bind: fixed a remote denial of service attack (abort) (critical)

A remote denial of service attack was fixed in the BIND DNS nameserver, which could be caused by attackers providing a specifically prepared zone file for recursive transfer. CVE-2012-4244...

java-1_6_0-openjdk: icedtea-web update to 1.11.4 (bnc#) (critical)

The icedtea-web Java plugin was updated to 1.11.4 to fix critical security issues: Security fixes - S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder - S7163201, CVE-2012-0547: Simplify toolkit internals references OpenJDK - S7182135: Impossible to use some editors directly -...

Security Update for Xen (important)

Security Update for Xen Following fixes were done: - bnc776995 - attaching scsi control luns with pvscsi - xend/pvscsi: fix passing of SCSI control LUNs xen-bug776995-pvscsi-no-devname.patch - xend/pvscsi: fix usage of persistant device names for SCSI devices...

Security Update for Xen (important)

Security Update for Xen Following bug and security fixes were applied: - bnc776995 - attaching scsi control luns with pvscsi - xend/pvscsi: fix passing of SCSI control LUNs xen-bug776995-pvscsi-no-devname.patch - xend/pvscsi: fix usage of persistant device names for SCSI devices...

qemu: Fix buffer overflow in console VT100 emulation (important)

qemu was fixed to add bounds checking for VT100 escape code parsing and cursor placement. Also qemu was updated on 12.2 and 11.4 to the latest stable release v1.1.1 and v0.14.1 respectively...

java-1_7_0-openjdk: security fix for remote exploit (critical)

Java-170-openjdk was updated to fix a remote exploit CVE-2012-4681. Also bugfixes were done: - fix build on ARM and i586 - remove files that are no longer used - zero build can be enabled using rpmbuild osc build --with zero - add hotspot 2.1 needed for zero - fix filelist on %ix86 Security fixes...

gimp to fix various issues (important)

Multiple integer overflows in various decoder plug-ins of GIMP have been fixed...

MozillaFirefox: Update to version 15 (critical)

Mozilla Firefox, Thunderbird, xulrunner, seamonkey 15.0 update bnc777588 MFSA 2012-57/CVE-2012-1970 Miscellaneous memory safety hazards MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1 975 CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE- 2012-3959...

MozillaFirefox: Update to version 15 (critical)

Mozilla Firefox, Thunderbird, xulrunner, seamonkey 15.0 update bnc777588 MFSA 2012-57/CVE-2012-1970 Miscellaneous memory safety hazards MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1 975 CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE- 2012-3959...

calligra: security and bugfix update. (important)

Fix buffer overflow in MS Word ODF filter among other non-security related bugs. Also a version update to 2.4.3 happened: Words: - Always show vertical scroll bar to avoid race condition kde301076 - Do not save with an attribue that makes LibreOffice and OpenOffice crash kde298689 Kexi: - Fixed...

flash-player to 11.2.202.238 (critical)

Adobe Flash Player was updated to 11.2.202.238 fixing various bugs and security issues...

update for chromium, v8 (important)

Version upgrade of chromium to address multiple security vulnerabilities...

opera to 12.01 (important)

Opera was updated to version 12.1, fixing various bugs and security issues. http://www.opera.com/docs/changelogs/unix/1201/ Fixes and Stability Enhancements since Opera 12.00 General and User Interface Several general fixes and stability improvements Website thumbnail memory usage improvements...

update for icedtea-web (important)

This update of icedtea-web fixed multiple hewap buffer overflows...

icedtea-web: Update to 1.2.1 (bnc#) (important)

update to 1.2.1 bnc773458 - Security Updates CVE-2012-3422, RH840592: Potential read from an uninitialized memory location CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings - NetX PR898: signed applications with big jnlp-file doesn't start webstart affect like "frozen"...

rubygem-actionpack/activerecord-2_3 (important)

3 Security issues were fixed in rails 2.3 core components. 2 NULL query issues where fixed in the actionpack gem. 1 SQL injection was fixed in the activerecord gem...

seamonkey: Update to Seamonkey 2.11 (important)

Seamonkey was updated to version 2.11 bnc771583 MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1 952 Gecko memory corruption MFSA 2012-45/CVE-2012-1955 bmo757376 Spoofing issue with location MFSA...

xulrunner to 14.0.1 (critical)

Mozilla XULRunner was updated to 14.0.1, fixing bugs and security issues: Following security issues were fixed: MFSA 2012-42: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed eviden...

MozillaThunderbird: update to Thunderbird 14.0 (important)

Mozilla Thunderbird was updated to version 14.0 bnc771583 MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1 952 Gecko memory corruption MFSA 2012-45/CVE-2012-1955 bmo757376 Spoofing issue with location MF...

MozillaFirefox to 14.0.1 (critical)

MozillaFirefox was updated to 14.0.1 to fix various bugs and security issues. Following security issues were fixed: MFSA 2012-42: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed...

xen (critical)

This update of XEN fixed multiple security flaws that could be exploited by local attackers to cause a Denial of Service or potentially escalate privileges. Additionally, several other upstream changes were backported...

update for opera (important)

update to 12.00 full changelog available at: http://www.opera.com/docs/changelogs/unix/1120/ - fixes bnc767045...

mysql (CVE-2012-2122) (important)

Fixing CVE-2012-2122: authentication bypass due to incorrect type casting...

