xorg-x11-Xvnc openSUSE 11.0 This update fixes multiple vulnerabilities reported by iDefense: - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption xorg-x11-Xvnc-7.3-110.2.i586.rpm xorg-x11-Xvnc-7.3-110.2.ppc.rpm xorg-x11-Xvnc-7.3-110.2.x86_64.rpm xorg-x11-server-7.3-110.2.i586.rpm xorg-x11-server-7.3-110.2.ppc.rpm xorg-x11-server-7.3-110.2.x86_64.rpm xorg-x11-server-extra-7.3-110.2.i586.rpm xorg-x11-server-extra-7.3-110.2.ppc.rpm xorg-x11-server-extra-7.3-110.2.x86_64.rpm xorg-x11-server-sdk-7.3-110.2.i586.rpm xorg-x11-server-sdk-7.3-110.2.ppc.rpm xorg-x11-server-sdk-7.3-110.2.x86_64.rpm autoyast2 openSUSE 11.0 Cloning can fail when a lot of patterns are installed. autoyast2-2.16.19-0.1.noarch.rpm autoyast2-installation-2.16.19-0.1.noarch.rpm kdenetwork3-InstantMessenger openSUSE 11.0 Fixes for two crashes while getting user details in Kopete's GroupWise plugin kdenetwork3-InstantMessenger-3.5.9-39.2.i586.rpm kdenetwork3-InstantMessenger-3.5.9-39.2.ppc.rpm kdenetwork3-InstantMessenger-3.5.9-39.2.x86_64.rpm courier-authlib openSUSE 11.0 This update of courier-authlib fixes a bug that allowed SQL injections. (CVE-2008-2667) courier-authlib-0.60.2-40.2.i586.rpm courier-authlib-0.60.2-40.2.ppc.rpm courier-authlib-0.60.2-40.2.x86_64.rpm courier-authlib-devel-0.60.2-40.2.i586.rpm courier-authlib-devel-0.60.2-40.2.ppc.rpm courier-authlib-devel-0.60.2-40.2.x86_64.rpm courier-authlib-ldap-0.60.2-40.2.i586.rpm courier-authlib-ldap-0.60.2-40.2.ppc.rpm courier-authlib-ldap-0.60.2-40.2.x86_64.rpm courier-authlib-mysql-0.60.2-40.2.i586.rpm courier-authlib-mysql-0.60.2-40.2.ppc.rpm courier-authlib-mysql-0.60.2-40.2.x86_64.rpm courier-authlib-pgsql-0.60.2-40.2.i586.rpm courier-authlib-pgsql-0.60.2-40.2.ppc.rpm courier-authlib-pgsql-0.60.2-40.2.x86_64.rpm courier-authlib-pipe-0.60.2-40.2.i586.rpm courier-authlib-pipe-0.60.2-40.2.ppc.rpm courier-authlib-pipe-0.60.2-40.2.x86_64.rpm courier-authlib-userdb-0.60.2-40.2.i586.rpm courier-authlib-userdb-0.60.2-40.2.ppc.rpm courier-authlib-userdb-0.60.2-40.2.x86_64.rpm opera openSUSE 11.0 This patch brings Opera to security update level 9.50 Following security problems were fixed: CVE-2008-2714: Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page address text to be misplaced." CVE-2008-2715: Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns. CVE-2008-2716: Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent page by modifying the location, which can facilitate phishing attacks. It also contains lots of new features and other bugfixes, see the Changelog at: http://www.opera.com/docs/changelogs/linux/950/ opera-9.50-0.1.i586.rpm opera-9.50-0.1.ppc.rpm opera-9.50-0.1.x86_64.rpm insserv openSUSE 11.0 This update enables insserv to remove service even without LSB header. insserv-1.11.0-31.2.i586.rpm insserv-1.11.0-31.2.ppc.rpm insserv-1.11.0-31.2.x86_64.rpm suspend openSUSE 11.0 Resume from suspend to disk can fail in certain conditions, if encryption is enabled (not default). Other bugs fixed with this update: * if the suspend image was uncompressible, but compression was enabled (default), suspend to disk would fail * the whitelist for suspend to ram has been expanded with several new machines suspend-0.80.20080523-0.1.i586.rpm suspend-0.80.20080523-0.1.ppc.rpm suspend-0.80.20080523-0.1.x86_64.rpm aaa_base openSUSE 11.0 Better completion of the cd command even for the colon found in paths of OBS projects. aaa_base-11.0-79.2.i586.rpm aaa_base-11.0-79.2.ppc.rpm aaa_base-11.0-79.2.x86_64.rpm KDE4-fixes openSUSE 11.0 Bundle of fixes for critical bugs fixed since kdepim 4.1beta1: KDE PIM applications: - crash on deleting korganizer categories (kde#153740) - kmail folder selector crash - kmail mime type detection - korganizer multiple todo deletion crash - kmail composer invisible widgets (kde#162711) - kmail losing non-ascii chars on send (kde#162673) - kmail composer doesn't respect encoding (kde#162707) - korg select default type in reminder dlg (kde#158354) - kmail online imap filter mail eater - kmail crash in rfc2231 decoder - kmail crash due to bad debug code (kde#156319) - kmail save local subscriptions sooner (kde#163268) - kmail filter action crash (kde#156990) - kmail crash on inline forward of multiple mails (kde#163159) - kaddressbook contact picture display (kde#162897) - kalarm time display (kde#163408) KDE workspace: - add patch to fix windows disappearing after activating - composite effects (bnc#390675) - add patch to fix kwin per-window shortcuts (bnc#381356) - fix crash killing kwin_kill_helper (kde#156998) kde4-akregator-4.0.80-9.3.i586.rpm kde4-akregator-4.0.80-9.3.ppc.rpm kde4-akregator-4.0.80-9.3.x86_64.rpm kde4-kaddressbook-4.0.80-9.3.i586.rpm kde4-kaddressbook-4.0.80-9.3.ppc.rpm kde4-kaddressbook-4.0.80-9.3.x86_64.rpm kde4-kalarm-4.0.80-9.3.i586.rpm kde4-kalarm-4.0.80-9.3.ppc.rpm kde4-kalarm-4.0.80-9.3.x86_64.rpm kde4-kdm-4.0.4-24.2.i586.rpm kde4-kdm-4.0.4-24.2.ppc.rpm kde4-kdm-4.0.4-24.2.x86_64.rpm kde4-kmail-4.0.80-9.3.i586.rpm kde4-kmail-4.0.80-9.3.ppc.rpm kde4-kmail-4.0.80-9.3.x86_64.rpm kde4-kmobiletools-4.0.80-9.3.i586.rpm kde4-kmobiletools-4.0.80-9.3.ppc.rpm kde4-kmobiletools-4.0.80-9.3.x86_64.rpm kde4-knode-4.0.80-9.3.i586.rpm kde4-knode-4.0.80-9.3.ppc.rpm kde4-knode-4.0.80-9.3.x86_64.rpm kde4-knotes-4.0.80-9.3.i586.rpm kde4-knotes-4.0.80-9.3.ppc.rpm kde4-knotes-4.0.80-9.3.x86_64.rpm kde4-kontact-4.0.80-9.3.i586.rpm kde4-kontact-4.0.80-9.3.ppc.rpm kde4-kontact-4.0.80-9.3.x86_64.rpm kde4-korganizer-4.0.80-9.3.i586.rpm kde4-korganizer-4.0.80-9.3.ppc.rpm kde4-korganizer-4.0.80-9.3.x86_64.rpm kde4-korn-4.0.80-9.3.i586.rpm kde4-korn-4.0.80-9.3.ppc.rpm kde4-korn-4.0.80-9.3.x86_64.rpm kde4-kpilot-4.0.80-9.3.i586.rpm kde4-kpilot-4.0.80-9.3.ppc.rpm kde4-kpilot-4.0.80-9.3.x86_64.rpm kde4-ktimetracker-4.0.80-9.3.i586.rpm kde4-ktimetracker-4.0.80-9.3.ppc.rpm kde4-ktimetracker-4.0.80-9.3.x86_64.rpm kde4-ktnef-4.0.80-9.3.i586.rpm kde4-ktnef-4.0.80-9.3.ppc.rpm kde4-ktnef-4.0.80-9.3.x86_64.rpm kde4-kwin-4.0.4-24.2.i586.rpm kde4-kwin-4.0.4-24.2.ppc.rpm kde4-kwin-4.0.4-24.2.x86_64.rpm kdebase4-workspace-4.0.4-24.2.i586.rpm kdebase4-workspace-4.0.4-24.2.ppc.rpm kdebase4-workspace-4.0.4-24.2.x86_64.rpm kdebase4-workspace-devel-4.0.4-24.2.i586.rpm kdebase4-workspace-devel-4.0.4-24.2.ppc.rpm kdebase4-workspace-devel-4.0.4-24.2.x86_64.rpm kdebase4-workspace-ksysguardd-4.0.4-24.2.i586.rpm kdebase4-workspace-ksysguardd-4.0.4-24.2.ppc.rpm kdebase4-workspace-ksysguardd-4.0.4-24.2.x86_64.rpm kdepim4-4.0.80-9.3.i586.rpm kdepim4-4.0.80-9.3.ppc.rpm kdepim4-4.0.80-9.3.x86_64.rpm kdepim4-devel-4.0.80-9.3.i586.rpm kdepim4-devel-4.0.80-9.3.ppc.rpm kdepim4-devel-4.0.80-9.3.x86_64.rpm kdepim4-wizards-4.0.80-9.3.i586.rpm kdepim4-wizards-4.0.80-9.3.ppc.rpm kdepim4-wizards-4.0.80-9.3.x86_64.rpm libkdepim4-4.0.80-9.3.i586.rpm libkdepim4-4.0.80-9.3.ppc.rpm libkdepim4-4.0.80-9.3.x86_64.rpm libkdepim4-devel-4.0.80-9.3.i586.rpm libkdepim4-devel-4.0.80-9.3.ppc.rpm libkdepim4-devel-4.0.80-9.3.x86_64.rpm MozillaFirefox openSUSE 11.0 This patch updates Mozilla Firefox to the final 3.0 version. The dependend libraries mozilla-xulrunner190, mozilla-nspr and mozilla-nss were also brought to their release version. MozillaFirefox-3.0-0.1.i586.rpm MozillaFirefox-3.0-0.1.ppc.rpm MozillaFirefox-3.0-0.1.x86_64.rpm MozillaFirefox-translations-3.0-0.1.i586.rpm MozillaFirefox-translations-3.0-0.1.ppc.rpm MozillaFirefox-translations-3.0-0.1.x86_64.rpm mozilla-nspr-4.7.1-18.2.i586.rpm mozilla-nspr-4.7.1-18.2.ppc.rpm mozilla-nspr-4.7.1-18.2.x86_64.rpm mozilla-nspr-32bit-4.7.1-18.2.x86_64.rpm mozilla-nspr-devel-4.7.1-18.2.i586.rpm mozilla-nspr-devel-4.7.1-18.2.ppc.rpm mozilla-nspr-devel-4.7.1-18.2.x86_64.rpm mozilla-nss-3.12.0-23.2.i586.rpm mozilla-nss-3.12.0-23.2.ppc.rpm mozilla-nss-3.12.0-23.2.x86_64.rpm mozilla-nss-32bit-3.12.0-23.2.x86_64.rpm mozilla-nss-devel-3.12.0-23.2.i586.rpm mozilla-nss-devel-3.12.0-23.2.ppc.rpm mozilla-nss-devel-3.12.0-23.2.x86_64.rpm mozilla-nss-tools-3.12.0-23.2.i586.rpm mozilla-nss-tools-3.12.0-23.2.ppc.rpm mozilla-nss-tools-3.12.0-23.2.x86_64.rpm mozilla-xulrunner190-1.9.0-0.1.i586.rpm mozilla-xulrunner190-1.9.0-0.1.ppc.rpm mozilla-xulrunner190-1.9.0-0.1.x86_64.rpm mozilla-xulrunner190-devel-1.9.0-0.1.i586.rpm mozilla-xulrunner190-devel-1.9.0-0.1.ppc.rpm mozilla-xulrunner190-devel-1.9.0-0.1.x86_64.rpm mozilla-xulrunner190-gnomevfs-1.9.0-0.1.i586.rpm mozilla-xulrunner190-gnomevfs-1.9.0-0.1.ppc.rpm mozilla-xulrunner190-gnomevfs-1.9.0-0.1.x86_64.rpm mozilla-xulrunner190-translations-1.9.0-0.1.i586.rpm mozilla-xulrunner190-translations-1.9.0-0.1.ppc.rpm mozilla-xulrunner190-translations-1.9.0-0.1.x86_64.rpm NetworkManager-kde openSUSE 11.0 - Fix crash on rcnetwork restart - Fix scanning for wireless networks - Fix auto selection of the wireless network security mode - Notify the user if NetworkManager is not running - Allow shared key authentication - translation update - some minor bugfixes NetworkManager-kde-0.7r821737-0.1.i586.rpm NetworkManager-kde-0.7r821737-0.1.ppc.rpm NetworkManager-kde-0.7r821737-0.1.x86_64.rpm NetworkManager-kde-devel-0.7r821737-0.1.i586.rpm NetworkManager-kde-devel-0.7r821737-0.1.ppc.rpm NetworkManager-kde-devel-0.7r821737-0.1.x86_64.rpm NetworkManager-openvpn-kde-0.7r821737-0.1.i586.rpm NetworkManager-openvpn-kde-0.7r821737-0.1.ppc.rpm NetworkManager-openvpn-kde-0.7r821737-0.1.x86_64.rpm NetworkManager-vpnc-kde-0.7r821737-0.1.i586.rpm NetworkManager-vpnc-kde-0.7r821737-0.1.ppc.rpm NetworkManager-vpnc-kde-0.7r821737-0.1.x86_64.rpm timezone openSUSE 11.0 Timezone data update: DST was introduced in Pakistan (Asia/Karachi) and Marocco (Africa/Casablanca), Asia/Choibalsan offset was corrected. timezone-2008c-0.1.i586.rpm timezone-2008c-0.1.ppc.rpm timezone-2008c-0.1.x86_64.rpm clamav openSUSE 11.0 This update brings clamav to version 0.93.1. It fixes various bugs and one security issue: CVE-2008-2713: libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read. clamav-0.93.1-0.1.i586.rpm clamav-0.93.1-0.1.ppc.rpm clamav-0.93.1-0.1.x86_64.rpm clamav-db-0.93.1-0.1.i586.rpm clamav-db-0.93.1-0.1.ppc.rpm