alloc-flush-filter.patch 26061-x86-oprof-counter-range.patch 26062-ACPI-ERST-move-data.patch 26063-x86-HPET-affinity-lock.patch 26093-HVM-PoD-grant-mem-type.patch - Upstream patches from Jan 25931-x86-domctl-iomem-mapping-checks.patch 25952-x86-MMIO-remap-permissions.patch - Upstream patches from Jan 25808-domain_create-return-value.patch 25814-x86_64-set-debugreg-guest.patch 25815-x86-PoD-no-bug-in-non-translated.patch 25816-x86-hvm-map-pirq-range-check.patch 25833-32on64-bogus-pt_base-adjust.patch 25834-x86-S3-MSI-resume.patch 25835-adjust-rcu-lock-domain.patch 25836-VT-d-S3-MSI-resume.patch 25850-tmem-xsa-15-1.patch 25851-tmem-xsa-15-2.patch 25852-tmem-xsa-15-3.patch 25853-tmem-xsa-15-4.patch 25854-tmem-xsa-15-5.patch 25855-tmem-xsa-15-6.patch 25856-tmem-xsa-15-7.patch 25857-tmem-xsa-15-8.patch 25858-tmem-xsa-15-9.patch 25859-tmem-missing-break.patch 25860-tmem-cleanup.patch 25883-pt-MSI-cleanup.patch 25927-x86-domctl-ioport-mapping-range.patch 25929-tmem-restore-pool-version.patch - bnc#778105 - first XEN-PV VM fails to spawn xend: Increase wait time for disk to appear in host bootloader Modified existing xen-domUloader.diff - Upstream patches from Jan 25752-ACPI-pm-op-valid-cpu.patch 25754-x86-PoD-early-access.patch 25755-x86-PoD-types.patch 25756-x86-MMIO-max-mapped-pfn.patch 25757-x86-EPT-PoD-1Gb-assert.patch 25764-x86-unknown-cpu-no-sysenter.patch 25765-x86_64-allow-unsafe-adjust.patch 25771-grant-copy-status-paged-out.patch 25773-x86-honor-no-real-mode.patch 25786-x86-prefer-multiboot-meminfo-over-e801.patch - bnc#777890 - CVE-2012-3497: xen: multiple TMEM hypercall vulnerabilities (XSA-15) CVE-2012-3497-tmem-xsa-15-1.patch CVE-2012-3497-tmem-xsa-15-2.patch CVE-2012-3497-tmem-xsa-15-3.patch CVE-2012-3497-tmem-xsa-15-4.patch CVE-2012-3497-tmem-xsa-15-5.patch CVE-2012-3497-tmem-xsa-15-6.patch CVE-2012-3497-tmem-xsa-15-7.patch CVE-2012-3497-tmem-xsa-15-8.patch CVE-2012-3497-tmem-xsa-15-9.patch tmem-missing-break.patch openSUSE 12.1 Update The IcedTea Web Java plugin was updated to 1.3.1 (bnc#787846) - Security Updates * CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet - Common Bugfixes - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7 fixes the self-signed issue (mentioned in bnc#784859, bnc#785333, bnc#786775) openSUSE 12.1 - Add system-config-printer-subprocess-no-shell.patch: avoid escaping issues when running commands. Fix bnc#735322. - Add system-config-printer-no-openprinting.patch: this disables the feature where PPD drivers can be downloaded from OpenPrinting.org. See discussion in bnc#733542. As a side-effect, this fixes CVE-2011-4405. openSUSE 12.1 Update This update of kdelibs fixed various memory corruption vulnerabilities. On openSUSE 12.1 a akregator crash on closing tab was fixed. openSUSE 12.1 Update - added weechat-fix-hook_process-shell-injection.patch which fixes a shell injection vulnerability in the hook_process function (bnc#790217, CVE-2012-5534) - added weechat-fix-buffer-overflow-in-irc-color-decoding.patch which fixes a heap-based overflow when decoding IRC colors in strings (bnc#789146, CVE-2012-5854) openSUSE 12.1 Update Changes in MozillaFirefox: - update to Firefox 17.0 (bnc#790140) * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards * MFSA 2012-92/CVE-2012-4202 (bmo#758200) Buffer overflow while rendering GIF images * MFSA 2012-93/CVE-2012-4201 (bmo#747607) evalInSanbox location context incorrectly applied * MFSA 2012-94/CVE-2012-5836 (bmo#792857) Crash when combining SVG text on path with CSS * MFSA 2012-95/CVE-2012-4203 (bmo#765628) Javascript: URLs run in privileged context on New Tab page * MFSA 2012-96/CVE-2012-4204 (bmo#778603) Memory corruption in str_unescape * MFSA 2012-97/CVE-2012-4205 (bmo#779821) XMLHttpRequest inherits incorrect principal within sandbox * MFSA 2012-99/CVE-2012-4208 (bmo#798264) XrayWrappers exposes chrome-only properties when not in chrome compartment * MFSA 2012-100/CVE-2012-5841 (bmo#805807) Improper security filtering for cross-origin wrappers * MFSA 2012-101/CVE-2012-4207 (bmo#801681) Improper character decoding in HZ-GB-2312 charset * MFSA 2012-102/CVE-2012-5837 (bmo#800363) Script entered into Developer Toolbar runs with chrome privileges * MFSA 2012-103/CVE-2012-4209 (bmo#792405) Frames can shadow top.location * MFSA 2012-104/CVE-2012-4210 (bmo#796866) CSS and HTML injection through Style Inspector * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/ CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/ CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 Use-after-free and buffer overflow issues found using Address Sanitizer * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer - rebased patches - disabled WebRTC since build is broken (bmo#776877) openSUSE 12.1 Update Changes in MozillaThunderbird: - update to Thunderbird 17.0 (bnc#790140) * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards * MFSA 2012-92/CVE-2012-4202 (bmo#758200) Buffer overflow while rendering GIF images * MFSA 2012-93/CVE-2012-4201 (bmo#747607) evalInSanbox location context incorrectly applied * MFSA 2012-94/CVE-2012-5836 (bmo#792857) Crash when combining SVG text on path with CSS * MFSA 2012-96/CVE-2012-4204 (bmo#778603) Memory corruption in str_unescape * MFSA 2012-97/CVE-2012-4205 (bmo#779821) XMLHttpRequest inherits incorrect principal within sandbox * MFSA 2012-99/CVE-2012-4208 (bmo#798264) XrayWrappers exposes chrome-only properties when not in chrome compartment * MFSA 2012-100/CVE-2012-5841 (bmo#805807) Improper security filtering for cross-origin wrappers * MFSA 2012-101/CVE-2012-4207 (bmo#801681) Improper character decoding in HZ-GB-2312 charset * MFSA 2012-102/CVE-2012-5837 (bmo#800363) Script entered into Developer Toolbar runs with chrome privileges * MFSA 2012-103/CVE-2012-4209 (bmo#792405) Frames can shadow top.location * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/ CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/ CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 Use-after-free and buffer overflow issues found using Address Sanitizer * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer - rebased patches - disabled WebRTC since build is broken (bmo#776877) - update Enigmail to 1.4.6 openSUSE 12.1 Update Changes in xulrunner: - update to 17.0 (bnc#790140) * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards * MFSA 2012-92/CVE-2012-4202 (bmo#758200) Buffer overflow while rendering GIF images * MFSA 2012-93/CVE-2012-4201 (bmo#747607) evalInSanbox location context incorrectly applied * MFSA 2012-94/CVE-2012-5836 (bmo#792857) Crash when combining SVG text on path with CSS * MFSA 2012-95/CVE-2012-4203 (bmo#765628) Javascript: URLs run in privileged context on New Tab page * MFSA 2012-96/CVE-2012-4204 (bmo#778603) Memory corruption in str_unescape * MFSA 2012-97/CVE-2012-4205 (bmo#779821) XMLHttpRequest inherits incorrect principal within sandbox * MFSA 2012-99/CVE-2012-4208 (bmo#798264) XrayWrappers exposes chrome-only properties when not in chrome compartment * MFSA 2012-100/CVE-2012-5841 (bmo#805807) Improper security filtering for cross-origin wrappers * MFSA 2012-101/CVE-2012-4207 (bmo#801681) Improper character decoding in HZ-GB-2312 charset * MFSA 2012-102/CVE-2012-5837 (bmo#800363) Script entered into Developer Toolbar runs with chrome privileges * MFSA 2012-103/CVE-2012-4209 (bmo#792405) Frames can shadow top.location * MFSA 2012-104/CVE-2012-4210 (bmo#796866) CSS and HTML injection through Style Inspector * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/ CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/ CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 Use-after-free and buffer overflow issues found using Address Sanitizer * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer - rebased patches - disabled WebRTC since build is broken (bmo#776877) openSUSE 12.1 Update Changes in seamonkey: - update to SeaMonkey 2.14 (bnc#790140) * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards * MFSA 2012-92/CVE-2012-4202 (bmo#758200) Buffer overflow while rendering GIF images * MFSA 2012-93/CVE-2012-4201 (bmo#747607) evalInSanbox location context incorrectly applied * MFSA 2012-94/CVE-2012-5836 (bmo#792857) Crash when combining SVG text on path with CSS * MFSA 2012-96/CVE-2012-4204 (bmo#778603) Memory corruption in str_unescape * MFSA 2012-97/CVE-2012-4205 (bmo#779821) XMLHttpRequest inherits incorrect principal within sandbox * MFSA 2012-99/CVE-2012-4208 (bmo#798264) XrayWrappers exposes chrome-only properties when not in chrome compartment * MFSA 2012-100/CVE-2012-5841 (bmo#805807) Improper security filtering for cross-origin wrappers * MFSA 2012-101/CVE-2012-4207 (bmo#801681) Improper character decoding in HZ-GB-2312 charset * MFSA 2012-103/CVE-2012-4209 (bmo#792405) Frames can shadow top.location * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/ CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/ CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 Use-after-free and buffer overflow issues found using Address Sanitizer * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer - rebased patches - disabled WebRTC since build is broken (bmo#776877) openSUSE 12.1 Update This update of libssh fixed various memory management issues that could have security implications (Code execution, Denial of Service). openSUSE 12.1 Update This update of sblim-cim-client2 fixed a Denial of Service (via hash table collision) issue. openSUSE 12.1 Update This version update to version 5.0.24 addresses CVE-2012-5565 (bnc#791179) to fix XSS vulnerabilities on the compose page (traditional view), the contacts popup window, and with certain IMAP mailbox names. openSUSE 12.1 Update Fix integer overflow by parsing PPM image. (bnc#789835, CVE-2012-4433) openSUSE 12.1 Update This version update to version 3.0.18 addresses bnc#791184: Two sets (3.0.17 and 3.0.18) of XSS flaws (CVE-2012-5566 and CVE-2012-5567) openSUSE 12.1 Update - Add gimp-CVE-2012-5576.patch: fix memory corruption vulnerability when reading XWD files (bnc#791372, bgo#687392, CVE-2012-5576). openSUSE 12.1 Update Chromium was updated to 25.0.1343 * Security Fixes (bnc#791234 and bnc#792154): - CVE-2012-5131: Corrupt rendering in the Apple OSX driver for Intel GPUs - CVE-2012-5133: Use-after-free in SVG filters. - CVE-2012-5130: Out-of-bounds read in Skia - CVE-2012-5132: Browser crash with chunked encoding - CVE-2012-5134: Buffer underflow in libxml. - CVE-2012-5135: Use-after-free with printing. - CVE-2012-5136: Bad cast in input element handling. - CVE-2012-5138: Incorrect file path handling - CVE-2012-5137: Use-after-free in media source handling - Correct build so that proprietary codecs can be used when the chromium-ffmpeg package is installed - Update to 25.0.1335 * {gtk} Fixed <input> selection renders white text on white background in apps. (Issue: 158422) * Fixed translate infobar button to show selected language. (Issue: 155350) * Fixed broken Arabic language. (Issue: 158978) * Fixed pre-rendering if the preference is disabled at start up. (Issue: 159393) * Fixed JavaScript rendering issue. (Issue: 159655) * No further indications in the ChangeLog * Updated V8 - 3.14.5.0 * Bookmarks are now searched by their title while typing into the omnibox with matching bookmarks being shown in the autocomplete suggestions pop-down list. Matching is done by prefix. * Fixed chromium issues 155871, 154173, 155133. - Removed patch chomium-ffmpeg-no-pkgconfig.patch - Building now internal libffmpegsumo.so based on the standard chromium ffmpeg codecs - Add a configuration file (/etc/default/chromium) where we can indicate flags for the chromium-browser. - add explicit buildrequire on libbz2-devel openSUSE 12.1 Update This version upgrade of bogofilter fixed a heap corruption in the base 64 decoding routine as well as several other non-security issues. openSUSE 12.1 Update A Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. openSUSE 12.1 Update XEN was updated to fix various denial of service issues. - bnc#789945 - CVE-2012-5510: xen: Grant table version switch list corruption vulnerability (XSA-26) - bnc#789944 - CVE-2012-5511: xen: Several HVM operations do not validate the range of their inputs (XSA-27) - bnc#789940 - CVE-2012-5512: xen: HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak (XSA-28) - bnc#789951 - CVE-2012-5513: xen: XENMEM_exchange may overwrite hypervisor memory (XSA-29) - bnc#789948 - CVE-2012-5514: xen: Missing unlock in guest_physmap_mark_populate_on_demand() (XSA-30) - bnc#789950 - CVE-2012-5515: xen: Several memory hypercall operations allow invalid extent order values (XSA-31) - bnc#789988 - FATAL PAGE FAULT in hypervisor (arch_do_domctl) - Upstream patches from Jan 26132-tmem-save-NULL-check.patch 26134-x86-shadow-invlpg-check.patch 26148-vcpu-timer-overflow.patch (Replaces CVE-2012-4535-xsa20.patch) 26149-x86-p2m-physmap-error-path.patch (Replaces CVE-2012-4537-xsa22.patch) 26150-x86-shadow-unhook-toplevel-check.patch (Replaces CVE-2012-4538-xsa23.patch) - bnc#777628 - guest "disappears" after live migration Updated block-dmmd script - Fix exception in balloon.py and osdep.py xen-max-free-mem.diff - bnc#792476 - efi files missing in latest XEN update Revert c/s 25751 EFI Makefile changes in 23614-x86_64-EFI-boot.patch openSUSE 12.1 Update bind received updates to fix bugs and security issues. On openSUSE 12.2, bind was updated to 9.9.2-P1. On openSUSE 12.1, bind was updated to 9.8.4-P1. Main security fix: CVE-2012-5688: Prevents named from aborting with a require assertion failure on servers with DNS64 enabled. These crashes might occur as a result of specific queries that are received. (Note that this fix is a subset of a series of updates that will be included in full in BIND 9.8.5 and 9.9.3 as change #3388, RT #30996). [CVE-2012-5688] [RT #30792] openSUSE 12.1 Update This version upgrade of flash-player fixed multiple unspecified code execution vulnerabiliies. openSUSE 12.1 Update - Update to 25.0.1362 * Security fixes (bnc#794075): - CVE-2012-5139: Use-after-free with visibility events - CVE-2012-5140: Use-after-free in URL loader - CVE-2012-5141: Limit Chromoting client plug-in instantiation. - CVE-2012-5142: Crash in history navigation. - CVE-2012-5143: Integer overflow in PPAPI image buffers - CVE-2012-5144: Stack corruption in AAC decoding * Fixed garbled header and footer text in print preview. [Issue: 152893] * Fixed extension action badges with long text. [Issue: 160069] * Disable find if constrained window is shown. [Issue: 156969] * Enable fullscreen for apps windows. [Issue: 161246] * Fixed broken profile with system-wide installation and UserDataDir & DiskCacheDir policy. [Issue: 161336] * Fixed stability crashes like 158747, 159437, 149139, 160914, 160401, 161858, 158747, 156878 * Fixed graphical corruption in Dust. [Issue: 155258] * Fixed scrolling issue. [Issue: 163553] openSUSE 12.1 - Applied security fix for a DoS due to processing certain regular expressions, extracted from 4.2.3-P1 (bnc#735610, CVE-2011-4539): * Add a check for a null pointer before calling the regexec function. Without out this check we could, under some circumstances, pass a null pointer to the regexec function causing it to segfault. Thanks to a report from BlueCat Networks. [ISC-Bugs #26704] openSUSE 12.1 Update - fix bnc#793394 - bypass of security constraints (CVE-2012-3546) * apache-tomcat-CVE-2012-3546.patch http://svn.apache.org/viewvc?view=revision&revision=1381035 - fix bnc#793391 - bypass of CSRF prevention filter (CVE-2012-4431) * apache-tomcat-CVE-2012-4431.patch http://svn.apache.org/viewvc?view=revision&revision=1394456 - document how to protect against slowloris DoS (CVE-2012-5568/bnc#791679) in README.SUSE - fixes bnc#791423 - cnonce tracking weakness (CVE-2012-5885) bnc#791424 - authentication caching weakness (CVE-2012-5886) bnc#791426 - stale nonce weakness (CVE-2012-5887) * apache-tomcat-CVE-2009-2693-CVE-2009-2901-CVE-2009-2902.patch http://svn.apache.org/viewvc?view=revision&revision=1380829 - fix bnc#789406 - HTTP NIO connector OOM DoS via a request with large headers (CVE-2012-2733) * http://svn.apache.org/viewvc?view=revision&revision=1356208 openSUSE 12.1 Update - Update to 12.12 * Fixes and Stability Enhancements - New option 'Delete settings and data for all extensions' option (off by default) in the Delete Private Data dialog - Corrected an issue where using the 'Delete Private Data' dialog could delete extension and settings data - Redesigned the 'Delete Private Data' dialog to be more usable with small screens - Fixed an issue where quitting Opera while in fullscreen mode could cripple the interface on the next start-up - Fixed an issue where malformed GIF images could allow execution of arbitrary code - Fixed an issue where repeated attempts to access a target site could trigger address field spoofing - Fixed an issue where private data could be disclosed to other computer users, or be modified by them * full changelog available at: http://www.opera.com/docs/changelogs/unix/1212 openSUSE 12.1 Update MariaDB was updated to 5.2.13. * Release notes: http://kb.askmonty.org/v/mariadb-5213-release-notes * Changelog: http://kb.askmonty.org/v/mariadb-5213-changelog openSUSE 12.1 Update mysql community server was updated to 5.5.28, fixing bugs and security issues. See http://dev.mysql.com/doc/refman/5.5/en/news-5-5-27.html http://dev.mysql.com/doc/refman/5.5/en/news-5-5-28.html openSUSE 12.1 Update libqt4 received security fixes for: - XMLHttpRequest could redirect to a file: URL (CVE-2012-5624, bnc#793194) - Disable SSL compression by default to mitigate CRIME attack (CVE-2012-4929) openSUSE 12.1 Update - fix bnc#794548 - denial of service (CVE-2012-4534) * apache-tomcat-CVE-2012-4534.patch fixes apache#53138, apache#52858 http://svn.apache.org/viewvc?view=rev&rev=1372035 - fix a minor issue in apache-tomcat-CVE-2012-4431.patch use the already initialized session variable instead of an another call req.getSesssion() openSUSE 12.1 Update of net6 to version 1.3.14: + Ensure that overflows on the user ID assigned to each connection do not yield one that is already in use. [CVE-2011-4093, bnc#727710] + Do not leak information about logged-in users. [CVE-2011-4091, bnc#727708] openSUSE 12.1 Update The Mozilla January 8th 2013 security release contains updates: Mozilla Firefox was updated to version 18.0. Mozilla Seamonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2. * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer * MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas * MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads * MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups * MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes * MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads * MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection * MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values * MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy * MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects * MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in Javascript string concatenation * MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG * MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype * MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects * MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream * MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager * MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate * MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in Javascript Proxy objects Mozilla NSPR was updated to 4.9.4, containing some small bugfixes and new features. Mozilla NSS was updated to 3.14.1 containing various new features, security fix and bugfixes: * MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST Cryptographic changes done: * Support for TLS 1.1 (RFC 4346) * Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764) * Support for AES-CTR, AES-CTS, and AES-GCM * Support for Keying Material Exporters for TLS (RFC 5705) * Support for certificate signatures using the MD5 hash algorithm is now disabled by default * The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code. * Export and DES cipher suites are disabled by default. Non-ECC AES and Triple DES cipher suites are enabled by default Please see http://www.mozilla.org/security/announce/ for more information. openSUSE 12.1 Update - Update to 11.2.202.261: (bnc#797442) * CVE-2013-0630 More details can be found on https://www.adobe.com/support/security/bulletins/apsb13-01.html openSUSE 12.1 Update - fix for CVE-2011-4966 (bnc#797313) (freeradius-server-CVE-2011-4966.patch) - fixed a bug in the logrotate script (bnc#797292) openSUSE 12.1 Update - Update to 9.5.3 (bnc#797529) to fix: CVE-2012-1530, CVE-2013-0601, CVE-2013-0602, CVE-2013-0603, CVE-2013-0604, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608, CVE-2013-0609, CVE-2013-0610, CVE-2013-0611, CVE-2013-0612, CVE-2013-0613, CVE-2013-0614, CVE-2013-0615, CVE-2013-0616, CVE-2013-0617, CVE-2013-0618, CVE-2013-0619, CVE-2013-0620, CVE-2013-0621, CVE-2013-0622, CVE-2013-0623, CVE-2013-0624, CVE-2013-0626, CVE-2013-0627 - move the browser plugin to a subpackage(bnc#768492, bnc#757393). openSUSE 12.1 Update - new license string. - BNC#795826, CVE-2012-5668.patch - BNC#795826, CVE-2012-5669.patch [bdf] Fix Savannah bug #37906. * src/bdf/bdflib.c (_bdf_parse_glyphs): Use correct array size for checking `glyph_enc'. openSUSE 12.1 Update - avoid stack based buffer overflow in web interface (history): added nagios-history_buffer_overflow.patch - (bnc#797237) fixes CVE-2012-6096 openSUSE 12.1 Update - update to 3.1.23 fix for bnc#794954, CVE-2012-5643, SQUID:2012-1 - Additional fixes for CVE-2012-5643 / SQUID:2012-1 * http://www.squid-cache.org/Advisories/SQUID-2012_1.txt * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5643 - removed 3.1.12 config, nobuilddates, swapdir patch - added FSF, config, nobuilddates, swapdir patch - added rpmlintrc, service file - rebase swapdir patch openSUSE 12.1 Update - Add cert-blacklist-more.diff, cert-blacklist-tuerktrust.diff: * blacklist more evil certificates - Add weak-ssl-certificates.diff: * blacklist weak certificates - enable linked support for OpenSSL - openssl-incompatibility-fix.diff: Fix wrong error reporting when using a binary incompatible version of openSSL (bnc#797006, CVE-2012-6093) openSUSE 12.1 Update - fixed Stack based buffer overflow in web interface: bnc#797237 - CVE-2012-6096 - icinga-fix-bnc797237.patch openSUSE 12.1 Update - Update to 26.0.1383 * Security fixes (bnc#798326) - CVE-2012-5145: Use-after-free in SVG layout - CVE-2012-5146: Same origin policy bypass with malformed URL - CVE-2012-5147: Use-after-free in DOM handling - CVE-2012-5148: Missing filename sanitization in hyphenation support - CVE-2012-5149: Integer overflow in audio IPC handling - CVE-2012-5150: Use-after-free when seeking video - CVE-2012-5152: Out-of-bounds read when seeking video - CVE-2012-5153: Out-of-bounds stack access in v8. - CVE-2012-5154: Integer overflow in shared memory allocation - CVE-2013-0830: Missing NUL termination in IPC. - CVE-2013-0831: Possible path traversal from extension process - CVE-2013-0832: Use-after-free with printing. - CVE-2013-0833: Out-of-bounds read with printing. - CVE-2013-0834: Out-of-bounds read with glyph handling - CVE-2013-0835: Browser crash with geolocation - CVE-2013-0836: Crash in v8 garbage collection. - CVE-2013-0837: Crash in extension tab handling. - CVE-2013-0838: Tighten permissions on shared memory segments * Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys . # Note: these are for openSUSE Chromium builds ONLY!! (Setup was done based on indication from Pawel Hajdan) - Change the default setting for password-store to basic. (bnc#795860) - Fixes from Update to 25.0.1352 * Fixed garbled header and footer text in print preview. * Fixed broken profile with system-wide installation and * Fixed stability crashes like 158747, 159437, 149139, 160914, - Add a configuration file (/etc/default/chromium) where we can indicate flags for the chromium-browser. * {gtk} Fixed <input> selection renders white text on white * Fixed translate infobar button to show selected language. - Update to 25.0.1329 * No further indications in the ChangeLog - Update to 25.0.1319 * No further indications in the Changelog - Update to 24.0.1308 * Updated V8 - 3.14.5.0 * Bookmarks are now searched by their title while typing into the omnibox with matching bookmarks being shown in the autocomplete suggestions pop-down list. Matching is done by prefix. * Fixed chromium issues 155871, 154173, 155133. * No further indications in the ChangeLog. - Update to 24.0.1283 openSUSE 12.1 Update - added CVE-2013-0420.diff to fix CVE-2013-0420 (bnc#798776) openSUSE 12.1 Update - Avoid segmentation fault in "join -i" with long line input (bnc#798541, VUL-1, CVE-2013-0223) - Avoid segmentation fault in "uniq" with long line input (bnc#796243, VUL-1, CVE-2013-0222) - Avoid segmentation fault in "sort -d" and "sort -M" with long line input (bnc#798538, VUL-1, CVE-2013-0221) - don't leak a file descriptor for each non-seekable input openSUSE 12.1 Update The Javascript engine V8 was updated to 3.16.4.0 to fix lots of bugs and security issues. openSUSE 12.1 Update - ignore case when checking against SNI server names. [bnc#798733] httpd-2.2.x-bnc798733-SNI_ignorecase.diff - better cleanup of busy count after recovering from failure [bnc#789828] httpd-2.2.x-bnc789828-mod_balancer.diff - httpd-2.2.x-bnc788121-CVE-2012-4557-mod_proxy_ajp_timeout.diff: backend timeouts should not affect the entire worker. [bnc#788121] - httpd-2.2.x-envvars.diff obsoletes httpd-2.0.54-envvars.dif: Fix for low profile bug CVE-2012-0883 about improper LD_LIBRARY_PATH handling. [bnc#757710] - httpd-2.2.x-bnc777260-CVE-2012-2687-mod_negotiation_filename_xss.diff Escape filename for the case that uploads are allowed with untrusted user's control over filenames and mod_negotiation enabled on the same directory. CVE-2012-2687 [bnc#777260] - httpd-2.2.x-CVE-2011-3368_CVE-2011-4317-bnc722545.diff reworked to reflect the upstream changes. This will prevent the "Invalid URI in request OPTIONS *" messages in the error log. [bnc#722545] openSUSE 12.1 Update - Update to version 1.6.18 (bnc#801061) + Security fix for CERT issue VU#922681 This patch addresses three possible buffer overflows in function unique_service_name(). The three issues have the folowing CVE numbers: CVE-2012-5958 Issue #2: Stack buffer overflow of Tempbuf CVE-2012-5959 Issue #4: Stack buffer overflow of Event->UDN CVE-2012-5960 Issue #8: Stack buffer overflow of Event->UDN + Notice that the following issues have already been dealt by previous work: CVE-2012-5961 Issue #1: Stack buffer overflow of Evt->UDN CVE-2012-5962 Issue #3: Stack buffer overflow of Evt->DeviceType CVE-2012-5963 Issue #5: Stack buffer overflow of Event->UDN CVE-2012-5964 Issue #6: Stack buffer overflow of Event->DeviceType CVE-2012-5965 Issue #7: Stack buffer overflow of Event->DeviceType openSUSE 12.1 Update wireshark was updated to 1.8.5 to fix bugs and security issues. Vulnerabilities fixed: * Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors wnpa-sec-2013-01 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 * The CLNP dissector could crash wnpa-sec-2013-02 CVE-2013-1582 * The DTN dissector could crash wnpa-sec-2013-03 CVE-2013-1583 CVE-2013-1584 * The MS-MMC dissector (and possibly others) could crash wnpa-sec-2013-04 CVE-2013-1585 * The DTLS dissector could crash wnpa-sec-2013-05 CVE-2013-1586 * The ROHC dissector could crash wnpa-sec-2013-06 CVE-2013-1587 * The DCP-ETSI dissector could corrupt memory wnpa-sec-2013-07 CVE-2013-1588 * The Wireshark dissection engine could crash wnpa-sec-2013-08 CVE-2013-1589 * The NTLMSSP dissector could overflow a buffer wnpa-sec-2013-09 CVE-2013-1590 + Further bug fixes and updated protocol support as listed in: http://www.wireshark.org/docs/relnotes/wireshark-1.8.5.html openSUSE 12.1 Update This update updates the RubyOnRails 2.3 stack to 2.3.16, also this update updates the RubyOnRails 3.2 stack to 3.2.11. Security and bugfixes were done, foremost: CVE-2013-0333: A JSON sql/code injection problem was fixed. CVE-2012-5664: A SQL Injection Vulnerability in Active Record was fixed. CVE-2012-2695: A SQL injection via nested hashes in conditions was fixed. CVE-2013-0155: Unsafe Query Generation Risk in Ruby on Rails was fixed. CVE-2013-0156: Multiple vulnerabilities in parameter parsing in Action Pack were fixed. openSUSE 12.1 Update Samba was updated to 3.6.7 fixing bugs and security issues: - The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 4.0.1 are affected by a cross-site request forgery; CVE-2013-0214; (bnc#799641). - The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 4.0.1 could possibly be used in clickjacking attacks; CVE-2013-0213; (bnc#800982). It also contains various other bugfixes merged by our Samba team. openSUSE 12.1 Update libvirt was updated to fix some bugs and security issues: Security issues fixed: - Fix crash on error paths of message dispatching, CVE-2013-0170 bnc#800976 - security: Fix libvirtd crash possibility CVE-2012-4423 bnc#780432 Also bugs were fixed: - qemu: Fix probing for guest capabilities bnc#772586 - xen-xm: Generate UUID if not specified bnc#773626 - xenParseXM: don't dereference NULL pointer when script is empty bnc#773621 openSUSE 12.1 Update Opera 12.13 is a recommended upgrade offering security and stability enhancements. -fixed an issue where Opera gets internal communication errors on Facebook -fixed an issue where no webpages load on startup, if Opera is disconnected from the Internet -fixed an issue where images will not load after back navigation, when a site uses the HTML5 history API (deviantart.com) -improved protection against hijacking of the default search, including a one-time reset -fixed an issue where DOM events manipulation might be used to execute arbitrary code; -fixed an issue where use of SVG clipPaths could allow execution of arbitrary code; -fixed a low severity security issue; details will be disclosed at a later date -fixed an issue where CORS requests could omit the preflight request; Also check out http://www.opera.com/docs/changelogs/unix/1213 openSUSE 12.1 Update - fix gnutls double free (bnc#752193, CVE-2012-1663.patch) openSUSE 12.1 Update Inkscape was updated to fix two security issues: - inkscape occasionaly tries to open EPS files from /tmp (bnc#796306, CVE-2012-6076). - inkscape could load XML from external hosts (bnc#794958, CWE-827, CVE-2012-5656). openSUSE 12.1 Update gnome-online-accounts was updated to do SSL certicicate checking when creating accounts, avoiding man-in-the-middle attack possibilities. (CVE-2013--240) openSUSE 12.1 Update Opera was updated to 12.14 version fixing stability issues. This update also consists updates for Opera 12.13 which is a recommended upgrade offering security and stability enhancements. -fixed an issue where Opera gets internal communication errors on Facebook -fixed an issue where no webpages load on startup, if Opera is disconnected from the Internet -fixed an issue where images will not load after back navigation, when a site uses the HTML5 history API (deviantart.com) -improved protection against hijacking of the default search, including a one-time reset -fixed an issue where DOM events manipulation might be used to execute arbitrary code; -fixed an issue where use of SVG clipPaths could allow execution of arbitrary code; -CVE-2013-1618: Fixed a TLS information leak. -fixed an issue where CORS requests could omit the preflight request; openSUSE 12.1 Update OpenJDK (java-1_6_0-openjdk) was updated to 1.12.2 to fix bugs and security issues (bnc#801972) * Security fixes (on top of 1.12.0) - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time - S6776941: CVE-2013-0427: Improve thread pool shutdown - S7141694, CVE-2013-0429: Improving CORBA internals - S7173145: Improve in-memory representation of splashscreens - S7186945: Unpack200 improvement - S7186946: Refine unpacker resource usage - S7186948: Improve Swing data validation - S7186952, CVE-2013-0432: Improve clipboard access - S7186954: Improve connection performance - S7186957: Improve Pack200 data validation - S7192392, CVE-2013-0443: Better validation of client keys - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages - S7192977, CVE-2013-0442: Issue in toolkit thread - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies - S7200491: Tighten up JTable layout code - S7200500: Launcher better input validation - S7201064: Better dialogue checking - S7201066, CVE-2013-0441: Change modifiers on unused fields - S7201068, CVE-2013-0435: Better handling of UI elements - S7201070: Serialization to conform to protocol - S7201071, CVE-2013-0433: InetSocketAddress serialization issue - S8000210: Improve JarFile code quality - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class - S8000540, CVE-2013-1475: Improve IIOP type reuse management - S8000631, CVE-2013-1476: Restrict access to class constructor - S8001235, CVE-2013-0434: Improve JAXP HTTP handling openSUSE 12.1 Update Adobe Flash Player was updated to 11.2.202.262 to fix various security issues and bugs. openSUSE 12.1 Update PostgreSQL was updated to version 9.1.8 (bnc#802679): * Prevent execution of enum_recv from SQL (CVE-2013-0255). * Fix multiple problems in detection of when a consistent database state has been reached during WAL replay * Update minimum recovery point when truncating a relation file * Fix recycling of WAL segments after changing recovery target timeline * Fix missing cancellations in hot standby mode * See the release notes for the rest of the changes: http://www.postgresql.org/docs/9.1/static/release-9-1-8.html /usr/share/doc/packages/postgresql/HISTORY - Remove postgresql91-full.spec.in and use postgresql91.spec as the master for generating postgresql91-libs.spec. openSUSE 12.1 Update Adobe Flash Player was updated to 11.2.202.270: (bnc#803485) * APSB13-05, CVE-2013-1372, CVE-2013-0645, CVE-2013-1373, CVE-2013-1369, CVE-2013-1370, CVE-2013-1366, CVE-2013-0649, CVE-2013-1365, CVE-2013-1374, CVE-2013-1368, CVE-2013-0642, CVE-2013-0644, CVE-2013-0647, CVE-2013-1367, CVE-2013-0639, CVE-2013-0638, CVE-2013-0637 More information can be found on: http://www.adobe.com/support/security/bulletins/apsb13-05.html openSUSE 12.1 Update jakarta-commons-httpclient3 was updated to add SSL certificate hostname checking. (CVE-2012-5783) openSUSE 12.1 Update The Ruby on Rails 2.3 stack was updated to 2.3.17. The Ruby on Rails 3.2 stack was updated to 3.2.12. The Ruby Rack was updated to 1.1.6. The Ruby Rack was updated to 1.2.8. The Ruby Rack was updated to 1.3.10. The Ruby Rack was updated to 1.4.5. The updates fix various security issues and bugs. - update to version 2.3.17 (bnc#803336, bnc#803339) CVE-2013-0276 CVE-2013-0277: - update to version 3.2.12 (bnc#803336) CVE-2013-0276: - update to version 3.2.12 (bnc#803336) CVE-2013-0276: issue with attr_protected where malformed input could circumvent protection - update to version 2.3.17 (bnc#803336, bnc#803339) CVE-2013-0276 CVE-2013-0277: - Fix issue with attr_protected where malformed input could circumvent protection - Fix Serialized Attributes YAML Vulnerability - update to version 2.3.17 (bnc#803336, bnc#803339) CVE-2013-0276 CVE-2013-0277: - Fix issue with attr_protected where malformed input could circumvent protection - Fix Serialized Attributes YAML Vulnerability - update to version 3.2.12 (bnc#803336) CVE-2013-0276: - Quote numeric values being compared to non-numeric columns. Otherwise, in some database, the string column values will be coerced to a numeric allowing 0, 0.0 or false to match any string starting with a non-digit. - update to 1.1.6 (bnc#802794) * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie - update to 1.2.8 (bnc#802794) * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie - update to 1.3.10 (bnc#802794) * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie - ruby rack update to 1.4.5 (bnc#802794 bnc#802795) * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie * Fix CVE-2013-0262, symlink path traversal in Rack::File - ruby rack update to 1.4.4 (bnc#798452) * [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings (CVE-2013-0184) - ruby rack changes from 1.4.3 * Security: Prevent unbounded reads in large multipart boundaries (CVE-2013-0183) - ruby rack changes from 1.4.2 (CVE-2012-6109) * Add warnings when users do not provide a session secret * Fix parsing performance for unquoted filenames * Updated URI backports * Fix URI backport version matching, and silence constant warnings * Correct parameter parsing with empty values * Correct rackup '-I' flag, to allow multiple uses * Correct rackup pidfile handling * Report rackup line numbers correctly * Fix request loops caused by non-stale nonces with time limits * Fix reloader on Windows * Prevent infinite recursions from Response#to_ary * Various middleware better conforms to the body close specification * Updated language for the body close specification * Additional notes regarding ECMA escape compatibility issues * Fix the parsing of multiple ranges in range headers * Prevent errors from empty parameter keys * Added PATCH verb to Rack::Request * Various documentation updates * Fix session merge semantics (fixes rack-test) * Rack::Static :index can now handle multiple directories * All tests now utilize Rack::Lint (special thanks to Lars Gierth) * Rack::File cache_control parameter is now deprecated, and removed by 1.5 * Correct Rack::Directory script name escaping * Rack::Static supports header rules for sophisticated configurations * Multipart parsing now works without a Content-Length header * New logos courtesy of Zachary Scott! * Rack::BodyProxy now explicitly defines #each, useful for C extensions * Cookies that are not URI escaped no longer cause exceptions openSUSE 12.1 Update rubgem rdoc was updated to fix a security issue: CVE-2013-0256: rubygem-rdoc: XSS exploit of RDoc documentation generated by rdoc * Ensured that rd parser files are generated before checking the manifest. openSUSE 12.1 Update openssl was updated to 1.0.0k security release to fix bugs and security issues. (bnc#802648 bnc#802746) The version was upgraded to avoid backporting the large fixes for SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169) TLS 1.1 and 1.2 AES-NI crash (CVE-2012-2686) OCSP invalid key DoS issue (CVE-2013-0166) Also the following bugfix was included: bnc#757773 - c_rehash to accept more filename extensions openSUSE 12.1 Update MozillaFirefox was updated to Firefox 19.0 (bnc#804248) MozillaThunderbird was updated to Thunderbird 17.0.3 (bnc#804248) seamonkey was updated to SeaMonkey 2.16 (bnc#804248) xulrunner was updated to 17.0.3esr (bnc#804248) chmsee was updated to version 2.0. Changes in MozillaFirefox 19.0: * MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous memory safety hazards * MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds read in image rendering * MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL objects can be wrapped again * MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers * MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers * MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent * MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/ CVE-2013-0778/CVE-2013-0779/CVE-2013-0781 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer - removed obsolete patches * mozilla-webrtc.patch * mozilla-gstreamer-803287.patch - added patch to fix session restore window order (bmo#712763) - update to Firefox 18.0.2 * blocklist and CTP updates * fixes in JS engine - update to Firefox 18.0.1 * blocklist updates * backed out bmo#677092 (removed patch) * fixed problems involving HTTP proxy transactions - Fix WebRTC to build on powerpc Changes in MozillaThunderbird: - update to Thunderbird 17.0.3 (bnc#804248) * MFSA 2013-21/CVE-2013-0783 Miscellaneous memory safety hazards * MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers * MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers * MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent * MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer - update Enigmail to 1.5.1 * The release fixes the regressions found in the past few weeks Changes in seamonkey: - update to SeaMonkey 2.16 (bnc#804248) * MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous memory safety hazards * MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds read in image rendering * MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL objects can be wrapped again * MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers * MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers * MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent * MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/ CVE-2013-0778/CVE-2013-0779/CVE-2013-0781 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer - removed obsolete patches * mozilla-webrtc.patch * mozilla-gstreamer-803287.patch - update to SeaMonkey 2.15.2 * Applications could not be removed from the "Application details" dialog under Preferences, Helper Applications (bmo#826771). * View / Message Body As could show menu items out of context (bmo#831348) - update to SeaMonkey 2.15.1 * backed out bmo#677092 (removed patch) * fixed problems involving HTTP proxy transactions - backed out restartless language packs as it broke multi-locale setup (bmo#677092, bmo#818468) Changes in xulrunner: - update to 17.0.3esr (bnc#804248) * MFSA 2013-21/CVE-2013-0783 Miscellaneous memory safety hazards * MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers * MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers * MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent * MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer openSUSE 12.1 Update java-1_6_0-openjdk was updated to IcedTea 1.12.3 (bnc#804654) containing security and bugfixes: * Security fixes - S8006446: Restrict MBeanServer access (CVE-2013-1486) - S8006777: Improve TLS handling of invalid messages Lucky 13 (CVE-2013-0169) - S8007688: Blacklist known bad certificate (issued by DigiCert) * Backports - S8007393: Possible race condition after JDK-6664509 - S8007611: logging behavior in applet changed * Bug fixes - PR1319: Support GIF lib v5. openSUSE 12.1 Update acroread was updated to 9.5.4 to fix remote code execution problems. (CVE-2013-0640, CVE-2013-0641) More information can be found on: http://www.adobe.com/support/security/bulletins/apsb13-07.html openSUSE 12.1 Update git imap-send was fixed to do SSL host verification. This can be disabled if necessary in the config file. openSUSE 12.1 Update libqt4 was updated to fix a information disclosure via QSharedMemory (CVE-2013-0254). openSUSE 12.1 Update pidgin was updated to fix security issues: - Fix a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274) - Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. (CVE-2013-0273) - Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution.(CVE-2013-0272) - Fix a bug where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271) openSUSE 12.1 Update The Linux kernel was updated to fix various bugs and security issues: CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. CVE-2013-0160: Avoid a side channel attack on /dev/ptmx (keyboard input timing). CVE-2012-5374: Fixed a local denial of service in the BTRFS hashing code. CVE-2013-0309: arch/x86/include/asm/pgtable.h in the Linux kernel, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial of service (system crash) via a crafted application. CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. CVE-2012-0957: The override_release function in kernel/sys.c in the Linux kernel allowed local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality. CVE-2013-0216: The Xen netback functionality in the Linux kernel allowed guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel allowed guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information. CVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel did not properly handle recursion, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2012-4508: Race condition in fs/ext4/extents.c in the Linux kernel allowed local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized. CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in the Linux kernel allowed remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. CVE-2012-2745: The copy_creds function in kernel/cred.c in the Linux kernel provided an invalid replacement session keyring to a child process, which allowed local users to cause a denial of service (panic) via a crafted application that uses the fork system call. CVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c in the Linux kernel did not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allowed local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. CVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel allowed remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem. openSUSE 12.1 Update Flash Player was updated to 11.2.202.273 to fix critical security issues: (bnc#806415) * APSB13-08, CVE-2013-0504, CVE-2013-0643, CVE-2013-0648 More information can be found on: https://www.adobe.com/support/security/bulletins/apsb13-08.html openSUSE 12.1 Update sudo was updated to fix two security issues, where adjusting the time of the syste could be used to regain access to sudo sessions if they onc were granted. (CVE-2013-1775,CVE-2013-1776) openSUSE 12.1 - jasper-1.900.1-bnc725758.patch: Two security bugs allowing buffer overflow to be caused by incorrect image data (bnc#725758, CVE-2011-4516 and CVE-2011-4517) openSUSE 12.1 - update to 3.4.8 - bug #3425230 [interface] enum data split at space char (more space to edit) - bug #3426840 [interface] ENUM/SET editor can't handle commas in values - bug #3427256 [interface] no links to browse/empty views and tables - bug #3430377 [interface] Deleted search results remain visible - bug #3428627 [import] ODS import ignores memory limits - bug #3426836 [interface] Visual column separation - bug #3428065 [parser] TRUE not recognized by parser + patch #3433770 [config] Make location of php-gettext configurable - patch #3430291 [import] Handle conflicts in some open_basedir situations - bug #3431427 [display] Dropdown results - setting NULL does not work - patch #3428764 [edit] Inline edit on multi-server configuration - patch #3437354 [core] Notice: Array to string conversion in PHP 5.4 - [interface] When ShowTooltipAliasTB is true, VIEW is wrongly shown as the view name in main panel db Structure page - bug #3439292 [core] Fail to synchronize column with name of keyword - bug #3425156 [interface] Add column after drop - [interface] Avoid showing the password in phpinfo()'s output - bug #3441572 [GUI] 'newer version of phpMyAdmin' message not shown in IE8 - bug #3407235 [interface] Entering the key through a lookup window does not reset NULL - [security] Self-XSS on database names (Synchronize), see PMASA-2011-18 - [security] Self-XSS on database names (Operations/rename), see PMASA-2011-18 - [security] Self-XSS on column type (Create index), see PMASA-2011-18 - [security] Self-XSS on column type (table Search), see PMASA-2011-18 - [security] Self-XSS on invalid query (table overview), see PMASA-2011-18 openSUSE 12.1 Update java-1_6_0-openjdk aka IcedTea was updated to 1.12.4 (bnc#807487) - S8007014, CVE-2013-0809: Improve image handling - S8007675, CVE-2013-1493: Improve color conversion openSUSE 12.1 Update This update fixes a bug which allows an unauthenticated remote attacker to cause a stack overflow in server code, resulting in either server crash or even code execution as the user running firebird. openSUSE 12.1 Update wireshark was updated to 1.8.6 [bnc#807942] + vulnerabilities fixed: * The TCP dissector could crash. wnpa-sec-2013-10 CVE-2013-2475 * The HART/IP dissectory could go into an infinite loop. wnpa-sec-2013-11 CVE-2013-2476 * The CSN.1 dissector could crash. wnpa-sec-2013-12 CVE-2013-2477 * The MS-MMS dissector could crash. wnpa-sec-2013-13 CVE-2013-2478 * The MPLS Echo dissector could go into an infinite loop. wnpa-sec-2013-14 CVE-2013-2479 * The RTPS and RTPS2 dissectors could crash. wnpa-sec-2013-15 CVE-2013-2480 * The Mount dissector could crash. wnpa-sec-2013-16 CVE-2013-2481 * The AMPQ dissector could go into an infinite loop. wnpa-sec-2013-17 CVE-2013-2482 * The ACN dissector could attempt to divide by zero. wnpa-sec-2013-18 CVE-2013-2483 * The CIMD dissector could crash. wnpa-sec-2013-19 CVE-2013-2484 * The FCSP dissector could go into an infinite loop. wnpa-sec-2013-20 CVE-2013-2485 * The RELOAD dissector could go into an infinite loop. wnpa-sec-2013-21 CVE-2013-2486 CVE-2013-2487 * The DTLS dissector could crash. wnpa-sec-2013-22 CVE-2013-2488 + Further bug fixes and updated protocol support as listed in: http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html openSUSE 12.1 Update chromium was updated to version 27.0.1425 having both stability and security fixes: * Bug and stability fixes: - Fixed crash after clicking through malware warning. (Issue: 173986) - Fixed broken command line to create extensions with locale info (Issue: 176187) - Hosted apps in Chrome will always be opened from app launcher. (Issue: 176267) - Added modal confirmation dialog to the enterprise profile sign-in flow. (Issue: 171236) - Fixed a crash with autofill. (Issues: 175454, 176576) - Fixed issues with sign-in. (Issues: 175672, 175819, 175541, 176190) - Fixed spurious profile shortcuts created with a system-level install. (Issue: 177047) - Fixed the background tab flashing with certain themes. (Issue: 175426) * Security Fixes: (bnc#804986) - High CVE-2013-0879: Memory corruption with web audio node - High CVE-2013-0880: Use-after-free in database handling - Medium CVE-2013-0881: Bad read in Matroska handling - High CVE-2013-0882: Bad memory access with excessive SVG parameters. - Medium CVE-2013-0883: Bad read in Skia. - Low CVE-2013-0884: Inappropriate load of NaCl. - Medium CVE-2013-0885: Too many API permissions granted to web store - Medium CVE-2013-0886: Incorrect NaCl signal handling. - Low CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server - Medium CVE-2013-0888: Out-of-bounds read in Skia - Low CVE-2013-0889: Tighten user gesture check for dangerous file downloads. - High CVE-2013-0890: Memory safety issues across the IPC layer. - High CVE-2013-0891: Integer overflow in blob handling. - Medium CVE-2013-0892: Lower severity issues across the IPC layer - Medium CVE-2013-0893: Race condition in media handling. - High CVE-2013-0894: Buffer overflow in vorbis decoding. - High CVE-2013-0895: Incorrect path handling in file copying. - High CVE-2013-0896: Memory management issues in plug-in message handling - Low CVE-2013-0897: Off-by-one read in PDF - High CVE-2013-0898: Use-after-free in URL handling - Low CVE-2013-0899: Integer overflow in Opus handling - Medium CVE-2013-0900: Race condition in ICU * Make adjustment for autodetecting of the PepperFlash library. The package with the PepperFlash hopefully will be soon available through packman - Update to 26.0.1411 * Bug and stability fixes - Update to 26.0.1403 * Bug and stability fixes - Using system libxml2 requires system libxslt. - Using system MESA does not work in i586 for some reason. - Also use system MESA, factory version seems adecuate now. - Always use system libxml2. - Restrict the usage of system libraries instead of the bundled ones to new products, too much hassle otherwise. - Also link kerberos and libgps directly, do not dlopen them. - Avoid using dlopen on system libraries, rpm or the package Manager do not handle this at all. tested for a few weeks and implemented with a macro so it can be easily disabled if problems arise. - Use SOME system libraries instead of the bundled ones, tested for several weeks and implemented with a macro for easy enable/Disable in case of trouble. - Update to 26.0.1393 * Bug and stability fixes * Security fixes - Update to 26.0.1375 * Bug and stability fixes - Update to 26.0.1371 * Bug and stability fixes - Update to 26.0.1367 * Bug and stability fixes openSUSE 12.1 Update Mozilla Firefox was updated to 19.0.2 (bnc#808243) fixing: * MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor could be used for code execution * blocklist updates openSUSE 12.1 Update krb5 was updated to fix security issues in PKINIT: - fix PKINIT null pointer deref in pkinit_check_kdc_pkid() (CVE-2012-1016 bnc#807556) - fix PKINIT null pointer deref (CVE-2013-1415 bnc#806715) Also package a missing file on 12.3 (bnc#794784). openSUSE 12.1 Update xulrunner was updated to 17.0.4esr (bnc#808243) to fix a important security issue: * MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor openSUSE 12.1 Update seamonkey was updated to version 2.16.1 fixing a severe security issue. * MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor openSUSE 12.1 Update NRPE (the Nagios Remote Plug-In Executor) allows the passing of $() to plugins/scripts which, if run under bash, will execute that shell command under a subprocess and pass the output as a parameter to the called script. Using this, it is possible to get called scripts, such as check_http, to execute arbitrary commands under the uid that NRPE/nagios is running as (typically, 'nagios'). With this update NRPE will deny remote requests containing a bash command substitution. openSUSE 12.1 Update Perl was updated to fix 3 security issues: - fix rehash denial of service (compute time) [bnc#804415] [CVE-2013-1667] - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526] - sanitize input in Maketext.pm to avoid code injection [bnc#797060] [CVE-2012-6329] In openSUSE 12.1 also the following non-security bug was fixed: - fix IPC::Open3 bug when '-' is used [bnc#755278] openSUSE 12.1 Update MozillaThunderbird was updated to 17.0.4 (bnc#808243) * MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor openSUSE 12.1 Update transmission was updated to fix remote crashes in UTP_ProcessIncoming() (CVE-2012-6129, bnc#803088). openSUSE 12.1 Update Adobe Flash Player was updated to 11.2.202.275: (bnc#808973) * APSB13-09, CVE-2013-0646, CVE-2013-0650, CVE-2013-1371, CVE-2013-1375 More information can be found on: http://www.adobe.com/support/security/bulletins/apsb13-09.html openSUSE 12.1 Update nss-pam-ldap was updated to fix a FD_SET overflow, happening when more than 1024 filedescriptors are opened. (CVE-2013-0288) openSUSE 12.1 Update telepathy-gabble was updated to fix a remote denial of service attack using NULL ptr dereferences during hashing. (CVE-2013-1769). openSUSE 12.1 Update libxml2 was updated to limit internal entity expansion denial of service problems (IXE) (CVE-2013-0338) (bnc#805233) openSUSE 12.1 Update privoxy was updated to 3.0.21 stable fo fix CVE-2013-2503 (bnc#809123) - changes in 3.0.21 * On POSIX-like platforms, network sockets with file descriptor values above FD_SETSIZE are properly rejected. Previously they could cause memory corruption in configurations that allowed the limit to be reached. * Proxy authentication headers are removed unless the new directive enable-proxy-authentication-forwarding is used. Forwarding the headers potentionally allows malicious sites to trick the user into providing them with login information. Reported by Chris John Riley. * Compiles on OS/2 again now that unistd.h is only included on platforms that have it. * The show-status page shows the FEATURE_STRPTIME_SANITY_CHECKS status. * A couple of assert()s that could theoretically dereference NULL pointers in debug builds have been relocated. * Added an LSB info block to the generic start script. Based on a patch from Natxo Asenjo. * The max-client-connections default has been changed to 128 which should be more than enough for most setups. * Block rover.ebay./ar.