update for flash-player (critical)

This critical flash-player update fixes the following CVEs: - Security update to 11.2.202.400 bnc891688: APSB14-18, CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545...

update for flash-player (critical)

This critical flash-player update fixes the following CVEs: - Security update to 11.2.202.400 bnc891688: APSB14-18, CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545...

kernel: security and bugfix update (important)

The Linux kernel was updated to fix security issues and bugs: Security issues fixed: CVE-2014-4699: The Linux kernel on Intel processors did not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allowed local users ...

chromium: update to 36.0.1985.125 (important)

Chromium was updated to version 36.0.1985.125. New Functionality: Rich Notifications Improvements An Updated Incognito / Guest NTP design The addition of a Browser crash recovery bubble Chrome App Launcher for Linux Lots of under the hood changes for stability and performance Security Fixes...

MozillaThunderbird: Update to 24.7.0 (important)

MozillaThunderbird was updated to Thunderbird 24.7.0 bnc887746 MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards MFSA 2014-61/CVE-2014-1555 bmo1023121 Use-after-free with FireOnStateChange event MFSA 2014-62/CVE-2014-1556 bmo1028891 Exploitable WebGL crash with Cesium...

security issues addressed, most notably the mod_security heap overflow known as CVE-2014-0226 (important)

apache2: - ECC support was added to modssl - fix for a race condition in modstatus known as CVE-2014-0226 can lead to information disclosure; modstatus is not active by default, and is normally only open for connects from localhost. - fix for bug known as CVE-2014-0098 that can crash the apache...

kernel: security and bugfix update (important)

The Linux Kernel was updated to fix various bugs and security issues. CVE-2014-4699: The Linux kernel on Intel processors did not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allowed local users to leverage a...

ppc64-diag: fix for tmp races and information disclosure (important)

ppc64-diag was updated to fix tmp race issues CVE-2014-4038 and a file disclosure problem in snapshot tarball generation CVE-2014-4039...

ppc64-diag: fix for tmp races and information disclosure (important)

ppc64-diag was updated to fix tmp race issues CVE-2014-4038 and a file disclosure problem in snapshot tarball generation CVE-2014-4039...

Mozilla updates 07/2014 (important)

update to Firefox 24.7.0 and Thunderbird 24.7.0 including fixes for MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards MFSA 2014-61/CVE-2014-1555 bmo1023121 Use-after-free with FireOnStateChange event MFSA 2014-62/CVE-2014-1556 bmo1028891 Exploitable WebGL crash with...

MozillaFirefox: Update to Mozilla Firefox 31 (important)

MozillaFirefox was updated to version 31 to fix various security issues and bugs: MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards MFSA 2014-57/CVE-2014-1549 bmo1020205 Buffer overflow during Web Audio buffering for playback MFSA 2014-58/CVE-2014-1550 bmo1020411...

flash-player (critical)

Security update to 11.2.202.394 bnc886472: APSB14-17, CVE-2014-0537, CVE-2014-0539, CVE-2014-4671 - License update LICENSE - Flash%20Player14.0.pdf...

flash-player (critical)

Security update to 11.2.202.394 bnc886472: APSB14-17, CVE-2014-0537, CVE-2014-0539, CVE-2014-4671 - License update LICENSE - Flash%20Player14.0.pdf...

kernel update fixes local privilege escalation and a regression causing a crash if IPsec peer is unavailable (important)

kernel update for Evergreen 11.4 fixes local privilege escalation in futex code bnc880892 / CVE-2014-3153 and a regression causing a crash if IPsec peer is unavailable...

kernel: security and bugfix release (important)

The Linux kernel was updated to fix security issues and bugs: Security issues fixed: CVE-2014-3153: The futexrequeue function in kernel/futex.c in the Linux kernel did not ensure that calls have two different futex addresses, which allowed local users to gain privileges via a crafted FUTEXREQUEUE...

kernel: security and bugfix update (important)

The Linux kernel was updated to fix security issues and bugs. Security issues fixed: CVE-2014-3153: The futexrequeue function in kernel/futex.c in the Linux kernel did not ensure that calls have two different futex addresses, which allowed local users to gain privileges via a crafted FUTEXREQUEUE...

