7574 matches found
Fixes a local vulnerability (important)
Fixed CVE-2013-3709: make the secret token file secrettoken.rb readable only for the webyast user to avoid forging the session cookie bnc851116 reported by joernchen of Phenoelit...
Fixes a local vulnerability (important)
Fixed CVE-2013-3709: make the secret token file secrettoken.rb readable only for the webyast user to avoid forging the session cookie bnc851116 reported by joernchen of Phenoelit...
Fixes a local vulnerability (important)
Fixed CVE-2013-3709: make the secret token file secrettoken.rb readable only for the webyast user to avoid forging the session cookie bnc851116...
ca-certificates-mozilla: add, remove or blacklist some certificates (important)
The Mozilla CA certificates package was updated to match the current Mozilla revision 1.95 of certdata.txt. It blacklists some misused certificate authorities, adds some new and adjusts some others. On openSUSE 13.1 a problem with names was also fixed. distrust: AC DG Tresor SSL bnc854367 new:...
Mozilla updates 2013/12 (important)
This patch contains mozilla-nss 3.15.3.1 which includes a certstore update 1.95 to explicitely revoke AC DG Tresor SSL intermediate CA which was misused. Firefox 24.2esr Thunderbird 24.2 Seamonkey 2.23 These updates fix several security issues: CVE-2013-5611 Mozilla: Application Installation...
ca-certificates-mozilla: add, remove or blacklist some certificates (important)
The Mozilla CA certificates package was updated to match the current Mozilla revision 1.95 of certdata.txt. It blacklists some misused certificate authorities, adds some new and adjusts some others. On openSUSE 13.1 a problem with names was also fixed. distrust: AC DG Tresor SSL bnc854367 new:...
chromium: update to 31.0.1650.57 (important)
Chromium was updated to 31.0.1650.57: Stable channel update: - Security Fixes: CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 Stable Channel update: - Security fixes: CVE-2013-6621: Use after free related to speech input elements.. CVE-2013-6622: Use after fre...
chromium: update to 31.0.1650.57 (important)
Chromium was updated to 31.0.1650.57: Stable channel update: - Security Fixes: CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 bnc850430 Stable Channel update: - Security fixes: CVE-2013-6621: Use after free related to speech input elements.. CVE-2013-6622: Use...
chromium: 31.0.1650.57 version update (important)
Security and bugfix update to Chromium 31.0.1650.57 - Update to Chromium 31.0.1650.57: - Security Fixes: CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 Stable Channel update: - Security fixes: CVE-2013-6621: Use after free related to speech input elements...
flash-player to 11.2.202.327 (important)
Adobe Flash Player was updated to 11.2.202.327: bnc850220 APSB13-26, CVE-2013-5329, CVE-2013-5330...
openssh: security fix for remote code execution with AES-GCM (important)
openssh was updated to fix a memory corruption when AES-GCM is used which could lead to remote code execution after successful authentication. CVE-2013-4548...
flash-player to 11.2.202.327 (important)
Adobe Flash Player was updated to 11.2.202.327: bnc850220 APSB13-26, CVE-2013-5329, CVE-2013-5330...
Mozilla updates 10/2013 (important)
Update NSPR to 4.10.1 Update Thunderbird to 24.1.0 incl. enigmail 1.6 Update Firefox to 24.1.0esr Changes in MozillaFirefox: requires NSS 3.15.2 or above MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards MFSA 2013-94/CVE-2013-5593 bmo868327 Spoofing...
Mozilla Suite: Update to October 2013 release (important)
MozillaFirefox was updated to Firefox 25.0. MozillaThunderbird was updated to Thunderbird 24.1.0. Mozilla XULRunner was updated to 17.0.10esr. Mozilla NSPR was updated to 4.10.1. Changes in MozillaFirefox: requires NSS 3.15.2 or above MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592...
chromium: 30.0.1599.66 security and bugfix update (important)
Update to Chromium 30.0.1599.66: - Easier searching by image - A number of new apps/extension APIs - Lots of under the hood changes for stability and performance - Security fixes: + CVE-2013-2906: Races in Web Audio + CVE-2013-2907: Out of bounds read in Window.prototype object + CVE-2013-2908:...
update for flash-player (important)
Adobe flash-player has been updated to version 11.2.202.310 ABSP13-21 which fixes bugs and security issues. bnc839897 These updates resolve memory corruption vulnerabilities that could lead to code execution. CVE-2013-3361, CVE-2013-3362, CVE-2013-3363, CVE-2013-5324...