clamav-db-0.93.1-0.1.x86_64.rpm apache2-mod_php5 openSUSE 11.0 This update of php5 fixes: - possible stack-based buffer overflow CVE-2008-2050 - incomplete escapeshellcmd() CVE-2008-2051 - printf() integer overflow CVE-2008-1384 - insecure GENERATE_SEED macro CVE-2008-2107 - timezone update for DST in Pakistan apache2-mod_php5-5.2.6-0.1.i586.rpm apache2-mod_php5-5.2.6-0.1.ppc.rpm apache2-mod_php5-5.2.6-0.1.x86_64.rpm php5-5.2.6-0.1.i586.rpm php5-5.2.6-0.1.ppc.rpm php5-5.2.6-0.1.x86_64.rpm php5-bcmath-5.2.6-0.1.i586.rpm php5-bcmath-5.2.6-0.1.ppc.rpm php5-bcmath-5.2.6-0.1.x86_64.rpm php5-bz2-5.2.6-0.1.i586.rpm php5-bz2-5.2.6-0.1.ppc.rpm php5-bz2-5.2.6-0.1.x86_64.rpm php5-calendar-5.2.6-0.1.i586.rpm php5-calendar-5.2.6-0.1.ppc.rpm php5-calendar-5.2.6-0.1.x86_64.rpm php5-ctype-5.2.6-0.1.i586.rpm php5-ctype-5.2.6-0.1.ppc.rpm php5-ctype-5.2.6-0.1.x86_64.rpm php5-curl-5.2.6-0.1.i586.rpm php5-curl-5.2.6-0.1.ppc.rpm php5-curl-5.2.6-0.1.x86_64.rpm php5-dba-5.2.6-0.1.i586.rpm php5-dba-5.2.6-0.1.ppc.rpm php5-dba-5.2.6-0.1.x86_64.rpm php5-dbase-5.2.6-0.1.i586.rpm php5-dbase-5.2.6-0.1.ppc.rpm php5-dbase-5.2.6-0.1.x86_64.rpm php5-devel-5.2.6-0.1.i586.rpm php5-devel-5.2.6-0.1.ppc.rpm php5-devel-5.2.6-0.1.x86_64.rpm php5-dom-5.2.6-0.1.i586.rpm php5-dom-5.2.6-0.1.ppc.rpm php5-dom-5.2.6-0.1.x86_64.rpm php5-exif-5.2.6-0.1.i586.rpm php5-exif-5.2.6-0.1.ppc.rpm php5-exif-5.2.6-0.1.x86_64.rpm php5-fastcgi-5.2.6-0.1.i586.rpm php5-fastcgi-5.2.6-0.1.ppc.rpm php5-fastcgi-5.2.6-0.1.x86_64.rpm php5-ftp-5.2.6-0.1.i586.rpm php5-ftp-5.2.6-0.1.ppc.rpm php5-ftp-5.2.6-0.1.x86_64.rpm php5-gd-5.2.6-0.1.i586.rpm php5-gd-5.2.6-0.1.ppc.rpm php5-gd-5.2.6-0.1.x86_64.rpm php5-gettext-5.2.6-0.1.i586.rpm php5-gettext-5.2.6-0.1.ppc.rpm php5-gettext-5.2.6-0.1.x86_64.rpm php5-gmp-5.2.6-0.1.i586.rpm php5-gmp-5.2.6-0.1.ppc.rpm php5-gmp-5.2.6-0.1.x86_64.rpm php5-hash-5.2.6-0.1.i586.rpm php5-hash-5.2.6-0.1.ppc.rpm php5-hash-5.2.6-0.1.x86_64.rpm php5-iconv-5.2.6-0.1.i586.rpm php5-iconv-5.2.6-0.1.ppc.rpm php5-iconv-5.2.6-0.1.x86_64.rpm php5-imap-5.2.6-0.1.i586.rpm php5-imap-5.2.6-0.1.ppc.rpm php5-imap-5.2.6-0.1.x86_64.rpm php5-json-5.2.6-0.1.i586.rpm php5-json-5.2.6-0.1.ppc.rpm php5-json-5.2.6-0.1.x86_64.rpm php5-ldap-5.2.6-0.1.i586.rpm php5-ldap-5.2.6-0.1.ppc.rpm php5-ldap-5.2.6-0.1.x86_64.rpm php5-mbstring-5.2.6-0.1.i586.rpm php5-mbstring-5.2.6-0.1.ppc.rpm php5-mbstring-5.2.6-0.1.x86_64.rpm php5-mcrypt-5.2.6-0.1.i586.rpm php5-mcrypt-5.2.6-0.1.ppc.rpm php5-mcrypt-5.2.6-0.1.x86_64.rpm php5-mysql-5.2.6-0.1.i586.rpm php5-mysql-5.2.6-0.1.ppc.rpm php5-mysql-5.2.6-0.1.x86_64.rpm php5-ncurses-5.2.6-0.1.i586.rpm php5-ncurses-5.2.6-0.1.ppc.rpm php5-ncurses-5.2.6-0.1.x86_64.rpm php5-odbc-5.2.6-0.1.i586.rpm php5-odbc-5.2.6-0.1.ppc.rpm php5-odbc-5.2.6-0.1.x86_64.rpm php5-openssl-5.2.6-0.1.i586.rpm php5-openssl-5.2.6-0.1.ppc.rpm php5-openssl-5.2.6-0.1.x86_64.rpm php5-pcntl-5.2.6-0.1.i586.rpm php5-pcntl-5.2.6-0.1.ppc.rpm php5-pcntl-5.2.6-0.1.x86_64.rpm php5-pdo-5.2.6-0.1.i586.rpm php5-pdo-5.2.6-0.1.ppc.rpm php5-pdo-5.2.6-0.1.x86_64.rpm php5-pear-5.2.6-0.1.i586.rpm php5-pear-5.2.6-0.1.ppc.rpm php5-pear-5.2.6-0.1.x86_64.rpm php5-pgsql-5.2.6-0.1.i586.rpm php5-pgsql-5.2.6-0.1.ppc.rpm php5-pgsql-5.2.6-0.1.x86_64.rpm php5-posix-5.2.6-0.1.i586.rpm php5-posix-5.2.6-0.1.ppc.rpm php5-posix-5.2.6-0.1.x86_64.rpm php5-pspell-5.2.6-0.1.i586.rpm php5-pspell-5.2.6-0.1.ppc.rpm php5-pspell-5.2.6-0.1.x86_64.rpm php5-readline-5.2.6-0.1.i586.rpm php5-readline-5.2.6-0.1.ppc.rpm php5-readline-5.2.6-0.1.x86_64.rpm php5-shmop-5.2.6-0.1.i586.rpm php5-shmop-5.2.6-0.1.ppc.rpm php5-shmop-5.2.6-0.1.x86_64.rpm php5-snmp-5.2.6-0.1.i586.rpm php5-snmp-5.2.6-0.1.ppc.rpm php5-snmp-5.2.6-0.1.x86_64.rpm php5-soap-5.2.6-0.1.i586.rpm php5-soap-5.2.6-0.1.ppc.rpm php5-soap-5.2.6-0.1.x86_64.rpm php5-sockets-5.2.6-0.1.i586.rpm php5-sockets-5.2.6-0.1.ppc.rpm php5-sockets-5.2.6-0.1.x86_64.rpm php5-sqlite-5.2.6-0.1.i586.rpm php5-sqlite-5.2.6-0.1.ppc.rpm php5-sqlite-5.2.6-0.1.x86_64.rpm php5-suhosin-5.2.6-0.1.i586.rpm php5-suhosin-5.2.6-0.1.ppc.rpm php5-suhosin-5.2.6-0.1.x86_64.rpm php5-sysvmsg-5.2.6-0.1.i586.rpm php5-sysvmsg-5.2.6-0.1.ppc.rpm php5-sysvmsg-5.2.6-0.1.x86_64.rpm php5-sysvsem-5.2.6-0.1.i586.rpm php5-sysvsem-5.2.6-0.1.ppc.rpm php5-sysvsem-5.2.6-0.1.x86_64.rpm php5-sysvshm-5.2.6-0.1.i586.rpm php5-sysvshm-5.2.6-0.1.ppc.rpm php5-sysvshm-5.2.6-0.1.x86_64.rpm php5-tidy-5.2.6-0.1.i586.rpm php5-tidy-5.2.6-0.1.ppc.rpm php5-tidy-5.2.6-0.1.x86_64.rpm php5-tokenizer-5.2.6-0.1.i586.rpm php5-tokenizer-5.2.6-0.1.ppc.rpm php5-tokenizer-5.2.6-0.1.x86_64.rpm php5-wddx-5.2.6-0.1.i586.rpm php5-wddx-5.2.6-0.1.ppc.rpm php5-wddx-5.2.6-0.1.x86_64.rpm php5-xmlreader-5.2.6-0.1.i586.rpm php5-xmlreader-5.2.6-0.1.ppc.rpm php5-xmlreader-5.2.6-0.1.x86_64.rpm php5-xmlrpc-5.2.6-0.1.i586.rpm php5-xmlrpc-5.2.6-0.1.ppc.rpm php5-xmlrpc-5.2.6-0.1.x86_64.rpm php5-xmlwriter-5.2.6-0.1.i586.rpm php5-xmlwriter-5.2.6-0.1.ppc.rpm php5-xmlwriter-5.2.6-0.1.x86_64.rpm php5-xsl-5.2.6-0.1.i586.rpm php5-xsl-5.2.6-0.1.ppc.rpm php5-xsl-5.2.6-0.1.x86_64.rpm php5-zip-5.2.6-0.1.i586.rpm php5-zip-5.2.6-0.1.ppc.rpm php5-zip-5.2.6-0.1.x86_64.rpm php5-zlib-5.2.6-0.1.i586.rpm php5-zlib-5.2.6-0.1.ppc.rpm php5-zlib-5.2.6-0.1.x86_64.rpm nautilus openSUSE 11.0 A huge memory leak in thumbnailing code was making Nautilus lose a lot of memory. The patch submitted fixes it and is already submitted and approved upstream nautilus-2.22.2-30.3.i586.rpm nautilus-2.22.2-30.3.ppc.rpm nautilus-2.22.2-30.3.x86_64.rpm nautilus-32bit-2.22.2-30.3.x86_64.rpm nautilus-devel-2.22.2-30.3.i586.rpm nautilus-devel-2.22.2-30.3.ppc.rpm nautilus-devel-2.22.2-30.3.x86_64.rpm nautilus-lang-2.22.2-30.3.i586.rpm nautilus-lang-2.22.2-30.3.ppc.rpm nautilus-lang-2.22.2-30.3.x86_64.rpm compiz-kde4 openSUSE 11.0 This update removes the unnecessary dependency on libplasma, which causes a conflict when installing the KDE 4.1 packages from the OBS. compiz-kde4-0.7.4-31.2.i586.rpm compiz-kde4-0.7.4-31.2.ppc.rpm compiz-kde4-0.7.4-31.2.x86_64.rpm boost openSUSE 11.0 Trying to compile a simple program such as: int main() { return 0; } with g++ test.cpp -I/usr/include/python2.5 -lboost_python -lpython2.5 results in the following error: In file included from /usr/include/boost/python/class.hpp:29, from /usr/include/boost/python.hpp:18, from test.cpp:1: /usr/include/boost/python/detail/def_helper.hpp:192: error: declaration of 'typename boost::python::detail::keyword_extract<boost::tuples::tuple< const T1&, const T2&, const T3&, const T4&, boost::python::default_call_policies, boost::python::detail::keywords<0u>, const char*, void (boost::python::detail::not_specified::*)(), boost::tuples::null_type, boost::tuples::null_type> >::result_type boost::python::detail::def_helper<T1, T2, T3, T4>::keywords() const' /usr/include/boost/python/args_fwd.hpp:35: error: changes meaning of 'keywords' from 'struct boost::python::detail::keywords<0u>, because keywords<0> lacks qualification. boost-1.34.1-42.2.i586.rpm boost-1.34.1-42.2.ppc.rpm boost-1.34.1-42.2.x86_64.rpm boost-devel-1.34.1-42.2.i586.rpm boost-devel-1.34.1-42.2.ppc.rpm boost-devel-1.34.1-42.2.x86_64.rpm boost-doc-1.34.1-42.2.i586.rpm boost-doc-1.34.1-42.2.ppc.rpm boost-doc-1.34.1-42.2.x86_64.rpm libpng-devel openSUSE 11.0 Specially crafted png files could overwrite arbitrary memory. Attackers could potentially exploit that to execute arbitrary code (CVE-2008-1382). libpng-devel-1.2.26-14.2.i586.rpm libpng-devel-1.2.26-14.2.ppc.rpm libpng-devel-1.2.26-14.2.x86_64.rpm libpng-devel-32bit-1.2.26-14.2.x86_64.rpm libpng12-0-1.2.26-14.2.i586.rpm libpng12-0-1.2.26-14.2.ppc.rpm libpng12-0-1.2.26-14.2.x86_64.rpm libpng12-0-32bit-1.2.26-14.2.x86_64.rpm libpng12-0-64bit-1.2.26-14.2.ppc.rpm pcre openSUSE 11.0 Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code (CVE-2008-2371). pcre-7.6-22.2.i586.rpm pcre-7.6-22.2.ppc.rpm pcre-7.6-22.2.x86_64.rpm pcre-32bit-7.6-22.2.x86_64.rpm pcre-64bit-7.6-22.2.ppc.rpm pcre-devel-7.6-22.2.i586.rpm pcre-devel-7.6-22.2.ppc.rpm pcre-devel-7.6-22.2.x86_64.rpm squid openSUSE 11.0 This update of squid fixes a denial-of-service bug that can occur while parsing ASN.1. squid-2.6.STABLE20-12.1.i586.rpm squid-2.6.STABLE20-12.1.ppc.rpm squid-2.6.STABLE20-12.1.x86_64.rpm tomcat6 openSUSE 11.0 This update of tomcat fixes a cross-site-scripting vulnerabilitiy in the host-manager. (CVE-2008-1947) tomcat6-6.0.16-6.2.noarch.rpm tomcat6-admin-webapps-6.0.16-6.2.noarch.rpm tomcat6-docs-webapp-6.0.16-6.2.noarch.rpm tomcat6-javadoc-6.0.16-6.2.noarch.rpm tomcat6-jsp-2_1-api-6.0.16-6.2.noarch.rpm tomcat6-lib-6.0.16-6.2.noarch.rpm tomcat6-servlet-2_5-api-6.0.16-6.2.noarch.rpm tomcat6-webapps-6.0.16-6.2.noarch.rpm freetype2 openSUSE 11.0 This update of freetype2 fixes several potential vulnerabilities reported by iDefense. freetype2-2.3.5-62.2.i586.rpm freetype2-2.3.5-62.2.ppc.rpm freetype2-2.3.5-62.2.x86_64.rpm freetype2-32bit-2.3.5-62.2.x86_64.rpm freetype2-64bit-2.3.5-62.2.ppc.rpm freetype2-devel-2.3.5-62.2.i586.rpm freetype2-devel-2.3.5-62.2.ppc.rpm freetype2-devel-2.3.5-62.2.x86_64.rpm freetype2-devel-32bit-2.3.5-62.2.x86_64.rpm vsftpd openSUSE 11.0 There were some issues with simultaneous ftp put of the same file name that lead to a corrupted file on the server. Also vsftpd died when there was no free data port available instead of retrying. Both issues are fixed. vsftpd-2.0.6-25.2.i586.rpm vsftpd-2.0.6-25.2.ppc.rpm vsftpd-2.0.6-25.2.x86_64.rpm nspluginwrapper openSUSE 11.0 This update fixes: - Focus problems in Adobe Reader 8 in openSUSE 11.0: https://bugzilla.novell.com/show_bug.cgi?id=353503 - Latest Flash Player wrapping in openSUSE 10.3: https://bugzilla.novell.com/show_bug.cgi?id=350752 - Broken plugin wrapping from root's home: https://bugzilla.novell.com/show_bug.cgi?id=384367 - False error messages in openSUSE 11.0: https://bugzilla.novell.com/show_bug.cgi?id=400194 - Plugin cache rebuild in openSUSE 10.3: https://bugzilla.novell.com/show_bug.cgi?id=304963 (it is only a partial fix, uninstall dragonegg as a work-around) nspluginwrapper-0.9.91.5.99.20071225-22.2.i586.rpm