7843 matches found
perl-HTTP-Body: update to 1.19 release with security fixes (important)
perl-HTTP-Body was updated to 1.19 and also received a security fix for a potential remote code injection when upload files...
Mozilla updates 2014/03 (important)
This patch contains a collection of security relevant updates for Mozilla applications. Update Firefox to 24.4.0 bnc868603 Update Thunderbird to 24.4.0 Update NSPR to 4.10.4 Update NSS to 3.15.5 MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous memory safety hazards MFSA 2014-17/CVE-2014-149...
flash-player to 11.2.202.346 (important)
Adobe Flash Player was updated to version 11.2.202.346 to fix security issues: CVE-2014-0503: A vulnerability that could be used to bypass the same origin policy was fixed. CVE-2014-0504: A vulnerability that could be used to read the contents of the clipboard was fixed. More information can be...
flash-player to 11.2.202.346 (important)
Adobe Flash Player was updated to version 11.2.202.346 to fix security issues: CVE-2014-0503: A vulnerability that could be used to bypass the same origin policy was fixed. CVE-2014-0504: A vulnerability that could be used to read the contents of the clipboard was fixed. More information can be...
gnutls (critical)
The gnutls library was updated to fix SSL certificate validation. Remote man-in-the-middle attackers were able to make the verification believe that a SSL certificate is valid even though it was not. Also the TLS-CBC timing attack vulnerability was fixed...
percona-toolkit,xtrabackup: disable remote version check (important)
percona-toolkit and xtrabackup were updated: - disable automatic version check for all tools bnc864194 Prevents transmission of version information to an external host in the default configuration. CVE-2014-2029 Can be used by owner of a Percona Server or an attacker who can control this...
gnutls: fixed SSL certificate validation (critical)
The gnutls library was updated to fix SSL certificate validation. Remote man-in-the-middle attackers were able to make the verification believe that a SSL certificate is valid even though it was not...
gnutls: fixed SSL certificate validation problems (critical)
The gnutls library was updated to fixed x509 certificate validation problems, where man-in-the-middle attackers could hijack SSL connections. This update also reenables Elliptic Curve support to meet current day cryptographic requirements...
flash-player: update to 11.2.202.341 security release (critical)
Adobe Flash Player was updated to 11.2.202.341: bnc865021 APSB14-07, CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 - Contents of flashplayer11sa.i386.tar.gz changed back: spec file updated, supplementary script update.sh updated...
flash-player: update to 11.2.202.341 security release (critical)
Adobe Flash Player was updated to 11.2.202.341: bnc865021 APSB14-07, CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 - Contents of flashplayer11sa.i386.tar.gz changed back: spec file updated, supplementary script update.sh updated...
chromium to 32.0.1700.102 (important)
Chromium was updated to version 32.0.1700.102: Stable channel update: - Security Fixes: CVE-2013-6649: Use-after-free in SVG images CVE-2013-6650: Memory corruption in V8 and 12 other fixes - Other: Mouse Pointer disappears after exiting full-screen mode Drag and drop files into Chromium may not...
Mozilla updates February 2014 (important)
Updates for mozilla-nss 3.15.4 MozillaFirefox 24.3.0esr MozillaThunderbird 24.3.0 including fixes for the following issues: MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 Miscellaneous memory safety hazards rv:27.0 / rv:24.3 MFSA 2014-02/CVE-2014-1479 bmo911864 Clone protected content with XBL scopes...
Mozilla Firefox 27 release (important)
Mozilla Firefox was updated to version 27. Mozilla Seamonkey was updated to 2.24, fixing similar issues as Firefox 27. Mozilla Thunderbird was updated to 24.3.0, fixing similar issues as Firefox 27. The Firefox 27 release brings TLS 1.2 support as a major security feature. It also fixes following...
kernel to 3.11.10 (important)
The Linux Kernel was updated to version 3.11.10, fixing security issues and bugs: - floppy: bail out in open if drive is not responding to block0 read bnc773058. - compatsysrecvmmsg X32 fix bnc860993 CVE-2014-0038. - HID: usbhid: fix sis quirk bnc859804. - hwmon: coretemp Fix truncated name of...
kernel: security and bugfix update (important)
The Linux kernel was updated to fix various bugs and security issues: - mm/page-writeback.c: do not count anon pages as dirtyable memory reclaim stalls. - mm/page-writeback.c: fix dirtybalancereserve subtraction from dirtyable memory reclaim stalls. - compatsysrecvmmsg X32 fix bnc860993...