puppet: security fix for YAML support (critical)
A potential remote code execution via YAML was fixed in puppet. CVE-2013-3567...
update for bind (important)
A specially crafted query with malicious rdata could have caused a crash DoS in named...
bind: 9.9.3P2 security and bugfix update (important)
The BIND nameserver was updated to 9.9.3P2 to fix a security issue where incorrect bounds checking on private type 'keydata' could lead to a remotely triggerable REQUIRE failure. CVE-2013-4854, bnc831899...
update for samba (important)
This update of samba fixed the following issues: - The pamwinbind requiremembershipof option allows for a list of SID, but currently only provides buffer space for 20; bnc806501. - Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections; CVE-2013-4124...
update for MozillaFirefox, MozillaThunderbird, mozilla-nspr, mozilla-nss, seamonkey, xulrunner (important)
Changes in seamonkey: - update to SeaMonkey 2.20 bnc833389 MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards MFSA 2013-64/CVE-2013-1704 bmo883313 Use after free mutating DOM during SetBody MFSA 2013-65/CVE-2013-1705 bmo882865 Buffer underflow when generating CRMF reques...
update for phpMyAdmin (important)
This version upgrade of phpMyAdmin fixed various security issues SQL injection, XSS, full path disclosure, Clickjacking...
update for samba (important)
This update of samba fixed the following issues: - The pamwinbind requiremembershipof option allows for a list of SID, but currently only provides buffer space for 20; bnc806501. - Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections; CVE-2013-4124...
Mozilla updates August 2013 (important)
This patch contains updates for - Firefox to 23.0 - xulrunner to 17.0.8esr - Thunderbird to 17.0.8 - mozilla-nspr to 4.10 - mozilla-nss to 3.15,1 MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards MFSA 2013-64/CVE-2013-1704 bmo883313 Use after free mutating DOM during...
flash-player for APSB13-17 (important)
This update fixes APSB13-17, several security problems in the Adobe Flash Player: CVE-2013-3344, CVE-2013-3345, CVE-2013-3347...
flash-player for APSB13-17 (important)
This update fixes APSB13-17, several security problems in the Adobe Flash Player: CVE-2013-3344, CVE-2013-3345, CVE-2013-3347 For more see https://bugzilla.novell.com/showbug.cgi?id=828810...
Mesa: security fixes for Intel drivers (important)
Mesa was updated to fix a security problem in the Intel drivers, where potentially remote attackers via 3D models could inject code. CVE-2013-1872 - i965: fix problem with constant out of bounds access bnc 828007...
3.0.80 kernel update (important)
The kernel was updated to Linux kernel 3.0.80, fixing various bugs and security issues. Following security issues were fixed: CVE-2013-0160: Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed...
update to SeaMonkey 2.19 (important)
Seamonkey was updated to version 2.19 MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 Miscellaneous memory safety hazards MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer MFSA 2013-51/CVE-2013-1687 bmo863933, bmo866823 Privileged content access and...
xulrunner: 17.0.7esr (important)
Mozilla xulrunner was update to 17.0.7esr bnc825935 Security issues fixed: MFSA 2013-49/CVE-2013-1682 Miscellaneous memory safety hazards MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer MFSA 2013-51/CVE-2013-1687 bmo863933, bmo866823 Privileg...
MozillaFirefox: Update to Firefox 22.0 release (important)
MozillaFirefox was updated to Firefox 22.0 bnc825935 Following security issues were fixed: MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 Miscellaneous memory safety hazards MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer MFSA 2013-51/CVE-2013-1687...
MozillaThunderbird: 17.0.7 (important)
MozillaThunderbird was updated to Thunderbird 17.0.7 bnc825935 Security issues fixed: MFSA 2013-49/CVE-2013-1682 Miscellaneous memory safety hazards MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer MFSA 2013-51/CVE-2013-1687 bmo863933, bmo8668...
regular updates for Mozilla applications (FF/TB) (important)
update to Firefox 22.0 and Thunderbird 17.0.7 including the following security fixes MFSA 2013-49 Miscellaneous memory safety hazards MFSA 2013-50 Memory corruption found using Address Sanitizer MFSA 2013-51 Privileged content access and execution via XBL MFSA 2013-52 Arbitrary code execution...
kernel (critical)
The openSUSE 12.3 kernel was updated to fix a critical security issue and two reiserfs bugs. CVE-2013-2850: Incorrect strncpy usage in the network listening part of the iscsi target driver could have been used by remote attackers to crash the kernel or execute code. This required the iscsi target...