nspluginwrapper-0.9.91.5.99.20071225-22.2.ppc.rpm nspluginwrapper-0.9.91.5.99.20071225-22.2.x86_64.rpm storage-fixup openSUSE 11.0 This patch adds the "storage-fixup" package, which was not on the 11.0 media. The storage-fixup package fixes problems caused by wrong BIOS or hard drive firmware default settings on some machines, which lead to very frequent head unload actions and might cause unnecessary wear on the hard drive mechanics. storage-fixup-0.2-0.1.noarch.rpm storage-fixup-0.2-0.1.noarch.rpm storage-fixup-0.2-0.1.noarch.rpm MozillaFirefox openSUSE 11.0 This patch updates Mozilla Firefox to the final 3.0 version. The dependend libraries mozilla-xulrunner190, mozilla-nspr and mozilla-nss were also brought to their release version. MozillaFirefox-3.0-0.2.i586.rpm MozillaFirefox-3.0-0.2.ppc.rpm MozillaFirefox-3.0-0.2.x86_64.rpm MozillaFirefox-translations-3.0-0.2.i586.rpm MozillaFirefox-translations-3.0-0.2.ppc.rpm MozillaFirefox-translations-3.0-0.2.x86_64.rpm mozilla-nspr-4.7.1-18.2.i586.rpm mozilla-nspr-4.7.1-18.2.ppc.rpm mozilla-nspr-4.7.1-18.2.x86_64.rpm mozilla-nspr-32bit-4.7.1-18.2.x86_64.rpm mozilla-nspr-64bit-4.7.1-18.2.ppc.rpm mozilla-nspr-devel-4.7.1-18.2.i586.rpm mozilla-nspr-devel-4.7.1-18.2.ppc.rpm mozilla-nspr-devel-4.7.1-18.2.x86_64.rpm mozilla-nss-3.12.0-23.2.i586.rpm mozilla-nss-3.12.0-23.2.ppc.rpm mozilla-nss-3.12.0-23.2.x86_64.rpm mozilla-nss-32bit-3.12.0-23.2.x86_64.rpm mozilla-nss-64bit-3.12.0-23.2.ppc.rpm mozilla-nss-devel-3.12.0-23.2.i586.rpm mozilla-nss-devel-3.12.0-23.2.ppc.rpm mozilla-nss-devel-3.12.0-23.2.x86_64.rpm mozilla-nss-tools-3.12.0-23.2.i586.rpm mozilla-nss-tools-3.12.0-23.2.ppc.rpm mozilla-nss-tools-3.12.0-23.2.x86_64.rpm mozilla-xulrunner190-1.9.0-0.2.i586.rpm mozilla-xulrunner190-1.9.0-0.2.ppc.rpm mozilla-xulrunner190-1.9.0-0.2.x86_64.rpm mozilla-xulrunner190-32bit-1.9.0-0.2.x86_64.rpm mozilla-xulrunner190-64bit-1.9.0-0.2.ppc.rpm mozilla-xulrunner190-devel-1.9.0-0.2.i586.rpm mozilla-xulrunner190-devel-1.9.0-0.2.ppc.rpm mozilla-xulrunner190-devel-1.9.0-0.2.x86_64.rpm mozilla-xulrunner190-gnomevfs-1.9.0-0.2.i586.rpm mozilla-xulrunner190-gnomevfs-1.9.0-0.2.ppc.rpm mozilla-xulrunner190-gnomevfs-1.9.0-0.2.x86_64.rpm mozilla-xulrunner190-gnomevfs-32bit-1.9.0-0.2.x86_64.rpm mozilla-xulrunner190-gnomevfs-64bit-1.9.0-0.2.ppc.rpm mozilla-xulrunner190-translations-1.9.0-0.2.i586.rpm mozilla-xulrunner190-translations-1.9.0-0.2.ppc.rpm mozilla-xulrunner190-translations-1.9.0-0.2.x86_64.rpm mozilla-xulrunner190-translations-32bit-1.9.0-0.2.x86_64.rpm mozilla-xulrunner190-translations-64bit-1.9.0-0.2.ppc.rpm geronimo openSUSE 11.0 The geronimo start fails with java.lang.NoClassDefFoundError: org/apache/geronimo/system/main/Daemon exception. geronimo-1.1-236.2.noarch.rpm geronimo-jetty-servlet-container-1.1-236.2.noarch.rpm geronimo-tomcat-servlet-container-1.1-236.2.noarch.rpm libpoppler-devel openSUSE 11.0 This update fixes an code execution bug. (CVE-2008-2950) libpoppler-devel-0.8.2-1.2.i586.rpm libpoppler-devel-0.8.2-1.2.ppc.rpm libpoppler-devel-0.8.2-1.2.x86_64.rpm libpoppler-doc-0.8.2-1.2.i586.rpm libpoppler-glib-devel-0.8.2-1.2.i586.rpm libpoppler-glib3-0.8.2-1.2.i586.rpm libpoppler-glib3-0.8.2-1.2.ppc.rpm libpoppler-glib3-0.8.2-1.2.x86_64.rpm libpoppler-qt2-0.8.2-1.2.i586.rpm libpoppler-qt2-0.8.2-1.2.ppc.rpm libpoppler-qt2-0.8.2-1.2.x86_64.rpm libpoppler-qt3-devel-0.8.2-1.2.i586.rpm libpoppler-qt4-3-0.8.2-1.2.i586.rpm libpoppler-qt4-3-0.8.2-1.2.ppc.rpm libpoppler-qt4-3-0.8.2-1.2.x86_64.rpm libpoppler-qt4-devel-0.8.2-1.2.i586.rpm libpoppler3-0.8.2-1.2.i586.rpm libpoppler3-0.8.2-1.2.ppc.rpm libpoppler3-0.8.2-1.2.x86_64.rpm poppler-tools-0.8.2-1.2.i586.rpm poppler-tools-0.8.2-1.2.ppc.rpm poppler-tools-0.8.2-1.2.x86_64.rpm boost openSUSE 11.0 The boost libraries were compiled without -DNDEBUG and thus with asserts not deactivated, which might lead to program abortion. This update provides libraries compiled with -DNDEBUG. boost-1.34.1-42.4.i586.rpm boost-1.34.1-42.4.ppc.rpm boost-1.34.1-42.4.x86_64.rpm boost-64bit-1.34.1-42.4.ppc.rpm boost-devel-1.34.1-42.4.i586.rpm boost-devel-1.34.1-42.4.ppc.rpm boost-devel-1.34.1-42.4.x86_64.rpm boost-devel-64bit-1.34.1-42.4.ppc.rpm boost-doc-1.34.1-42.4.i586.rpm boost-doc-1.34.1-42.4.ppc.rpm boost-doc-1.34.1-42.4.x86_64.rpm yast2-qt-pkg openSUSE 11.0 After leaving the package selection, yast crashes because /etc/zypp/locks can't be opened for writing. yast2-qt-pkg-2.16.47-0.2.i586.rpm yast2-qt-pkg-2.16.47-0.2.ppc.rpm yast2-qt-pkg-2.16.47-0.2.x86_64.rpm licq openSUSE 11.0 Licq clients could no longer log in to the ICQ network due to a server change at July 1st 2008 licq-1.3.5.2-19.2.i586.rpm licq-1.3.5.2-19.2.ppc.rpm licq-1.3.5.2-19.2.x86_64.rpm licq-devel-1.3.5.2-19.2.i586.rpm licq-qt4-gui-1.3.5.2-19.2.i586.rpm yast2-gtk openSUSE 11.0 Solves crash when configuring network printer, issue resolving conflicts in package summary view and some small UI bugs. yast2-gtk-2.16.14-1.1.i586.rpm yast2-gtk-2.16.14-1.1.ppc.rpm yast2-gtk-2.16.14-1.1.x86_64.rpm xorg-x11 openSUSE 11.0 Apparently keyboard settings from $HOME/.Xmodmap are ignored. This update fixes this issue. xorg-x11-7.3-96.2.i586.rpm xorg-x11-7.3-96.2.ppc.rpm xorg-x11-7.3-96.2.x86_64.rpm mercurial openSUSE 11.0 This update of mercurial improves the input validation. Prior to this patch it was possible to touch files as root. (CVE-2008-2942) mercurial-1.0-30.2.i586.rpm mercurial-1.0-30.2.ppc.rpm mercurial-1.0-30.2.x86_64.rpm kernel openSUSE 11.0 The openSUSE 11.0 kernel was updated to 2.6.25.9. It fixes two security problems: CVE-2008-2372: A resource starvation issue within mmap was fixed, which could have been used by local attackers to hang the machine. CVE-2008-2826: A integer overflow in SCTP was fixed, which might have been used by remote attackers to crash the machine or potentially execute code. The update also has lots of other bugfixes that are listed in the RPM changelog. kernel-debug-2.6.25.9-0.2.i586.rpm 1 kernel-debug-2.6.25.9-0.2.x86_64.rpm 1 kernel-default-2.6.25.9-0.2.i586.rpm 1 kernel-default-2.6.25.9-0.2.ppc.rpm 1 kernel-default-2.6.25.9-0.2.x86_64.rpm 1 kernel-docs-2.6.25.9-0.2.noarch.rpm 1 kernel-pae-2.6.25.9-0.2.i586.rpm 1 kernel-rt-2.6.25.9-0.2.i586.rpm 1 kernel-rt-2.6.25.9-0.2.x86_64.rpm 1 kernel-source-2.6.25.9-0.2.i586.rpm 1 kernel-source-2.6.25.9-0.2.ppc.rpm 1 kernel-source-2.6.25.9-0.2.x86_64.rpm 1 kernel-syms-2.6.25.9-0.2.i586.rpm 1 kernel-syms-2.6.25.9-0.2.ppc.rpm 1 kernel-syms-2.6.25.9-0.2.x86_64.rpm 1 kernel-vanilla-2.6.25.9-0.2.i586.rpm 1 kernel-vanilla-2.6.25.9-0.2.ppc.rpm 1 kernel-vanilla-2.6.25.9-0.2.x86_64.rpm 1 kernel-xen-2.6.25.9-0.2.i586.rpm 1 kernel-xen-2.6.25.9-0.2.x86_64.rpm 1 glib2 openSUSE 11.0 This fixes a threading race condition in GObject class initialization. The symptoms included crashes in GtkFileChooser when used in Firefox. glib2-2.16.3-20.2.i586.rpm glib2-2.16.3-20.2.ppc.rpm glib2-2.16.3-20.2.x86_64.rpm glib2-branding-upstream-2.16.3-20.2.i586.rpm glib2-devel-2.16.3-20.2.i586.rpm glib2-devel-2.16.3-20.2.ppc.rpm glib2-devel-2.16.3-20.2.x86_64.rpm glib2-devel-64bit-2.16.3-20.2.ppc.rpm glib2-doc-2.16.3-20.2.i586.rpm glib2-doc-2.16.3-20.2.ppc.rpm glib2-doc-2.16.3-20.2.x86_64.rpm glib2-lang-2.16.3-20.2.i586.rpm glib2-lang-2.16.3-20.2.ppc.rpm glib2-lang-2.16.3-20.2.x86_64.rpm libgio-2_0-0-2.16.3-20.2.i586.rpm libgio-2_0-0-2.16.3-20.2.ppc.rpm libgio-2_0-0-2.16.3-20.2.x86_64.rpm libgio-2_0-0-32bit-2.16.3-20.2.x86_64.rpm libgio-2_0-0-64bit-2.16.3-20.2.ppc.rpm libgio-fam-2.16.3-20.2.i586.rpm libgio-fam-2.16.3-20.2.ppc.rpm libgio-fam-2.16.3-20.2.x86_64.rpm libglib-2_0-0-2.16.3-20.2.i586.rpm libglib-2_0-0-2.16.3-20.2.ppc.rpm libglib-2_0-0-2.16.3-20.2.x86_64.rpm libglib-2_0-0-32bit-2.16.3-20.2.x86_64.rpm libglib-2_0-0-64bit-2.16.3-20.2.ppc.rpm libgmodule-2_0-0-2.16.3-20.2.i586.rpm libgmodule-2_0-0-2.16.3-20.2.ppc.rpm libgmodule-2_0-0-2.16.3-20.2.x86_64.rpm libgmodule-2_0-0-32bit-2.16.3-20.2.x86_64.rpm libgmodule-2_0-0-64bit-2.16.3-20.2.ppc.rpm libgobject-2_0-0-2.16.3-20.2.i586.rpm libgobject-2_0-0-2.16.3-20.2.ppc.rpm libgobject-2_0-0-2.16.3-20.2.x86_64.rpm libgobject-2_0-0-32bit-2.16.3-20.2.x86_64.rpm libgobject-2_0-0-64bit-2.16.3-20.2.ppc.rpm libgthread-2_0-0-2.16.3-20.2.i586.rpm libgthread-2_0-0-2.16.3-20.2.ppc.rpm libgthread-2_0-0-2.16.3-20.2.x86_64.rpm libgthread-2_0-0-32bit-2.16.3-20.2.x86_64.rpm libgthread-2_0-0-64bit-2.16.3-20.2.ppc.rpm xorg-x11-fonts openSUSE 11.0 This patch fixes the font rendering, which occurs in some legacy applications (also 3rd party) like qiv. xorg-x11-fonts-7.3-70.2.noarch.rpm xorg-x11-fonts-core-7.3-70.2.noarch.rpm xorg-x11-Xvnc openSUSE 11.0 This patch fixes an X server crash when wacom driver is in use. xorg-x11-Xvnc-7.3-110.4.i586.rpm xorg-x11-Xvnc-7.3-110.4.ppc.rpm xorg-x11-Xvnc-7.3-110.4.x86_64.rpm xorg-x11-server-7.3-110.4.i586.rpm xorg-x11-server-7.3-110.4.ppc.rpm xorg-x11-server-7.3-110.4.x86_64.rpm xorg-x11-server-extra-7.3-110.4.i586.rpm xorg-x11-server-extra-7.3-110.4.ppc.rpm xorg-x11-server-extra-7.3-110.4.x86_64.rpm xorg-x11-server-sdk-7.3-110.4.i586.rpm xorg-x11-server-sdk-7.3-110.4.ppc.rpm xorg-x11-server-sdk-7.3-110.4.x86_64.rpm bind openSUSE 11.0 The transaction id and the UDP source port used for DNS queries by the bind nameserver were predicatable. Attackers could potentially exploit that weakness to manipulate the DNS cache ("DNS cache poisoning", CVE-2008-1447). bind-9.4.2-39.2.i586.rpm bind-9.4.2-39.2.ppc.rpm bind-9.4.2-39.2.x86_64.rpm bind-chrootenv-9.4.2-39.2.i586.rpm bind-chrootenv-9.4.2-39.2.ppc.rpm bind-chrootenv-9.4.2-39.2.x86_64.rpm bind-devel-9.4.2-39.2.i586.rpm bind-devel-9.4.2-39.2.ppc.rpm bind-devel-9.4.2-39.2.x86_64.rpm bind-devel-64bit-9.4.2-39.2.ppc.rpm bind-doc-9.4.2-39.2.i586.rpm bind-doc-9.4.2-39.2.ppc.rpm bind-doc-9.4.2-39.2.x86_64.rpm bind-libs-9.4.2-39.2.i586.rpm bind-libs-9.4.2-39.2.ppc.rpm bind-libs-9.4.2-39.2.x86_64.rpm bind-libs-32bit-9.4.2-39.2.x86_64.rpm bind-libs-64bit-9.4.2-39.2.ppc.rpm bind-utils-9.4.2-39.2.i586.rpm bind-utils-9.4.2-39.2.ppc.rpm bind-utils-9.4.2-39.2.x86_64.rpm clamav openSUSE 11.0 This update brings clamav to