update flash-player to 11.2.202.336 (critical)
Flash Player received an out of band critical security update to fix an integer underflow vulnerability that could be exploited to execute arbitrary code on the affected system CVE-2014-0497. More information can be found on: http://helpx.adobe.com/security/products/flash-player/apsb14 -04.html...
flash-player to 11.2.202.336 (critical)
Flash Player received an out of band critical security update to fix an integer underflow vulnerability that could be exploited to execute arbitrary code on the affected system CVE-2014-0497. More information can be found on: http://helpx.adobe.com/security/products/flash-player/apsb14 -04.html...
flash-player to 11.2.202.335 (important)
Adobe Flash Player was updated to version 11.2.202.335: bnc858822 APSB14-02, CVE-2014-0491, CVE-2014-0492 More information can be found on: http://helpx.adobe.com/security/products/flash-player/apsb14 -02.html...
acroread: not supported anymore (important)
Adobe discontinued the Adobe Reader 9 for Linux in June 2013 and has not fixed and will not fix any further security issues in it. As there is no new version, it is officially out of support. The SUSE Security Team strongly recommends to not use it anymore. Installing this update will deinstall t...
Fixes a local vulnerability (important)
Fixed CVE-2013-3709: make the secret token file secrettoken.rb readable only for the webyast user to avoid forging the session cookie bnc851116 reported by joernchen of Phenoelit...
Fixes a local vulnerability (important)
Fixed CVE-2013-3709: make the secret token file secrettoken.rb readable only for the webyast user to avoid forging the session cookie bnc851116 reported by joernchen of Phenoelit...
Fixes a local vulnerability (important)
Fixed CVE-2013-3709: make the secret token file secrettoken.rb readable only for the webyast user to avoid forging the session cookie bnc851116...
ca-certificates-mozilla: add, remove or blacklist some certificates (important)
The Mozilla CA certificates package was updated to match the current Mozilla revision 1.95 of certdata.txt. It blacklists some misused certificate authorities, adds some new and adjusts some others. On openSUSE 13.1 a problem with names was also fixed. distrust: AC DG Tresor SSL bnc854367 new:...
Mozilla updates 2013/12 (important)
This patch contains mozilla-nss 3.15.3.1 which includes a certstore update 1.95 to explicitely revoke AC DG Tresor SSL intermediate CA which was misused. Firefox 24.2esr Thunderbird 24.2 Seamonkey 2.23 These updates fix several security issues: CVE-2013-5611 Mozilla: Application Installation...
ca-certificates-mozilla: add, remove or blacklist some certificates (important)
The Mozilla CA certificates package was updated to match the current Mozilla revision 1.95 of certdata.txt. It blacklists some misused certificate authorities, adds some new and adjusts some others. On openSUSE 13.1 a problem with names was also fixed. distrust: AC DG Tresor SSL bnc854367 new:...
chromium: update to 31.0.1650.57 (important)
Chromium was updated to 31.0.1650.57: Stable channel update: - Security Fixes: CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 Stable Channel update: - Security fixes: CVE-2013-6621: Use after free related to speech input elements.. CVE-2013-6622: Use after fre...
chromium: update to 31.0.1650.57 (important)
Chromium was updated to 31.0.1650.57: Stable channel update: - Security Fixes: CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 bnc850430 Stable Channel update: - Security fixes: CVE-2013-6621: Use after free related to speech input elements.. CVE-2013-6622: Use...
chromium: 31.0.1650.57 version update (important)
Security and bugfix update to Chromium 31.0.1650.57 - Update to Chromium 31.0.1650.57: - Security Fixes: CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 Stable Channel update: - Security fixes: CVE-2013-6621: Use after free related to speech input elements...
flash-player to 11.2.202.327 (important)
Adobe Flash Player was updated to 11.2.202.327: bnc850220 APSB13-26, CVE-2013-5329, CVE-2013-5330...
openssh: security fix for remote code execution with AES-GCM (important)
openssh was updated to fix a memory corruption when AES-GCM is used which could lead to remote code execution after successful authentication. CVE-2013-4548...
flash-player to 11.2.202.327 (important)
Adobe Flash Player was updated to 11.2.202.327: bnc850220 APSB13-26, CVE-2013-5329, CVE-2013-5330...
Mozilla updates 10/2013 (important)
Update NSPR to 4.10.1 Update Thunderbird to 24.1.0 incl. enigmail 1.6 Update Firefox to 24.1.0esr Changes in MozillaFirefox: requires NSS 3.15.2 or above MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards MFSA 2013-94/CVE-2013-5593 bmo868327 Spoofing...