Mozilla updates 2014/06 (critical)

These updates contain the latest security and maintenance updates for - Mozilla Firefox 24.6esr - Mozilla Thunderbird 24.6 - Mozilla NSPR is also updated to 4.10.6 to fix MFSA 2014-48/CVE-2014-1533/CVE-2014-1534 Miscellaneous memory safety hazards MFSA...

gnutls: Fixed possible memory corruption (important)

gnutls was patched to fix security vulnerability that could be used to disrupt service or potentially allow remote code execution. - Memory corruption during connect CVE-2014-3466 - NULL pointer dereference in gnutlsx509dnoidname CVE-2014-3465...

update to version 1.0.0m (critical)

The openssl library was updated to version 1.0.0m fixing various security issues and bugs: Security issues fixed: - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. -...

openssl: update to version 1.0.1h (critical)

The openssl library was updated to version 1.0.1h fixing various security issues and bugs: Security issues fixed: - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. -...

gnutls: Fixed possible memory corruption and NULL pointer dereference (important)

gnutls was patched to fix two security vulnerabilities that could be used to disrupt service or potentially allow remote code execution. - Memory corruption during connect CVE-2014-3466 - NULL pointer dereference in gnutlsx509dnoidname CVE-2014-3465...

kernel: security and bugfix update (important)

This Linux kernel security update fixes various security issues and bugs. The Linux Kernel was updated to fix various security issues and bugs. Main security issues fixed: A security issue in the tty layer that was fixed that could be used by local attackers for code execution CVE-2014-0196. Two...

kernel: security and bugfix update (important)

The Linux Kernel was updated to fix various security issues and bugs. Main security issues fixed: A security issue in the tty layer that was fixed that could be used by local attackers for code execution CVE-2014-0196. Two security issues in the floppy driver were fixed that could be used by loca...

update for flash-player (critical)

This flash-player update fixes a critical buffer overflow vulnerability that leads to arbitrary code execution. The flash-player package was updated to version 11.2.202.356. bnc875577, APSB14-13, CVE-2014-0515...

update for flash-player (critical)

This flash-player update fixes a critical buffer overflow vulnerability that leads to arbitrary code execution. The flash-player package was updated to version 11.2.202.356. bnc875577, APSB14-13, CVE-2014-0515...

MozillaThunderbird,seamonkey (important)

Mozilla Thunderbird was updated to 24.4.0. Mozilla SeaMonkey was updated to 2.25. MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous memory safety hazards MFSA 2014-17/CVE-2014-1497 bmo966311 Out of bounds read during WAV file decoding MFSA 2014-18/CVE-2014-1498 bmo935618...

chromium to 33.0.1750.152 stable release (important)

Chromium was updated to the 33.0.1750.152 stable channel uodate: - Security fixes: CVE-2014-1713: Use-after-free in Blink bindings CVE-2014-1714: Windows clipboard vulnerability CVE-2014-1705: Memory corruption in V8 CVE-2014-1715: Directory traversal issue Previous stable channel update...

lighttpd to 1.4.35 (important)

lighttpd was updated to version 1.4.35, fixing bugs and security issues: CVE-2014-2323: SQL injection vulnerability in modmysqlvhost.c in lighttpd allowed remote attackers to execute arbitrary SQL commands via the host name, related to requestcheckhostname. CVE-2014-2323: Multiple directory...

update for openssl (important)

This openssl update fixes one security issue: - bnc872299: Fixed missing bounds checks for heartbeat messages CVE-2014-0160...

lighttpd to 1.4.35 (important)

lighttpd was updated to version 1.4.35, fixing bugs and security issues: CVE-2014-2323: SQL injection vulnerability in modmysqlvhost.c in lighttpd allowed remote attackers to execute arbitrary SQL commands via the host name, related to requestcheckhostname. CVE-2014-2323: Multiple directory...

MozillaFirefox: Update to version 28.0 (important)

Mozilla Firefox was updated to version 28.0, receiving enhancements, bug and security fixes. Mozilla NSPR was updated to 4.10.4 receiving enhancements, bug and security fixes. Mozilla NSS was updated to 3.15.5 receiving enhancements, bug and security fixes. Changes in MozillaFirefox: - update to...

perl-HTTP-Body: update to 1.19 release with security fixes (important)

perl-HTTP-Body was updated to 1.19 and also received a security fix for a potential remote code injection when upload files...

Mozilla updates 2014/03 (important)

This patch contains a collection of security relevant updates for Mozilla applications. Update Firefox to 24.4.0 bnc868603 Update Thunderbird to 24.4.0 Update NSPR to 4.10.4 Update NSS to 3.15.5 MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous memory safety hazards MFSA 2014-17/CVE-2014-149...

flash-player to 11.2.202.346 (important)

Adobe Flash Player was updated to version 11.2.202.346 to fix security issues: CVE-2014-0503: A vulnerability that could be used to bypass the same origin policy was fixed. CVE-2014-0504: A vulnerability that could be used to read the contents of the clipboard was fixed. More information can be...

flash-player to 11.2.202.346 (important)