version 0.93.3. It lists CVE-2008-2713 as fixed, but this was fixed in 0.93.1 already, but not mentioned. The update contains stability and bugfixes. clamav-0.93.3-0.1.i586.rpm clamav-0.93.3-0.1.ppc.rpm clamav-0.93.3-0.1.x86_64.rpm clamav-db-0.93.3-0.1.i586.rpm clamav-db-0.93.3-0.1.ppc.rpm clamav-db-0.93.3-0.1.x86_64.rpm inn openSUSE 11.0 Version 5.10.0 of perl changed the perl_call_argv function, making the inn daemon crash. This update fixes the bug. inn-2.4.2-164.2.i586.rpm inn-2.4.2-164.2.ppc.rpm inn-2.4.2-164.2.x86_64.rpm inn-devel-2.4.2-164.2.i586.rpm inn-devel-2.4.2-164.2.ppc.rpm inn-devel-2.4.2-164.2.x86_64.rpm mininews-2.4.2-164.2.i586.rpm mininews-2.4.2-164.2.ppc.rpm mininews-2.4.2-164.2.x86_64.rpm mrtg openSUSE 11.0 Trying to use cfgmaker and similar tools ends with a perl error. mrtg-2.16.1-13.2.i586.rpm mrtg-2.16.1-13.2.ppc.rpm mrtg-2.16.1-13.2.x86_64.rpm libxcrypt openSUSE 11.0 libxcrypt accidently used the DES-Algorithm if MD5 was selected as password hash algorithm (CVE-2008-3188). libxcrypt-3.0-14.2.i586.rpm libxcrypt-3.0-14.2.ppc.rpm libxcrypt-3.0-14.2.x86_64.rpm libxcrypt-32bit-3.0-14.2.x86_64.rpm libxcrypt-64bit-3.0-14.2.ppc.rpm libxcrypt-devel-3.0-14.2.i586.rpm libxcrypt-devel-3.0-14.2.ppc.rpm libxcrypt-devel-3.0-14.2.x86_64.rpm libqt4 openSUSE 11.0 This update fixes the following issues: - postgresql support for postgresql 8.3 (bnc#403385) - input methods not working in KDE4 after login from kdm4 (bnc#398526) libqt4-4.4.0-12.2.i586.rpm libqt4-4.4.0-12.2.ppc.rpm libqt4-4.4.0-12.2.x86_64.rpm libqt4-32bit-4.4.0-12.2.x86_64.rpm libqt4-64bit-4.4.0-12.2.ppc.rpm libqt4-devel-4.4.0-12.2.i586.rpm libqt4-devel-4.4.0-12.2.ppc.rpm libqt4-devel-4.4.0-12.2.x86_64.rpm libqt4-qt3support-4.4.0-12.2.i586.rpm libqt4-qt3support-4.4.0-12.2.ppc.rpm libqt4-qt3support-4.4.0-12.2.x86_64.rpm libqt4-qt3support-32bit-4.4.0-12.2.x86_64.rpm libqt4-qt3support-64bit-4.4.0-12.2.ppc.rpm libqt4-sql-4.4.0-12.2.i586.rpm libqt4-sql-4.4.0-12.2.ppc.rpm libqt4-sql-4.4.0-12.2.x86_64.rpm libqt4-sql-32bit-4.4.0-12.2.x86_64.rpm libqt4-sql-64bit-4.4.0-12.2.ppc.rpm libqt4-sql-postgresql-4.4.0-5.2.i586.rpm libqt4-sql-postgresql-4.4.0-5.2.ppc.rpm libqt4-sql-postgresql-4.4.0-5.2.x86_64.rpm libqt4-sql-sqlite-4.4.0-12.2.i586.rpm libqt4-sql-sqlite-4.4.0-12.2.ppc.rpm libqt4-sql-sqlite-4.4.0-12.2.x86_64.rpm libqt4-x11-4.4.0-12.2.i586.rpm libqt4-x11-4.4.0-12.2.ppc.rpm libqt4-x11-4.4.0-12.2.x86_64.rpm libqt4-x11-32bit-4.4.0-12.2.x86_64.rpm libqt4-x11-64bit-4.4.0-12.2.ppc.rpm KDE4-fixes-2 openSUSE 11.0 This update fixes the following issues: - openSUSE packages identify themselves as "compiled from sources" in bugreports - ftp:/ protocol handler might overwrite files during rename (bnc#399296) - nsplugin support not automatically installed if available when manually installing kde4-konqueror - flash support not working in kde4-konqueror (bnc#398823) - fix potential kwin crash on closing a window - fix kwin crash when cancelling the application kill helper - fix screen blanker not appearing or not shutting down DPMS (bnc#401351) - fix plasma crash on removing news plasmoid (#bnc396497) kde4-dolphin-4.0.4-18.2.i586.rpm kde4-dolphin-4.0.4-18.2.ppc.rpm kde4-dolphin-4.0.4-18.2.x86_64.rpm kde4-kdepasswd-4.0.4-18.2.i586.rpm kde4-kdepasswd-4.0.4-18.2.ppc.rpm kde4-kdepasswd-4.0.4-18.2.x86_64.rpm kde4-kdialog-4.0.4-18.2.i586.rpm kde4-kdialog-4.0.4-18.2.ppc.rpm kde4-kdialog-4.0.4-18.2.x86_64.rpm kde4-kdm-4.0.4-24.4.i586.rpm kde4-kdm-4.0.4-24.4.ppc.rpm kde4-kdm-4.0.4-24.4.x86_64.rpm kde4-kdm-branding-upstream-4.0.4-24.4.i586.rpm kde4-keditbookmarks-4.0.4-18.2.i586.rpm kde4-keditbookmarks-4.0.4-18.2.ppc.rpm kde4-keditbookmarks-4.0.4-18.2.x86_64.rpm kde4-kfind-4.0.4-18.2.i586.rpm kde4-kfind-4.0.4-18.2.ppc.rpm kde4-kfind-4.0.4-18.2.x86_64.rpm kde4-kinfocenter-4.0.4-18.2.i586.rpm kde4-konqueror-4.0.4-18.2.i586.rpm kde4-konqueror-4.0.4-18.2.ppc.rpm kde4-konqueror-4.0.4-18.2.x86_64.rpm kde4-konsole-4.0.4-18.2.i586.rpm kde4-konsole-4.0.4-18.2.ppc.rpm kde4-konsole-4.0.4-18.2.x86_64.rpm kde4-kwin-4.0.4-24.4.i586.rpm kde4-kwin-4.0.4-24.4.ppc.rpm kde4-kwin-4.0.4-24.4.x86_64.rpm kde4-kwrite-4.0.4-18.2.i586.rpm kde4-kwrite-4.0.4-18.2.ppc.rpm kde4-kwrite-4.0.4-18.2.x86_64.rpm kdebase4-4.0.4-18.2.i586.rpm kdebase4-4.0.4-18.2.ppc.rpm kdebase4-4.0.4-18.2.x86_64.rpm kdebase4-libkonq-4.0.4-18.2.i586.rpm kdebase4-libkonq-4.0.4-18.2.ppc.rpm kdebase4-libkonq-4.0.4-18.2.x86_64.rpm kdebase4-nsplugin-4.0.4-18.2.i586.rpm kdebase4-nsplugin-4.0.4-18.2.ppc.rpm kdebase4-nsplugin-4.0.4-18.2.x86_64.rpm kdebase4-workspace-4.0.4-24.4.i586.rpm kdebase4-workspace-4.0.4-24.4.ppc.rpm kdebase4-workspace-4.0.4-24.4.x86_64.rpm kdebase4-workspace-branding-upstream-4.0.4-24.4.i586.rpm kdebase4-workspace-devel-4.0.4-24.4.i586.rpm kdebase4-workspace-devel-4.0.4-24.4.ppc.rpm kdebase4-workspace-devel-4.0.4-24.4.x86_64.rpm kdebase4-workspace-ksysguardd-4.0.4-24.4.i586.rpm kdebase4-workspace-ksysguardd-4.0.4-24.4.ppc.rpm kdebase4-workspace-ksysguardd-4.0.4-24.4.x86_64.rpm kdebase4-workspace-plasmoids-4.0.1-71.2.i586.rpm kdebase4-workspace-plasmoids-4.0.1-71.2.ppc.rpm kdebase4-workspace-plasmoids-4.0.1-71.2.x86_64.rpm kdelibs4-4.0.4-15.2.i586.rpm kdelibs4-4.0.4-15.2.ppc.rpm kdelibs4-4.0.4-15.2.x86_64.rpm kdelibs4-core-4.0.4-15.2.i586.rpm kdelibs4-core-4.0.4-15.2.ppc.rpm kdelibs4-core-4.0.4-15.2.x86_64.rpm kdelibs4-doc-4.0.4-15.2.i586.rpm kdelibs4-doc-4.0.4-15.2.ppc.rpm kdelibs4-doc-4.0.4-15.2.x86_64.rpm libkde4-4.0.4-15.2.i586.rpm libkde4-4.0.4-15.2.ppc.rpm libkde4-4.0.4-15.2.x86_64.rpm libkde4-32bit-4.0.4-15.2.x86_64.rpm libkde4-64bit-4.0.4-15.2.ppc.rpm libkde4-devel-4.0.4-15.2.i586.rpm libkde4-devel-4.0.4-15.2.ppc.rpm libkde4-devel-4.0.4-15.2.x86_64.rpm libkdecore4-4.0.4-15.2.i586.rpm libkdecore4-4.0.4-15.2.ppc.rpm libkdecore4-4.0.4-15.2.x86_64.rpm libkdecore4-32bit-4.0.4-15.2.x86_64.rpm libkdecore4-64bit-4.0.4-15.2.ppc.rpm libkdecore4-devel-4.0.4-15.2.i586.rpm libkdecore4-devel-4.0.4-15.2.ppc.rpm libkdecore4-devel-4.0.4-15.2.x86_64.rpm libkonq4-4.0.4-18.2.i586.rpm libkonq4-4.0.4-18.2.ppc.rpm libkonq4-4.0.4-18.2.x86_64.rpm libkonq4-32bit-4.0.4-18.2.x86_64.rpm libkonq4-64bit-4.0.4-18.2.ppc.rpm libkonq4-devel-4.0.4-18.2.i586.rpm libkonq4-devel-4.0.4-18.2.ppc.rpm libkonq4-devel-4.0.4-18.2.x86_64.rpm acpid openSUSE 11.0 Bluetooth is disabled by default. However, even hitting the hotkey combination FN-F5 (default for most ThinkPads) does not activate it. This patch fixes this. acpid-1.0.6-63.2.i586.rpm acpid-1.0.6-63.2.x86_64.rpm yast2-add-on-creator openSUSE 11.0 When reading saved configuration, YaST Add-On Creator did not read all saved values from the content file (e.g. ARCH). yast2-add-on-creator-2.16.13-0.1.noarch.rpm libvirt openSUSE 11.0 I have again updated my system with "zypper dup" and rebooted the server. I am running now with the kernel-xen version uname -a Linux server 2.6.25.5-1.1-xen #1 SMP 2008-06-07 01:55:22 +0200 x86_64 x86_64 x86_64 GNU/Linux I begin the process to create a Xen guest with "xm create" xm create -c /home/test/xen/os11.cfg Then I make a connect to the server with VNC screen and launch the "Virtual Machine Manager" to see the Guest Console. But now not as before the program starts quickly and then stops then. I see for only a moment the GUI of the Virtual Machine Manager. The output in the /var/log/messages System log shows me Jun 10 07:17:55 server kernel: /usr/share/virt[4156] trap divide error ip:7f326840a5ac sp:7fff7d135c70 error:0 in libvirt.so.0.4.0[7f32683e9000+5e000] Jun 10 07:18:09 server gconfd (root-4147): GConf server is not in use, shutting down. Jun 10 07:18:09 server gconfd (root-4147): Exiting I can repeat this problem each time. In this way the Virtual Machine Manager can not be used at all. libvirt-0.4.0-59.2.i586.rpm libvirt-0.4.0-59.2.x86_64.rpm libvirt-devel-0.4.0-59.2.i586.rpm libvirt-devel-0.4.0-59.2.x86_64.rpm libvirt-doc-0.4.0-59.2.i586.rpm libvirt-doc-0.4.0-59.2.x86_64.rpm libvirt-python-0.4.0-59.2.i586.rpm libvirt-python-0.4.0-59.2.x86_64.rpm imap openSUSE 11.0 Insufficient buffer length checks in the imap client library may crash applications that use the library to print formatted email addresses. The imap daemon itself is not affected but certain versions of e.g. the php imap module are (CVE-2008-5514). The client library could also crash when a rogue server unexpectedly closes the connection (CVE-2008-5006). imap-2006c1_suse-100.3.i586.rpm imap-2006c1_suse-100.3.ppc.rpm imap-2006c1_suse-100.3.x86_64.rpm imap-devel-2006c1_suse-100.3.i586.rpm imap-devel-2006c1_suse-100.3.ppc.rpm imap-devel-2006c1_suse-100.3.x86_64.rpm imap-lib-2006c1_suse-100.3.i586.rpm imap-lib-2006c1_suse-100.3.ppc.rpm imap-lib-2006c1_suse-100.3.x86_64.rpm strongswan openSUSE 11.0 This update provides a fix that explicitly enables version 1 linux kernel capabilities on version 2 systems, so the charon and pluto daemons don't exit because of failed try to set capabilities. strongswan-4.2.1-11.2.i586.rpm strongswan-doc-4.2.1-11.2.i586.rpm drbd openSUSE 11.0 The drbd kernel module failed to load and activate with recent kernel versions due to a kernel interface change. This update also fixes online resizing, DRBD/LVM/Xen interaction, and several additional bugs. drbd-8.2.6-0.1.i586.rpm drbd-8.2.6-0.1.ppc.rpm drbd-8.2.6-0.1.x86_64.rpm drbd-kmp-debug-8.2.6_2.6.25.9_0.2-0.1.i586.rpm drbd-kmp-debug-8.2.6_2.6.25.9_0.2-0.1.x86_64.rpm drbd-kmp-default-8.2.6_2.6.25.9_0.2-0.1.i586.rpm drbd-kmp-default-8.2.6_2.6.25.9_0.2-0.1.ppc.rpm drbd-kmp-default-8.2.6_2.6.25.9_0.2-0.1.x86_64.rpm drbd-kmp-pae-8.2.6_2.6.25.9_0.2-0.1.i586.rpm drbd-kmp-ppc64-8.2.6_2.6.25.9_0.2-0.1.ppc.rpm drbd-kmp-xen-8.2.6_2.6.25.9_0.2-0.1.i586.rpm drbd-kmp-xen-8.2.6_2.6.25.9_0.2-0.1.x86_64.rpm procinfo openSUSE 11.0 The update mode of procinfo fails to determine correct differences on systems without running timer IRQ. procinfo-18-170.2.i586.rpm procinfo-18-170.2.ppc.rpm procinfo-18-170.2.x86_64.rpm xorg-x11-Xvnc openSUSE 11.0 This update fixes intel driver crashes and other related issues by switching to EXA as acceleration method and greedy as