Mozilla Suite: Update to October 2013 release (important)
MozillaFirefox was updated to Firefox 25.0. MozillaThunderbird was updated to Thunderbird 24.1.0. Mozilla XULRunner was updated to 17.0.10esr. Mozilla NSPR was updated to 4.10.1. Changes in MozillaFirefox: requires NSS 3.15.2 or above MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592...
chromium: 30.0.1599.66 security and bugfix update (important)
Update to Chromium 30.0.1599.66: - Easier searching by image - A number of new apps/extension APIs - Lots of under the hood changes for stability and performance - Security fixes: + CVE-2013-2906: Races in Web Audio + CVE-2013-2907: Out of bounds read in Window.prototype object + CVE-2013-2908:...
update for flash-player (important)
Adobe flash-player has been updated to version 11.2.202.310 ABSP13-21 which fixes bugs and security issues. bnc839897 These updates resolve memory corruption vulnerabilities that could lead to code execution. CVE-2013-3361, CVE-2013-3362, CVE-2013-3363, CVE-2013-5324...
puppet: security fix for YAML support (critical)
A potential remote code execution via YAML was fixed in puppet. CVE-2013-3567...
update for bind (important)
A specially crafted query with malicious rdata could have caused a crash DoS in named...
bind: 9.9.3P2 security and bugfix update (important)
The BIND nameserver was updated to 9.9.3P2 to fix a security issue where incorrect bounds checking on private type 'keydata' could lead to a remotely triggerable REQUIRE failure. CVE-2013-4854, bnc831899...
update for samba (important)
This update of samba fixed the following issues: - The pamwinbind requiremembershipof option allows for a list of SID, but currently only provides buffer space for 20; bnc806501. - Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections; CVE-2013-4124...
update for MozillaFirefox, MozillaThunderbird, mozilla-nspr, mozilla-nss, seamonkey, xulrunner (important)
Changes in seamonkey: - update to SeaMonkey 2.20 bnc833389 MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards MFSA 2013-64/CVE-2013-1704 bmo883313 Use after free mutating DOM during SetBody MFSA 2013-65/CVE-2013-1705 bmo882865 Buffer underflow when generating CRMF reques...
update for phpMyAdmin (important)
This version upgrade of phpMyAdmin fixed various security issues SQL injection, XSS, full path disclosure, Clickjacking...
update for samba (important)
This update of samba fixed the following issues: - The pamwinbind requiremembershipof option allows for a list of SID, but currently only provides buffer space for 20; bnc806501. - Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections; CVE-2013-4124...
Mozilla updates August 2013 (important)
This patch contains updates for - Firefox to 23.0 - xulrunner to 17.0.8esr - Thunderbird to 17.0.8 - mozilla-nspr to 4.10 - mozilla-nss to 3.15,1 MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards MFSA 2013-64/CVE-2013-1704 bmo883313 Use after free mutating DOM during...
flash-player for APSB13-17 (important)
This update fixes APSB13-17, several security problems in the Adobe Flash Player: CVE-2013-3344, CVE-2013-3345, CVE-2013-3347...
flash-player for APSB13-17 (important)
This update fixes APSB13-17, several security problems in the Adobe Flash Player: CVE-2013-3344, CVE-2013-3345, CVE-2013-3347 For more see https://bugzilla.novell.com/showbug.cgi?id=828810...
Mesa: security fixes for Intel drivers (important)
Mesa was updated to fix a security problem in the Intel drivers, where potentially remote attackers via 3D models could inject code. CVE-2013-1872 - i965: fix problem with constant out of bounds access bnc 828007...
3.0.80 kernel update (important)
The kernel was updated to Linux kernel 3.0.80, fixing various bugs and security issues. Following security issues were fixed: CVE-2013-0160: Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed...
update to SeaMonkey 2.19 (important)
Seamonkey was updated to version 2.19 MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 Miscellaneous memory safety hazards MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer MFSA 2013-51/CVE-2013-1687 bmo863933, bmo866823 Privileged content access and...
xulrunner: 17.0.7esr (important)
Mozilla xulrunner was update to 17.0.7esr bnc825935 Security issues fixed: MFSA 2013-49/CVE-2013-1682 Miscellaneous memory safety hazards MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer MFSA 2013-51/CVE-2013-1687 bmo863933, bmo866823 Privileg...
MozillaFirefox: Update to Firefox 22.0 release (important)
MozillaFirefox was updated to Firefox 22.0 bnc825935 Following security issues were fixed: MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 Miscellaneous memory safety hazards MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer MFSA 2013-51/CVE-2013-1687...