*\&adtype= instead of "/.*\&adtype=" which caused too man false positives. Reported by u302320 in #360284, additional feedback from Adam Piggott. * Unblock '.advrider.com/' and '/.*ADVrider'. Anonymously reported in #3603636. * Stop blocking '/js/slider\.js'. Reported by Adam Piggott in #3606635 and _lvm in #2791160. * Added an iframes filter. * The whole GPLv2 text is included in the user manual now, so Privoxy can serve it itself and the user can read it without having to wade through GPLv3 ads first. * Properly numbered and underlined a couple of section titles in the config that where previously overlooked due to a flaw in the conversion script. Reported by Ralf Jungblut. * Improved the support instruction to hopefully make it harder to unintentionally provide insufficient information when requesting support. Previously it wasn't obvious that the information we need in bug reports is usually also required in support requests. * Removed documentation about packages that haven't been provided in years. * Only log the test number when not running in verbose mode The position of the test is rarely relevant and it previously - for full list of changes see ChangeLog file shipped together with this package openSUSE 12.1 Update ImageMagick received fixes for a overflow in *png_malloc functions. (CVE-2012-3437) openSUSE 12.1 Update GraphicsMagick was updated to fix integer overflows in the _png_malloc functions (CVE-2012-3438). openSUSE 12.1 Update pigz incorrectly used world writeable permissions during unpacking (CVE-2013-0296). openSUSE 12.1 Update clamav was updated to version 0.97.7 (bnc#809945) and contains several hardening fixes which might be security issues. openSUSE 12.1 Update Ruby 1.8 was updated to fix a XML entity expansion denial of service attack (CVE-2013-1821) Ruby 1.9 was updated to 1.9.3 p392, fixing the same security issues and also: - update json intree to 1.5.5: Denial of Service and Unsafe Object Creation Vulnerability in JSON CVE-2013-0269 - limit entity expansion text limit to 10kB CVE-2013-1821 - get rid of a SEGV when calling rb_iter_break() from some extention libraries. - some warning suppressed and smaller fixes openSUSE 12.1 Update This update of fail2ban fixes a startup related startup-problem and a security problem fixed upstream (CVE-2012-5642). openSUSE 12.1 Update Two denial of service problems (crashes with NULL pointer derference) were fixed in libxslt, which could potentially be used by remote attackers to crash libxslt using programs. openSUSE 12.1 Chromium update to to 18.0.972 openSUSE 12.1 Update Various security issues were fixed in puppet. CVE-2013-1655 CVE-2013-2275 CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654 CVE-2013-1655 CVE-2013-2274 CVE-2013-2275 openSUSE 12.1 FreeType allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font. (CVE-2011-3439, bnc#730124) openSUSE 12.1 Update bind was updated to 9.8.4-P2 to fix security problems and bugs. Security Fixes Removed the check for regex.h in configure in order to disable regex syntax checking, as it exposes BIND to a critical flaw in libregex on some platforms. [CVE-2013-2266] [RT #32688] https://kb.isc.org/article/AA-00871 (bnc#811876) Prevents named from aborting with a require assertion failure on servers with DNS64 enabled. These crashes might occur as a result of specific queries that are received. (Note that this fix is a subset of a series of updates that will be included in full in BIND 9.8.5 and 9.9.3 as change #3388, RT #30996). [CVE-2012-5688] [RT #30792] A deliberately constructed combination of records could cause named to hang while populating the additional section of a response. [CVE-2012-5166] [RT #31090] Prevents a named assert (crash) when queried for a record whose RDATA exceeds 65535 bytes [CVE-2012-4244] [RT #30416] Prevents a named assert (crash) when validating caused by using "Bad cache" data before it has been initialized. [CVE-2012-3817] [RT #30025] A condition has been corrected where improper handling of zero-length RDATA could cause undesirable behavior, including termination of the named process. [CVE-2012-1667] [RT #29644] New Features Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918] Feature Changes Improves OpenSSL error logging [RT #29932] nslookup now returns a nonzero exit code when it is unable to get an answer. [RT #29492] Bug Fixes Uses binary mode to open raw files on Windows. [RT #30944] Static-stub zones now accept "forward" and "fowarders" options (often needed for subdomains of the zone referenced to override global forwarding options). These options are already available with traditional stub zones and their omission from zones of type "static-stub" was an inadvertent oversight. [RT #30482] Limits the TTL of signed RRsets in cache when their RRSIGs are approaching expiry. This prevents the persistence in cache of invalid RRSIGs in order to assist recovery from a situation where zone re-signing doesn't occur in a timely manner. With this change, named will attempt to obtain new RRSIGs from the authoritative server once the original ones have expired, and even if the TTL of the old records would in other circumstances cause them to be kept in cache for longer. [RT #26429] Corrects the syntax of isc_atomic_xadd() and isc_atomic_cmpxchg() which are employed on Itanium systems to speed up lock management by making use of atomic operations. Without the syntax correction it is possible that concurrent access to the same structures could accidentally occur with unpredictable results. [RT #25181] The configure script now supports and detects libxml2-2.8.x correctly [RT #30440] The host command should no longer assert on some architectures and builds while handling the time values used with the -w (wait forever) option. [RT #18723] Invalid zero settings for max-retry-time, min-retry-time, max-refresh-time, min-refresh-time will now be detected during parsing of named.conf and an error emitted instead of triggering an assertion failure on startup. [RT #27730] Removes spurious newlines from log messages in zone.c [RT #30675] When built with readline support (i.e. on a system with readline installed) nsupdate no longer terminates unexpectedly in interactive mode. [RT #29550] All named tasks that perform task-exclusive operations now share the same single task. Prior to this change, there was the possibility of a race condition between rndc operations and other functions such as re-sizing the adb hash table. If the race condition was encountered, named would in most cases terminate unexpectedly with an assert. [RT #29872] Ensures that servers are expired from the ADB cache when the timeout limit is reached so that their learned attributes can be refreshed. Prior to this change, servers that were frequently queried might never have their entries removed and reinitialized. This is of particular importance to DNSSEC-validating recursive servers that might erroneously set "no-edns" for an authoritative server following a period of intermittent connectivity. [RT #29856] Adds additional resilience to a previous security change (3218) by preventing RRSIG data from being added to cache when a pseudo-record matching the covering type and proving non-existence exists at a higher trust level. The earlier change prevented this inconsistent data from being retrieved from cache in response to client queries - with this additional change, the RRSIG records are no longer inserted into cache at all. [RT #26809] dnssec-settime will now issue a warning when the writing of a new private key file would cause a change in the permissions of the existing file. [RT #27724] Fixes the defect introduced by change #3314 that was causing failures when saving stub zones to disk (resulting in excessive CPU usage in some cases). [RT #29952] It is now possible to using multiple control keys again - this functionality was inadvertently broken by change #3924 (RT #28265) which addressed a memory leak. [RT #29694] Setting resolver-query-timeout too low could cause named problems recovering after a loss of connectivity. [RT #29623] Reduces the potential build-up of stale RRsets in cache on a busy recursive nameserver by re-using cached DS and RRSIG rrsets when possible [RT #29446] Corrects a failure to authenticate non-existence of resource records in some circumstances when RPZ has been configured. Also: - adds an optional "recursive-only yes|no" to the response-policy statement - adds an optional "max-policy-ttl" to the response-policy statement to limit the false data that "recursive-only no" can introduce into resolvers' caches - introduces a predefined encoding of PASSTHRU policy by adding "rpz-passthru" to be used as the target of CNAME policy records (the old encoding is still accepted.) - adds a RPZ performance test to bin/tests/system/rpz when queryperf is available. [RT #26172] Upper-case/lower-case handling of RRSIG signer-names is now handled consistently: RRSIG records are generated with the signer-name in lower case. They are accepted with any case, but if they fail to validate, we try again in lower case. [RT #27451] - Update the IPv4 address of the D root name server. openSUSE 12.1 Update The ISC dhcp server was updated to fix a denial of service attack via regular expressions: - Removed regex.h check from configure in bind sources (bnc#811934, CVE-2013-2266). Make the bind export library build output visible. [dhcp-4.2.4-P2-no-bind-regex-check.CVE-2013-2266.diff] Also fixed: - Added dhcp6-server service template for SuSEfirewall2 (bnc#783002) openSUSE 12.1 Update jakarta-commons-httpclient3 was updated to enhance the fix of bnc#803332 / CVE-2012-5783: - also add a check for subjectAltNames in certificates openSUSE 12.1 - fix for CVE-2011-3346 (bnc#728664) openSUSE 12.1 Update apache2 was updated to fix: - fix for cross site scripting vulnerability in mod_balancer. This is CVE-2012-4558 [bnc#807152] - fixes for low profile cross site scripting vulnerabilities, known as CVE-2012-3499 [bnc#806458] - Escape filename for the case that uploads are allowed with untrusted user's control over filenames and mod_negotiation enabled on the same directory. CVE-2012-2687 [bnc#777260] And also these bugs: - httpd-2.2.x-bnc798733-SNI_ignorecase.diff: ignore case when checking against SNI server names. [bnc#798733] openSUSE 12.1 Update XEN was updated to fix various bugs and security issues: Security issues fixed: - bnc#800275 - CVE-2013-0153: xen: interrupt remap entries shared and old ones not cleared on AMD IOMMUs - bnc#797523 - CVE-2012-6075: qemu / kvm-qemu: e1000 overflows under some conditions - bnc#797031 - Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only) - bnc#794316 - CVE-2012-5634: xen: VT-d interrupt remapping source validation flaw (XSA-33) Bugs fixed: - Upstream patches from Jan 26536-xenoprof-div-by-0.patch 26578-AMD-IOMMU-replace-BUG_ON.patch 26656-x86-fix-null-pointer-dereference-in-intel_get_extended_msrs.patch 26659-AMD-IOMMU-erratum-746-workaround.patch 26660-x86-fix-CMCI-injection.patch 26672-vmx-fix-handling-of-NMI-VMEXIT.patch 26673-Avoid-stale-pointer-when-moving-domain-to-another-cpupool.patch 26676-fix-compat-memory-exchange-op-splitting.patch 26677-x86-make-certain-memory-sub-ops-return-valid-values.patch 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch 26679-x86-defer-processing-events-on-the-NMI-exit-path.patch 26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch 26692-x86-MSI-fully-protect-MSI-X-table.patch - bnc#805094 - xen hot plug attach/detach fails modified blktap-pv-cdrom.patch - bnc#802690 - domain locking can prevent a live migration from completing modified xend-domain-lock.patch - bnc#797014 - no way to control live migrations 26547-tools-xc_fix_logic_error_in_stdiostream_progress.patch 26548-tools-xc_handle_tty_output_differently_in_stdiostream_progress.patch 26549-tools-xc_turn_XCFLAGS__into_shifts.patch 26550-tools-xc_restore_logging_in_xc_save.patch 26551-tools-xc_log_pid_in_xc_save-xc_restore_output.patch 26675-tools-xentoollog_update_tty_detection_in_stdiostream_progress.patch xen.migrate.tools-xc_print_messages_from_xc_save_with_xc_report.patch xen.migrate.tools-xc_document_printf_calls_in_xc_restore.patch xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirty.patch xen.migrate.tools_set_migration_constraints_from_cmdline.patch xen.migrate.tools_add_xm_migrate_--log_progress_option.patch - remove old patches: xen.xc.progress.patch xen.xc_save.details.patch xen.migration.abort_if_busy.patch - bnc#806736: enabling xentrace crashes hypervisor 26686-xentrace_fix_off-by-one_in_calculate_tbuf_size.patch - Upstream patches from Jan 26287-sched-credit-pick-idle.patch 26501-VMX-simplify-CR0-update.patch 26502-VMX-disable-SMEP-when-not-paging.patch 26516-ACPI-parse-table-retval.patch (Replaces CVE-2013-0153-xsa36.patch) 26517-AMD-IOMMU-clear-irtes.patch (Replaces CVE-2013-0153-xsa36.patch) 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch (Replaces CVE-2013-0153-xsa36.patch) 26519-AMD-IOMMU-perdev-intremap-default.patch (Replaces CVE-2013-0153-xsa36.patch) 26526-pvdrv-no-devinit.patch 26531-AMD-IOMMU-IVHD-special-missing.patch (Replaces CVE-2013-0153-xsa36.patch) - bnc#798188 - Add $network to xend initscript dependencies - bnc#797014 - no way to control live migrations * fix logic error in stdiostream_progress xen.xc.progress.patch * restore logging in xc_save xen.xc_save.details.patch * add options to control migration tunables --max_iters, --max_factor, --abort_if_busy xen.migration.abort_if_busy.patch - bnc#799694 - Unable to dvd or cdrom-boot DomU after xen-tools update Fixed with update to Xen version 4.1.4 - bnc#800156 - L3: HP iLo Generate NMI function not working in XEN kernel 26440-x86-forward-SERR.patch - Upstream patches from Jan 26404-x86-forward-both-NMI-kinds.patch 26427-x86-AMD-enable-WC+.patch - bnc#793927 - Xen VMs with more than 2 disks randomly fail to start 25590-hotplug-locking.patch 25595-hotplug-locking.patch 26079-hotplug-locking.patch - Upstream patches from Jan 26332-x86-compat-show-guest-stack-mfn.patch 26333-x86-get_page_type-assert.patch (Replaces CVE-2013-0154-xsa37.patch) 26340-VT-d-intremap-verify-legacy-bridge.patch (Replaces CVE-2012-5634-xsa33.patch) 26370-libxc-x86-initial-mapping-fit.patch - Update to Xen 4.1.4 c/s 23432 - Update xenpaging.guest-memusage.patch add rule for xenmem to avoid spurious build failures - Upstream patches from Jan 26179-PCI-find-next-cap.patch 26183-x86-HPET-masking.patch 26188-x86-time-scale-asm.patch 26200-IOMMU-debug-verbose.patch 26203-x86-HAP-dirty-vram-leak.patch 26229-gnttab-version-switch.patch (Replaces CVE-2012-5510-xsa26.patch) 26230-x86-HVM-limit-batches.patch (Replaces CVE-2012-5511-xsa27.patch) 26231-memory-exchange-checks.patch (Replaces CVE-2012-5513-xsa29.patch) 26232-x86-mark-PoD-error-path.patch (Replaces CVE-2012-5514-xsa30.patch) 26233-memop-order-checks.patch (Replaces CVE-2012-5515-xsa31.patch) 26235-IOMMU-ATS-max-queue-depth.patch 26272-x86-EFI-makefile-cflags-filter.patch 26294-x86-AMD-Fam15-way-access-filter.patch CVE-2013-0154-xsa37.patch - Restore c/s 25751 in 23614-x86_64-EFI-boot.patch. Modify the EFI Makefile to do additional filtering. EFI-makefile-cflags-filter.patch openSUSE 12.1 - Fix timezone loader overflow (bnc#735850,CVE-2009-5029) (patch tzfile-corruption-fix.patch) openSUSE 12.1 Update The Mozilla suite received security and bugfix updates: Mozilla Firefox was updated to version 20.0. Mozilla Thunderbird was updated to version 17.0.5. Mozilla Seamonkey was updated to version 17.0.5. Mozilla XULRunner was updated to version 17.0.5. mozilla-nss was updated to version 3.14.3. mozilla-nspr was updated to version 4.9.6. mozilla-nspr was updated to version 4.9.6: * aarch64 support * added PL_SizeOfArenaPoolExcludingPool function (bmo#807883) * Auto detect android api version for x86 (bmo#782214) * Initialize Windows CRITICAL_SECTIONs without debug info and with nonzero spin count (bmo#812085) Previous update to version 4.9.5 * bmo#634793: define NSPR's exact-width integer types PRInt{N} and PRUint{N} types to match the <stdint.h> exact-width integer types int{N}_t and uint{N}_t. * bmo#782815: passing 'int *' to parameter of type 'unsigned int *' in setsockopt(). * bmo#822932: Port bmo#802527 (NDK r8b support for x86) to NSPR. * bmo#824742: NSPR shouldn't require librt on Android. * bmo#831793: data race on lib->refCount in PR_UnloadLibrary. mozilla-nss was updated to version 3.14.3: * disable tests with expired certificates * add SEC_PKCS7VerifyDetachedSignatureAtTime using patch from mozilla tree to fulfill Firefox 21 requirements * No new major functionality is introduced in this release. This release is a patch release to address CVE-2013-1620 (bmo#822365) * "certutil -a" was not correctly producing ASCII output as requested. (bmo#840714) * NSS 3.14.2 broke compilation with older versions of sqlite that lacked the SQLITE_FCNTL_TEMPFILENAME file control. NSS 3.14.3 now properly compiles when used with older versions of sqlite (bmo#837799) - remove system-sqlite.patch * add arm aarch64 support * added system-sqlite.patch (bmo#837799) * do not depend on latest sqlite just for a #define * enable system sqlite usage again * update to 3.14.2 * required for Firefox >= 20 * removed obsolete nssckbi update patch * MFSA 2013-40/CVE-2013-0791 (bmo#629816) Out-of-bounds array read in CERT_DecodeCertPackage * disable system sqlite usage since we depend on 3.7.15 which is not provided in any openSUSE distribution * add nss-sqlitename.patch to avoid any name clash Changes in MozillaFirefox: - update to Firefox 20.0 (bnc#813026) * requires NSPR 4.9.5 and NSS 3.14.3 * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous memory safety hazards * MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds write in Cairo library * MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash with Mesa graphics driver on Linux * MFSA 2013-36/CVE-2013-0795 (bmo#825697) Bypass of SOW protections allows cloning of protected nodes * MFSA 2013-37/CVE-2013-0794 (bmo#626775) Bypass of tab-modal dialog origin disclosure * MFSA 2013-38/CVE-2013-0793 (bmo#803870) Cross-site scripting (XSS) using timed history navigations * MFSA 2013-39/CVE-2013-0792 (bmo#722831) Memory corruption while rendering grayscale PNG images - use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch) - build fixes for armv7hl: * disable debug build as armv7hl does not have enough memory * disable webrtc on armv7hl as it is non-compiling Changes in MozillaThunderbird: - update to Thunderbird 17.0.5 (bnc#813026) * requires NSPR 4.9.5 and NSS 3.14.3 * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous memory safety hazards * MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds write in Cairo library * MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash with Mesa graphics driver on Linux * MFSA 2013-36/CVE-2013-0795 (bmo#825697) Bypass of SOW protections allows cloning of protected nodes * MFSA 2013-38/CVE-2013-0793 (bmo#803870) Cross-site scripting (XSS) using timed history navigations Changes in seamonkey: - update to SeaMonkey 2.17 (bnc#813026) * requires NSPR 4.9.5 and NSS 3.14.3 * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous memory safety hazards * MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds write in Cairo library * MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash with Mesa graphics driver on Linux * MFSA 2013-36/CVE-2013-0795 (bmo#825697) Bypass of SOW protections allows cloning of protected nodes * MFSA 2013-37/CVE-2013-0794 (bmo#626775) Bypass of tab-modal dialog origin disclosure * MFSA 2013-38/CVE-2013-0793 (bmo#803870) Cross-site scripting (XSS) using timed history navigations * MFSA 2013-39/CVE-2013-0792 (bmo#722831) Memory corruption while rendering grayscale PNG images - use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch) Changes in xulrunner: - update to 17.0.5esr (bnc#813026) * requires NSPR 4.9.5 and NSS 3.14.3 * MFSA 2013-30/CVE-2013-0788 Miscellaneous memory safety hazards * MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds write in Cairo library * MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash with Mesa graphics driver on Linux * MFSA 2013-36/CVE-2013-0795 (bmo#825697) Bypass of SOW protections allows cloning of protected nodes * MFSA 2013-37/CVE-2013-0794 (bmo#626775) Bypass of tab-modal dialog origin disclosure * MFSA 2013-38/CVE-2013-0793 (bmo#803870) Cross-site scripting (XSS) using timed history navigations openSUSE 12.1 Update Changes in rubygem-actionpack-2_3: - add 2 patches to fix security issues: - bug-809935_2-3-css_sanitize.patch: CVE-2013-1855: rubygem-actionpack*: XSS vulnerability in sanitize_css in Action Pack (bnc#809935) - bug-809940_2-3-sanitize_protocol.patch: CVE-2013-1857: rubygem-actionpack*: XSS Vulnerability in the `sanitize` helper of Ruby on Rails (bnc#809940) openSUSE 12.1 Update Changes in rubygem-activerecord-2_3: - add patch to fix security issue: - bug-809932_2-3-attribute_symbols.patch: fix CVE-2013-1854: rubygem-activerecord*: Symbol DoS vulnerability in Active Record (bnc#809932) openSUSE 12.1 Update Changes in rubygem-activesupport-2_3: - add patch to fix security issue: - bug-809932_2-3-attribute_symbols.patch: fix CVE-2013-1854: rubygem-activerecord*: Symbol DoS vulnerability in Active Record (bnc#809932) openSUSE 12.1 Update postgresql was updated to version 9.1.9 (bnc#812525): * CVE-2013-1899: Fix insecure parsing of server command-line switches. A connection request containing a database name that begins with "-" could be crafted to damage or destroy files within the server's data directory, even if the request is eventually rejected. * CVE-2013-1900: Reset OpenSSL randomness state in each postmaster child process. This avoids a scenario wherein random numbers generated by "contrib/pgcrypto" functions might be relatively easy for another database user to guess. The risk is only significant when the postmaster is configured with ssl = on but most connections don't use SSL encryption. * CVE-2013-1901: Make REPLICATION privilege checks test current user not authenticated user. An unprivileged database user could exploit this mistake to call pg_start_backup() or pg_stop_backup(), thus possibly interfering with creation of routine backups. * See the release notes for the rest of the changes: http://www.postgresql.org/docs/9.1/static/release-9-1-9.html /usr/share/doc/packages/postgresql91/HISTORY openSUSE 12.1 Update Opera 12.15 is a recommended upgrade offering security and stability enhancements. It provides: -fixed an issue where the search bar's default engine could be overridden by third-party apps; -fixed a moderately severe issue; -added safeguards against attacks on the RC4 encryption protocol; see our advisory. -fixed an issue where cookies could be set for a top-level domain; see our advisory. openSUSE 12.1 Update Subversion received minor version updates to fix remote triggerable vulnerabilities in mod_dav_svn which may result in denial of service. On openSUSE 12.1: - update to 1.6.21 [bnc#813913], addressing remotely triggerable + CVE-2013-1845: mod_dav_svn excessive memory usage from property changes + CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs + CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs + CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs - further changes: + mod_dav_svn will omit some property values for activity urls + improve memory usage when committing properties in mod_dav_svn + fix mod_dav_svn runs pre-revprop-change twice + fixed: post-revprop-change errors cancel commit + improved logic in mod_dav_svn's implementation of lock. + fix a compatibility issue with g++ 4.7 On openSUSE 12.2 and 12.3: - update to 1.7.9 [bnc#813913], addressing remotely triggerable vulnerabilities in mod_dav_svn which may result in denial of service: + CVE-2013-1845: mod_dav_svn excessive memory usage from property changes + CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs + CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs + CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs + CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT - further changes: + Client-side bugfixes: * improved error messages about svn:date and svn:author props. * fix local_relpath assertion * fix memory leak in `svn log` over svn:// * fix incorrect authz failure when using neon http library * fix segfault when using kwallet + Server-side bugfixes: * svnserve will log the replayed rev not the low-water rev. * mod_dav_svn will omit some property values for activity urls * fix an assertion in mod_dav_svn when acting as a proxy on / * improve memory usage when committing properties in mod_dav_svn * fix svnrdump to load dump files with non-LF line endings * fix assertion when rep-cache is inaccessible * improved logic in mod_dav_svn's implementation of lock. * avoid executing unnecessary code in log with limit - Developer-visible changes: + General: * fix an assertion in dav_svn_get_repos_path() on Windows * fix get-deps.sh to correctly download zlib * doxygen docs will now ignore prefixes when producing the index * fix get-deps.sh on freebsd + Bindings: * javahl status api now respects the ignoreExternals boolean - refresh subversion-no-build-date.patch for upstream source changes openSUSE 12.1 Update - Fixed to quote config / interface variables in ifservices script and cleaned up content of the ESSID which gets appended to them by NetworkManager dispatcher hook (bnc#735394, CVE-2011-4182). Fixed also to return proper exit code 0 in NM dispatcher hooks. - Changed to call ip addr flush in ifdown, but after ip link set down as it does not cause ipv6 sysctl tree side effects then at least with more recent kernels (bnc#580018,bnc#559170). - Explicitly disabled posix mode in all bash scripts as we are using several features not supported in posix mode (bnc#739338). - Fixed ipv6 dad / link ready wait time calculation (1/10 of the specified time) and replaced useless up flag check loop with link_ready_wait to avoid send errors from dhclient6 (bnc#697929). - Added to require vlan, bridge-utils and tunctl packages via spec, that are often required in base networking configurations and are missed otherwise in 2nd installation stage, that may be unable to install them for some reason (bnc#733118). - Added X-Systemd-RemainAfterExit: true LSB header (bnc#727771) - Do not suggest dhcp6c client from dropped dhcpv6 package in ifup-dhcp, marked dhcp6c as deprecated in network/dhcp and changed to use dhclient6 as first choice (bnc#734723). openSUSE 12.1 Update Adobe Flash Player was updated to 11.2.202.280: (bnc#814635) http://www.adobe.com/support/security/bulletins/apsb13-11.html * APSB13-11, CVE-2013-1378, CVE-2013-1379, CVE-2013-1380, CVE-2013-2555 openSUSE 12.1 Update libcurl was updated to fix a cookie tail matching flaw which could lead to attackers gaining cookie access depending on domain names. (CVE-2013-1944,bnc#814655) openSUSE 12.1 Update - update to 1.3.2 (bnc#815596) - Security Updates * CVE-2013-1927, RH884705: fixed gifar vulnerability * CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common * Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized. - NetX * PR580: http://www.horaoficial.cl/ loads improperly - Plugin * PR1260: IcedTea-Web should not rely on GTK obsoletes icedtea-web-remove-gtk-dep.patch * PR1157: Applets can hang browser after fatal exception openSUSE 12.1 Mozilla Firefox and Thunderbird version 9 and seamonkey version 2.6 updates fix several security issues: * MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards * MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library * MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access * MFSA 2011-56/CVE-2011-3663: Key detection without JavaScript via SVG animation * MFSA 2011-58/CVE-2011-3665: Crash scaling video elements to extreme sizes openSUSE 12.1 Update - fix for CVE-2013-1969 (bnc#815665) * libxml2-CVE-2013-1969.patch openSUSE 12.1 - Added a patch to fix errors in the pkcs11n.h header file. (bmo#702090) - update to 3.13.1 RTM * better SHA-224 support (bmo#647706) * fixed a regression (causing hangs in some situations) introduced in 3.13 (bmo#693228) - update to 3.13.0 RTM * SSL 2.0 is disabled by default * A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it. * SHA-224 is supported * Ported to iOS. (Requires NSPR 4.9.) * Added PORT_ErrorToString and PORT_ErrorToName to return the error message and symbolic name of an NSS error code * Added NSS_GetVersion to return the NSS version string * Added experimental support of RSA-PSS to the softoken only * NSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db anymore (bmo#641052, bnc#726096) openSUSE 12.1 Update - fix prep_reprocess_req NULL pointer deref CVE-2013-1416 (bnc#816413) bug-816413-CVE-2013-1416-prep_reprocess_req-NULL-ptr-deref.dif openSUSE 12.1 Update java-1_6_0-openjdk was updated to 1.12.5 (bnc#817157) * Security fixes - S6657673, CVE-2013-1518: Issues with JAXP - S7200507: Refactor Introspector internals - S8000724, CVE-2013-2417: Improve networking serialization - S8001031, CVE-2013-2419: Better font processing - S8001040, CVE-2013-1537: Rework RMI model - S8001322: Refactor deserialization - S8001329, CVE-2013-1557: Augment RMI logging - S8003335: Better handling of Finalizer thread - S8003445: Adjust JAX-WS to focus on API - S8003543, CVE-2013-2415: Improve processing of MTOM attachments - S8004261: Improve input validation - S8004336, CVE-2013-2431: Better handling of method handle intrinsic frames - S8004986, CVE-2013-2383: Better handling of glyph table - S8004987, CVE-2013-2384: Improve font layout - S8004994, CVE-2013-1569: Improve checking of glyph table - S8005432: Update access to JAX-WS - S8005943: (process) Improved Runtime.exec - S8006309: More reliable control panel operation - S8006435, CVE-2013-2424: Improvements in JMX - S8006790: Improve checking for windows - S8006795: Improve font warning messages - S8007406: Improve accessibility of AccessBridge - S8007617, CVE-2013-2420: Better validation of images - S8007667, CVE-2013-2430: Better image reading - S8007918, CVE-2013-2429: Better image writing - S8009063, CVE-2013-2426: Improve reliability of ConcurrentHashMap - S8009305, CVE-2013-0401: Improve AWT data transfer - S8009699, CVE-2013-2421: Methodhandle lookup - S8009814, CVE-2013-1488: Better driver management - S8009857, CVE-2013-2422: Problem with plugin - RH952389: Temporary files created with insecure permissions * Backports - S7197906: BlockOffsetArray::power_to_cards_back() needs to handle > 32 bit shifts - S7036559: ConcurrentHashMap footprint and contention improvements - S5102804: Memory leak in Introspector.getBeanInfo(Class) for custom BeanInfo: Class param (with WeakCache from S6397609) - S6501644: sync LayoutEngine *code* structure to match ICU - S6886358: layout code update - S6963811: Deadlock-prone locking changes in Introspector - S7017324: Kerning crash in JDK 7 since ICU layout update - S7064279: Introspector.getBeanInfo() should release some resources in timely manner - S8004302: javax/xml/soap/Test7013971.java fails since jdk6u39b01 - S7133220: Additional patches to JAXP 1.4.5 update 1 for 7u4 (partial for S6657673) - S8009530: ICU Kern table support broken * Bug fixes - OJ3: Fix get_stack_bounds memory leak (alternate fix for S7197906) - PR1362: Fedora 19 / rawhide FTBFS SIGILL - PR1338: Remove dependence on libXp - PR1339: Simplify the rhino class rewriter to avoid use of concurrency - PR1336: Bootstrap failure on Fedora 17/18 - PR1319: Correct #ifdef to #if - PR1402: Support glibc < 2.17 with AArch64 patch - Give xalan/xerces access to their own internal packages. * New features - JAXP, JAXWS & JAF supplied as patches rather than drops to aid subsequent patching. - PR1380: Add AArch64 support to Zero - openjdk-7-src-b147-awt-crasher.patch (bnc#792951) - fix build for non-jit packages openSUSE 12.1 Update - U_xf86-fix-flush-input-to-work-with-Linux-evdev-device.patch * So when we VT switch back and attempt to flush the input devices, we don't succeed because evdev won't return part of an event, since we were only asking for 4 bytes, we'd only get -EINVAL back. This could later cause events to be flushed that we shouldn't have gotten. This is a fix for CVE-2013-1940. (bnc#814653) openSUSE 12.1 Update - Applied upstream patch for security vulnerability discovered by Kevin Wojtysiak in ECDSA signature verification of the strongswan openssl plugin (bnc#815236, CVE-2013-2944) [0003-Check-return-value-of-ECDSA_Verify-correctly.patch] openSUSE 12.1 Update This update of python-httplib2 fixed broken SSL certification verification. openSUSE 12.1 Update Changes in gnutls: - Fix bug[ bnc#802651] CVE-2013-1619( gnutls): Luck-13 issue Add patch file: CVE-2013-1619.patch openSUSE 12.1 - added FastCGI-fix_deprecated_api.patch: (bnc#735882) Fixes an issue where CGI.pm received CGI variables from previous requests. CVE-2011-2766 openSUSE 12.1 Update New clamav version 0.97.8 (bnc#816865): * CVE-2013-2020: Fix heap corruption * CVE-2013-2021: Fix overflow due to PDF key length computation. openSUSE 12.1 Update libtiff security update: * CVE-2013-1961.patch [bnc#818117] * CVE-2013-1960.patch [bnc#817573] openSUSE 12.1 Update This submission supersedes the Samba packages currently available from http://download.openSUSE.org/pub/opensuse/update/12.*-test/ - Add support for PFC_FLAG_OBJECT_UUID when parsing packets; (bso#9382). - Fix "guest ok", "force user" and "force group" for guest users; (bso#9746). - Fix 'map untrusted to domain' with NTLMv2; (bso#9817). - Fix crash bug in Winbind; (bso#9854). - Fix panic in nt_printer_publish_ads; (bso#9830). openSUSE 12.1 Update flash-player was updated to security update to 11.2.202.285 * APSB13-14, CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, CVE-2013-3335 openSUSE 12.1 Update This update of gpg2 fixes two security issues: * fix for CVE-2012-6085 (bnc#798465) added gpg2-CVE-2012-6085.patch * fix for bnc#780943 added gpg2-set_umask_before_open_outfile.patch openSUSE 12.1 Update This update of wireshark includes several security and bug fixes. [bnc#820566] + vulnerabilities fixed: * The RELOAD dissector could go into an infinite loop. wnpa-sec-2013-23 CVE-2013-2486 CVE-2013-2487 * The GTPv2 dissector could crash. wnpa-sec-2013-24 * The ASN.1 BER dissector could crash. wnpa-sec-2013-25 * The PPP CCP dissector could crash. wnpa-sec-2013-26 * The DCP ETSI dissector could crash. wnpa-sec-2013-27 * The MPEG DSM-CC dissector could crash. wnpa-sec-2013-28 * The Websocket dissector could crash. wnpa-sec-2013-29 * The MySQL dissector could go into an infinite loop. wnpa-sec-2013-30 * The ETCH dissector could go into a large loop. wnpa-sec-2013-31 + Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.7.html openSUSE 12.1 Update The openSUSE 12.1 kernel was updated to fix a severe secrutiy issue and various bugs. Security issues fixed: CVE-2013-2094: The perf_swevent_init function in kernel/events/core.c in the Linux kernel used an incorrect integer data type, which allowed local users to gain privileges via a crafted perf_event_open system call. CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel lacked a certain error check, which might have allowed local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. CVE-2013-1796: The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel did not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allowed guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. CVE-2013-1797: Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel allowed guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. CVE-2013-1798: The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel did not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allowed guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. CVE-2013-1767: Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. CVE-2013-0913: Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel allowed local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition. Bugs fixed: - qlge: fix dma map leak when the last chunk is not allocated (bnc#819519). - TTY: fix atime/mtime regression (bnc#815745). - fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check (bnc#813735). - USB: io_ti: Fix NULL dereference in chase_port() (bnc#806976, CVE-2013-1774). - KVM: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache_init (bnc#806980 CVE-2013-1797). - KVM: Fix bounds checking in ioapic indirect register read (bnc#806980 CVE-2013-1798). - KVM: Fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (bnc#806980 CVE-2013-1796). - kabi/severities: Allow kvm module abi changes - modules are self consistent - loopdev: fix a deadlock (bnc#809748). - block: use i_size_write() in bd_set_size() (bnc#809748). - drm/i915: bounds check execbuffer relocation count (bnc#808829,CVE-2013-0913). - tmpfs: fix use-after-free of mempolicy object (bnc#806138, CVE-2013-1767). openSUSE 12.1 - Fixed a remote code execution in ktelnetd (CVE-2011-4862 / bnc#738632) openSUSE 12.1 Update The openSUSE 12.1 kernel was updated to fix a critical security issue and also some reiserfs bugs. CVE-2013-2850: Incorrect strncpy usage in the network listening part of the iscsi target driver could have been used by remote attackers to crash the kernel or execute code. This required the iscsi target running on the machine and the attacker able to make a network connection to it (aka not filtered by firewalls). Bugs: - reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). - reiserfs: fix problems with chowning setuid file w/ xattrs (bnc#790920). openSUSE 12.1 - update to 3.4.9 - bug #3442028 [edit] Inline editing enum fields with null shows no dropdown - bug #3442004 [interface] DB suggestion not correct for user with underscore - bug #3438420 [core] Magic quotes removed in PHP 5.4 - bug #3398788 [session] No feedback when result is empty (signon auth_type) - bug #3384035 [display] Problems regarding ShowTooltipAliasTB - bug #3306875 [edit] Can't rename a database that contains views - bug #3452506 [edit] Unable to move tables with triggers - bug #3449659 [navi] Fast filter broken with table tree - bug #3448485 [GUI] Firefox favicon frameset regression - [core] Better compatibility with mysql extension - [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20 - [security] Self-XSS in setup (host parameter), see PMASA-2011-19 - fix for bnc#738411 * PMASA-2011-19 (CVE-2011-4780) * PMASA-2011-20 (CVE-2011-4782) - rework config patch openSUSE 12.1 This update provides flash-player 11.1.102.55, which files the following critical security issues: * This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2445). * This update resolves a heap corruption vulnerability that could lead to code execution (CVE-2011-2450). * This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2451). * This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2452). * This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2453). * This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2454). * This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2455). * This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2456). * This update resolves a stack overflow vulnerability that could lead to code execution (CVE-2011-2457). * This update resolves a vulnerability that could lead to a cross-domain policy bypass (Internet Explorer-only) (CVE-2011-2458). * This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2459). * This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2460). openSUSE 12.1 Empty. openSUSE 12.1 pidgin was updated to version 2.10.1 + AIM and ICQ: - Fix remotely-triggerable crashes by validating strings in a few messages related to buddy list management (bnc#736147, CVE-2011-4601). + Bonjour: - IPv6 fixes + Gadu-Gadu: - Fix problems linking against GnuTLS. + IRC: - Fix a memory leak when admitting UTF-8 text with a non-UTF-8 primary encoding. + Jabber: - Fix crashes and memory leaks when receiving malformed voice and video requests. + Sametime: - Separate "username" and "server" when adding new Sametime accounts. - Fix compilation in Visual C++. + SILC: - Fix CVE-2011-3594, by UTF-8 validating incoming messages before passing them to glib or libpurple. + Yahoo!: - Fetch buddy icons in some cases where we previously weren't. openSUSE 12.1 Update php5 security update openSUSE 12.1 set umask for running scripts openSUSE 12.1 Mozilla Firefox and Thunderbird were updated to version 8.0 which fixes several security vulnerabilities: * MFSA 2011-52 - Code execution via NoWaiverWrapper (CVE-2011-3655) * MFSA 2011-51 - Cross-origin image theft on Mac with integrated Intel GPU (CVE-2011-3653) * MFSA 2011-50 - Cross-origin data theft using canvas and Windows D2D (CVE-2011-3649) * MFSA 2011-49 - Memory corruption while profiling using Firebug (CVE-2011-3650) * MFSA 2011-48 - Miscellaneous memory safety hazards (rv:8.0) (CVE-2011-3651, CVE-2011-3652, CVE-2011-3654) * MFSA 2011-47 - Potential XSS against sites using Shift-JIS (CVE-2011-3648) openSUSE 12.1 Update Fix overflows in icu openSUSE 12.1 Also enable certificate checks for EAP-TLS openSUSE 12.1 Rails update to version 2.3.14 to fix security issues. openSUSE 12.1 fix stack based overflow in harbuzz parser openSUSE 12.1 Acrobat Reader was updated to version 9.4.7 to fix security issues. openSUSE 12.1 openssl was prone to several security issues: - DTLS Plaintext Recovery Attack (CVE-2011-4108) - Uninitialized SSL 3.0 Padding (CVE-2011-4576) - Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577) - SGC Restart DoS Attack (CVE-2011-4619) - Invalid GOST parameters DoS Attack (CVE-2012-0027) openSUSE 12.1 - Updated to ISC dhcp-4.2.3-P2 release, providing a DDNS security fix: Modify the DDNS handling code. In a previous patch we added logging code to the DDNS handling. This code included a bug that caused it to attempt to dereference a NULL pointer and eventually segfault. While reviewing the code as we addressed this problem, we determined that some of the updates to the lease structures would not work as planned since the structures being updated were in the process of being freed: these updates were removed. In addition we removed an incorrect call to the DDNS removal function that could cause a failure during the removal of DDNS information from the DNS server. Thanks to Jasper Jongmans for reporting this issue. ([ISC-Bugs #27078], CVE: CVE-2011-4868, bnc#741239) - Removed obsolete dhcp-4.2.2-CVE-2011-4539-regex-DoS patch. openSUSE 12.1 Update Tomcat was vulnerable to a hash collision attack which allowed remote attackers to mount DoS attacks. openSUSE 12.1 - Fix authorization workflow with PolicyKit. polkit.patch bnc#735403 - Fix qemu default migration speed. It should not be 33554432Mb! 61f2b6ba-no-unlimited-mig2file-speed.patch d8916dc8-def-qemu-migspeed.patch - CVE-2011-4600: unintended firewall port exposure after restarting libvirtd when defining a bridged forward-mode network ae1232b2-CVE-2011-4600.patch bnc#736082 - Fix default console type setting 209c2880-multiple-consoles-7.patch - Fix 'virsh console' with Xen HVM xen-hvm-virsh-console.patch bnc#731974 - Prevent libvirtd crash on 'virsh qemu-attach' when security_driver is "none" in /etc/libvirt/qemu.conf 28423019-qemu-attach-crash.patch bnc#735023 - Allow qemu driver (and hence libvirtd) to load when qemu user:group does not exist. The kvm or qemu package, which may not exist on a xen host, creates qemu user:group. relax-qemu-usergroup-check.patch bnc#711096 - Accommodate Xen domctl version 8 xen-domctl-ver8.patch - Handle empty strings in s-expression returned by xend a495365d-sexpr-empty-str.patch bnc#731344 - Allow libvirtd to access libvirt_{io,part}helper when confined by apparmor Update install-apparmor-profiles.patch bnc#730435 - Fixed to return success when there are no errors while parsing bonding interface miimon xml node parameters. bonding-miimon-xml-parsing.patch openSUSE 12.1 Wireshark version 1.4.11 fixes several security issues openSUSE 12.1 ruby update to 1.8.7.p357 to fix hash colission attacks openSUSE 12.1 - Fix IMAP, POP3 and SMTP URL sanitization (bnc#740452, CVE-2012-0036) - Disable SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option when built against an older OpenSSL version (CVE-2010-4180). - Don't enable SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS (bnc#742306, CVE-2011-3389). openSUSE 12.1 - avoid buffer overflow in e1000 device emulation (bnc#740165) - Fix dictzip with long file names. openSUSE 12.1 Update - update to PostfixAdmin 2.3.5 (security release) - fixes some SQL injections (CVE-2012-0811) - fixes some XSS vulnerabilities (CVE-2012-0812) - see CHANGELOG.TXT or bnc#741455 for details openSUSE 12.1 Empty. openSUSE 12.1 Update The openSUSE 12.1 kernel was updated to 3.1.9 to fix bugs and security issues. The full list of changes in 3.1.9 is available here: http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.9 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.8 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.7 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.6 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.5 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.4 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.3 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.2 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.2 Following security issues have been fixed: CVE-2011-2203: Missing null pointer check in hfs filesystem code CVE-2011-4604: Fix possible kernel memory corruption if B.A.T.M.A.N. mesh protocol is being used. CVE-2012-0056: Local root vulnerability via writing to /proc/pid/mem CVE-2012-0207: Remote DoS vulnerability via crafted IGMP packages. Following non-security bug fixes have been added: * BTRFS support has been improved with many bug fixes. openSUSE 12.1 Update - Fix memory leak in parent smbd on connection; CVE-2012-0817; (bso#8724); (bnc#743986). - Use spdx.org compliant license names for all packages. - Update to 3.6.2. See WHATSNEW.txt from the main tar ball or the samba.changes file for more details. - s3-spoolss: Pass the right pointer type; (bso#4942); (bnc#742504). - Use correct license, LGPLv3+ for libwbclient packages. - When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field; (bso#8636). - Prefix print$ path on driver file deletion; (bso#8697); (bnc#740810). - Fix printer_driver_files_in_use() call ordering; (bso#4942); (bnc#742504). - Buffer overflow issue with AES encryption in samba traffic analyzer; (bso#8674). - NT ACL issue; (bso#8673). - Deleting a symlink fails if the symlink target is outside of the share; (bso#8663). - connections.tdb - major leak with SMB2; (bso#8710). - Renaming a symlink fails if the symlink target is outside of the share; (bso#8664). - Intermittent print job failures caused by character conversion errors; (bso#8606). - ads_keytab_verify_ticket mixes talloc allocation with malloc free; (bso#8692). - libcli/cldap: fix a crash bug in cldap_socket_recv_dgram(); (bso#8593). - s3:lib/ctdbd_conn: try ctdbd_init_connection() as root; (bso#8684). - s3-printing: fix migrate printer code; (bso#8618). - Packet validation checks can be done before length validation causing uninitialized memory read; (bso#8686). - net memberships usage info was wrong; (bso#8687). - s3-libsmb: Don't duplicate kerberos service tickets; (bso#8628). - Recvfile code path using splice() on Linux leaves data in the pipe on short write; (bso#8679). - s3-winbind: Fix segfault if we can't map the last user; (bso#8678). - vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on a directory with no stored ACL; (bso#8644). - s3/doc: document the ignore system acls option of vfs_acl_xattr and vfs_acl_tdb; (bso#8652). - Winbind can't receive any user/group information; (bso#8371). - s3-winbind: Add an update function for winbind cache; (bso#8643). - s3: Attempt to fix the vfs_commit module. - POSIX ACE x permission becomes rx following mapping to and from a DACL; (#bso#8631). - s3:libsmb: only align unicode pipe_name; (bso#8586). - s3-winbind: Don't fail on users without a uid; (bso#8608). - Crash when trying to browse samba printers; (bso#8623). - talloc: double free error; (bso#8562). - cldap doesn't work over ipv6; (bso#8600). - s3:libsmb: fix cli_write_and_x() against OS/2 print shares; (bso#5326). - SMB2: not granting credits for all requests in a compound request; (bso#8614). - smb2_flush sends uninitialized memory; (bso#8579). - Password change settings not fully observed; (bso#8561). - s3:smb2_server: grant credits in async interim responses; (bso#8357). - s3:smbd: don't limit the number of open dptrs for smb2; (bso#8592). - samr_ChangePasswordUser3 IDL incorrect; (bso#8591). - idmap_autorid does not have allocation pool; (bso#8444). - Add systemd service files. - s3:libsmb: the workgroup in the non-extended-security negprot is not aligned; (bso#8573). - s3-build: Fix inotify detection; (bso#8580). - SMB2 doesn't handle compound request headers in the same way as Windows; (#bso8560). - Disconnecting clients swamp the logs; (bso#8585). - s3-netlogon: Fix setting the machinge account password; (bso#8550). - winbind_samlogon_retry_loop ignores logon_parameters flags; (#bso8548). - smbclient posix_open command fails to return correct info on open file; (bso#8542). - readlink() on Linux clients fails if the symlink target is outside of the share; (bso#8541). - s3-netapi: remove pointless use_memory_krb5_ccache; (bso#7465). - s3:Makefile: make DSO_EXPORTS_CMD more portable; (bso#8531). - s3:registry: fix the test for a REG_SZ blob possibly being a zero terminated ucs2 string; (bso#8528). - Make VFS op "streaminfo" stackable; (bso#8419). - Fix incorrect perfcount array length calculations; (bnc#739258). - BuildRequire autoconf to avoid implicit dependency for post-11.4 systems. - Remove call to suse_update_config macro for post-11.4 systems. - Use samba.org for the ldapsmb source location. - Fixing libsmbsharemode dependency on ldap and krb5 libs in Makefile; (bnc #729516). - Add ldap to Should-Start and Stop of the smb init script; (bnc#730046). - Fix smbd srv_spoolss_replycloseprinter() segfault; (bso#8384); (bnc#731571). - Fix pam_winbind.so segfault in pam_sm_authenticate(); (bso#8564). - Fix smbclient >8GB tars on big endian machines; (bso#563); (bnc#726145). - Fix typo in net ads join output; (bnc#713135). - Add "ldapsam:login cache" parameter to allow explicit disabling of the login cache; (bnc#723261). - Fix samba duplicates file content on appending. Move posix case semantics out from under the VFS; (bso#6898); (bnc#681208). - Make winbind child reconnect when remote end has closed, fix failing sudo; (bso#7295); (bnc#569721). - Fix printing from Windows 7 clients; (bso#7567); (bnc#687535). - Update pidl and always compile IDL at build time; (bnc#688810). - Abide by print$ share 'force user' & 'force group' settings when handling AddprinterDriver and DeletePrinterDriver requests; (bso#7921); (bnc#653353). openSUSE 12.1 Update - added lighttpd-1.4.30_head_fixes.patch: cherry picked 4 fixes from HEAD: - [ssl] include more headers explicitly - list all network handlers in lighttpd -V (fixes lighttpd#2376) - Move fdevent subsystem includes to implementation files to reduce conflicts (fixes lighttpd#2373) - [ssl] fix segfault in counting renegotiations for openssl versions without TLSEXT/SNI - update to 1.4.30: (bnc#733607) - Always use our ‘own’ md5 implementation, fixes linking issues on MacOS (fixes #2331) - Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems. - [ssl] fix build errors when Elliptic-Curve Diffie-Hellman is disabled - Add static-file.disable-pathinfo option to prevent handling of urls like …/secret.php/image.jpg as static file - Don’t overwrite 401 (auth required) with 501 (unknown method) (fixes #2341) - Fix mod_status bug: always showed “0/0” in the “Read” column for uploads (fixes #2351) - [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362) - [ssl] count renegotiations to prevent client renegotiations - [ssl] add option to honor server cipher order (fixes #2364, BEAST attack) - [core] accept dots in ipv6 addresses in host header (fixes #2359) - [ssl] fix ssl connection aborts if files are larger than the MAX_WRITE_LIMIT (256kb) - [libev/cgi] fix waitpid ECHILD errors in cgi with libev (fixes #2324) - add automake as buildrequire to avoid implicit dependency openSUSE 12.1 Update sudo was prone to a format string vulnerability openSUSE 12.1 Update Chromium update to version 18.0.1022 fixes several security issues openSUSE 12.1 - Cache lookup could return RRSIG data associated with nonexistent records, leading to an assertion failure. (bnc#730995) CVE-2011-4313 openSUSE 12.1 Update Changes in MozillaFirefox: - update to Firefox 10.0 (bnc#744275) * MFSA 2012-01/CVE-2012-0442/CVE-2012-0443 Miscellaneous memory safety hazards * MFSA 2012-03/CVE-2012-0445 (bmo#701071) <iframe> element exposed across domains via name attribute * MFSA 2012-04/CVE-2011-3659 (bmo#708198) Child nodes from nsDOMAttribute still accessible after removal of nodes * MFSA 2012-05/CVE-2012-0446 (bmo#705651) Frame scripts calling into untrusted objects bypass security checks * MFSA 2012-06/CVE-2012-0447 (bmo#710079) Uninitialized memory appended when encoding icon images may cause information disclosure * MFSA 2012-07/CVE-2012-0444 (bmo#719612) Potential Memory Corruption When Decoding Ogg Vorbis files * MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466) Crash with malformed embedded XSLT stylesheets - KDE integration has been disabled since it needs refactoring - removed obsolete ppc64 patch - Disable neon for arm as it doesn't build