MigrationHeuristic. xorg-x11-Xvnc-7.3-110.7.i586.rpm xorg-x11-Xvnc-7.3-110.7.ppc.rpm xorg-x11-Xvnc-7.3-110.7.x86_64.rpm xorg-x11-driver-video-7.3-138.3.i586.rpm xorg-x11-driver-video-7.3-138.3.ppc.rpm xorg-x11-driver-video-7.3-138.3.x86_64.rpm xorg-x11-driver-video-32bit-7.3-138.3.x86_64.rpm xorg-x11-driver-video-64bit-7.3-138.3.ppc.rpm xorg-x11-server-7.3-110.7.i586.rpm xorg-x11-server-7.3-110.7.ppc.rpm xorg-x11-server-7.3-110.7.x86_64.rpm xorg-x11-server-extra-7.3-110.7.i586.rpm xorg-x11-server-extra-7.3-110.7.ppc.rpm xorg-x11-server-extra-7.3-110.7.x86_64.rpm xorg-x11-server-sdk-7.3-110.7.i586.rpm xorg-x11-server-sdk-7.3-110.7.ppc.rpm xorg-x11-server-sdk-7.3-110.7.x86_64.rpm libpoppler-devel openSUSE 11.0 This patch fixes crash of claws-mail, evince, koffice, okular and others on PDF documents that use QuadPoints objects in annotations. libpoppler-devel-0.8.2-1.3.i586.rpm libpoppler-devel-0.8.2-1.3.ppc.rpm libpoppler-devel-0.8.2-1.3.x86_64.rpm libpoppler-doc-0.8.2-1.3.i586.rpm libpoppler-glib-devel-0.8.2-1.3.i586.rpm libpoppler-glib3-0.8.2-1.3.i586.rpm libpoppler-glib3-0.8.2-1.3.ppc.rpm libpoppler-glib3-0.8.2-1.3.x86_64.rpm libpoppler-qt2-0.8.2-1.3.i586.rpm libpoppler-qt2-0.8.2-1.3.ppc.rpm libpoppler-qt2-0.8.2-1.3.x86_64.rpm libpoppler-qt3-devel-0.8.2-1.3.i586.rpm libpoppler-qt4-3-0.8.2-1.3.i586.rpm libpoppler-qt4-3-0.8.2-1.3.ppc.rpm libpoppler-qt4-3-0.8.2-1.3.x86_64.rpm libpoppler-qt4-devel-0.8.2-1.3.i586.rpm libpoppler3-0.8.2-1.3.i586.rpm libpoppler3-0.8.2-1.3.ppc.rpm libpoppler3-0.8.2-1.3.x86_64.rpm poppler-tools-0.8.2-1.3.i586.rpm poppler-tools-0.8.2-1.3.ppc.rpm poppler-tools-0.8.2-1.3.x86_64.rpm SuSEfirewall2 openSUSE 11.0 SuSEfirewall2 was updated to fix following bugs: - some configuration options didn't allow to specify an empty protocol which made it impossible to properly configure e.g. the use of nf_conntrack_ftp - handling of certain ICMPv6 packages was broken which could cause e.g. hanging ssh connections SuSEfirewall2-3.6_SVNr195-9.2.noarch.rpm smart openSUSE 11.0 This update fixes the default channel configuration to match openSUSE 11.0. smart-0.52-90.2.i586.rpm smart-0.52-90.2.ppc.rpm smart-0.52-90.2.x86_64.rpm smart-gui-0.52-90.2.i586.rpm smart-gui-0.52-90.2.ppc.rpm smart-gui-0.52-90.2.x86_64.rpm smart-ksmarttray-0.52-90.2.i586.rpm smart-ksmarttray-0.52-90.2.ppc.rpm smart-ksmarttray-0.52-90.2.x86_64.rpm x11-input-wacom openSUSE 11.0 This update fixes problems with command 'xsetwacom list'. x11-input-wacom-0.7.9-50.2.i586.rpm x11-input-wacom-0.7.9-50.2.ppc.rpm x11-input-wacom-0.7.9-50.2.x86_64.rpm x11-input-wacom-devel-0.7.9-50.2.i586.rpm x11-input-wacom-devel-0.7.9-50.2.ppc.rpm x11-input-wacom-devel-0.7.9-50.2.x86_64.rpm x11-input-wacom-tools-0.7.9-50.2.i586.rpm x11-input-wacom-tools-0.7.9-50.2.ppc.rpm x11-input-wacom-tools-0.7.9-50.2.x86_64.rpm kernel openSUSE 11.0 The openSUSE 11.0 kernel was updated to 2.6.25.11. It fixes following security problems: CVE-2008-2812: Various tty / serial devices did not check functionpointers for NULL before calling them, leading to potential crashes or code execution. The devices affected are usually only accessible by the root user though. CVE-2008-2750: The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable. No CVE yet: On x86_64 systems, a incorrect buffersize in LDT handling might lead to local untrusted attackers causing a crash of the machine or potentially execute code with kernel privileges. The update also has lots of other bugfixes that are listed in the RPM changelog. kernel-debug-2.6.25.11-0.1.i586.rpm 1 kernel-debug-2.6.25.11-0.1.x86_64.rpm 1 kernel-default-2.6.25.11-0.1.i586.rpm 1 kernel-default-2.6.25.11-0.1.ppc.rpm 1 kernel-default-2.6.25.11-0.1.x86_64.rpm 1 kernel-docs-2.6.25.11-0.1.noarch.rpm 1 kernel-pae-2.6.25.11-0.1.i586.rpm 1 kernel-rt-2.6.25.11-0.1.i586.rpm 1 kernel-rt-2.6.25.11-0.1.x86_64.rpm 1 kernel-source-2.6.25.11-0.1.i586.rpm 1 kernel-source-2.6.25.11-0.1.ppc.rpm 1 kernel-source-2.6.25.11-0.1.x86_64.rpm 1 kernel-syms-2.6.25.11-0.1.i586.rpm 1 kernel-syms-2.6.25.11-0.1.ppc.rpm 1 kernel-syms-2.6.25.11-0.1.x86_64.rpm 1 kernel-vanilla-2.6.25.11-0.1.i586.rpm 1 kernel-vanilla-2.6.25.11-0.1.ppc.rpm 1 kernel-vanilla-2.6.25.11-0.1.x86_64.rpm 1 kernel-xen-2.6.25.11-0.1.i586.rpm 1 kernel-xen-2.6.25.11-0.1.x86_64.rpm 1 desktop-data-openSUSE-extra-gnome openSUSE 11.0 Because of the default GNOME configuration, any GNOME application was setup to start esound daemon on demand, so when running an app as root (YAST), 2 incompatible daemons were run, which resulted in audio not working anymore for the user. These fixes in pulseaudio and gconf2-branding-openSUSE fix the issue by just autostarting pulseaudio the proper way. desktop-data-openSUSE-extra-gnome-11.0.1-22.2.noarch.rpm gconf2-branding-openSUSE-2.20-53.2.noarch.rpm libpulse-browse0-0.9.10-26.3.i586.rpm libpulse-browse0-0.9.10-26.3.ppc.rpm libpulse-browse0-0.9.10-26.3.x86_64.rpm libpulse-devel-0.9.10-26.3.i586.rpm libpulse-mainloop-glib0-0.9.10-26.3.i586.rpm libpulse-mainloop-glib0-0.9.10-26.3.ppc.rpm libpulse-mainloop-glib0-0.9.10-26.3.x86_64.rpm libpulse0-0.9.10-26.3.i586.rpm libpulse0-0.9.10-26.3.ppc.rpm libpulse0-0.9.10-26.3.x86_64.rpm libpulse0-32bit-0.9.10-26.3.x86_64.rpm libpulse0-64bit-0.9.10-26.3.ppc.rpm libpulsecore4-0.9.10-26.3.i586.rpm libpulsecore4-0.9.10-26.3.ppc.rpm libpulsecore4-0.9.10-26.3.x86_64.rpm pulseaudio-0.9.10-26.3.i586.rpm pulseaudio-0.9.10-26.3.ppc.rpm pulseaudio-0.9.10-26.3.x86_64.rpm pulseaudio-esound-compat-0.9.10-26.3.i586.rpm pulseaudio-esound-compat-0.9.10-26.3.ppc.rpm pulseaudio-esound-compat-0.9.10-26.3.x86_64.rpm pulseaudio-module-bluetooth-0.9.10-26.3.i586.rpm pulseaudio-module-bluetooth-0.9.10-26.3.ppc.rpm pulseaudio-module-bluetooth-0.9.10-26.3.x86_64.rpm pulseaudio-module-gconf-0.9.10-26.3.i586.rpm pulseaudio-module-gconf-0.9.10-26.3.ppc.rpm pulseaudio-module-gconf-0.9.10-26.3.x86_64.rpm pulseaudio-module-jack-0.9.10-26.3.i586.rpm pulseaudio-module-lirc-0.9.10-26.3.i586.rpm pulseaudio-module-lirc-0.9.10-26.3.ppc.rpm pulseaudio-module-lirc-0.9.10-26.3.x86_64.rpm pulseaudio-module-x11-0.9.10-26.3.i586.rpm pulseaudio-module-x11-0.9.10-26.3.ppc.rpm pulseaudio-module-x11-0.9.10-26.3.x86_64.rpm pulseaudio-module-zeroconf-0.9.10-26.3.i586.rpm pulseaudio-module-zeroconf-0.9.10-26.3.ppc.rpm pulseaudio-module-zeroconf-0.9.10-26.3.x86_64.rpm pulseaudio-utils-0.9.10-26.3.i586.rpm pulseaudio-utils-0.9.10-26.3.ppc.rpm pulseaudio-utils-0.9.10-26.3.x86_64.rpm flash-player openSUSE 11.0 An unspecified vulnerability in flash-player allowed attackers to take control of the victim's system by having the victim load a specially crafted SWF file (CVE-2008-5499). flash-player-9.0.152.0-0.1.i586.rpm acroread openSUSE 11.0 This update of acroread fixes an unknown error in a JavaScript method that can lead to remote code execution. (CVE-2008-2641) acroread-8.1.2_SU1-0.1.i586.rpm opera openSUSE 11.0 Opera 9.51 was released as security and bugfix update. Full details are on http://www.opera.com/docs/changelogs/linux/951/ CVE-2008-3078: Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image. opera-9.51-7.1.i586.rpm opera-9.51-7.1.ppc.rpm opera-9.51-7.1.x86_64.rpm libsnmp15 openSUSE 11.0 This security update fixes a denial of service vulnerability and an authentication bypass (CVE-2008-2292, CVE-2008-0960). libsnmp15-5.4.1-77.2.i586.rpm libsnmp15-5.4.1-77.2.ppc.rpm libsnmp15-5.4.1-77.2.x86_64.rpm net-snmp-5.4.1-77.2.i586.rpm net-snmp-5.4.1-77.2.ppc.rpm net-snmp-5.4.1-77.2.x86_64.rpm net-snmp-32bit-5.4.1-77.2.x86_64.rpm net-snmp-64bit-5.4.1-77.2.ppc.rpm net-snmp-devel-5.4.1-77.2.i586.rpm net-snmp-devel-5.4.1-77.2.ppc.rpm net-snmp-devel-5.4.1-77.2.x86_64.rpm net-snmp-devel-64bit-5.4.1-77.2.ppc.rpm perl-SNMP-5.4.1-77.2.i586.rpm perl-SNMP-5.4.1-77.2.ppc.rpm perl-SNMP-5.4.1-77.2.x86_64.rpm snmp-mibs-5.4.1-77.2.i586.rpm snmp-mibs-5.4.1-77.2.ppc.rpm snmp-mibs-5.4.1-77.2.x86_64.rpm viewvc openSUSE 11.0 This update of viewvc fixes multiple vulnerabilities. - CVE-2008-1290: list CVS or SVN commits on "all-forbidden" files - CVE-2008-1291: directly access hidden CVSROOT folders - CVE-2008-1292: expose restricted content via the revision view, the log history, or the diff view viewvc-1.0.5-29.1.i586.rpm viewvc-1.0.5-29.1.ppc.rpm viewvc-1.0.5-29.1.x86_64.rpm MozillaFirefox openSUSE 11.0 This update brings Mozilla Firefox to version 3.0.1. It fixes various bugs and also following security problems: MFSA 2008-34 / CVE-2008-2785: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla CSS reference counting code. The vulnerability was caused by an insufficiently sized variable being used as a reference counter for CSS objects. By creating a very large number of references to a common CSS object, this counter could be overflowed which could cause a crash when the browser attempts to free the CSS object while still in use. An attacker could use this crash to run arbitrary code on the victim's computer MFSA 2008-35 / CVE-2008-2933: Security researcher Billy Rios reported that if Firefox is not already running, passing it a command-line URI with pipe symbols will open multiple tabs. This URI splitting could be used to launch privileged chrome: URIs from the command-line, a partial bypass of the fix for MFSA 2005-53 which blocks external applications from loading such URIs. This vulnerability could also be used by an attacker to launch a file: URI from the command line opening a malicious local file which could exfiltrate data from the local filesystem. Combined with a vulnerability which allows an attacker to inject code into a chrome document, the above issue could be used to run arbitrary code on a victim's computer. Such a chrome injection vulnerability was reported by Mozilla developers Ben Turner and Dan Veditz who showed that a XUL based SSL error page was not properly sanitizing inputs and could be used to run arbitrary code with chrome privileges. MFSA 2008-36 / CVE-2008-2934: Apple Security Researcher Drew Yao reported a vulnerability in Mozilla graphics code which handles GIF rendering in Mac OS X. He demonstrated that a GIF file could be specially