ClamAV: 0.97.5 update (important)

This update addresses possible evasion cases in some archive formats and stability issues in portions of the bytecode engine...

java-1_6_0-openjdk: critical (critical)

This version upgrade of java-160-openjdk fixes multiple security flaws: - S7079902, CVE-2012-1711: Refine CORBA data models - S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. - S7143614, CVE-2012-1716: SynthLookAndFeel stability...

MozillaFirefox, MozillaThunderbird, mozilla-nss, seamonkey, xulrunner: June (important)

Changes in MozillaFirefox: - update to Firefox 13.0 bnc765204 MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards MFSA 2012-36/CVE-2012-1944 bmo751422 Content Security Policy inline-script bypass MFSA 2012-37/CVE-2012-1945 bmo670514 Information disclosure...

flash-player: Update to 11.2.202.236 security release (critical)

Adobe Flash Player was updated to 11.2.202.236, fixing lots of bugs and critical security issues. We also disabled inclusion of mms.cfg again, as it caused trouble on hardware accelerated systems...

bind: Fixed a remote denial of service (important)

A remote denial of service in the bind nameserver via zero length rdata fields was fixed...

update for strongswan (important)

Strongswan's gmp plugin could treat empty RSA signature as valid ones...

update for chromium, v8 (important)

Chromium update to 21.0.1145 Fixed several issues around audio not playing with videos Crash Fixes Improvements to trackpad on Cr-48 Security Fixes bnc762481 - CVE-2011-3083: Browser crash with video + FTP - CVE-2011-3084: Load links from internal pages in their own process. - CVE-2011-3085: UI...

update for cobbler (important)

The xmlrpc interface of cobbler was prone to command injectoin...

opera to 11.62 (important)

The Opera web browser was updated to 11.62 fixing various bugs and security issues...

update for flash-player (critical)

flash-player update to 11.2.202.235 fixes a potential remote code execution vulnerability...

update for php5 (critical)

when used in CGI mode remote attackers could inject command line arguments to php...

update for samba (important)

docs-xml: fix default name resolve order; bso7564. - s3-aio-fork: Fix a segfault in vfsaiofork; bso8836. - docs: remove whitespace in example samba.ldif; bso8789. - s3-smbd: move printbackendinit behind initsysteminfo; bso8845. - s3-docs: Prepend '/' to filename argument; bso8826. - Restrict self...

update for acroread (important)

Acroread update to version 9.5.1 to fix several security issues...

update for samba (critical)

Samba upgrade to version 3.6.3 fixes the following security issue: - PIDL based autogenerated code allows overwriting beyond of allocated array. Remove attackers could exploit that to execute arbitrary code as root CVE-2012-1182, bso8815, bnc752797 Please see...

update for samba (critical)

Add the ldapsmb sources as else patches against them have no chance to apply. - Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe- cution as the "root" user; PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182; bso8815; bnc752797. -...

freetype2 update (important)

Specially crafted font files could cause buffer overflows in freetype...

update for chromium, v8 (important)

Update to 19.0.1079 Security Fixes bnc754456: High CVE-2011-3050: Use-after-free with first-letter handling High CVE-2011-3045: libpng integer issue from upstream High CVE-2011-3051: Use-after-free in CSS cross-fade handling High CVE-2011-3052: Memory corruption in WebGL canvas handling High...

flash-player update (critical)

Adobe Flash Player 11.1.102.63 fixes a memory corruption vulnerability in the NetStream class that could lead to code execution...

update for php5 (important)

php5 security update...

update for chromium, v8 (important)

Changes in chromium: - Update to 19.0.1066 Fixed Chrome install/update resets Google search preferences Issue: 105390 Don't trigger accelerated compositing on 3D CSS when using swiftshader Issue: 116401 Fixed a GPU crash Issue: 116096 More fixes for Back button frequently hangs Issue: 93427 Basti...

flash-player (important)

flash-player 11.1.102.63 fixes two security issues: - memory corruption vulnerability in Matrix3D could lead to code executionn CVE-2012-0768 - integer errors that could lead to information disclosure CVE-2012-0769...

libvorbis: fixed a heap based buffer overflow (important)

Specially crafted ogg files could cause a heap-based buffer overflow in the vorbis audio compression library that could potentially be exploited by attackers to cause a crash or execute arbitrary code CVE-2012-0444...

libpng12: Fixed a heap based buffer overflow (important)

A heap-based buffer overflow in libpng was fixed that could potentially be exploited by attackers to execute arbitrary code or cause an application to crash CVE-2011-3026. libpng 1.2 was updated to 1.2.47 to fix this issue...

csound: fixed two stack based buffer overflows (important)

This update of csound fixes two stack-based buffer overflows that could be exploited via malformed hetro and pvoc files CVE-2012-0270...

apache2: fixed various security bugs (important)

This update of apache2 fixes regressions and several security problems: bnc728876, fix graceful reload bnc741243, CVE-2012-0031: Fixed a scoreboard corruption shared mem segment by child causes crash of privileged parent invalid free during shutdown. bnc743743, CVE-2012-0053: Fixed an issue in...

java-1_6_0-openjdk: Update to iced tea 1.11.1 b24 security release (important)

java-160-openjdk was updated to the b24 release, fixing multiple security issues: Security fixes - S7082299, CVE-2011-3571: Fix inAtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687,...

mozilla-xulrunner192: 1.9.2.27 (important)

Mozilla XULRunner was updated to 1.9.2.27 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code CVE-2011-3026,...