kernel: security and bugfix update (critical)
The openSUSE 12.2 kernel was updated to fix security issue and other bugs. Security issues fixed: CVE-2013-2850: Incorrect strncpy usage in the network listening part of the iscsi target driver could have been used by remote attackers to crash the kernel or execute code. This required the iscsi...
kernel (critical)
The openSUSE 12.1 kernel was updated to fix a critical security issue and also some reiserfs bugs. CVE-2013-2850: Incorrect strncpy usage in the network listening part of the iscsi target driver could have been used by remote attackers to crash the kernel or execute code. This required the iscsi...
flash-player to 11.2.202.285 (important)
flash-player was updated to security update to 11.2.202.285 APSB13-14, CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, CVE-2013-3335...
kernel: security and bugfix update (critical)
The openSUSE 12.3 kernel was updated to fix a critical security issue, other security issues and several bugs. Security issues fixed: CVE-2013-2094: The perfsweventinit function in kernel/events/core.c in the Linux kernel used an incorrect integer data type, which allowed local users to gain...
MozillaFirefox: update to version 21.0 (important)
MozillaFirefox was updated to Firefox 21.0 bnc819204 MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards MFSA 2013-42/CVE-2013-1670 bmo853709 Privileged access for content level constructor MFSA 2013-43/CVE-2013-1671 bmo842255 File input control has access to full path MF...
xulrunner to 17.0.6esr (important)
Mozilla xulrunner was updated to 17.0.6esr bnc819204 MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards MFSA 2013-42/CVE-2013-1670 bmo853709 Privileged access for content level constructor MFSA 2013-46/CVE-2013-1674 bmo860971 Use-after-free with video and onresize event...
kernel: security and bugfix update (important)
The Linux kernel was updated to 3.0.74 to fix various bugs and security issues...
MozillaThunderbird: update to 17.0.6 (important)
MozillaThunderbird was updated to security update Thunderbird 17.0.6 bnc819204: MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards MFSA 2013-42/CVE-2013-1670 bmo853709 Privileged access for content level constructor MFSA 2013-46/CVE-2013-1674 bmo860971 Use-after-free wit...
flash-player to 11.2.202.285 (important)
flash-player was updated to security update to 11.2.202.285: APSB13-14, CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, CVE-2013-3335...
kernel: security and bugfix update (important)
The openSUSE 12.1 kernel was updated to fix a severe secrutiy issue and various bugs. Security issues fixed: CVE-2013-2094: The perfsweventinit function in kernel/events/core.c in the Linux kernel used an incorrect integer data type, which allowed local users to gain privileges via a crafted...
MozillaThunderbird: update to 17.0.6 (important)
MozillaThunderbird was updated to security update Thunderbird 17.0.6 bnc819204: MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards MFSA 2013-42/CVE-2013-1670 bmo853709 Privileged access for content level constructor MFSA 2013-46/CVE-2013-1674 bmo860971 Use-after-free wit...
xulrunner to 17.0.6esr (important)
Mozilla xulrunner was updated to 17.0.6esr bnc819204 MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards MFSA 2013-42/CVE-2013-1670 bmo853709 Privileged access for content level constructor MFSA 2013-46/CVE-2013-1674 bmo860971 Use-after-free with video and onresize event...
MozillaFirefox: update to version 21.0 (important)
MozillaFirefox was updated to Firefox 21.0 bnc819204 MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards MFSA 2013-42/CVE-2013-1670 bmo853709 Privileged access for content level constructor MFSA 2013-43/CVE-2013-1671 bmo842255 File input control has access to full path MF...
flash-player update to 11.2.202.280 (important)
Adobe Flash Player was updated to 11.2.202.280: http://www.adobe.com/support/security/bulletins/apsb13-11.ht ml APSB13-11, CVE-2013-1378, CVE-2013-1379, CVE-2013-1380, CVE-2013-2555...
postgresql: security and bugfix update to 9.0.13 (important)
Postgresql was updated to version 9.0.13 bnc812525: CVE-2013-1899: Fix insecure parsing of server command-line switches. A connection request containing a database name that begins with "-" could be crafted to damage or destroy files within the server's data directory, even if the request is...
Mozilla Firefox and others: Update to 20.0/17.0.5 releases (important)
The Mozilla suite received security and bugfix updates: Firefox was updated to version 20.0. Thunderbird was updated to version 17.0.5. Seamonkey was updated to version 2.17 mozilla-nss was updated to version 3.14.3. mozilla-nspr was updated to version 4.9.6. mozilla-nspr was updated to version...