crafted to cause the browser to free an uninitialized pointer. An attacker could use this vulnerability to crash the browser and potentially execute arbitrary code on the victim's computer. MozillaFirefox-3.0.1-0.1.i586.rpm MozillaFirefox-3.0.1-0.1.ppc.rpm MozillaFirefox-3.0.1-0.1.x86_64.rpm MozillaFirefox-translations-3.0.1-0.1.i586.rpm MozillaFirefox-translations-3.0.1-0.1.ppc.rpm MozillaFirefox-translations-3.0.1-0.1.x86_64.rpm mozilla-xulrunner190-1.9.0.1-0.1.i586.rpm mozilla-xulrunner190-1.9.0.1-0.1.ppc.rpm mozilla-xulrunner190-1.9.0.1-0.1.x86_64.rpm mozilla-xulrunner190-32bit-1.9.0.1-0.1.x86_64.rpm mozilla-xulrunner190-64bit-1.9.0.1-0.1.ppc.rpm mozilla-xulrunner190-devel-1.9.0.1-0.1.i586.rpm mozilla-xulrunner190-devel-1.9.0.1-0.1.ppc.rpm mozilla-xulrunner190-devel-1.9.0.1-0.1.x86_64.rpm mozilla-xulrunner190-gnomevfs-1.9.0.1-0.1.i586.rpm mozilla-xulrunner190-gnomevfs-1.9.0.1-0.1.ppc.rpm mozilla-xulrunner190-gnomevfs-1.9.0.1-0.1.x86_64.rpm mozilla-xulrunner190-gnomevfs-32bit-1.9.0.1-0.1.x86_64.rpm mozilla-xulrunner190-gnomevfs-64bit-1.9.0.1-0.1.ppc.rpm mozilla-xulrunner190-translations-1.9.0.1-0.1.i586.rpm mozilla-xulrunner190-translations-1.9.0.1-0.1.ppc.rpm mozilla-xulrunner190-translations-1.9.0.1-0.1.x86_64.rpm mozilla-xulrunner190-translations-32bit-1.9.0.1-0.1.x86_64.rpm mozilla-xulrunner190-translations-64bit-1.9.0.1-0.1.ppc.rpm kde4-kdm openSUSE 11.0 This update fixes the following issues: * frequent crashes of knotify4 (bnc#387406) * fix huge documents and public_html icons to be blurry (bnc#396176) * fix kwin composite freeze with screensaver (bnc#408672) kde4-kdm-4.0.4-24.6.i586.rpm kde4-kdm-4.0.4-24.6.ppc.rpm kde4-kdm-4.0.4-24.6.x86_64.rpm kde4-kdm-branding-upstream-4.0.4-24.6.i586.rpm kde4-kwin-4.0.4-24.6.i586.rpm kde4-kwin-4.0.4-24.6.ppc.rpm kde4-kwin-4.0.4-24.6.x86_64.rpm kdebase4-runtime-4.0.4-20.2.i586.rpm kdebase4-runtime-4.0.4-20.2.ppc.rpm kdebase4-runtime-4.0.4-20.2.x86_64.rpm kdebase4-workspace-4.0.4-24.6.i586.rpm kdebase4-workspace-4.0.4-24.6.ppc.rpm kdebase4-workspace-4.0.4-24.6.x86_64.rpm kdebase4-workspace-branding-upstream-4.0.4-24.6.i586.rpm kdebase4-workspace-devel-4.0.4-24.6.i586.rpm kdebase4-workspace-devel-4.0.4-24.6.ppc.rpm kdebase4-workspace-devel-4.0.4-24.6.x86_64.rpm kdebase4-workspace-ksysguardd-4.0.4-24.6.i586.rpm kdebase4-workspace-ksysguardd-4.0.4-24.6.ppc.rpm kdebase4-workspace-ksysguardd-4.0.4-24.6.x86_64.rpm fileshareset openSUSE 11.0 This update fixes the following issues in kdebase3: * wacom pointer rotation does not work on xrandr 1.2 displays (bnc#385149) * suspend/hibernate buttons are not available in KDE3 (bnc#290917) * Avoid ksysguardd hang in (unused) openSLP lookups fileshareset-2.0-501.2.i586.rpm fileshareset-2.0-501.2.ppc.rpm fileshareset-2.0-501.2.x86_64.rpm kdebase3-3.5.9-65.2.i586.rpm kdebase3-3.5.9-65.2.ppc.rpm kdebase3-3.5.9-65.2.x86_64.rpm kdebase3-32bit-3.5.9-65.2.x86_64.rpm kdebase3-64bit-3.5.9-65.2.ppc.rpm kdebase3-beagle-3.5.9-65.2.i586.rpm kdebase3-beagle-3.5.9-65.2.ppc.rpm kdebase3-beagle-3.5.9-65.2.x86_64.rpm kdebase3-devel-3.5.9-65.2.i586.rpm kdebase3-devel-3.5.9-65.2.ppc.rpm kdebase3-devel-3.5.9-65.2.x86_64.rpm kdebase3-extra-3.5.9-65.2.i586.rpm kdebase3-extra-3.5.9-65.2.ppc.rpm kdebase3-extra-3.5.9-65.2.x86_64.rpm kdebase3-kdm-3.5.9-65.2.i586.rpm kdebase3-kdm-3.5.9-65.2.ppc.rpm kdebase3-kdm-3.5.9-65.2.x86_64.rpm kdebase3-nsplugin-3.5.9-65.2.i586.rpm kdebase3-nsplugin-3.5.9-65.2.ppc.rpm kdebase3-runtime-3.5.9-65.2.i586.rpm kdebase3-runtime-3.5.9-65.2.ppc.rpm kdebase3-runtime-3.5.9-65.2.x86_64.rpm kdebase3-runtime-32bit-3.5.9-65.2.x86_64.rpm kdebase3-runtime-64bit-3.5.9-65.2.ppc.rpm kdebase3-samba-3.5.9-65.2.i586.rpm kdebase3-samba-3.5.9-65.2.ppc.rpm kdebase3-samba-3.5.9-65.2.x86_64.rpm kdebase3-session-3.5.9-65.2.i586.rpm kdebase3-session-3.5.9-65.2.ppc.rpm kdebase3-session-3.5.9-65.2.x86_64.rpm misc-console-font-3.5.9-65.2.i586.rpm misc-console-font-3.5.9-65.2.ppc.rpm misc-console-font-3.5.9-65.2.x86_64.rpm xorg-x11-Xvnc openSUSE 11.0 This update fixes application crashes, caused by an overly-restrictive integer overflow check in EXA. xorg-x11-Xvnc-7.3-110.9.i586.rpm xorg-x11-Xvnc-7.3-110.9.ppc.rpm xorg-x11-Xvnc-7.3-110.9.x86_64.rpm xorg-x11-server-7.3-110.9.i586.rpm xorg-x11-server-7.3-110.9.ppc.rpm xorg-x11-server-7.3-110.9.x86_64.rpm xorg-x11-server-extra-7.3-110.9.i586.rpm xorg-x11-server-extra-7.3-110.9.ppc.rpm xorg-x11-server-extra-7.3-110.9.x86_64.rpm xorg-x11-server-sdk-7.3-110.9.i586.rpm xorg-x11-server-sdk-7.3-110.9.ppc.rpm xorg-x11-server-sdk-7.3-110.9.x86_64.rpm libexif openSUSE 11.0 This patch fixes EXIF related crashes in the EOG image browser (Novell Bugzilla 406299) and GIMP on EOS JPEG opening (Novell Bugzilla 404475 ). libexif-0.6.16.2-32.2.i586.rpm libexif-0.6.16.2-32.2.ppc.rpm libexif-0.6.16.2-32.2.x86_64.rpm libexif-32bit-0.6.16.2-32.2.x86_64.rpm libexif-64bit-0.6.16.2-32.2.ppc.rpm libexif-devel-0.6.16.2-32.2.i586.rpm libexif-devel-0.6.16.2-32.2.ppc.rpm libexif-devel-0.6.16.2-32.2.x86_64.rpm gnome-web-photo openSUSE 11.0 While thumbnailing web pages either in the file manager or in a beagle search, a crash could happen because of uninitialized data. gnome-web-photo-0.4-25.2.i586.rpm gnome-web-photo-0.4-25.2.ppc.rpm gnome-web-photo-0.4-25.2.x86_64.rpm fetchmsttfonts openSUSE 11.0 This update includes a script which will download and install the MS True Type Core fonts to your system and make them available to the applications. cabextract-1.2-94.1.i586.rpm cabextract-1.2-94.1.ppc.rpm cabextract-1.2-94.1.x86_64.rpm fetchmsttfonts-11.0-2.1.noarch.rpm fetchmsttfonts-11.0-2.1.noarch.rpm fetchmsttfonts-11.0-2.1.noarch.rpm ConsoleKit openSUSE 11.0 ConsoleKit allows anyone to shutdown/restart the machine due to missing PolicyKit support. ConsoleKit-0.2.10-14.2.i586.rpm ConsoleKit-0.2.10-14.2.ppc.rpm ConsoleKit-0.2.10-14.2.x86_64.rpm ConsoleKit-32bit-0.2.10-14.2.x86_64.rpm ConsoleKit-64bit-0.2.10-14.2.ppc.rpm ConsoleKit-devel-0.2.10-14.2.i586.rpm ConsoleKit-devel-0.2.10-14.2.ppc.rpm ConsoleKit-devel-0.2.10-14.2.x86_64.rpm ConsoleKit-x11-0.2.10-14.2.i586.rpm ConsoleKit-x11-0.2.10-14.2.ppc.rpm ConsoleKit-x11-0.2.10-14.2.x86_64.rpm inst-source-utils openSUSE 11.0 This patch includes the latest changes in all scripts to create the current products like openSUSE 11.0. inst-source-utils-2008.7.21-2.1.noarch.rpm moodle openSUSE 11.0 Moodle was prone to a Cross-Site scripting flaw which could potentially be exploited to compromise arbitrary accounts (CVE-2008-3326). moodle-1.9.0-24.2.noarch.rpm moodle-af-1.9.0-24.2.noarch.rpm moodle-ar-1.9.0-24.2.noarch.rpm moodle-be-1.9.0-24.2.noarch.rpm moodle-bg-1.9.0-24.2.noarch.rpm moodle-bs-1.9.0-24.2.noarch.rpm moodle-ca-1.9.0-24.2.noarch.rpm moodle-cs-1.9.0-24.2.noarch.rpm moodle-da-1.9.0-24.2.noarch.rpm moodle-de-1.9.0-24.2.noarch.rpm moodle-de_du-1.9.0-24.2.noarch.rpm moodle-el-1.9.0-24.2.noarch.rpm moodle-es-1.9.0-24.2.noarch.rpm moodle-et-1.9.0-24.2.noarch.rpm moodle-eu-1.9.0-24.2.noarch.rpm moodle-fa-1.9.0-24.2.noarch.rpm moodle-fi-1.9.0-24.2.noarch.rpm moodle-fr-1.9.0-24.2.noarch.rpm moodle-ga-1.9.0-24.2.noarch.rpm moodle-gl-1.9.0-24.2.noarch.rpm moodle-he-1.9.0-24.2.noarch.rpm moodle-hi-1.9.0-24.2.noarch.rpm moodle-hr-1.9.0-24.2.noarch.rpm moodle-hu-1.9.0-24.2.noarch.rpm moodle-id-1.9.0-24.2.noarch.rpm moodle-is-1.9.0-24.2.noarch.rpm moodle-it-1.9.0-24.2.noarch.rpm moodle-ja-1.9.0-24.2.noarch.rpm moodle-ka-1.9.0-24.2.noarch.rpm moodle-km-1.9.0-24.2.noarch.rpm moodle-kn-1.9.0-24.2.noarch.rpm moodle-ko-1.9.0-24.2.noarch.rpm moodle-lt-1.9.0-24.2.noarch.rpm moodle-lv-1.9.0-24.2.noarch.rpm moodle-mi_tn-1.9.0-24.2.noarch.rpm moodle-ms-1.9.0-24.2.noarch.rpm moodle-nl-1.9.0-24.2.noarch.rpm moodle-nn-1.9.0-24.2.noarch.rpm moodle-no-1.9.0-24.2.noarch.rpm moodle-pl-1.9.0-24.2.noarch.rpm moodle-pt-1.9.0-24.2.noarch.rpm moodle-ro-1.9.0-24.2.noarch.rpm moodle-ru-1.9.0-24.2.noarch.rpm moodle-sk-1.9.0-24.2.noarch.rpm moodle-sl-1.9.0-24.2.noarch.rpm moodle-so-1.9.0-24.2.noarch.rpm moodle-sq-1.9.0-24.2.noarch.rpm moodle-sr-1.9.0-24.2.noarch.rpm moodle-sv-1.9.0-24.2.noarch.rpm moodle-th-1.9.0-24.2.noarch.rpm moodle-tl-1.9.0-24.2.noarch.rpm moodle-tr-1.9.0-24.2.noarch.rpm moodle-uk-1.9.0-24.2.noarch.rpm moodle-vi-1.9.0-24.2.noarch.rpm moodle-zh_cn-1.9.0-24.2.noarch.rpm acl openSUSE 11.0 Fix getfacl/setfacl -R to fully recurse into a directory structure acl-2.2.47-6.1.i586.rpm acl-2.2.47-6.1.ppc.rpm acl-2.2.47-6.1.x86_64.rpm libacl-2.2.47-6.1.i586.rpm libacl-2.2.47-6.1.ppc.rpm libacl-2.2.47-6.1.x86_64.rpm libacl-32bit-2.2.47-6.1.x86_64.rpm libacl-64bit-2.2.47-6.1.ppc.rpm libacl-devel-2.2.47-6.1.i586.rpm libacl-devel-2.2.47-6.1.ppc.rpm libacl-devel-2.2.47-6.1.x86_64.rpm libacl-devel-64bit-2.2.47-6.1.ppc.rpm yast2-add-on-creator openSUSE 11.0 YaST Add-On Creator signs RPM packages after generating the metadata and thus it makes the RPM checksums invalid. yast2-add-on-creator-2.16.14-0.1.noarch.rpm xorg-x11-driver-video openSUSE 11.0 The previous intel driver update resulted in an overall performance regression by switching to EXA as acceleration method. This update switches back to XAA as aceleration method and fixes Xvideo when using XAA as acceleration method. xorg-x11-driver-video-7.3-138.5.i586.rpm xorg-x11-driver-video-7.3-138.5.ppc.rpm xorg-x11-driver-video-7.3-138.5.x86_64.rpm xorg-x11-driver-video-32bit-7.3-138.5.x86_64.rpm xorg-x11-driver-video-64bit-7.3-138.5.ppc.rpm esound openSUSE 11.0 After 11.0 was released, lots of users started complaining about problems when using PulseAudio. This set of fixes covers some of them, like blocking GNOME applications in some hardware, and a very obvious crash (for some people) in pavucontrol that was fixed in the 0.9.6 release, which was announced unfortunately after the freeze for openSUSE 11.0. esound-0.2.38-75.2.i586.rpm esound-0.2.38-75.2.ppc.rpm esound-0.2.38-75.2.x86_64.rpm libesd-devel-0.2.38-75.2.i586.rpm libesd-devel-0.2.38-75.2.ppc.rpm libesd-devel-0.2.38-75.2.x86_64.rpm libesd0-0.2.38-75.2.i586.rpm libesd0-0.2.38-75.2.ppc.rpm libesd0-0.2.38-75.2.x86_64.rpm libesd0-32bit-0.2.38-75.2.x86_64.rpm