correctly Changes in MozillaThunderbird: - update to version 10.0 (bnc#744275) * MFSA 2012-01/CVE-2012-0442/CVE-2012-0443 Miscellaneous memory safety hazards * MFSA 2012-03/CVE-2012-0445 (bmo#701071) <iframe> element exposed across domains via name attribute * MFSA 2012-04/CVE-2011-3659 (bmo#708198) Child nodes from nsDOMAttribute still accessible after removal of nodes * MFSA 2012-05/CVE-2012-0446 (bmo#705651) Frame scripts calling into untrusted objects bypass security checks * MFSA 2012-06/CVE-2012-0447 (bmo#710079) Uninitialized memory appended when encoding icon images may cause information disclosure * MFSA 2012-07/CVE-2012-0444 (bmo#719612) Potential Memory Corruption When Decoding Ogg Vorbis files * MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466) Crash with malformed embedded XSLT stylesheets - update enigmail to 1.3.5 - added mozilla-disable-neon-option.patch to be able to disable neon on ARM - removed obsolete PPC64 patch Changes in seamonkey: - update to Seamonkey 2.7 (bnc#744275) * MFSA 2012-01/CVE-2012-0442/CVE-2012-0443 Miscellaneous memory safety hazards * MFSA 2012-03/CVE-2012-0445 (bmo#701071) <iframe> element exposed across domains via name attribute * MFSA 2012-04/CVE-2011-3659 (bmo#708198) Child nodes from nsDOMAttribute still accessible after removal of nodes * MFSA 2012-05/CVE-2012-0446 (bmo#705651) Frame scripts calling into untrusted objects bypass security checks * MFSA 2012-06/CVE-2012-0447 (bmo#710079) Uninitialized memory appended when encoding icon images may cause information disclosure * MFSA 2012-07/CVE-2012-0444 (bmo#719612) Potential Memory Corruption When Decoding Ogg Vorbis files * MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466) Crash with malformed embedded XSLT stylesheets Changes in xulrunner: - update to version 10.0 (bnc#744275) * MFSA 2012-01/CVE-2012-0442/CVE-2012-0443 Miscellaneous memory safety hazards * MFSA 2012-03/CVE-2012-0445 (bmo#701071) <iframe> element exposed across domains via name attribute * MFSA 2012-04/CVE-2011-3659 (bmo#708198) Child nodes from nsDOMAttribute still accessible after removal of nodes * MFSA 2012-05/CVE-2012-0446 (bmo#705651) Frame scripts calling into untrusted objects bypass security checks * MFSA 2012-06/CVE-2012-0447 (bmo#710079) Uninitialized memory appended when encoding icon images may cause information disclosure * MFSA 2012-07/CVE-2012-0444 (bmo#719612) Potential Memory Corruption When Decoding Ogg Vorbis files * MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466) Crash with malformed embedded XSLT stylesheets - removed obsolete ppc64 patch - disable neon for ARM as it doesn't build correctly Changes in mozilla-xulrunner192: - security update to 1.9.2.26 (bnc#744275) * MFSA 2012-01/CVE-2012-0442/CVE-2012-0443 Miscellaneous memory safety hazards * MFSA 2012-02/CVE-2011-3670 (bmo#504014) * MFSA 2012-04/CVE-2011-3659 (bmo#708198) Child nodes from nsDOMAttribute still accessible after removal of nodes * MFSA 2012-07/CVE-2012-0444 (bmo#719612) Potential Memory Corruption When Decoding Ogg Vorbis files * MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466) Crash with malformed embedded XSLT stylesheets openSUSE 12.1 Update fix regression introduced in previous openssl update that could lead to a DoS openSUSE 12.1 Update specially crafted request could lead to denial of service openSUSE 12.1 Update Opera was updated to release 11.61, fixing various bugs and security issues. http://www.opera.com/support/kb/view/1007/ http://www.opera.com/support/kb/view/1008/ and the changelog for 11.61 release at: http://www.opera.com/docs/changelogs/unix/1161/ openSUSE 12.1 Update Fix crash due to out of bounds read in libxslt openSUSE 12.1 Update Changes in MozillaFirefox: - update to Firefox 10.0.1 (bnc#746616) * MFSA 2012-10/CVE-2012-0452 (bmo#724284) use after free in nsXBLDocumentInfo::ReadPrototypeBindings - Use YARR interpreter instead of PCRE on platforms where YARR JIT is not supported, since PCRE doesnt build (bmo#691898) - fix ppc64 build (bmo#703534) Changes in MozillaThunderbird: - update to version 10.0.1 (bnc#746616) * MFSA 2012-10/CVE-2012-0452 (bmo#724284) use after free in nsXBLDocumentInfo::ReadPrototypeBindings - Use YARR interpreter instead of PCRE on platforms where YARR JIT is not supported, since PCRE doesnt build (bmo#691898) - fix ppc64 build (bmo#703534) Changes in seamonkey: - update to Seamonkey 2.7.1 (bnc#746616) * MFSA 2012-10/CVE-2012-0452 (bmo#724284) use after free in nsXBLDocumentInfo::ReadPrototypeBindings - Use YARR interpreter instead of PCRE on platforms where YARR JIT is not supported, since PCRE doesnt build (bmo#691898) - fix ppc64 build (bmo#703534) Changes in xulrunner: - update to version 10.0.1 (bnc#746616) * MFSA 2012-10/CVE-2012-0452 (bmo#724284) use after free in nsXBLDocumentInfo::ReadPrototypeBindings - Use YARR interpreter instead of PCRE on platforms where YARR JIT is not supported, since PCRE doesnt build (bmo#691898) - fix ppc64 build (bmo#703534) openSUSE 12.1 Update Fix GnuTLS DTLS plaintext recovery attack openSUSE 12.1 Update cvs was prone to a heap-based buffer overflow in the client side proxy handling openSUSE 12.1 Update Warning: Official end of life for horde 3 is April 2012! Changes in horde3: - version 3.3.13 - Fixed a XSS vulnerability (CVE-2012-0909). - Added support for resetting passwords in LDAP. - Fixed compatibility with Firefox 10. Changes in horde3-imp: - Fixed XSS vulnerabilities (CVE-2012-0791). - Version 4.3.11 Changes in horde3-dimp: - version 1.1.8 - Fixed XSS vulnerabilities (CVE-2012-0791). openSUSE 12.1 Update New version 5.0.18 fixes security issues openSUSE 12.1 Update jetty5 was prone to a remotely exploitable Denial of Service flaw via hash collisions openSUSE 12.1 Update - httpd-2.2.x-bnc743743-CVE-2012-0053-server_protocol_c-cookie_exposure.diff addresses CVE-2012-0053: error responses can expose cookies when no custom 400 error code ErrorDocument is configured. [bnc#743743] - httpd-2.2.x-bnc741243-CVE-2012-0031-scoreboard_handling.diff: scoreboard corruption (shared mem segment) by child causes crash of privileged parent (invalid free()) during shutdown. This is rated low impact. Notice: https://svn.apache.org/viewvc?view=revision&revision=1230065 makes a change to the struct global_score, which causes binary incompatibility. The change in above patch only goes as far as the binary compatibility allows; the vulnerability is completely fixed, though. CVE-2012-0031 [bnc#741243] - /etc/init.d/apache2: new argument "check-reload". Exits 1 if httpd2 runs on deleted binaries such as after package update, else 0. This is used by equally modified /etc/logrotate.d/apache2, which uses "/etc/init.d/apache2 check-reload" in its prerotate script. These changes prevent httpd2 from being (gracefully) reloaded by logrotate, executed by cron, if new binaries have been installed. Instead, a warning is printed on stdout and is being logged to the syslogs. If this happens, apache's logs are NOT rotated, and the running processes are left untouched. This limits the maximum damage of log rotation to unrotated logs. "/etc/init.d/apache2 restart" (or "rcapache2 restart") must be executed manually in such a case. [bnc#728876] - httpd-2.2.x-bnc729181-CVE-2011-3607-int_overflow.diff: Fix for integer overflow in server/util.c also known as CVE-2011-3607. [bnc#729181] - enable build and configuration of mod_reqtimeout.c module by default in /etc/sysconfig/apache2 (APACHE_MODULES=...). This does not change already existing sysconfig files, the module is only activated via sysconfig if this package is installed without pre-existing sysconfig file. See new file /etc/apache2/mod_reqtimeout.conf for configurables. Helps against Slowloris.pl DoS vulnerability that consists of eating up request slots by very slowly submitting the request. Note that mod_reqtimeout limits requests based on a lower boundary of request speed, not an upper boundary! CVE-2007-6750 [bnc#738855]. openSUSE 12.1 Update - Update to 11.1.102.62: (bnc#747297) https://www.adobe.com/support/security/bulletins/apsb12-03.html CVEs fixed: CVE-2012-0751, CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756, CVE-2012-0767 openSUSE 12.1 Update the embedded copy of libpng was prone to a heap based buffer overflow openSUSE 12.1 Update - remove read permissions for other users on local sqlite database as it may contain passwords (bnc#747833, CVE-2012-0863) - don't add built-in CA certificates (bnc#660784) openSUSE 12.1 Update - update to 3.4.10.1 (fix for bnc#747841) * [security] XSS in replication setup, see PMASA-2012-1 - 3.4.10.0 (2012-02-14) * bug #3460090 [interface] TextareaAutoSelect feature broken * patch #3375984 [export] PHP Array export might generate invalid php code * bug #3049209 [import] Import from ODS ignores cell that is the same as cell be fore * bug #3463933 [display] SELECT DISTINCT displays wrong total records found * patch #3458944 [operations] copy table data missing SET SQL_MODE='NO_AUTO_VALUE_ON_ZERO' * bug #3469254 [edit] Setting data to NULL and drop-downs * bug #3477063 [edit] Missing set fields and values in generated INSERT query * bug #3460867 [libraries] license issue with TCPDF (updated to 5.9.145), (fix for bnc#736698) openSUSE 12.1 Update update to version 1.11.1 to fix several security issues: - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass - S7110704, CVE-2012-0506: Issues with some method in corba - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing - S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server openSUSE 12.1 Update libpng was prone to a heap based buffer overflow vulnerability (bnc#747311) openSUSE 12.1 Update - Add fix-console-switch.patch: prevent console lockup (rhb#771563). - Add fix-quota.patch: correctly enable quota (rhb#773431). - Add passcredentials.patch: ensure compatibility with kernel 3.2 (bnc#743299). - Update modules_on_boot.patch to not cause failed state for systemd-modules-load.service (bnc#741481). - Ensure systemd show service status when started behind bootsplash and don't try to start when bootsplash isn't installed (bnc#736225). - Add fix-proc-net-unix-parsing.patch: fix /tmp socket cleanup on 32bits (mmeeks) (bnc#739438). - Add improve-readahead.patch: don't monopolize IO when replaying (git). - Add sysv_to_syslog_and_console.patch: ensure sysv services output is logged to syslog in addition to console (improve bnc#731342, bnc#681127). - Add fix-daemon-reload-reaping.patch: fix activating service being killed if daemon-reload is started (git). - Add no-variable-tcpwrappers.patch: fix manpage for tcpwrapper support (bnc#741023). - Add remote-fs-after-network.patch and update insserv patch: ensure remote-fs-pre.target is enabled and started before network mount points (bnc#744293). - Add dm-lvm-after-local-fs-pre-target.patch: ensure md / lvm /dmraid is started before mounting partitions, if fsck was disabled for them (bnc#733283). - Update lsb-header patch to correctly disable heuristic if X-Systemd-RemainAfterExit is specified (whatever its value) - Add fix-message-after-chkconfig.patch: don't complain if only sysv services are called in systemctl. - Add is-enabled-non-existing-service.patch: fix error message when running is-enabled on non-existing service. - Add remove-timedated-ntp-dependency.patch: don't require ntp to use timedated (partially fixes bnc#734831). - Add move-x11-socket.patch: change X11 socket symlink name (bnc#747154). - Add fix-is-enabled.patch: ensure systemctl is-enabled work properly when systemd isn't running. - Add logind-console.patch: do not bail logind if /dev/tty0 doesn't exist (bnc#733022, bnc#735047). - Add sysctl-modules.patch: ensure sysctl is started after modules are loaded (bnc#725412). - Fix warning in insserv patch. - Update avoid-random-seed-cycle.patch with better upstream approach. - Update storage-after-cryptsetup.patch to restart lvm before local-fs.target, not after it (bnc#740106). - Increase pam-config dependency (bnc#713319). openSUSE 12.1 Update Specially crafted ogg files could cause a heap-based buffer overflow in the vorbis audio compression library that could potentially be exploited by attackers to cause a crash or execute arbitrary code openSUSE 12.1 Update usbmuxd was prone to a buffer overflow vulnerability openSUSE 12.1 Update - add fix for hash table collisions CVE-2012-0841 (bnc#748561) openSUSE 12.1 Update Chromium version 19.0.1046 and v8 version 3.9.7.0 fix several security issues. openSUSE 12.1 Update specially crafted hetro and pvoc files could cause buffer overflows in csound openSUSE 12.1 Update Specially crafted MIME headers could crash openssl's ASN.1 parser openSUSE 12.1 Update flash-player 11.1.102.63 fixes two security issues: - memory corruption vulnerability in Matrix3D could lead to code executionn (CVE-2012-0768) - integer errors that could lead to information disclosure (CVE-2012-0769) openSUSE 12.1 Update Icecast didn't strip newlines from log entries, therefore allowing uses to forge log entries. openSUSE 12.1 Update - update to version 1.0.9 - stop file descriptors leaking into the session processes (bnc#745339, lp#927060, CVE-2012-1111) - fix compilation against gthread - change session directory once user permissions are set so it works on NFS filesystems that don't allow root to access files - fix object cleanup on exit - fix lightdm --debug not working on newer GLib - drop privileges when reading ~/.dmrc (CVE-2011-3153) - fix crash calling lightdm_get_layout - drop lightdm-CVE-2011-3153.patch which has been included upstream openSUSE 12.1 Update gnash used predictable and world readable temporary file names to store HTTP cookies openSUSE 12.1 Update - update to 1.2 - New features: * Signed JNLP support * Support for client authentication certificates * Cache size enforcement now supported via itweb-settings * Applet parameter passing through JNLP files now supported * Better icons for access warning dialog * Security Dialog UI revamped to make it look less threatening when appropriate - Fixes (plugin, webstart, common) * PR618: Can't install OpenDJ, JavaWebStart fails with Input stream is null error * PR765: JNLP file with all resource jars marked as 'lazy' fails to validate signature and stops the launch of application * PR788: Elluminate Live! is not working * PR804: javaws launcher incorrectly handles file names with spaces * PR820, bnc#746895: IcedTea-Web 1.1.3 crashing Firefox when loading Citrix XenApp * PR838: IcedTea plugin crashes with chrome browser when javascript is executed * PR852: Classloader not being flushed after last applet from a site is closed * RH586194: Unable to connect to connect with Juniper VPN client * PR771: IcedTea-Web certificate verification code does not use the right API * PR742: IcedTea-Web checks certs only upto 1 level deep before declaring them untrusted. * PR789: typo in jrunscript.sh * PR808: javaws is unable to start, when missing jars are enumerated before main jar * RH738814: Access denied at ssl handshake * Support for authenticating using client certificates - fix bnc#737105/FATE#313084: add Supplements: packageand(broswer(npapi):java-openjdk) ensures the web plugin is pulled in when openjdk and capable browser is installed - enable make check in respective section - update to 1.1.4 (fixes bnc#729870) - RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass - PR778: Jar download and server certificate verification deadlock openSUSE 12.1 Update Changes in chromium: - Update to 19.0.1066 * Fixed Chrome install/update resets Google search preferences (Issue: 105390) * Don't trigger accelerated compositing on 3D CSS when using swiftshader (Issue: 116401) * Fixed a GPU crash (Issue: 116096) * More fixes for Back button frequently hangs (Issue: 93427) * Bastion now works (Issue: 116285) * Fixed Composited layer sorting irregularity with accelerated canvas (Issue: 102943) * Fixed Composited layer sorting irregularity with accelerated canvas (Issue: 102943) * Fixed Google Feedback causes render process to use too much memory (Issue: 114489) * Fixed after upgrade, some pages are rendered as blank (Issue: 109888) * Fixed Pasting text into a single-line text field shouldn't keep literal newlines (Issue: 106551) - Security Fixes: * Critical CVE-2011-3047: Errant plug-in load and GPU process memory corruption * Critical CVE-2011-3046: UXSS and bad history navigation. - Update to 19.0.1060 * Fixed NTP signed in state is missing (Issue: 112676) * Fixed gmail seems to redraw itself (all white) occasionally (Issue: 111263) * Focus "OK" button on Javascript dialogs (Issue: 111015) * Fixed Back button frequently hangs (Issue: 93427) * Increase the buffer size to fix muted playback rate (Issue: 108239) * Fixed Empty span with line-height renders with non-zero height (Issue: 109811) * Marked the Certum Trusted Network CA as an issuer of extended-validation (EV) certificates. * Fixed importing of bookmarks, history, etc. from Firefox 10+. * Fixed issues - 114001, 110785, 114168, 114598, 111663, 113636, 112676 * Fixed several crashes (Issues: 111376, 108688, 114391) * Fixed Firefox browser in Import Bookmarks and Settings drop-down (Issue: 114476) * Sync: Sessions aren't associating pre-existing tabs (Issue: 113319) * Fixed All "Extensions" make an entry under the "NTP Apps" page (Issue: 113672) - Security Fixes (bnc#750407): * High CVE-2011-3031: Use-after-free in v8 element wrapper. * High CVE-2011-3032: Use-after-free in SVG value handling. * High CVE-2011-3033: Buffer overflow in the Skia drawing library. * High CVE-2011-3034: Use-after-free in SVG document handling. * High CVE-2011-3035: Use-after-free in SVG use handling. * High CVE-2011-3036: Bad cast in line box handling. * High CVE-2011-3037: Bad casts in anonymous block splitting. * High CVE-2011-3038: Use-after-free in multi-column handling. * High CVE-2011-3039: Use-after-free in quote handling. * High CVE-2011-3040: Out-of-bounds read in text handling. * High CVE-2011-3041: Use-after-free in class attribute handling. * High CVE-2011-3042: Use-after-free in table section handling. * High CVE-2011-3043: Use-after-free in flexbox with floats. * High CVE-2011-3044: Use-after-free with SVG animation elements. Changes in v8: - Update to 3.9.13.0 * Add code kind check before preparing for OSR. (issue 1900, 115073) * Pass zone explicitly to zone-allocation on x64 and ARM. (issue 1802) * Port string construct stub to x64. (issue 849) * Performance and stability improvements on all platforms. openSUSE 12.1 Update perl-DBD-Pg was prone to format string errors which could crash applications openSUSE 12.1 Update Changes in MozillaThunderbird: - update to Thunderbird 11.0 (bnc#750044) * MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer * MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers * MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page * MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification * MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in mozilla-xulrunner192: - security update to 1.9.2.28 (bnc#750044) * MFSA 2011-55/CVE-2011-3658 (bmo#708186) nsSVGValue out-of-bounds access * MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer * MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in MozillaFirefox: - update to Firefox 11.0 (bnc#750044) * MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer * MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers * MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page * MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification * MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in seamonkey: - update to Seamonkey 2.8 (bnc#750044) * MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer * MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers * MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page * MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification * MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in chmsee: - Update to version 1.99.08 Changes in mozilla-nss: - update to 3.13.3 RTM - distrust Trustwave's MITM certificates (bmo#724929) - fix generic blacklisting mechanism (bmo#727204) Changes in mozilla-nspr: - update to version 4.9 RTM openSUSE 12.1 Update Empty. openSUSE 12.1 Update Empty. openSUSE 12.1 Update This update of osc to 0.134.1 provides the following changes: * adding unlock command * maintenance_incident requests get created with source revision of package * Enables new maintenance submissions for new OBS 2.3 maintenance model * Fixes srcmd5 revisions in submit request, when link target != submission target * patchinfo call can work without checked out copy now * use qemu as fallback for building not directly supported architectures * "results --watch" option to watch build results until they finished building * fixes injection of terminal control chars (bnc#749335)(CVE-2012-1095) * support dryrun of branching to preview the expected result. "osc sm" is doing this now by default. * maintenance requests accept package lists as source and target incidents to be merged in * add "setincident" command to "request" to re-direct a maintenance request * ask user to create "maintenance incident" request when submit request is failing at release project * "osc my patchinfos" is showing patchinfos where any open bug is assigned to user * "osc my" or "osc my work" is including assigned patchinfos * "osc branch --maintenance" is creating setups for maintenance * removed debug code lead to warning message (fix by Marcus_H) * add --meta option also to "list", "cat" and "less" commands * project checkout is skipping packages linking to project local packages by default * add --keep-link option to copypac command * source validators are not called by default anymore: * support source services using OBS project or package name * support updateing _patchinfo file with new issues just by calling "osc patchinfo" again * branch --add-repositories can be used to add repos from source project to target project * branch --extend-package-names can be used to do mbranch like branch of a single package * branch --new-package can be used to do branch from a not yet existing package (to define later submit target) * show declined requests which created by user openSUSE 12.1 Update specially crafted swf files could cause an integer overflow in gnash openSUSE 12.1 Update - Security and bugfix release 9.1.3: * Require execute permission on the trigger function for "CREATE TRIGGER" (CVE-2012-0866, bnc#749299). * Remove arbitrary limitation on length of common name in SSL certificates (CVE-2012-0867, bnc#749301). * Convert newlines to spaces in names written in pg_dump comments (CVE-2012-0868, bnc#749303). See the release notes for the rest of the changes: http://www.postgresql.org/docs/9.1/static/release-9-1-3.html /usr/share/doc/packages/postgresql/HISTORY openSUSE 12.1 Update specially crafted png files could cause a buffer overflow in libpng openSUSE 12.1 Update Empty. openSUSE 12.1 Update local attackers could delete arbitrary system files by exploiting a race condition in systemd-logind openSUSE 12.1 Update - updated to libreoffice-3.4.5.5 (SUSE 3.4.5-rc3): * extras * add SUSE color palette (fate#312645) * filters * crash when loading embedded elements (bnc#693238) * crash when importing an empty paragraph (rh#667082) * writer * do not use an invalidated iterator (fdo#46337) - updated to libreoffice-3.4.5.4 (SUSE 3.4.5-rc2) * calc * pie charts colors messed in XLS import (fdo#40320) * correctly import data point formats in data series (fdo#40320) * components * crash when parsing XML signatures (fdo#39657) * broken getDataArray (fdo#46165, fdo#38441, i#117010) * don't paint a frame around the list of edit boxes (fdo#42543) * inconsistent compression method for encrypted documents (bnc#653688) * filters * more on bentConnectors (bnc#736495) * wrong text color in smartArt (bnc#746996) * reading of w:textbox contents (bnc#693388) * textbox position and size DOCX import (fdo#45560) * RTF/DOCX import of transparent frames (bnc#695479) * consecutive frames in RTF/DOCX import (bnc#703032) * handling of frame properties in RTF import (bnc#417818) * force imported XLSX active tab to be shown (bnc#748198) * create TableManager for inside shapes (bnc#747471, bnc#693238) * textboxes import with OLE objects inside (bnc#747471, bnc#693238) * impress * do not create an empty slide when printing handouts (fdo#31966) * libs-core * default shortcut for .uno:SearchDialog should be Ctrl+H * crash using instances dialog of dataform navigator (fdo#44816) * libs-extern * disable problematic reading of external entities in raptor * libs-gui * correctly calculate leap year * use proper Indian Rupee currency symbol U+20B9 (rh#794679) * writer * field refreshing (fdo#39694) * more layout crashers (i#101776, fdo#39510) * textbox borders style and width in DOCX import (fdo#45560) * expand all text fields when setting properties (fdo#42073) - updated to libreoffice-3.4.5.3 (SUSE 3.4.5-rc1) * version 3.4.5.3, tag suse-3.4.5.3 (SUSE LO 3.4.5-rc1) * SmartArt import * custom shapes import * Oracle Java 1.7.0 detection * reading AES-encrypted ODF 1.2 documents as generated by LO 3.5 * base * iterator misuse (fdo #44040, bnc#742178) * calc * allow pasting to multiple ranges (bnc#715094) * correctly convert chart data ranges (bnc#727504) * definedName corruption for XLSX export (bnc#741182) * adjust/shrink the ranges while copying (bnc#677811) * extra graph data is displayed for label (bnc#717290) * getCellRangeByName failure for named range (bnc#738113) * graph in XLS file has dates displayed wrong (bnc#720443) * improve performance of large Excel documents (bnc#715104) * display page background color/image properly (bnc#722045) * pivot table output becoming empty on re-save (bnc#715543) * encode virtual paths to local volume correctly (bnc#719887) * avoid adjusting cell-anchored objects on other sheets (bnc#726152) * make sure to adjust the sheet index of drawing objects (bnc#733864) * make the data validation popup more reliable (fdo #36851, bnc#737190) * filters * table style (bnc#705991) * text rotation fixes (bnc#734734) * crash in PPTX import (bnc#706792) * read w:sdt* contents (bnc#705949) * connector shape fixes (bnc#719989) * legacy fragment import (bnc#699334) * non-working Excel macros (bnc#705977) * free drawn curves import (bnc#657909) * group shape transformations (bnc#621739) * extLst of drawings in diagrams import (bnc#655408) * flip properties of custom shapes import (bnc#705985) * line spacing is used from previous values (bnc#734734) * missing ooxml customshape->mso shape name entries (bnc#737921) * word doesn't break the numberings and prefers hiding them (bnc#707157) * impress * undo corruption (bnc#685123) * do not set duplicate master slide names (bnc#735533) * libs-core * handle copy and paste from ConsoleOne (bnc#704274) * VBA control events not working, broken eventattacher (bnc#718227) * "General Error" when double-click graphic in presentation (bnc#720948) * libs-extern-sys * upgrade graphite to 1.0.3 fix surrogate support * libs-gui * crash at exit (bnc#728603) * radial gradient offset (bnc#714787) * horizontal scrollbars with KDE oxygen style (bnc#722918) * rendering of metafiles embedded in EMF+ (updated) (bnc#705956) * postprocess * make the 3D transitions work again (bnc#728559) * ure * make Duden Korrektor 5 and 6 work * writer * frame selection (bnc#740117) * crash when