Adobe Flash Player was updated to version 11.2.202.346 to fix security issues: CVE-2014-0503: A vulnerability that could be used to bypass the same origin policy was fixed. CVE-2014-0504: A vulnerability that could be used to read the contents of the clipboard was fixed. More information can be...

gnutls (critical)

The gnutls library was updated to fix SSL certificate validation. Remote man-in-the-middle attackers were able to make the verification believe that a SSL certificate is valid even though it was not. Also the TLS-CBC timing attack vulnerability was fixed...

percona-toolkit,xtrabackup: disable remote version check (important)

percona-toolkit and xtrabackup were updated: - disable automatic version check for all tools bnc864194 Prevents transmission of version information to an external host in the default configuration. CVE-2014-2029 Can be used by owner of a Percona Server or an attacker who can control this...

gnutls: fixed SSL certificate validation (critical)

The gnutls library was updated to fix SSL certificate validation. Remote man-in-the-middle attackers were able to make the verification believe that a SSL certificate is valid even though it was not...

gnutls: fixed SSL certificate validation problems (critical)

The gnutls library was updated to fixed x509 certificate validation problems, where man-in-the-middle attackers could hijack SSL connections. This update also reenables Elliptic Curve support to meet current day cryptographic requirements...

flash-player: update to 11.2.202.341 security release (critical)

Adobe Flash Player was updated to 11.2.202.341: bnc865021 APSB14-07, CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 - Contents of flashplayer11sa.i386.tar.gz changed back: spec file updated, supplementary script update.sh updated...

flash-player: update to 11.2.202.341 security release (critical)

Adobe Flash Player was updated to 11.2.202.341: bnc865021 APSB14-07, CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 - Contents of flashplayer11sa.i386.tar.gz changed back: spec file updated, supplementary script update.sh updated...

chromium to 32.0.1700.102 (important)

Chromium was updated to version 32.0.1700.102: Stable channel update: - Security Fixes: CVE-2013-6649: Use-after-free in SVG images CVE-2013-6650: Memory corruption in V8 and 12 other fixes - Other: Mouse Pointer disappears after exiting full-screen mode Drag and drop files into Chromium may not...

Mozilla updates February 2014 (important)

Updates for mozilla-nss 3.15.4 MozillaFirefox 24.3.0esr MozillaThunderbird 24.3.0 including fixes for the following issues: MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 Miscellaneous memory safety hazards rv:27.0 / rv:24.3 MFSA 2014-02/CVE-2014-1479 bmo911864 Clone protected content with XBL scopes...

Mozilla Firefox 27 release (important)

Mozilla Firefox was updated to version 27. Mozilla Seamonkey was updated to 2.24, fixing similar issues as Firefox 27. Mozilla Thunderbird was updated to 24.3.0, fixing similar issues as Firefox 27. The Firefox 27 release brings TLS 1.2 support as a major security feature. It also fixes following...

kernel to 3.11.10 (important)

The Linux Kernel was updated to version 3.11.10, fixing security issues and bugs: - floppy: bail out in open if drive is not responding to block0 read bnc773058. - compatsysrecvmmsg X32 fix bnc860993 CVE-2014-0038. - HID: usbhid: fix sis quirk bnc859804. - hwmon: coretemp Fix truncated name of...

kernel: security and bugfix update (important)

The Linux kernel was updated to fix various bugs and security issues: - mm/page-writeback.c: do not count anon pages as dirtyable memory reclaim stalls. - mm/page-writeback.c: fix dirtybalancereserve subtraction from dirtyable memory reclaim stalls. - compatsysrecvmmsg X32 fix bnc860993...

update flash-player to 11.2.202.336 (critical)

Flash Player received an out of band critical security update to fix an integer underflow vulnerability that could be exploited to execute arbitrary code on the affected system CVE-2014-0497. More information can be found on: http://helpx.adobe.com/security/products/flash-player/apsb14 -04.html...

flash-player to 11.2.202.336 (critical)

Flash Player received an out of band critical security update to fix an integer underflow vulnerability that could be exploited to execute arbitrary code on the affected system CVE-2014-0497. More information can be found on: http://helpx.adobe.com/security/products/flash-player/apsb14 -04.html...

flash-player to 11.2.202.335 (important)

Adobe Flash Player was updated to version 11.2.202.335: bnc858822 APSB14-02, CVE-2014-0491, CVE-2014-0492 More information can be found on: http://helpx.adobe.com/security/products/flash-player/apsb14 -02.html...

acroread: not supported anymore (important)

Adobe discontinued the Adobe Reader 9 for Linux in June 2013 and has not fixed and will not fix any further security issues in it. As there is no new version, it is officially out of support. The SUSE Security Team strongly recommends to not use it anymore. Installing this update will deinstall t...