libesd0-64bit-0.2.38-75.2.ppc.rpm libgnome-2.22.0-30.2.i586.rpm libgnome-2.22.0-30.2.ppc.rpm libgnome-2.22.0-30.2.x86_64.rpm libgnome-32bit-2.22.0-30.2.x86_64.rpm libgnome-64bit-2.22.0-30.2.ppc.rpm libgnome-devel-2.22.0-30.2.i586.rpm libgnome-devel-2.22.0-30.2.ppc.rpm libgnome-devel-2.22.0-30.2.x86_64.rpm libgnome-doc-2.22.0-30.2.i586.rpm libgnome-doc-2.22.0-30.2.ppc.rpm libgnome-doc-2.22.0-30.2.x86_64.rpm libgnome-lang-2.22.0-30.2.i586.rpm libgnome-lang-2.22.0-30.2.ppc.rpm libgnome-lang-2.22.0-30.2.x86_64.rpm pavucontrol-0.9.6-4.1.i586.rpm pavucontrol-0.9.6-4.1.ppc.rpm pavucontrol-0.9.6-4.1.x86_64.rpm freeradius-server openSUSE 11.0 The new version of freeradius-server which comes with openSUSE 11.0 uses a new method to bind Port and IP-Address. However configuration is broken, port number is ignored and a random one is used everytime on start. freeradius-server-2.0.5-8.1.i586.rpm freeradius-server-devel-2.0.5-8.1.i586.rpm freeradius-server-dialupadmin-2.0.5-8.1.i586.rpm freeradius-server-doc-2.0.5-8.1.i586.rpm freeradius-server-libs-2.0.5-8.1.i586.rpm freeradius-server-utils-2.0.5-8.1.i586.rpm 64bit-openmotif22-libs openSUSE 11.0 Currently there's no 64 bit openmotiff22-libs found in the repos of opensuse 11.0. But as some software such as Gambit or Unigraphics can not run without 64bit version of LibXm.so.3 this (deprecated!) package is back. openmotif22-libs-2.2.4-149.1.i586.rpm openmotif22-libs-2.2.4-149.1.x86_64.rpm openmotif22-libs-32bit-2.2.4-149.1.x86_64.rpm opera openSUSE 11.0 Opera 9.63 fixes the following security problems: - Manipulating text input contents can allow execution of arbitrary code - HTML parsing flaw can cause Opera to execute arbitrary code. - Long hostnames in file: URLs can cause execution of arbitrary code. - Script injection in feed preview can reveal contents of unrelated news feeds. - Built-in XSLT templates can allow cross-site scripting. - Fixed an issue that could reveal random data. - SVG images embedded using <img> tags can no longer execute Java or plugin content. opera-9.63-1.1.i586.rpm opera-9.63-1.1.ppc.rpm opera-9.63-1.1.x86_64.rpm kerneloops openSUSE 11.0 kerneloops system service fails to start properly kerneloops-0.11-19.2.i586.rpm kerneloops-applet-0.11-19.2.i586.rpm pdns openSUSE 11.0 This update of pdns offers better spoofing resistance by not ignoring invalid queries. (CVE-2008-3337) pdns-2.9.21-143.3.i586.rpm pdns-2.9.21-143.3.ppc.rpm pdns-2.9.21-143.3.x86_64.rpm pdns-backend-ldap-2.9.21-143.3.i586.rpm pdns-backend-ldap-2.9.21-143.3.ppc.rpm pdns-backend-ldap-2.9.21-143.3.x86_64.rpm pdns-backend-mysql-2.9.21-143.3.i586.rpm pdns-backend-mysql-2.9.21-143.3.ppc.rpm pdns-backend-mysql-2.9.21-143.3.x86_64.rpm pdns-backend-postgresql-2.9.21-143.3.i586.rpm pdns-backend-postgresql-2.9.21-143.3.ppc.rpm pdns-backend-postgresql-2.9.21-143.3.x86_64.rpm pdns-backend-sqlite2-2.9.21-143.3.i586.rpm pdns-backend-sqlite2-2.9.21-143.3.ppc.rpm pdns-backend-sqlite2-2.9.21-143.3.x86_64.rpm pdns-backend-sqlite3-2.9.21-143.3.i586.rpm pdns-backend-sqlite3-2.9.21-143.3.ppc.rpm pdns-backend-sqlite3-2.9.21-143.3.x86_64.rpm dnsmasq openSUSE 11.0 This update of dnsmasq uses random UDP source ports and a random TRXID now. (CVE-2008-1447) dnsmasq-2.45-0.1.i586.rpm dnsmasq-2.45-0.1.ppc.rpm dnsmasq-2.45-0.1.x86_64.rpm postfix openSUSE 11.0 A (local) privilege escalation vulnerability as well as a mailbox ownership problem has been fixed in postfix. CVE-2008-2936 and CVE-2008-2937 have been assigned to this problem. postfix-2.5.1-28.3.i586.rpm postfix-2.5.1-28.3.ppc.rpm postfix-2.5.1-28.3.x86_64.rpm postfix-devel-2.5.1-28.3.i586.rpm postfix-devel-2.5.1-28.3.ppc.rpm postfix-devel-2.5.1-28.3.x86_64.rpm postfix-mysql-2.5.1-28.3.i586.rpm postfix-mysql-2.5.1-28.3.ppc.rpm postfix-mysql-2.5.1-28.3.x86_64.rpm postfix-postgresql-2.5.1-28.3.i586.rpm postfix-postgresql-2.5.1-28.3.ppc.rpm postfix-postgresql-2.5.1-28.3.x86_64.rpm yast2-gtk openSUSE 11.0 Configuring printer through Yast crashes when selecting the basic settings dialog yast2-gtk-2.16.14-1.2.i586.rpm yast2-gtk-2.16.14-1.2.ppc.rpm yast2-gtk-2.16.14-1.2.x86_64.rpm python openSUSE 11.0 This update of python fixes several security vulnerabilities. (CVE-2008-1679,CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316) python-2.5.2-26.2.i586.rpm python-2.5.2-26.2.ppc.rpm python-2.5.2-26.2.x86_64.rpm python-32bit-2.5.2-26.2.x86_64.rpm python-64bit-2.5.2-26.2.ppc.rpm python-curses-2.5.2-26.2.i586.rpm python-curses-2.5.2-26.2.ppc.rpm python-curses-2.5.2-26.2.x86_64.rpm python-demo-2.5.2-26.2.i586.rpm python-demo-2.5.2-26.2.ppc.rpm python-demo-2.5.2-26.2.x86_64.rpm python-devel-2.5.2-26.2.i586.rpm python-devel-2.5.2-26.2.ppc.rpm python-devel-2.5.2-26.2.x86_64.rpm python-gdbm-2.5.2-26.2.i586.rpm python-gdbm-2.5.2-26.2.ppc.rpm python-gdbm-2.5.2-26.2.x86_64.rpm python-idle-2.5.2-26.2.i586.rpm python-idle-2.5.2-26.2.ppc.rpm python-idle-2.5.2-26.2.x86_64.rpm python-tk-2.5.2-26.2.i586.rpm python-tk-2.5.2-26.2.ppc.rpm python-tk-2.5.2-26.2.x86_64.rpm python-xml-2.5.2-26.2.i586.rpm python-xml-2.5.2-26.2.ppc.rpm python-xml-2.5.2-26.2.x86_64.rpm NetworkManager-kde openSUSE 11.0 * Fix crash during reconnect after s2ram * Add tooltips again * Allow VPN disconnection * Fix disconnecting UMTS connections NetworkManager-kde-0.7r821737-0.3.i586.rpm NetworkManager-kde-0.7r821737-0.3.ppc.rpm NetworkManager-kde-0.7r821737-0.3.x86_64.rpm NetworkManager-kde-devel-0.7r821737-0.3.i586.rpm NetworkManager-kde-devel-0.7r821737-0.3.ppc.rpm NetworkManager-kde-devel-0.7r821737-0.3.x86_64.rpm NetworkManager-openvpn-kde-0.7r821737-0.3.i586.rpm NetworkManager-openvpn-kde-0.7r821737-0.3.ppc.rpm NetworkManager-openvpn-kde-0.7r821737-0.3.x86_64.rpm NetworkManager-vpnc-kde-0.7r821737-0.3.i586.rpm NetworkManager-vpnc-kde-0.7r821737-0.3.ppc.rpm NetworkManager-vpnc-kde-0.7r821737-0.3.x86_64.rpm libwsman-devel openSUSE 11.0 This update of openwsman fixes several security vulnerabilities found by the SuSE Security-Team: - remote buffer overflows while decoding the HTTP basic authentication header (CVE-2008-2234) - a possible SSL session replay attack affecting the client (depending on the configuration) (CVE-2008-2233) libwsman-devel-2.0.0-3.3.i586.rpm libwsman-devel-2.0.0-3.3.ppc.rpm libwsman-devel-2.0.0-3.3.x86_64.rpm libwsman1-2.0.0-3.3.i586.rpm libwsman1-2.0.0-3.3.ppc.rpm libwsman1-2.0.0-3.3.x86_64.rpm openwsman-client-2.0.0-3.3.i586.rpm openwsman-client-2.0.0-3.3.ppc.rpm openwsman-client-2.0.0-3.3.x86_64.rpm openwsman-python-2.0.0-3.3.i586.rpm openwsman-ruby-2.0.0-3.3.i586.rpm openwsman-server-2.0.0-3.3.i586.rpm openwsman-server-2.0.0-3.3.ppc.rpm openwsman-server-2.0.0-3.3.x86_64.rpm mailman openSUSE 11.0 This update of mailman fixes a cross-site-scripting bug (CVE-2008-0564) and a mistake in translation. mailman-2.1.9-159.2.i586.rpm mailman-2.1.9-159.2.ppc.rpm mailman-2.1.9-159.2.x86_64.rpm ruby openSUSE 11.0 This update of ruby fixes: - a possible information leakage (CVE-2008-1145) - a directory traversal bug (CVE-2008-1891) in WEBrick - various memory corruptions and integer overflows in array and string handling (CVE-2008-2662, CVE-2008-2663, CVE-2008-2664, CVE-2008-2725, CVE-2008-2726, CVE-2008-2727, CVE-2008-2728) ruby-1.8.6.p114-6.2.i586.rpm ruby-1.8.6.p114-6.2.ppc.rpm ruby-1.8.6.p114-6.2.x86_64.rpm ruby-devel-1.8.6.p114-6.2.i586.rpm ruby-devel-1.8.6.p114-6.2.ppc.rpm ruby-devel-1.8.6.p114-6.2.x86_64.rpm ruby-doc-html-1.8.6.p114-6.2.i586.rpm ruby-doc-html-1.8.6.p114-6.2.ppc.rpm ruby-doc-html-1.8.6.p114-6.2.x86_64.rpm ruby-doc-ri-1.8.6.p114-6.2.i586.rpm ruby-doc-ri-1.8.6.p114-6.2.ppc.rpm ruby-doc-ri-1.8.6.p114-6.2.x86_64.rpm ruby-examples-1.8.6.p114-6.2.i586.rpm ruby-examples-1.8.6.p114-6.2.ppc.rpm ruby-examples-1.8.6.p114-6.2.x86_64.rpm ruby-test-suite-1.8.6.p114-6.2.i586.rpm ruby-test-suite-1.8.6.p114-6.2.ppc.rpm ruby-test-suite-1.8.6.p114-6.2.x86_64.rpm ruby-tk-1.8.6.p114-6.2.i586.rpm ruby-tk-1.8.6.p114-6.2.ppc.rpm ruby-tk-1.8.6.p114-6.2.x86_64.rpm nfs-client openSUSE 11.0 Fix bugs with mount.nfs: mount would fail incorrectly if server does not listen on UDP mount would retry incorrectly if server reported "access denied" Fix excessive timeout problem with sm-notify if network not connected, sm-notify would slow the boot process excessively. Fix nfsstat to report on nfsv4 mounts as well as nfs mounts. nfs-client-1.1.2-9.2.i586.rpm nfs-client-1.1.2-9.2.ppc.rpm nfs-client-1.1.2-9.2.x86_64.rpm nfs-doc-1.1.2-9.2.i586.rpm nfs-doc-1.1.2-9.2.ppc.rpm nfs-doc-1.1.2-9.2.x86_64.rpm nfs-kernel-server-1.1.2-9.2.i586.rpm nfs-kernel-server-1.1.2-9.2.ppc.rpm nfs-kernel-server-1.1.2-9.2.x86_64.rpm release-notes-openSUSE openSUSE 11.0 Update of some YaST and desktop translation. release-notes-openSUSE-11.0.7-0.1.noarch.rpm translation-update-es-10.3-27.2.noarch.rpm yast2-trans-de-2.16.17-0.1.noarch.rpm yast2-trans-fi-2.16.17-0.1.noarch.rpm yast2-trans-pl-2.16.12-0.1.noarch.rpm yast2-trans-zh_TW-2.16.15-0.1.noarch.rpm NetworkManager openSUSE 11.0 Fix multiple issues with NetworkManager: UMTS dialup via NM does not set default route nor nameservers. Wireless Access is not working on Vienna Airport. NetworkManager / UMTS: cannot enter PIN code with Novatel XU870. NetworkManager uses the wrong config with YaST configured settings. NetworkManager leaves pppd running after restart. NetworkManager can't connect with Nortel VPN. Can not add new GSM/CDMA configurations. nm-applet DHCP animation looks odd. NetworkManager-0.7.0.r3685-7.2.i586.rpm NetworkManager-0.7.0.r3685-7.2.ppc.rpm NetworkManager-0.7.0.r3685-7.2.x86_64.rpm NetworkManager-devel-0.7.0.r3685-7.2.i586.rpm NetworkManager-devel-0.7.0.r3685-7.2.ppc.rpm NetworkManager-devel-0.7.0.r3685-7.2.x86_64.rpm NetworkManager-glib-0.7.0.r3685-7.2.i586.rpm NetworkManager-glib-0.7.0.r3685-7.2.ppc.rpm NetworkManager-glib-0.7.0.r3685-7.2.x86_64.rpm NetworkManager-gnome-0.7.0.r729-7.2.i586.rpm NetworkManager-gnome-0.7.0.r729-7.2.ppc.rpm NetworkManager-gnome-0.7.0.r729-7.2.x86_64.rpm opera openSUSE 11.0 This is a version upgrade for opera to version 9.52 to fix possible security vulnerabilities. opera-9.52-0.1.i586.rpm