editing index (bnc#726174) * order database properties (bnc#740032) * numbering levels in DOC import (bnc#715115) * image size issue in DOC import (bnc#718971) * pointless forward moving of a table (bnc#706138) * tabs set after the end margin in DOCX import (bnc#693238) * add hyperlinks by default in Table of Contents (bnc#705956) - updated to libreoffice-3.4.4.3 (SUSE 3.4.4-rc1 == final): * base * crash when inserting a constant in a query (fdo#38286) * calc * crash when modifying a named range * speed up range name lookup by index (bnc#715104) * recalculate matrix formula dimension correctly (fdo#39485) * mark all formula cells dirty when appending a new sheet (fdo#35965) * components * handling of SAFEARRAY(s) in olebridge (fdo#38441) * filters * auto fit text VIEWING too small in PPT import (fdo#41245) * impress * hang in slideshow (fdo#32861) * crash while dropping texture (fdo#38391) * libs-core * recognize .svg in ODF container (fdo#41995) * dictionaries lost after LibO upgrade (fdo#37195) * crash when "Find Record" button is clicked in Base (fdo#40701) * fix the drawing of dotted and dashed borders in Calc (fdo#37129) * VBA control events not working; broken eventattacher (bnc#718227) * libs-extern-sys * upgrade graphite to 1.0.3 to fix surrogate support * libs-gui * crash when changing screen resolution * let Qt call XInitThreads() (fdo#40298) * activation order crashes address database (fdo#41022) * drawing of dotted and dashed borders in Calc (fdo#37129) * translations * update translations * writer * leak in PDF export (i#116448) * crash when editing index (bnc#726174) * crash while processing incorrect range of pages (fdo#35513) * crash on closing document with footnotes (fdo#39510, lp#854626) openSUSE 12.1 Update specially crafted http responses from upstream server could leak already freed memory openSUSE 12.1 Update python-pam was prone to a double-free issue openSUSE 12.1 Update specially crafted CDF files could crash the "file" program openSUSE 12.1 - update to 3.4.7.1 (fix for bnc#728243) - [security] Fixed possible local file inclusion in XML import (CVE-2011-4107), see PMASA-2011-17 http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php openSUSE 12.1 Update Changes in openssl: - S/MIME verification may erroneously fail - Free headers after use in error message - Symmetric crypto errors in PKCS7_decrypt openSUSE 12.1 Update Adobe Flash Player 11.1.102.63 fixes a memory corruption vulnerability in the NetStream class that could lead to code execution openSUSE 12.1 Update - Update to 19.0.1079 Security Fixes (bnc#754456): * High CVE-2011-3050: Use-after-free with first-letter handling * High CVE-2011-3045: libpng integer issue from upstream * High CVE-2011-3051: Use-after-free in CSS cross-fade handling * High CVE-2011-3052: Memory corruption in WebGL canvas handling * High CVE-2011-3053: Use-after-free in block splitting * Low CVE-2011-3054: Apply additional isolations to webui privileges * Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation * High CVE-2011-3056: Cross-origin violation with “magic iframe”. * Low CVE-2011-3049: Extension web request API can interfere with system requests Other Fixes: * The short-cut key for caps lock (Shift + Search) is disabled when an accessibility screen reader is enabled * Fixes an issue with files not being displayed in File Manager when some file names contain UTF-8 characters (generally accented characters) * Fixed dialog boxes in settings. (Issue: 118031) * Fixed flash videos turning white on mac when running with --disable-composited-core-animation-plugins (Issue: 117916) * Change to look for correctly sized favicon when multiple images are provided. (Issue: 118275) * Fixed issues - 116044, 117470, 117068, 117668, 118620 - Update to 19.0.1077 - Update to 19.0.1074 - Build Chromium on openSUSE > 12.1 with the gold linker - Fix build issues with GCC 4.7 - Update to 19.0.1071 * Several fixes and improvements in the new Settings, Extensions, and Help pages. * Fixed the flashing when switched between composited and non-composited mode. [Issue: 116603] * Fixed stability issues 116913, 117217, 117347, 117081 openSUSE 12.1 Update Specially crafted font files could cause buffer overflows in freetype openSUSE 12.1 Update update to 5.0.4, fix for bnc#754694 (CVE-2012-1600) openSUSE 12.1 Update Specially crafted ogg files could crash taglib openSUSE 12.1 Update specially crafted png files could cause a memory corruption in libpng's png_set_text_2() openSUSE 12.1 Update - update to 3.4.10.2 - [security] Fixed local path disclosure vulnerability, see PMASA-2012-2 http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php openSUSE 12.1 Update specially crafted tiff files could cause a heap overflow in libtiff openSUSE 12.1 Update This is a XEN bugfix update fixing lots of bugs and one security issue. CVE-2012-0029: Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets. openSUSE 12.1 Update Scripts that accept multiple file uploads in a single request were potentially vulnerable to a directory traversal attack openSUSE 12.1 Update Security update for Chromium and V8 to 18.0.1025.142. Following bugs are listed in the Chrome changelog: - [$500] [109574<https://code.google.com/p/chromium/issues/detail?id=109574>] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa. - [$500] [112317<https://code.google.com/p/chromium/issues/detail?id=112317>] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis. - [$500] [114056<https://code.google.com/p/chromium/issues/detail?id=114056>] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz. - [116398 <https://code.google.com/p/chromium/issues/detail?id=116398>] Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google. - [116524 <https://code.google.com/p/chromium/issues/detail?id=116524>] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team. - [117417 <https://code.google.com/p/chromium/issues/detail?id=117417>] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team). - [$1000] [117471<https://code.google.com/p/chromium/issues/detail?id=117471>] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG. - [$1000] [117588<https://code.google.com/p/chromium/issues/detail?id=117588>] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair. - [$500] [117794<https://code.google.com/p/chromium/issues/detail?id=117794>] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler. The bugs [112317<https://code.google.com/p/chromium/issues/detail?id=112317>], [114056 <https://code.google.com/p/chromium/issues/detail?id=114056>] and [ 117471 <https://code.google.com/p/chromium/issues/detail?id=117471>] were detected using AddressSanitizer<http://code.google.com/p/address-sanitizer/wiki/AddressSanitizer> . We'd also like to thank miaubiz, Chamal de Silva, Atte Kettunen of OUSPG, Aki Helin of OUSPG and Arthur Gerkis for working with us during the development cycle and preventing security regressions from ever reaching the stable channel. $8000 of additional rewards were issued for this awesomeness openSUSE 12.1 Update This kernel update fixes various bugs and security issues. For bugfixes, - a lot of BTRFS bugs were fixed - a performance issue with transparent huge pages was fixed which could have caused huge slowdowns when doing I/O over e.g. USB sticks. openSUSE 12.1 Update The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL was vulnerable to a Million Message Attack (MMA) adaptive chosen ciphertext attack (CVE-2012-0884). openSUSE 12.1 Update - Add the ldapsmb sources as else patches against them have no chance to apply. - Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe- cution as the "root" user; PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182; (bso#8815); (bnc#752797). - s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys; (bso#8599). - Correctly handle DENY ACEs when privileges apply; (bso#8797). - s3:smb2_server: fix a logic error, we should sign non guest sessions; (bso8749). - Allow vfs_aio_pthread to build as a static module; (bso#8723). - s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for persistent dbs; (#bso8527). - s3: segfault in dom_sid_compare(bso#8567). - Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER; (bso#8768). - s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771). - s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599). - Fix problem when calculating the share security mask, take priviliges into account for the connecting user; (bso#8784). - Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups; (bso#8807); (bnc#751454). - Remove obsoleted Authors lines from spec file for post-11.2 systems. - Make ldapsmb build with Fedora 15 and 16; (bso#8783). - BuildRequire libuuid-devel for post-11.0 and other systems. - Define missing python macros for non SUSE systems. - PreReq to fillup_prereq and insserv_prereq only on SUSE systems. - Always use cifstab instead of smbfstab on non SUSE systems. - Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions; CVE-2012-0870; (bnc#747934). - Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760); (bnc#741854). - s3-printing: fix crash in printer_list_set_printer(); (bso#8762); (bnc#746825). openSUSE 12.1 Update Acroread update to version 9.5.1 to fix several security issues openSUSE 12.1 Update Changes in wireshark: - update to 1.4.12 - fix bnc#754474, bnc#754476, bnc#754477(fixed upstream) - Security fixes: - wnpa-sec-2012-04 The ANSI A dissector could dereference a NULL pointer and crash. (Bug 6823) - wnpa-sec-2012-06 The pcap and pcap-ng file parsers could crash trying to read ERF data. (Bug 6804) - wnpa-sec-2012-07 The MP2T dissector could try to allocate too much memory and crash. (Bug 6804) - The Windows installers now include GnuTLS 1.12.18, which fixes several vulnerabilities. - Bug fixes: - Some PGM options are not parsed correctly. (Bug 5687) - dumpcap crashes when capturing from pipe to a pcap-ng file (e.g., when passing data from CACE Pilot to Wireshark). (Bug 5939) - No error for UDP/IPv6 packet with zero checksum. (Bug 6232) - packetBB dissector bug: More than 1000000 items in the tree -- possible infinite loop. (Bug 6687) - Ethernet traces in K12 text format sometimes give bogus "malformed frame" errors and other problems. (Bug 6735) - non-IPP packets to or from port 631 are dissected as IPP. (Bug 6765) - IAX2 dissector reads past end of packet for unknown IEs. (Bug 6815) - Pcap-NG files with SHB options longer than 100 bytes aren't recognized as pcap-NG files, and options longer than 100 bytes in other blocks aren't handled either. (Bug 6846) - Patch to fix DTLS decryption. (Bug 6847) - Expression... dialog is crash. (Bug 6891) - ISAKMP : VendorID CheckPoint : Malformed Packet. (Bug 6972) - Radiotap dissector lists a bogus "DBM TX Attenuation" bit. (Bug 7000) - MySQL dissector assertion. (Ask 8649) Updated Protocol Support HTTP, ISAKMP, MySQL, PacketBB, PGM, TCP, UDP New and Updated Capture File Support Endace ERF, Pcap-NG. openSUSE 12.1 Update puppet was prone to several security issues openSUSE 12.1 Update Specially crafted YAML could allow attackers to execute arbitrary code due to the use of yaml.load instead of yaml.safe_load. Cobbler-web was prone to Cross-Site-Request-Forgery (CSRF) openSUSE 12.1 Update specially crafted files could cause buffer overflows in csound openSUSE 12.1 Update Specially crafted type1 fonts could cause memory corruptions in t1lib openSUSE 12.1 Update specially crafted signature headers could crash rpm openSUSE 12.1 Update mount.cifs could leak information about existence of files normally not accessible to users openSUSE 12.1 Update Specially crafted files could cause overflows in ImageMagick openSUSE 12.1 Update Changes in xulrunner: - update to 12.0 (bnc#758408) * rebased patches * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards * MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange * MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface * MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors * MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite * MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS * MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions * MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues * MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D * MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer * MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by javascript errors * MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running - gcc 4.7 fixes * mozilla-gcc47.patch * disabled crashreporter temporarily for Factory Changes in MozillaFirefox: - update to Firefox 12.0 (bnc#758408) * rebased patches * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards * MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange * MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface * MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors * MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite * MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS * MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions * MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues * MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D * MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer * MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by javascript errors * MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running - gcc 4.7 fixes * mozilla-gcc47.patch * disabled crashreporter temporarily for Factory - recommend libcanberra0 for proper sound notifications Changes in MozillaThunderbird: - update to Thunderbird 12.0 (bnc#758408) * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards * MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange * MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface * MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors * MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite * MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS * MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions * MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues * MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D * MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer * MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by javascript errors * MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - update Enigmail to 1.4.1 - added mozilla-revert_621446.patch - added mozilla-libnotify.patch (bmo#737646) - added mailnew-showalert.patch (bmo#739146) - added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7 - disabled crashreporter temporarily for Factory (gcc 4.7 issue) Changes in seamonkey: - update to Seamonkey 2.9 (bnc#758408) * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards * MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange * MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface * MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors * MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite * MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS * MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions * MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues * MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D * MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer * MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by javascript errors * MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - update to 2.9b4 - added mozilla-sle11.patch and add exceptions to be able to build for SLE11/11.1 - exclude broken gl locale from build - fixed build on 11.2-x86_64 by adding mozilla-revert_621446.patch - added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7 openSUSE 12.1 Update - docs-xml: fix default name resolve order; (bso#7564). - s3-aio-fork: Fix a segfault in vfs_aio_fork; (bso#8836). - docs: remove whitespace in example samba.ldif; (bso#8789). - s3-smbd: move print_backend_init() behind init_system_info(); (bso#8845). - s3-docs: Prepend '/' to filename argument; (bso#8826). - Restrict self granting privileges where security=ads for Samba post-3.3.16; CVE-2012-2111; (bnc#757576). openSUSE 12.1 Update The Opera web browser was updated to 11.62 fixing various bugs and security issues. openSUSE 12.1 Update local users could read mailman's mail archive openSUSE 12.1 Update when running "su -c" to execute commands as different user the target user could inject command back into the calling user's terminal via the TIOCSTI ioctl. openSUSE 12.1 Update when used in CGI mode remote attackers could inject command line arguments to php openSUSE 12.1 Update Specially crafted MP4 files could crash taglib openSUSE 12.1 Update flash-player update to 11.2.202.235 fixes a potential remote code execution vulnerability openSUSE 12.1 Update MySQL Cluster 7.1.21 fixes several security issues and bugs. Please refer to the following upstream announcement for details: http://dev.mysql.com/doc/refman/5.1/en/mysql-cluster-news-7-1.html openSUSE 12.1 Update Chromium version 20.0.1128 fixes several security issues: - CVE-2011-3078: Use after free in floats handling. - CVE-2012-1521: Use after free in xml parser. - CVE-2011-3079: IPC validation failure. - CVE-2011-3080: Race condition in sandbox IPC - CVE-2011-3081: Use after free in floats handling. openSUSE 12.1 Update SNMP GET request involving on a non-existent extension table entry could crash snmpd openSUSE 12.1 NetworkManager did not pin a certificate's subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by same CA as used in the original network (CVE-2006-7246). Please note that existing WPA2 Enterprise connections need to be deleted and re-created to take advantage of the new security checks. openSUSE 12.1 Update Specially crafted CDF/CFBF files could trigger an out of memory condition openSUSE 12.1 Update sudo did not always honor the Host_List setting in /etc/sudoers properly openSUSE 12.1 Update Chromium update to 21.0.1145 * Fixed several issues around audio not playing with videos * Crash Fixes * Improvements to trackpad on Cr-48 * Security Fixes (bnc#762481) - CVE-2011-3083: Browser crash with video + FTP - CVE-2011-3084: Load links from internal pages in their own process. - CVE-2011-3085: UI corruption with long autofilled values - CVE-2011-3086: Use-after-free with style element. - CVE-2011-3087: Incorrect window navigation - CVE-2011-3088: Out-of-bounds read in hairline drawing - CVE-2011-3089: Use-after-free in table handling. - CVE-2011-3090: Race condition with workers. - CVE-2011-3091: Use-after-free with indexed DB - CVE-2011-3092: Invalid write in v8 regex - CVE-2011-3093: Out-of-bounds read in glyph handling - CVE-2011-3094: Out-of-bounds read in Tibetan handling - CVE-2011-3095: Out-of-bounds write in OGG container. - CVE-2011-3096: Use-after-free in GTK omnibox handling. - CVE-2011-3098: Bad search path for Windows Media Player plug-in - CVE-2011-3100: Out-of-bounds read drawing dash paths. - CVE-2011-3101: Work around Linux Nvidia driver bug - CVE-2011-3102: Off-by-one out-of-bounds write in libxml. openSUSE 12.1 Update This update is a maintenance release of Wireshark. It fixes some vulererabilities when dissecting certain protocols. As packages for these protocols may be received over the network, an attacker may trigger infinite or large loops or crashes of the dissector. Wireshark release notes and advisories: - http://www.wireshark.org/docs/relnotes/wireshark-1.4.13.html - http://www.wireshark.org/security/wnpa-sec-2012-08.html * CVE-2012-2392 - http://www.wireshark.org/security/wnpa-sec-2012-09.html * CVE-2012-2393 - http://www.wireshark.org/security/wnpa-sec-2012-10.html * CVE-2012-2394 openSUSE 12.1 Update The xmlrpc interface of cobbler was prone to command injectoin openSUSE 12.1 Update Specially crafted tar archives could cause an integer overflow in the phar extension openSUSE 12.1 Update specially crafted xpath statements could cause an out of bounds memory write openSUSE 12.1 Update Strongswan's gmp plugin could treat empty RSA signature as valid ones openSUSE 12.1 Update pidgin-otr was prone to a format string flaw in log_message_cb openSUSE 12.1 Update A remote denial of service in the bind nameserver via zero length rdata fields was fixed. openSUSE 12.1 Update Changes in MozillaFirefox: - update to Firefox 13.0 (bnc#765204) * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - require NSS 3.13.4 * MFSA 2012-39/CVE-2012-0441 (bmo#715073) - fix sound notifications when filename/path contains a whitespace (bmo#749739) - fix build on arm - reenabled crashreporter for Factory/12.2 (fix in mozilla-gcc47.patch) Changes in MozillaThunderbird: - update to Thunderbird 13.0 (bnc#765204) * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - require NSS 3.13.4 * MFSA 2012-39/CVE-2012-0441 (bmo#715073) - fix build with system NSPR (mozilla-system-nspr.patch) - add dependentlibs.list for improved XRE startup - update enigmail to 1.4.2 - reenabled crashreporter for Factory/12.2 (fix in mozilla-gcc47.patch) - update to Thunderbird 12.0.1 * fix regressions - POP3 filters (bmo#748090) - Message Body not loaded when using "Fetch Headers Only" (bmo#748865) - Received messages contain parts of other messages with movemail account (bmo#748726) - New mail notification issue (bmo#748997) - crash in nsMsgDatabase::MatchDbName (bmo#748432) - fixed build with gcc 4.7 Changes in seamonkey: - update to Seamonkey 2.10 (bnc#765204) * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - requires NSS 3.13.4 * MFSA 2012-39/CVE-2012-0441 (bmo#715073) - update to Seamonkey 2.9.1 * fix regressions - POP3 filters (bmo#748090) - Message Body not loaded when using "Fetch Headers Only" (bmo#748865) - Received messages contain parts of other messages with movemail account (bmo#748726) - New mail notification issue (bmo#748997) - crash in nsMsgDatabase::MatchDbName (bmo#748432) - fixed build with gcc 4.7 Changes in mozilla-nss: - update to 3.13.5 RTM - update to 3.13.4 RTM * fixed some bugs * fixed cert verification regression in PKIX mode (bmo#737802) introduced in 3.13.2 Changes in xulrunner: - update to 13.0 (bnc#765204) * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - require NSS 3.13.4 * MFSA 2012-39/CVE-2012-0441 (bmo#715073) - reenabled crashreporter for Factory/12.2 (fixed in mozilla-gcc47.patch) openSUSE 12.1 Update Adobe Flash Player was updated to 11.2.202.236, fixing lots of bugs and critical security issues. We also disabled inclusion of mms.cfg again, as it caused trouble on hardware accelerated systems. openSUSE 12.1 Update This update includes several security fixes added in version 2.2.1 and 2.3 openSUSE 12.1 Update This update of socat fixes a buffer overflow in READLINE output mode. openSUSE 12.1 Update Fixing CVE-2012-2122: authentication bypass due to incorrect type casting openSUSE 12.1 Update This version upgrade of java-1_6_0-openjdk fixes multiple security flaws: - S7079902, CVE-2012-1711: Refine CORBA data models - S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. - S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement - S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations - S7143851, CVE-2012-1719: Improve IIOP stub and tie generation in RMIC - S7143872, CVE-2012-1718: Improve certificate extension processing - S7152811, CVE-2012-1723: Issues in client compiler - S7157609, CVE-2012-1724: Issues with loop - S7160757, CVE-2012-1725: Problem with hotspot runtime_classfile openSUSE 12.1 Update Fixing CVE-2012-1013 (krb5 kadmind denial of service via null pointer dereference) openSUSE 12.1 Update - security update: * Fix BSD crypt 8bit character mishandling (CVE-2012-2143) [bnc#766798] openSUSE 12.1 Update This update addresses possible evasion cases in some archive formats and stability issues in portions of the bytecode engine. openSUSE 12.1 Update - update to 12.00 * full changelog available at: http://www.opera.com/docs/changelogs/unix/1120/ - fixes [bnc#767045] openSUSE 12.1 Update - fixing multiple integer overflows: * CVE-2012-2113 [bnc#767852] * CVE-2012-2088 [bnc#767854] openSUSE 12.1 Update python-httplib2 used to ship it's own copy of Mozilla NSS certificates, but should use the system-wide ones instead. openSUSE 12.1 Update - fix vulnerability to temporary file symlink attacks in snapshot file mode. (bnc#764526) (CVE-2012-2652) openSUSE 12.1 Update - update to 1.1.15 (bnc#768680): * security fix: complete authz support for remote SVN views (CVE-2012-3356) * security fix: log msg leak in SVN revision view with unreadable copy source (CVE-2012-3357) Additionally the following non-security issues have been addressed: * fix several instances of incorrect information in remote SVN views * increase performance of some revision metadata lookups in remote SVN views * fix RSS feed regression introduced in 1.1.14 * fix annotation of svn files with non-URI-safe paths * handle file:/// Subversion rootpaths as local roots * fix bug caused by trying to case-normalize anon usernames * speed up log handling by reusing tokenization results * add support for custom review log markup rules * fix svndbadmin failure on deleted paths under Subversion 1.7 * fix annotation of files in svn roots with non-URI-safe paths * fix stray annotation warning in markup display of images * more gracefully handle attempts to display binary content * fix path display in patch and certain diff views * fix broken cvsdb glob searching * allow svn revision specifiers to have leading r's * allow environmental override of configuration location * fix exception HTML-escaping non-string data under WSGI * add links to root logs from roots view * use Pygments lexer-guessing functionality - add supplements for apache2/subversion-server openSUSE 12.1 Update This kernel update of the openSUSE 12.1 kernel brings various bug and security fixes. Following issues were fixed: - tcp: drop SYN+FIN messages (bnc#765102, CVE-2012-2663). - net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136). - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE (bnc#762991). - be2net: non-member vlan pkts not received in promiscous mode (bnc#732006 CVE-2011-3347). - fcaps: clear the same personality flags as suid when fcaps are used (bnc#758260 CVE-2012-2123). - macvtap: zerocopy: validate vectors before building skb (bnc#758243 CVE-2012-2119). - macvtap: zerocopy: set SKBTX_DEV_ZEROCOPY only when skb is built successfully (bnc#758243 CVE-2012-2119). - macvtap: zerocopy: put page when fail to get all requested user pages (bnc#758243 CVE-2012-2119). - macvtap: zerocopy: fix offset calculation when building skb (bnc#758243 CVE-2012-2119). - Avoid reading past buffer when calling GETACL (bnc#762992). - Avoid beyond bounds copy while caching ACL (bnc#762992). - Fix length of buffer copied in __nfs4_get_acl_uncached (bnc#762992). - hfsplus: Fix potential buffer overflows (bnc#760902 CVE-2009-4020). - usb/net: rndis: merge command codes. only net/hyperv part - usb/net: rndis: remove ambigous status codes. only net/hyperv part - usb/net: rndis: break out <linux/rndis.h> defines. only net/hyperv part - net/hyperv: Add flow control based on hi/low watermark. - hv: fix return type of hv_post_message(). - Drivers: hv: util: Properly handle version negotiations. - Drivers: hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp(). - HID: hyperv: Set the hid drvdata correctly. - HID: hid-hyperv: Do not use hid_parse_report() directly. - [SCSI] storvsc: Properly handle errors from the host (bnc#747404). - Delete patches.suse/suse-hv-storvsc-ignore-ata_16.patch. - patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant: ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices. - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition (bnc#762991 CVE-2012-2373). - xfrm: take net hdr len into account for esp payload size calculation (bnc#759545). - net/hyperv: Adding cancellation to ensure rndis filter is closed. - xfs: Fix oops on IO error during xlog_recover_process_iunlinks() (bnc#761681). - thp: reduce khugepaged freezing latency (bnc#760860). - igb: fix rtnl race in PM resume path (bnc#748859). - ixgbe: add missing rtnl_lock in PM resume path (bnc#748859). - cdc_ether: Ignore bogus union descriptor for RNDIS devices (bnc#735362). Taking the fix from net-next - Fix kABI breakage due to including proc_fs.h in kernel/fork.c modversion changed because of changes in struct proc_dir_entry (became defined) Refresh patches.fixes/procfs-namespace-pid_ns-fix-leakage-on-fork-failure. - Disabled MMC_TEST (bnc#760077). - Input: ALPS - add semi-MT support for v3 protocol (bnc#716996). - Input: ALPS - add support for protocol versions 3 and 4 (bnc#716996). - Input: ALPS - remove assumptions about packet size (bnc#716996). - Input: ALPS - add protocol version field in alps_model_info (bnc#716996). - Input: ALPS - move protocol information to Documentation (bnc#716996). - sysctl/defaults: kernel.hung_task_timeout -> kernel.hung_task_timeout_secs (bnc#700174) - btrfs: partial revert of truncation improvements (FATE#306586 bnc#748463 bnc#760279). - libata: skip old error history when counting probe trials. - procfs, namespace, pid_ns: fix leakage upon fork() failure (bnc#757783). - cdc-wdm: fix race leading leading to memory corruption (bnc#759554). This patch fixes a race whereby a pointer to a buffer would be overwritten while the buffer was in use leading to a double free and a memory leak. This causes crashes. This bug was introduced in 2.6.34 - netfront: delay gARP until backend switches to Connected. - xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. - xenbus: check availability of XS_RESET_WATCHES command. - xenbus_dev: add missing error checks to watch handling. - drivers/xen/: use strlcpy() instead of strncpy(). - blkfront: properly fail packet requests (bnc#745929). - Linux 3.1.10. - Update Xen config files. - Refresh other Xen patches. - tlan: add cast needed for proper 64 bit operation (bnc#756840). - dl2k: Tighten ioctl permissions (bnc#758813). - mqueue: fix a vfsmount longterm reference leak (bnc#757783). - cciss: Add IRQF_SHARED back in for the non-MSI(X) interrupt handler (bnc#757789). - procfs: fix a vfsmount longterm reference leak (bnc#757783). - uwb: fix error handling (bnc#731720). This fixes a kernel error on unplugging an uwb dongle - uwb: fix use of del_timer_sync() in interrupt (bnc#731720). This fixes a kernel warning on plugging in an uwb dongle - acer-wmi: Detect communication hot key number. - acer-wmi: replaced the hard coded bitmap by the communication devices bitmap from SMBIOS. - acer-wmi: add ACER_WMID_v2 interface flag to represent new notebooks. - acer-wmi: No wifi rfkill on Sony machines. - acer-wmi: No wifi rfkill on Lenovo machines. - [media] cx22702: Fix signal strength. - fs: cachefiles: Add support for large files in filesystem caching (bnc#747038). - Drivers: scsi: storvsc: Account for in-transit packets in the RESET path. - CPU hotplug, cpusets, suspend: Don't touch cpusets during suspend/resume (bnc#752460). - net: fix a potential rcu_read_lock() imbalance in rt6_fill_node() (bnc#754186, bnc#736268). - This commit fixes suspend to ram breakage reported in bnc#764864. Remove dud patch. The problem it addressed is being respun upstream, is in tip, but not yet mainlined. See bnc#752460 for details regarding the problem the now removed patch fixed while breaking S2R. Delete patches.fixes/cpusets-Dont-touch-cpusets-during-suspend-or-resume.patch. - Remove dud patch. The problem it addressed is being respun upstream, is in tip, but not yet mainlined. Delete patches.fixes/cpusets-Dont-touch-cpusets-during-suspend-or-resume.patch. - fix VM_FOREIGN users after c/s 878:eba6fe6d8d53 (bnc#760974). - gntdev: fix multi-page slot allocation (bnc#760974). - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populateSMP race condition (bnc#762991 CVE-2012-2373). - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE (bnc#762991). - sym53c8xx: Fix NULL pointer dereference in slave_destroy (bnc#767786). - sky2: fix regression on Yukon Optima (bnc#731537). openSUSE 12.1 Update This update of accountservice fixed a flaw in user_change_icon_file_authorized_cb() that could be exploited by local attackers to read arbitrary files. openSUSE 12.1 Update python3 was fixed for: - Fix bnc#758993 - CVE-2012-2135: python3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated openSUSE 12.1 Update - Update Chromium to 22.0.1190 * Security Fixes (bnc#769181): * CVE-2012-2815: Leak of iframe fragment id * CVE-2012-2816: Prevent sandboxed processes interfering with each other * CVE-2012-2817: Use-after-free in table section handling * CVE-2012-2818: Use-after-free in counter layout * CVE-2012-2819: Crash in texture handling * CVE-2012-2820: Out-of-bounds read in SVG filter handling * CVE-2012-2821: Autofill display problem * CVE-2012-2823: Use-after-free in SVG resource handling * CVE-2012-2826: Out-of-bounds read in texture conversion * CVE-2012-2829: Use-after-free in first-letter handling * CVE-2012-2830: Wild pointer in array value setting * CVE-2012-2831: Use-after-free in SVG reference handling * CVE-2012-2834: Integer overflow in Matroska container * CVE-2012-2825: Wild read in XSL handling * CVE-2012-2807: Integer overflows in libxml * Fix update-alternatives within the spec-file - Update v8 to 3.12.5.0 * Fixed Chromium issues: 115100, 129628, 131994, 132727, 132741, 132742, 133211 * Fixed V8 issues: 915, 1914, 2034, 2087, 2094, 2134, 2156, 2166, 2172, 2177, 2179, 2185 * Added --extra-code flag to mksnapshot to load JS code into the VM before creating the snapshot. * Support 'restart call frame' command in the debugger. * Fixed lazy sweeping heuristics to prevent old-space expansion. (issue 2194) * Fixed sharing of literal boilerplates for optimized code. (issue 2193) * Removed -fomit-frame-pointer flag from Release builds to make the stack walkable by TCMalloc (Chromium issue 133723). * Expose more detailed memory statistics (issue 2201). * Fixed Harmony Maps and WeakMaps for undefined values (Chromium issue 132744). - Update v8 to 3.11.10.6 * Implemented heap profiler memory usage reporting. * Preserved error message during finally block in try..finally. (Chromium issue 129171) * Fixed EnsureCanContainElements to properly handle double values. (issue 2170) * Improved heuristics to keep objects in fast mode with inherited constructors. * Performance and stability improvements on all platforms. * Implemented ES5-conformant semantics for inherited setters and read-only properties. Currently behind --es5_readonly flag, because it breaks WebKit bindings. * Exposed last seen heap object id via v8 public api. - Update v8 to 3.11.8.0 * Avoid overdeep recursion in regexp where a guarded expression with a minimum repetition count is inside another quantifier. (Chromium issue 129926) * Fixed missing write barrier in store field stub. (issues 2143, 1465, Chromium issue 129355) * Proxies: Fixed receiver for setters inherited from proxies. * Proxies: Fixed ToStringArray function so that it does not reject some keys. (issue 1543) - Update v8 to 3.11.7.0 * Get better function names in stack traces. * Fixed RegExp.prototype.toString for incompatible receivers (issue 1981). * Some cleanup to common.gypi. This fixes some host/target combinations that weren't working in the Make build on Mac. * Handle EINTR in socket functions and continue incomplete sends. (issue 2098) * Fixed python deprecations. (issue 1391) * Made socket send and receive more robust and return 0 on failure. (Chromium issue 15719) * Fixed GCC 4.7 (C++11) compilation. (issue 2136) * Set '-m32' option for host and target platforms * Performance and stability improvements on all platforms. openSUSE 12.1 Update Changes in libgdata: - Add libgdata-validate-ssl-cert.patch: validate SSL certificates for all connections. Fix bnc#752088, CVE-2012-1177. - Add gnome-common BuildRequires and call gnome-autogen.sh: needed for above patch. - Pass --with-ca-certs=/etc/ssl/ca-bundle.pem to configure to let libgdata know about the location of our certificates. openSUSE 12.1 Update Changes in pidgin: - bnc#761155, CVE-2012-2318, remote crash via specially-crafted MSN notification message openSUSE 12.1 Empty. openSUSE 12.1 Update Fixed domain name resolving flaw: CVE-2012-1033, bnc#746074 Non-security fixes: - added TLSA record type - added wire format lookup method to sdb - many many bugfixes (see CHANGES for details) - 9.8.3-P1 openSUSE 12.1 Update Changes in libxslt, libxslt-python: - fixing an incorrect read operation in the XSL implementation (CVE-2012-2825, bnc#769182) that could cause a DoS condition openSUSE 12.1 Update The following changes have been made: - Add gypsy-CVE-2011-0523.patch: add config file to restrict the files that can be read. Fix CVE-2011-0523 and bnc#666839. - Add gypsy-CVE-2011-0524.patch: use snprintf() to avoid buffer overflows. Fix CVE-2011-0524 and bnc#666839. - Add gnome-common BuildRequires and call to gnome-autogen.sh for gypsy-CVE-2011-0523.patch, since it touches the build system. openSUSE 12.1 Update This update of XEN fixed multiple security flaws that could be exploited by local attackers to cause a Denial of Service or potentially escalate privileges. Additionally, several other upstream changes were backported. openSUSE 12.1 Update puppet was updated to fix various security issues: CVEs fixed: - bnc#770828 - CVE-2012-3864: puppet: authenticated clients can read arbitrary files via a flaw in puppet master - bnc#770829 - CVE-2012-3865: puppet: arbitrary file delete / Denial of Service on Puppet Master by authenticated clients - bnc#770827 - CVE-2012-3866: puppet: last_run_report.yaml left world-readable - bnc#770833 - CVE-2012-3867: puppet: insufficient input validation for agent certificate names - using the new stable version, 2.6.17, which only receives security fixes. - Removed runlevel 4. openSUSE 12.1 Update Bash was fixed to avoid a possible buffer overflow when expanding the /dev/fd prefix with e.g. the test builtin (bnc#770795) (CVE-2012-3410) Due to _FORTIFY_SOURCE=2 enablement, the exploit will only abort the shell. openSUSE 12.1 Update Fix integer overflow in XBM file loader. Fix bnc#762735, CVE-2012-2370. openSUSE 12.1 Update The game rocksndiamonds created ~/.rocksndiamonds/ world writeable, allowing other users to save files in there or corrupt your game state. This was fixed. openSUSE 12.1 Update Changes in pidgin: - Fixing bnc#752275, CVE-2012-1178: Pidgin fails to verify the text's utf-8 encoding openSUSE 12.1 Update Several security issues were found by the Google Security Team in libexif and fixed there. openSUSE 12.1 Update Changes in arpwatch: - arpwatch-2.1a11-drop-privs.dif: call initgroups() with pw->pw_gid, not NULL, to not have groupid 0 initialized. (bnc#764521, CVE-2012-2653) openSUSE 12.1 Seamonkey was updated to version 2.5 to fix several security issues: * MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS against sites using Shift-JIS * MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards * MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory corruption while profiling using Firebug * MFSA 2011-52/CVE-2011-3655 (bmo#672182) Code execution via NoWaiverWrapper openSUSE 12.1 Update MozillaFirefox was updated to 14.0.1 to fix various bugs and security issues. Following security issues were fixed: MFSA 2012-42: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. CVE-2012-1949: Brian Smith, Gary Kwong, Christian Holler, Jesse Ruderman, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey reported memory safety problems and crashes that affect Firefox 13. CVE-2012-1948: Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 13. MFSA 2012-43 / CVE-2012-1950: Security researcher Mario Gomes andresearch firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the addressbar by canceling the page load. This causes the address of the previously site entered to be displayed in the addressbar instead of the currently loaded page. This could lead to potential phishing attacks on users. MFSA 2012-44 Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues: two use-after-free problems, one out of bounds read bug, and a bad cast. The first use-after-free problem is caused when an array of nsSMILTimeValueSpec objects is destroyed but attempts are made to call into objects in this array later. The second use-after-free problem is in nsDocument::AdoptNode when it adopts into an empty document and then adopts into another document, emptying the first one. The heap buffer overflow is in ElementAnimations when data is read off of end of an array and then pointers are dereferenced. The bad cast happens when nsTableFrame::InsertFrames is called with frames in aFrameList that are a mix of row group frames and column group frames. AppendFrames is not able to handle this mix. All four of these issues are potentially exploitable. CVE-2012-1951: Heap-use-after-free in nsSMILTimeValueSpec::IsEventBased CVE-2012-1954: Heap-use-after-free in nsDocument::AdoptNode CVE-2012-1953: Out of bounds read in ElementAnimations::EnsureStyleRuleFor CVE-2012-1952: Bad cast in nsTableFrame::InsertFrames MFSA 2012-45 / CVE-2012-1955: Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, calls to history.forward and history.back are used to navigate to a site while displaying the previous site in the addressbar but changing the baseURI to the newer site. This can be used for phishing by allowing the user input form or other data on the newer, attacking, site while appearing to be on the older, displayed site. MFSA 2012-46 / CVE-2012-1966: Mozilla security researcher moz_bug_r_a4 reported a cross-site scripting (XSS) attack through the context menu using a data: URL. In this issue, context menu functionality ("View Image", "Show only this frame", and "View background image") are disallowed in a javascript: URL but allowed in a data: URL, allowing for XSS. This can lead to arbitrary code execution. MFSA 2012-47 / CVE-2012-1957: Security researcher Mario Heiderich reported that javascript could be executed in the HTML feed-view using <embed> tag within the RSS <description>. This problem is due to <embed> tags not being filtered out during parsing and can lead to a potential cross-site scripting (XSS) attack. The flaw existed in a parser utility class and could affect other parts of the browser or add-ons which rely on that class to sanitize untrusted input. MFSA 2012-48 / CVE-2012-1958: Security researcher Arthur Gerkis used the Address Sanitizer tool to find a use-after-free in nsGlobalWindow::PageHidden when mFocusedContent is released and oldFocusedContent is used afterwards. This use-after-free could possibly allow for remote code execution. MFSA 2012-49 / CVE-2012-1959: Mozilla developer Bobby Holley found that same-compartment security wrappers (SCSW) can be bypassed by passing them to another compartment. Cross-compartment wrappers often do not go through SCSW, but have a filtering policy built into them. When an object is wrapped cross-compartment, the SCSW is stripped off and, when the object is read read back, it is not known that SCSW was previously present, resulting in a bypassing of SCSW. This could result in untrusted content having access to the XBL that implements browser functionality. MFSA 2012-50 / CVE-2012-1960: Google developer Tony Payne reported an out of bounds (OOB) read in QCMS, Mozilla’s color management library. With a carefully crafted color profile portions of a user's memory could be incorporated into a transformed image and possibly deciphered. MFSA 2012-51 / CVE-2012-1961: Bugzilla developer Fr?d?ric Buclin reported that the "X-Frame-Options header is ignored when the value is duplicated, for example X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This duplication occurs for unknown reasons on some websites and when it occurs results in Mozilla browsers not being protected against possible clickjacking attacks on those pages. MFSA 2012-52 / CVE-2012-1962: Security researcher Bill Keese reported a memory corruption. This is caused by JSDependentString::undepend changing a dependent string into a fixed string when there are additional dependent strings relying on the same base. When the undepend occurs during conversion, the base data is freed, leaving other dependent strings with dangling pointers. This can lead to a potentially exploitable crash. MFSA 2012-53 / CVE-2012-1963: Security researcher Karthikeyan Bhargavan of Prosecco at INRIA reported Content Security Policy (CSP) 1.0 implementation errors. CSP violation reports generated by Firefox and sent to the "report-uri" location include sensitive data within the "blocked-uri" parameter. These include fragment components and query strings even if the "blocked-uri" parameter has a different origin than the protected resource. This can be used to retrieve a user's OAuth 2.0 access tokens and OpenID credentials by malicious sites. MFSA 2012-54 / CVE-2012-1964: Security Researcher Matt McCutchen reported that a clickjacking attack using the certificate warning page. A man-in-the-middle (MITM) attacker can use an iframe to display its own certificate error warning page (about:certerror) with the "Add Exception" button of a real warning page from a malicious site. This can mislead users to adding a certificate exception for a different site than the perceived one. This can lead to compromised communications with the user perceived site through the MITM attack once the certificate exception has been added. MFSA 2012-55 / CVE-2012-1965: Security researchers Mario Gomes and Soroush Dalili reported that since Mozilla allows the pseudo-protocol feed: to prefix any valid URL, it is possible to construct feed:javascript: URLs that will execute scripts in some contexts. On some sites it may be possible to use this to evade output filtering that would otherwise strip javascript: URLs and thus contribute to cross-site scripting (XSS) problems on these sites. MFSA 2012-56 / CVE-2012-1967: Mozilla security researcher moz_bug_r_a4 reported a arbitrary code execution attack using a javascript: URL. The Gecko engine features a JavaScript sandbox utility that allows the browser or add-ons to safely execute script in the context of a web page. In certain cases, javascript: URLs are executed in such a sandbox with insufficient context that can allow those scripts to escape from the sandbox and run with elevated privilege. This can lead to arbitrary code execution. openSUSE 12.1 Update Mozilla XULRunner was updated to 14.0.1, fixing bugs and security issues: Following security issues were fixed: MFSA 2012-42: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. CVE-2012-1949: Brian Smith, Gary Kwong, Christian Holler, Jesse Ruderman, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey reported memory safety problems and crashes that affect Firefox 13. CVE-2012-1948: Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 13. MFSA 2012-43 / CVE-2012-1950: Security researcher Mario Gomes andresearch firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the addressbar by canceling the page load. This causes the address of the previously site entered to be displayed in the addressbar instead of the currently loaded page. This could lead to potential phishing attacks on users. MFSA 2012-44 Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues: two use-after-free problems, one out of bounds read bug, and a bad cast. The first use-after-free problem is caused when an array of nsSMILTimeValueSpec objects is destroyed but attempts are made to call into objects in this array later. The second use-after-free problem is in nsDocument::AdoptNode when it adopts into an empty document and then adopts into another document, emptying the first one. The heap buffer overflow is in ElementAnimations when data is read off of end of an array and then pointers are dereferenced. The bad cast happens when nsTableFrame::InsertFrames is called with frames in aFrameList that are a mix of row group frames and column group frames. AppendFrames is not able to handle this mix. All four of these issues are potentially exploitable. CVE-2012-1951: Heap-use-after-free in nsSMILTimeValueSpec::IsEventBased CVE-2012-1954: Heap-use-after-free in nsDocument::AdoptNode CVE-2012-1953: Out of bounds read in ElementAnimations::EnsureStyleRuleFor CVE-2012-1952: Bad cast in nsTableFrame::InsertFrames MFSA 2012-45 / CVE-2012-1955: Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, calls to history.forward and history.back are used to navigate to a site while displaying the previous site in the addressbar but changing the baseURI to the newer site. This can be used for phishing by allowing the user input form or other data on the newer, attacking, site while appearing to be on the older, displayed site. MFSA 2012-46 / CVE-2012-1966: Mozilla security researcher moz_bug_r_a4 reported a cross-site scripting (XSS) attack through the context menu using a data: URL. In this issue, context menu functionality ("View Image", "Show only this frame", and "View background image") are disallowed in a javascript: URL but allowed in a data: URL, allowing for XSS. This can lead to arbitrary code execution. MFSA 2012-47 / CVE-2012-1957: Security researcher Mario Heiderich reported that javascript could be executed in the HTML feed-view using tag within the RSS . This problem is due to tags not being filtered out during parsing and can lead to a potential cross-site scripting (XSS) attack. The flaw existed in a parser utility class and could affect other parts of the browser or add-ons which rely on that class to sanitize untrusted input. MFSA 2012-48 / CVE-2012-1958: Security researcher Arthur Gerkis used the Address Sanitizer tool to find a use-after-free in nsGlobalWindow::PageHidden when mFocusedContent is released and oldFocusedContent is used afterwards. This use-after-free could possibly allow for remote code execution. MFSA 2012-49 / CVE-2012-1959: Mozilla developer Bobby Holley found that same-compartment security wrappers (SCSW) can be bypassed by passing them to another compartment. Cross-compartment wrappers often do not go through SCSW, but have a filtering policy built into them. When an object is wrapped cross-compartment, the SCSW is stripped off and, when the object is read read back, it is not known that SCSW was previously present, resulting in a bypassing of SCSW. This could result in untrusted content having access to the XBL that implements browser functionality. MFSA 2012-50 / CVE-2012-1960: Google developer Tony Payne reported an out of bounds (OOB) read in QCMS, Mozilla’s color management library. With a carefully crafted color profile portions of a user's memory could be incorporated into a transformed image and possibly deciphered. MFSA 2012-51 / CVE-2012-1961: Bugzilla developer Fr?d?ric Buclin reported that the "X-Frame-Options header is ignored when the value is duplicated, for example X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This duplication occurs for unknown reasons on some websites and when it occurs results in Mozilla browsers not being protected against possible clickjacking attacks on those pages. MFSA 2012-52 / CVE-2012-1962: Security researcher Bill Keese reported a memory corruption. This is caused by JSDependentString::undepend changing a dependent string into a fixed string when there are additional dependent strings relying on the same base. When the undepend occurs during conversion, the base data is freed, leaving other dependent strings with dangling pointers. This can lead to a potentially exploitable crash. MFSA 2012-53 / CVE-2012-1963: Security researcher Karthikeyan Bhargavan of Prosecco at INRIA reported Content Security Policy (CSP) 1.0 implementation errors. CSP violation reports generated by Firefox and sent to the "report-uri" location include sensitive data within the "blocked-uri" parameter. These include fragment components and query strings even if the "blocked-uri" parameter has a different origin than the protected resource. This can be used to retrieve a user's OAuth 2.0 access tokens and OpenID credentials by malicious sites. MFSA 2012-54 / CVE-2012-1964: Security Researcher Matt McCutchen reported that a clickjacking attack using the certificate warning page. A man-in-the-middle (MITM) attacker can use an iframe to display its own certificate error warning page (about:certerror) with the "Add Exception" button of a real warning page from a malicious site. This can mislead users to adding a certificate exception for a different site than the perceived one. This can lead to compromised communications with the user perceived site through the MITM attack once the certificate exception has been added. MFSA 2012-55 / CVE-2012-1965: Security researchers Mario Gomes and Soroush Dalili reported that since Mozilla allows the pseudo-protocol feed: to prefix any valid URL, it is possible to construct feed:javascript: URLs that will execute scripts in some contexts. On some sites it may be possible to use this to evade output filtering that would otherwise strip javascript: URLs and thus contribute to cross-site scripting (XSS) problems on these sites. MFSA 2012-56 / CVE-2012-1967: Mozilla security researcher moz_bug_r_a4 reported a arbitrary code execution attack using a javascript: URL. The Gecko engine features a JavaScript sandbox utility that allows the browser or add-ons to safely execute script in the context of a web page. In certain cases, javascript: URLs are executed in such a sandbox with insufficient context that can allow those scripts to escape from the sandbox and run with elevated privilege. This can lead to arbitrary code execution. openSUSE 12.1 specially crafted SILC messages could crash libpurple (CVE-2011-3594) openSUSE 12.1 Update Mozilla Thunderbird was updated to version 14.0 (bnc#771583) * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952 Gecko memory corruption * MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue with location * MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper filtering of javascript in HTML feed-view * MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free in nsGlobalWindow::PageHidden * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) Same-compartment Security Wrappers can be bypassed * MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds read in QCMS * MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options header ignored when duplicated * MFSA 2012-52/CVE-2012-1962 (bmo#764296) JSDependentString::undepend string conversion results in memory corruption * MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content Security Policy 1.0 implementation errors cause data leakage * MFSA 2012-56/CVE-2012-1967 (bmo#758344) Code execution through javascript: URLs * relicensed to MPL-2.0 - update Enigmail to 1.4.3 - no crashreport on %arm, fixing build openSUSE 12.1 Update Seamonkey was updated to version 2.11 (bnc#771583) * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952 Gecko memory corruption * MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue with location * MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper filtering of javascript in HTML feed-view * MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free in nsGlobalWindow::PageHidden * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) Same-compartment Security Wrappers can be bypassed * MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds read in QCMS * MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options header ignored when duplicated * MFSA 2012-52/CVE-2012-1962 (bmo#764296) JSDependentString::undepend string conversion results in memory corruption * MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content Security Policy 1.0 implementation errors cause data leakage * MFSA 2012-56/CVE-2012-1967 (bmo#758344) Code execution through javascript: URLs * relicensed to MPL-2.0 - updated/removed patches - requires NSS 3.13.5 - update to Seamonkey 2.10.1 openSUSE 12.1 - specially crafted requests could bypass RewriteRule and ProxyPassMatch - new template file: /etc/apache2/vhosts.d/vhost-ssl.template allow TLSv1 only, browser match stuff commented out. - rc script /etc/init.d/apache2: handle reload with deleted binaries by message to stdout only, but refrain from sending signals. openSUSE 12.1 Update The following issues was fixed in tiff: - a overflow in tiff2pdf (CVE-2012-3401) [bnc#770816] openSUSE 12.1 Update - fixed heap overflow [bnc#771791] * CVE-2012-2806.patch openSUSE 12.1 Update This security update fixes problems in rhythmbox: - Add rhythmbox-CVE-2012-3355.patch: fix insecure temporary directory use in context plugin. (bnc#768681, CVE-2012-3355) openSUSE 12.1 Update - This version update fixes the following security issues (bnc#772738): * The PPP dissector could crash (wnpa-sec-2012-11 CVE-2012-4048) * The NFS dissector could use excessive amounts of CPU (wnpa-sec-2012-12 CVE-2012-4049) openSUSE 12.1 Update - Add vte-CVE-2011-2198.patch: fix memory exhaustion through malicious escape sequences. Fix bnc#699214, CVE-2011-2198 (openSUSE 11.4 only). - Add vte-CVE-2012-2738.patch: fix potential DoS through malicious escape sequences. Fix bnc#772761, CVE-2012-2738. openSUSE 12.1 Update Add vte-CVE-2012-2738.patch: fix potential DoS through malicious escape sequences. Fix bnc#772761, CVE-2012-2738. openSUSE 12.1 Update - fixed CVE-2012-3425 [bnc#772760] openSUSE 12.1 Specially crafted xml files could crash applications linked against libxml2 openSUSE 12.1 Update Bind was updated to fix a denial of service (crash) during heavy DNSSEC validation load that can cause a "Bad Cache" assertion failure. openSUSE 12.1 In proxy mode dovecot did not verify that the SSL certificate of the remote actually matched the server name. Dovecot was updated to version 2.0.16 which fixes the problem. openSUSE 12.1 Update Mono was updated to fix: A cross site scripting attack in the System.Web class "forbidden extensions" filtering was fixed. (CVE-2012-3382) openSUSE 12.1 Update - fixed icinga-create_mysqldb.sh - it granted icinga access to all dbs - so please check the permissions of your mysql icinga user openSUSE 12.1 Update Python Django was updated to fix several security issues. CVE-2012-3442: Cross-site scripting in authentication views CVE-2012-3443: Denial-of-service in image validation CVE-2012-3444: Denial-of-service via get_image_dimensions() openSUSE 12.1 Update Several potential codeexecution flaws were fixed in krb5. openSUSE 12.1 Update Fixed an integer overflow in libxml2 which could lead to crashes or potential code execution. openSUSE 12.1 Update 3 Security issues were fixed in rails 2.3 core components. 2 NULL query issues where fixed in the actionpack gem. 1 SQL injection was fixed in the activerecord gem. openSUSE 12.1 Update - update to 1.2.1 (bnc#773458) - Security Updates * CVE-2012-3422, RH840592: Potential read from an uninitialized memory location * CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings - NetX * PR898: signed applications with big jnlp-file doesn't start (webstart affect like "frozen") * PR811: javaws is not handling urls with spaces (and other characters needing encoding) correctly * 816592: icedtea-web not loading GeoGebra java applets in Firefox or Chrome - Plugin * PR863: Error passing strings to applet methods in Chromium * PR895: IcedTea-Web searches for missing classes on each loadClass or findClass * PR518: NPString.utf8characters not guaranteed to be nul-terminated - Common * RH838417: Disambiguate signed applet security prompt from certificate warning * RH838559: Disambiguate signed applet security prompt from certificate warning openSUSE 12.1 Update Three security issues were fixed in php5: CVE-2012-2688: php5: potential overflow in _php_stream_scandir CVE-2012-3365: open_basedir bypass via SQLite extension Also a out of band read sql denial of service was fixed (bnc#769785) openSUSE 12.1 Update libvirt was updated to fix a remote denial of service which could lead to crashes in virtd. openSUSE 12.1 Update Opera was updated to version 12.1, fixing various bugs and security issues. http://www.opera.com/docs/changelogs/unix/1201/ Fixes and Stability Enhancements since Opera 12.00 General and User Interface Several general fixes and stability improvements Website thumbnail memory usage improvements Address bar inline auto-completion no longer prefers shortest domain Corrected an error that could occur after removing the plugin wrapper Resolved an issue where favicons were squeezed too much when many tabs were open Display and Scripting Resolved an error with XHR transfers where content-type was incorrectly determined Improved handling of object literals with numeric duplicate properties Changed behavior of nested/chained comma expressions: now expressing and compiling them as a list rather than a tree Aligned behavior of the #caller property on function code objects in ECMAScript 5 strict mode with the specification Fixed an issue where input type=month would return an incorrect value in its valueAsDate property Resolved an issue with JSON.stringify() that could occur on cached number conversion Fixed a problem with redefining special properties using Object.defineProperty() Network and Site-Specific Fixed an issue where loading would stop at "Document 100%" but the page would still be loading tuenti.com: Corrected behavior when long content was displayed https://twitter.com: Fixed an issue with secure transaction errors Fixed an issue with Google Maps Labs that occured when compiling top-level loops inside strict evals Corrected a problem that could occur with DISQUS Fixed a crash occurring on Lenovo's "Shop now" page Corrected issues when calling window.console.log via a variable at watch4you Resolved an issue with Yahoo! chat Mail, News, Chat Resolved an issue where under certain conditions the mail panel would continuously scroll up Fixed a crash occurring when loading mail databases on startup Security Re-fixed an issue where certain URL constructs could allow arbitrary code execution, as reported by Andrey Stroganov; see our advisory Fixed an issue where certain characters in HTML could incorrectly be ignored, which could facilitate XSS attacks; see our advisory Fixed another issue where small windows could be used to trick users into executing downloads as reported by Jordi Chancel; see our advisory Fixed an issue where an element's HTML content could be incorrectly returned without escaping, bypassing some HTML sanitizers; see our advisory Fixed a low severity issue, details will be disclosed at a later date Advisory links from above: http://www.opera.com/support/kb/view/1016/ http://www.opera.com/support/kb/view/1026/ http://www.opera.com/support/kb/view/1027/ http://www.opera.com/support/kb/view/1025/ openSUSE 12.1 Update Version upgrade of chromium to address multiple security vulnerabilities. openSUSE 12.1 Update This update of perl-YAML-LibYAML fixed multiple format string flaws that could cause a crash or potentially allow the execution of arbitrary code. openSUSE 12.1 Update This update of dhcp fixed multiple security vulnerabilities (memory leak, Denial of Service). openSUSE 12.1 Update This update of icedtea-web fixed multiple hewap buffer overflows. openSUSE 12.1 Update This update fixes a buffer overflow in MS Word ODF import filter. openSUSE 12.1 Update Adobe Flash Player was updated to 11.2.202.238 fixing various bugs and security issues. openSUSE 12.1 Update Update to pcp-3.6.5. + Fixes for security advisory CVE-2012-3418; (bnc#775009). + Workaround for security advisory CVE-2012-3419; (bnc#775010). + Fixes for security advisory CVE-2012-3420; (bnc#775011). + Fixes for security advisory CVE-2012-3421; (bnc#775013). openSUSE 12.1 Update wireshark was updated to 1.4.15 * The DCP ETSI dissector could trigger a zero division. (wnpa-sec-2012-13 CVE-2012-4285) * The XTP dissector could go into an infinite loop. (wnpa-sec-2012-15 CVE-2012-4288) * The AFP dissector could go into a large loop. (wnpa-sec-2012-17 CVE-2012-4289) * The RTPS2 dissector could overflow a buffer. (wnpa-sec-2012-18 CVE-2012-4296) * The CIP dissector could exhaust system memory. (wnpa-sec-2012-20 CVE-2012-4291) * The STUN dissector could crash. (wnpa-sec-2012-21 CVE-2012-4292) * The EtherCAT Mailbox dissector could abort. (wnpa-sec-2012-22 CVE-2012-4293) * The CTDB dissector could go into a large loop. (wnpa-sec-2012-23 CVE-2012-4290) Further bug fixes and updated protocol support as listed in: http://www.wireshark.org/docs/relnotes/wireshark-1.4.15.html openSUSE 12.1 Update The nut upsd is prone to multiple flaws that allow remote attackers to cause a denial of service (application crash) by sending unexpected data. openSUSE 12.1 Update phpMyAdmin was updated to 3.5.2.2 - fix for bnc#776698, bnc#776701 openSUSE 12.1 Update Multiple integer overflows in various decoder plug-ins of GIMP have been fixed. openSUSE 12.1 Update A security issue in otrs was fixed: * OSA-2012-1, http://otrs.org/advisory/ openSUSE 12.1 Update Mozilla Firefox, Thunderbird, xulrunner, seamonkey 15.0 update (bnc#777588) * MFSA 2012-57/CVE-2012-1970 Miscellaneous memory safety hazards * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975 CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959 CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964 Use-after-free issues found using Address Sanitizer * MFSA 2012-59/CVE-2012-1956 (bmo#756719) Location object can be shadowed using Object.defineProperty * MFSA 2012-60/CVE-2012-3965 (bmo#769108) Escalation of privilege through about:newtab * MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793) Memory corruption with bitmap format images with negative height * MFSA 2012-62/CVE-2012-3967/CVE-2012-3968 WebGL use-after-free and memory corruption * MFSA 2012-63/CVE-2012-3969/CVE-2012-3970 SVG buffer overflow and use-after-free issues * MFSA 2012-64/CVE-2012-3971 Graphite 2 memory corruption * MFSA 2012-65/CVE-2012-3972 (bmo#746855) Out-of-bounds read in format-number in XSLT * MFSA 2012-66/CVE-2012-3973 (bmo#757128) HTTPMonitor extension allows for remote debugging without explicit activation * MFSA 2012-68/CVE-2012-3975 (bmo#770684) DOMParser loads linked resources in extensions when parsing text/html * MFSA 2012-69/CVE-2012-3976 (bmo#768568) Incorrect site SSL certificate data display * MFSA 2012-70/CVE-2012-3978 (bmo#770429) Location object security checks bypassed by chrome code * MFSA 2012-72/CVE-2012-3980 (bmo#771859) Web console eval capable of executing chrome-privileged code - fix HTML5 video crash with GStreamer enabled (bmo#761030) - GStreamer is only used for MP4 (no WebM, OGG) - updated filelist - moved browser specific preferences to correct location openSUSE 12.1 Update php5 was updated to fix two security issues: - use FilesMatch with 'SetHandler' rather than 'AddHandler' [bnc#775852] Since this update just hardens a configuration to protect weakly designed web applications, there was no CVE assigned. - A HTTP header Carriage-Return injection flaw was fixed (CVE-2011-1398 and CVE-2011-4388 [bnc#778003]) openSUSE 12.1 Update Opera was updated to 12.02 *Fixed an issue where truncated dialogs may be used to trick users * full changelog available at: http://www.opera.com/docs/changelogs/unix/1202/ - fixes [bnc#778087] openSUSE 12.1 The Chromium update to version 17.0.945 and v8 update to version 3.7.8.0 resolve serveral bugs as well as a security bug in v8 that could potentially be exploited to execute arbitrary code (CVE-2011-3900). openSUSE 12.1 Update The icedtea-web Java plugin was updated to 1.11.4 to fix critical security issues: * Security fixes - S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder - S7163201, CVE-2012-0547: Simplify toolkit internals references * OpenJDK - S7182135: Impossible to use some editors directly - S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java failed with NPE openSUSE 12.1 Update Chromium was updated to 21.0.1180.88 to fix various bugs and security issues. Security fixes and rewards: Please see the Chromium security page<http://sites.google.com/a/chromium.org/dev/Home/chromium-security>for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix. - [$500] [121347<https://code.google.com/p/chromium/issues/detail?id=121347>] Medium CVE-2012-2865: Out-of-bounds read in line breaking. Credit to miaubiz. - [$1000] [134897<https://code.google.com/p/chromium/issues/detail?id=134897>] High CVE-2012-2866: Bad cast with run-ins. Credit to miaubiz. - [135485 <https://code.google.com/p/chromium/issues/detail?id=135485>] Low CVE-2012-2867: Browser crash with SPDY. - [$500] [136881<https://code.google.com/p/chromium/issues/detail?id=136881>] Medium CVE-2012-2868: Race condition with workers and XHR. Credit to miaubiz. - [137778 <https://code.google.com/p/chromium/issues/detail?id=137778>] High CVE-2012-2869: Avoid stale buffer in URL loading. Credit to Fermin Serna of the Google Security Team. - [138672 <https://code.google.com/p/chromium/issues/detail?id=138672>] [ 140368 <https://code.google.com/p/chromium/issues/detail?id=140368>] LowCVE-2012-2870: Lower severity memory management issues in XPath. Credit to Nicolas Gregoire. - [$1000] [138673<https://code.google.com/p/chromium/issues/detail?id=138673>] High CVE-2012-2871: Bad cast in XSL transforms. Credit to Nicolas Gregoire. - [$500] [142956<https://code.google.com/p/chromium/issues/detail?id=142956>] Medium CVE-2012-2872: XSS in SSL interstitial. Credit to Emmanuel Bronshtein. openSUSE 12.1 Update The broken AdHoc WPA mode was disabled in NetworkManager, which would have created an open network instead. (CVE-2012-2736) openSUSE 12.1 Update - fix starttls command injection issue (CVE-2012-3523), [bnc#776967] - handle /var/run on tmpfs. [bnc#778439] openSUSE 12.1 Update - Fix VT100 emulation vulnerability (bnc#777084) (CVE-2012-3515) openSUSE 12.1 Update Security Update for Xen Following bug and security fixes were applied: - bnc#776995 - attaching scsi control luns with pvscsi - xend/pvscsi: fix passing of SCSI control LUNs xen-bug776995-pvscsi-no-devname.patch - xend/pvscsi: fix usage of persistant device names for SCSI devices xen-bug776995-pvscsi-persistent-names.patch - xend/pvscsi: update sysfs parser for Linux 3.0 xen-bug776995-pvscsi-sysfs-parser.patch - bnc#777090 - CVE-2012-3494: xen: hypercall set_debugreg vulnerability (XSA-12) CVE-2012-3494-xsa12.patch - bnc#777088 - CVE-2012-3495: xen: hypercall physdev_get_free_pirq vulnerability (XSA-13) CVE-2012-3495-xsa13.patch - bnc#777091 - CVE-2012-3496: xen: XENMEM_populate_physmap DoS vulnerability (XSA-14) CVE-2012-3496-xsa14.patch - bnc#777086 - CVE-2012-3498: xen: PHYSDEVOP_map_pirq index vulnerability (XSA-16) CVE-2012-3498-xsa16.patch - bnc#777084 - CVE-2012-3515: xen: Qemu VT100 emulation vulnerability (XSA-17) CVE-2012-3515-xsa17.patch - Upstream patches from Jan 25734-x86-MCG_CTL-default.patch 25735-x86-cpuid-masking-XeonE5.patch 25744-hypercall-return-long.patch - Update to Xen 4.1.3 c/s 23336 - Upstream or pending upstream patches from Jan 25587-fix-off-by-one-parsing-error.patch 25616-x86-MCi_CTL-default.patch 25617-vtd-qinval-addr.patch 25688-x86-nr_irqs_gsi.patch - bnc#773393 - VUL-0: CVE-2012-3433: xen: HVM guest destroy p2m teardown host DoS vulnerability CVE-2012-3433-xsa11.patch - bnc#773401 - VUL-1: CVE-2012-3432: xen: HVM guest user mode MMIO emulation DoS 25682-x86-inconsistent-io-state.patch - bnc#762484 - VUL-1: CVE-2012-2625: xen: pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel, leading to denial of service 25589-pygrub-size-limits.patch - bnc#767273 - unsupported /var/lock/subsys is still used by xendomains init.xendomains - bnc#766283 - opensuse 12.2 pv guests can not start after installation due to lack of grub2 support in the host 23686-pygrub-solaris.patch 23697-pygrub-grub2.patch 23944-pygrub-debug.patch 23998-pygrub-GPT.patch 23999-pygrub-grub2.patch 24000-pygrub-grub2.patch 24001-pygrub-grub2.patch 24002-pygrub-grub2.patch 24064-pygrub-HybridISO.patch 24401-pygrub-scrolling.patch 24402-pygrub-edit-fix.patch 24460-pygrub-extlinux.patch 24706-pygrub-extlinux.patch openSUSE 12.1 Update qemu was fixed to add bounds checking for VT100 escape code parsing and cursor placement. Also qemu was updated on 12.2 and 11.4 to the latest stable release (v1.1.1 and v0.14.1 respectively). openSUSE 12.1 Update - added 3-0-escape_html-activesupport.patch: (bnc#775653) Also encode single quote (CVE-2012-3464) - added 3-0-strip_tags.patch: (bnc#775649) Do not mark strip_tags result as html_safe CVE-2012-3465 openSUSE 12.1 A flaw in the custom DNS resolver of nginx could lead to a heap based buffer overflow which could potentially allow attackers to execute arbitrary code or to cause a Denial of Service (bnc#731084, CVE-2011-4315). openSUSE 12.1 Update This update of freeradius fixes a stack overflow in TLS handling, which can be exploited by remote attackers able to access Radius to execute code. openSUSE 12.1 Update - fix a XSS vulnerability: bnc#778655 (CVE-2012-4600) - update to 2.4.14 (openSUSE 11.4) (fix for OSA-2012-02, http://otrs.org/advisory/) * Improved HTML security filter to detect tag nesting. - update to 3.0.16 (openSUSE 12.1) (fix for OSA-2012-02, http://otrs.org/advisory/) * Improved HTML security filter to detect tag nesting. * Bug#8611 - Ticket count is wrong in QueueView. - update to 3.1.10 (openSUSE 12.2) (fix for OSA-2012-02, http://otrs.org/advisory/) * Improved HTML security filter to detect tag nesting. * Bug#8611 - Ticket count is wrong in QueueView. * Bug#8698 - Layout.pm only looks at first entry from HTTP_ACCEPT_LANGUAGE to determine language. * Bug#8731 - LDAP group check returns wrong error. openSUSE 12.1 Update The following security issue was fixed in ghostscript: Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error. openSUSE 12.1 Update A remote denial of service attack was fixed in the BIND DNS nameserver, which could be caused by attackers providing a specifically prepared zone file for recursive transfer. (CVE-2012-4244) openSUSE 12.1 Update A buffer overflow in the mcrypt commandlinetool was fixed, when the user could be tricked into a prepared file. openSUSE 12.1 Update - Fix tmp issues in annotate-output (bnc#778291, CVE-2012-3500) openSUSE 12.1 Update - Update to ISC dhcp-4.2.4-P2 release, providing a security fix for an issue with the use of lease times was found and fixed. Making certain changes to the end time of an IPv6 lease could cause the server to abort. Thanks to Glen Eustace of Massey University, New Zealand for finding this issue. ([ISC-Bugs #30281], CVE: CVE-2012-3955, bnc#780167) openSUSE 12.1 Update - Security and bugfix release 9.1.5: * Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler (CVE-2012-2655) bnc#765069 * Fix incorrect password transformation in "contrib/pgcrypto"'s DES crypt() function (CVE-2012-2143) bnc#766799 * Prevent access to external files/URLs via "contrib/xml2"'s xslt_process() (CVE-2012-3488) bnc#776523 * Prevent access to external files/URLs via XML entity references (CVE-2012-3489) bnc#776524 * See the release notes for the rest of the changes: http://www.postgresql.org/docs/9.1/static/release.html /usr/share/doc/packages/postgresql/HISTORY openSUSE 12.1 Update This update fixed CVE-2012-3524 (getenv() vulnerability), which can be used by local attackers to escalate privileges to root. openSUSE 12.1 Update VirtualBox was updated to 4.1.22 stable release, bringing lots of security and also bugfixes. The 4.1.22 release is brought to all openSUSE distributions to align their versions. changes in virtualbox 4.1.22 (maintenance release) * VMM: fixed a potential host crash triggered by shutting down a VM when another VM was running * VMM: fixed a potential host crash under a high guest memory pressure (seen with Windows 8 guests) * VMM: respect RAM preallocation while restoring saved state. * VMM: fixed handling of task gates if VT-x/AMD-V is disabled * Storage: fixed audio CD passthrough for certain media players * USB: don't crash if a USB device is plugged or unplugged when saving or loading the VM state (SMP guests only) * RTC: fixed a potential corruption of CMOS bank 1 * Mac OS X hosts: installer fixes for Leopard (4.1.20 regression) * Windows Additions: fixed memory leak in VBoxTray (bug #10808) - changes in virtualbox 4.1.20 (maintenance release) * VMM: fixed a crash under rare circumstances for VMs running without hardware virtualization * VMM: fixed a code analysis bug for certain displacement instructions for VMs running without hardware virtualization * VMM: fixed an interpretion bug for TPR read instructions under rare conditions (AMD-V only) * Snapshots: fixed a crash when restoring an old snapshot when powering off a VM (bugs #9604, #10491) * VBoxSVC: be more tolerant against environment variables with strange encodings (bug #8780) * VGA: fixed wrong access check which might cause a crash under certain conditions * NAT: final fix for crashes under rare conditions (bug #10513) * Virtio-net: fixed the problem with receiving of GSO packets in Windows XP guests causing packet loss in host-to-VM transfers * HPET: several fixes (bugs #10170, #10306) * Clipboard: disable the clipboard by default for new VMs * BIOS: the PCI BIOS was not properly detected with the chipset type set to ICH9 (bugs #9301, #10327) * Mac OS X hosts: adaptions to Mountain Lion * Linux Installer: fixes for Gentoo Linux (bug #10642) * Linux guests: fixed mouse integration on Fedora 17 guests (bug #2306) * Linux Additions: compile fixes for RHEL/CentOS 6.3 (bug #10756) * Linux Additions: compile fixes for Linux 3.5-rc1 and Linux 3.6-rc1 (bug #10709) * Solaris host: fixed a guru meditation while allocating large pages (bug #10600) * Solaris host: fixed possible kernel panics while freeing memory * Solaris Installer: fixed missing icon for menu and desktop shortcuts openSUSE 12.1 acrobat reader was updated to version 9.4.6 to fix several security issues openSUSE 12.1 Update wireshark is updated to version 1.8.3 on all openSUSE distributions, bringing bug and security fixes. openSUSE 11.4 and 12.1 received a version upgrade, so also receiving lots of new features. openSUSE 12.1 Malicous clients could potentially exploit a heap based buffer overflow in the CCID card passthru device. openSUSE 12.1 Update Flash Player was updated to 11.2.202.243 * CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5252, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5256, CVE-2012-5257, CVE-2012-5258, CVE-2012-5259, CVE-2012-5260, CVE-2012-5261, CVE-2012-5262, CVE-2012-5263, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270, CVE-2012-5271, CVE-2012-5272 openSUSE 12.1 Update The Mozilla suite received following security updates (bnc#783533): Mozilla Firefox was updated to 16.0.1. Mozilla Seamonkey was updated to 2.13.1. Mozilla Thunderbird was updated to 16.0.1. Mozilla XULRunner was updated to 16.0.1. * MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous memory safety hazards * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619) defaultValue security checks not applied * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous memory safety hazards * MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element persistance allows for attacks * MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued access to initial origin after setting document.domain * MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some DOMWindowUtils methods bypass security checks * MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash with full screen and history navigation * MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with invalid cast when using instanceof operator * MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty function can bypass security checks * MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and location property accessible by plugins * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties * MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and script injection through location.hash * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ CVE-2012-4188 Heap memory corruption issues found using Address Sanitizer * MFSA 2012-87/CVE-2012-3990 (bmo#787704) openSUSE 12.1 Update This patch validated the message length of EAP-TLS to avoid the potential DoS attack openSUSE 12.1 Update Chromium was upgraded to version 24.0.1290 which fixed multiple security flaws. openSUSE 12.1 Update The bind nameserver was updated to fix specially crafted DNS data can cause a lockup in named. openSUSE 12.1 Update This update of libproxy fixed a buffer overflow flaw. openSUSE 12.1 Update mysql update to version 5.5.23 fixes several security issues and bugs. Please refer to the following upstream announcements for details: - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-16.html - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-17.html - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-18.html - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-19.html - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-20.html - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-21.html - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-23.html openSUSE 12.1 Update mariadb update to version 5.2.12 fixes several security issues and bugs. Please refer to the following upstream announcements for details: http://kb.askmonty.org/v/mariadb-5212-release-notes http://kb.askmonty.org/v/mariadb-5211-release-notes http://kb.askmonty.org/v/mariadb-5210-release-notes openSUSE 12.1 Update This version upgrade to otrs 3.0.17 fixed a Cross-Site Scripting (XSS) flaw. openSUSE 12.1 Update This update of tiff fixed a heap-based and a stack-based buffer overflow vulnerability as well as an integer overflow issue. openSUSE 12.1 Update Specially crafted DER files could trigger a memory corruption in openssl openSUSE 12.1 Update The patch for CVE-2012-1823 was incomplete, this update fixes the remaining bits (CVE-2012-2335, CVE-2012-2336) openSUSE 12.1 Update Version upgrade to 5.5.25 of MySQL to fix an authentication bypass flaw. Additionally, various other non-security bugs were fixed. openSUSE 12.1 Update This version upgrade of mysql-cluster to version 7.1.22 fixed an authentication bypass flaw. Additionally, this version upgrade also includes fixes for various other bugs.