opera-9.52-0.1.ppc.rpm opera-9.52-0.1.x86_64.rpm libneon-devel openSUSE 11.0 This update of neon fixes a NULL pointer dereference in the digest authentication code. (CVE-2008-3746) libneon-devel-0.28.2-17.2.i586.rpm libneon-devel-0.28.2-17.2.ppc.rpm libneon-devel-0.28.2-17.2.x86_64.rpm libneon27-0.28.2-17.2.i586.rpm libneon27-0.28.2-17.2.ppc.rpm libneon27-0.28.2-17.2.x86_64.rpm libneon27-32bit-0.28.2-17.2.x86_64.rpm libneon27-64bit-0.28.2-17.2.ppc.rpm neon-0.28.2-17.2.i586.rpm neon-0.28.2-17.2.ppc.rpm neon-0.28.2-17.2.x86_64.rpm rxvt-unicode openSUSE 11.0 It was possible to open a terminal on :0 when the environment variable was not set. This could be exploited by local users to hijack X11 connections (CVE-2008-1142). rxvt-unicode-9.02-14.2.i586.rpm rxvt-unicode-9.02-14.2.ppc.rpm rxvt-unicode-9.02-14.2.x86_64.rpm perl openSUSE 11.0 Specially crafted regular expressions could crash perl (CVE-2008-1927). Insufficient symlink checks in the File::Path could result in wrong file permissions (CVE-2008-2827). Additionally problem in the CGI module was fixed that could result in an endless loop if uploads were cancelled. perl-5.10.0-37.4.i586.rpm perl-5.10.0-37.4.ppc.rpm perl-5.10.0-37.4.x86_64.rpm perl-32bit-5.10.0-37.4.x86_64.rpm perl-64bit-5.10.0-37.4.ppc.rpm perl-base-5.10.0-37.4.i586.rpm perl-base-5.10.0-37.4.ppc.rpm perl-base-5.10.0-37.4.x86_64.rpm perl-doc-5.10.0-37.4.i586.rpm perl-doc-5.10.0-37.4.ppc.rpm perl-doc-5.10.0-37.4.x86_64.rpm java-1_5_0-sun openSUSE 11.0 Sun Java was updated to 1.5.0u16 to fix following security vulnerabilities: CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. CVE-2008-3113: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. CVE-2008-3108: Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3106: Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. CVE-2008-3104: Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet. CVE-2008-3103: Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors. java-1_5_0-sun-1.5.0_update16-1.1.i586.rpm java-1_5_0-sun-1.5.0_update16-1.1.x86_64.rpm java-1_5_0-sun-alsa-1.5.0_update16-1.1.i586.rpm java-1_5_0-sun-alsa-1.5.0_update16-1.1.x86_64.rpm java-1_5_0-sun-demo-1.5.0_update16-1.1.i586.rpm java-1_5_0-sun-demo-1.5.0_update16-1.1.x86_64.rpm java-1_5_0-sun-devel-1.5.0_update16-1.1.i586.rpm java-1_5_0-sun-devel-1.5.0_update16-1.1.x86_64.rpm java-1_5_0-sun-jdbc-1.5.0_update16-1.1.i586.rpm java-1_5_0-sun-jdbc-1.5.0_update16-1.1.x86_64.rpm java-1_5_0-sun-plugin-1.5.0_update16-1.1.i586.rpm java-1_5_0-sun-src-1.5.0_update16-1.1.i586.rpm java-1_5_0-sun-src-1.5.0_update16-1.1.x86_64.rpm java-1_6_0-sun openSUSE 11.0 This update brings the SUN JDK 6 to update level 7. CVE-2008-3115: Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. CVE-2008-3112: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via an untrusted application, aka CR 6703909. CVE-2008-3111: Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs, aka CR 6557220. CVE-2008-3110: Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet. CVE-2008-3109: Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. CVE-2008-3106: Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. CVE-2008-3105: Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application. CVE-2008-3104: Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet. CVE-2008-3103: Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors. java-1_6_0-sun-1.6.0.u7-1.1.i586.rpm java-1_6_0-sun-1.6.0.u7-1.1.x86_64.rpm java-1_6_0-sun-alsa-1.6.0.u7-1.1.i586.rpm java-1_6_0-sun-alsa-1.6.0.u7-1.1.x86_64.rpm java-1_6_0-sun-debuginfo-1.6.0.u7-1.1.x86_64.rpm java-1_6_0-sun-demo-1.6.0.u7-1.1.i586.rpm java-1_6_0-sun-demo-1.6.0.u7-1.1.x86_64.rpm java-1_6_0-sun-devel-1.6.0.u7-1.1.i586.rpm java-1_6_0-sun-devel-1.6.0.u7-1.1.x86_64.rpm java-1_6_0-sun-jdbc-1.6.0.u7-1.1.i586.rpm java-1_6_0-sun-jdbc-1.6.0.u7-1.1.x86_64.rpm java-1_6_0-sun-plugin-1.6.0.u7-1.1.i586.rpm wireshark openSUSE 11.0 Various vulnerabilities have been fixed in wireshark: CVE-2008-3137, CVE-2008-3138, CVE-2008-3139, CVE-2008-3140, CVE-2008-3141, CVE-2008-3145 and CVE-2008-3146. wireshark-1.0.0-17.2.i586.rpm wireshark-1.0.0-17.2.ppc.rpm wireshark-1.0.0-17.2.x86_64.rpm wireshark-devel-1.0.0-17.2.i586.rpm wireshark-devel-1.0.0-17.2.ppc.rpm wireshark-devel-1.0.0-17.2.x86_64.rpm evolution-data-server openSUSE 11.0 Trying to create an appointment hangs Evolution. This is because of a missing mutex of the server connection object. The groupWise server will not accept more than one request at a time from a connection and hence all the network requests must be serialized. (Novell Bugzilla 410329) This update fixes the problem. evolution-data-server-2.22.1.1-11.2.i586.rpm evolution-data-server-2.22.1.1-11.2.ppc.rpm evolution-data-server-2.22.1.1-11.2.x86_64.rpm evolution-data-server-32bit-2.22.1.1-11.2.x86_64.rpm evolution-data-server-64bit-2.22.1.1-11.2.ppc.rpm evolution-data-server-devel-2.22.1.1-11.2.i586.rpm evolution-data-server-devel-2.22.1.1-11.2.ppc.rpm evolution-data-server-devel-2.22.1.1-11.2.x86_64.rpm evolution-data-server-doc-2.22.1.1-11.2.i586.rpm evolution-data-server-doc-2.22.1.1-11.2.ppc.rpm evolution-data-server-doc-2.22.1.1-11.2.x86_64.rpm libpulse-browse0 openSUSE 11.0 PulseAudio wasn't checking if a stale PID file really corresponded to a pulseaudio daemon process. This patch adds code to check that so that it doesn't fail at startup if a stale pid file corresponds to a different process. libpulse-browse0-0.9.10-26.5.i586.rpm libpulse-browse0-0.9.10-26.5.ppc.rpm libpulse-browse0-0.9.10-26.5.x86_64.rpm libpulse-devel-0.9.10-26.5.i586.rpm libpulse-mainloop-glib0-0.9.10-26.5.i586.rpm libpulse-mainloop-glib0-0.9.10-26.5.ppc.rpm libpulse-mainloop-glib0-0.9.10-26.5.x86_64.rpm libpulse0-0.9.10-26.5.i586.rpm libpulse0-0.9.10-26.5.ppc.rpm libpulse0-0.9.10-26.5.x86_64.rpm libpulse0-32bit-0.9.10-26.5.x86_64.rpm libpulse0-64bit-0.9.10-26.5.ppc.rpm libpulsecore4-0.9.10-26.5.i586.rpm libpulsecore4-0.9.10-26.5.ppc.rpm libpulsecore4-0.9.10-26.5.x86_64.rpm pulseaudio-0.9.10-26.5.i586.rpm pulseaudio-0.9.10-26.5.ppc.rpm pulseaudio-0.9.10-26.5.x86_64.rpm pulseaudio-esound-compat-0.9.10-26.5.i586.rpm pulseaudio-esound-compat-0.9.10-26.5.ppc.rpm pulseaudio-esound-compat-0.9.10-26.5.x86_64.rpm pulseaudio-module-bluetooth-0.9.10-26.5.i586.rpm pulseaudio-module-bluetooth-0.9.10-26.5.ppc.rpm pulseaudio-module-bluetooth-0.9.10-26.5.x86_64.rpm pulseaudio-module-gconf-0.9.10-26.5.i586.rpm pulseaudio-module-gconf-0.9.10-26.5.ppc.rpm pulseaudio-module-gconf-0.9.10-26.5.x86_64.rpm pulseaudio-module-jack-0.9.10-26.5.i586.rpm pulseaudio-module-lirc-0.9.10-26.5.i586.rpm pulseaudio-module-lirc-0.9.10-26.5.ppc.rpm pulseaudio-module-lirc-0.9.10-26.5.x86_64.rpm pulseaudio-module-x11-0.9.10-26.5.i586.rpm pulseaudio-module-x11-0.9.10-26.5.ppc.rpm pulseaudio-module-x11-0.9.10-26.5.x86_64.rpm pulseaudio-module-zeroconf-0.9.10-26.5.i586.rpm pulseaudio-module-zeroconf-0.9.10-26.5.ppc.rpm pulseaudio-module-zeroconf-0.9.10-26.5.x86_64.rpm pulseaudio-utils-0.9.10-26.5.i586.rpm pulseaudio-utils-0.9.10-26.5.ppc.rpm pulseaudio-utils-0.9.10-26.5.x86_64.rpm samba openSUSE 11.0 This is an update to version 3.2.3 of Samba. This release includes several bugfixes and performance enhancements for Samba and its components. It is recommended for every user to update to this version. Among several other bugs the following list shows some detail: - Fix a race condition in winbind leading to a crash (bnc#406623). - Fix emptying the printing queue; (bnc#411493). - Fix the webinface SWAT; (bnc#391969). - Fixed a file permission problem. (CVE-2008-3789) bnc#420634 cifs-mount-3.2.3-0.1.i586.rpm cifs-mount-3.2.3-0.1.ppc.rpm cifs-mount-3.2.3-0.1.x86_64.rpm ldapsmb-1.34b-195.4.i586.rpm ldapsmb-1.34b-195.4.ppc.rpm ldapsmb-1.34b-195.4.x86_64.rpm libnetapi-devel-3.2.3-0.1.i586.rpm libnetapi-devel-3.2.3-0.1.ppc.rpm libnetapi-devel-3.2.3-0.1.x86_64.rpm libnetapi0-3.2.3-0.1.i586.rpm libnetapi0-3.2.3-0.1.ppc.rpm libnetapi0-3.2.3-0.1.x86_64.rpm libsmbclient-devel-3.2.3-0.1.i586.rpm libsmbclient-devel-3.2.3-0.1.ppc.rpm libsmbclient-devel-3.2.3-0.1.x86_64.rpm libsmbclient0-3.2.3-0.1.i586.rpm libsmbclient0-3.2.3-0.1.ppc.rpm libsmbclient0-3.2.3-0.1.x86_64.rpm libsmbclient0-32bit-3.2.3-0.1.x86_64.rpm libsmbclient0-64bit-3.2.3-0.1.ppc.rpm libsmbsharemodes-devel-3.2.3-0.1.i586.rpm libsmbsharemodes-devel-3.2.3-0.1.ppc.rpm libsmbsharemodes-devel-3.2.3-0.1.x86_64.rpm libsmbsharemodes0-3.2.3-0.1.i586.rpm libsmbsharemodes0-3.2.3-0.1.ppc.rpm libsmbsharemodes0-3.2.3-0.1.x86_64.rpm libtalloc-devel-3.2.3-0.1.i586.rpm libtalloc-devel-3.2.3-0.1.ppc.rpm libtalloc-devel-3.2.3-0.1.x86_64.rpm libtalloc1-3.2.3-0.1.i586.rpm libtalloc1-3.2.3-0.1.ppc.rpm libtalloc1-3.2.3-0.1.x86_64.rpm libtalloc1-32bit-3.2.3-0.1.x86_64.rpm libtalloc1-64bit-3.2.3-0.1.ppc.rpm libtdb-devel-3.2.3-0.1.i586.rpm libtdb-devel-3.2.3-0.1.ppc.rpm libtdb-devel-3.2.3-0.1.x86_64.rpm libtdb1-3.2.3-0.1.i586.rpm libtdb1-3.2.3-0.1.ppc.rpm libtdb1-3.2.3-0.1.x86_64.rpm libtdb1-32bit-3.2.3-0.1.x86_64.rpm libtdb1-64bit-3.2.3-0.1.ppc.rpm libwbclient-devel-3.2.3-0.1.i586.rpm libwbclient-devel-3.2.3-0.1.ppc.rpm libwbclient-devel-3.2.3-0.1.x86_64.rpm libwbclient0-3.2.3-0.1.i586.rpm libwbclient0-3.2.3-0.1.ppc.rpm libwbclient0-3.2.3-0.1.x86_64.rpm libwbclient0-32bit-3.2.3-0.1.x86_64.rpm libwbclient0-64bit-3.2.3-0.1.ppc.rpm samba-3.2.3-0.1.i586.rpm samba-3.2.3-0.1.ppc.rpm samba-3.2.3-0.1.x86_64.rpm samba-32bit-3.2.3-0.1.x86_64.rpm samba-64bit-3.2.3-0.1.ppc.rpm samba-client-3.2.3-0.1.i586.rpm samba-client-3.2.3-0.1.ppc.rpm samba-client-3.2.3-0.1.x86_64.rpm samba-client-32bit-3.2.3-0.1.x86_64.rpm samba-client-64bit-3.2.3-0.1.ppc.rpm samba-devel-3.2.3-0.1.i586.rpm samba-devel-3.2.3-0.1.ppc.rpm samba-devel-3.2.3-0.1.x86_64.rpm samba-doc-3.2.3-0.1.noarch.rpm samba-krb-printing-3.2.3-0.1.i586.rpm samba-krb-printing-3.2.3-0.1.ppc.rpm samba-krb-printing-3.2.3-0.1.x86_64.rpm samba-winbind-3.2.3-0.1.i586.rpm samba-winbind-3.2.3-0.1.ppc.rpm samba-winbind-3.2.3-0.1.x86_64.rpm samba-winbind-32bit-3.2.3-0.1.x86_64.rpm samba-winbind-64bit-3.2.3-0.1.ppc.rpm libtiff openSUSE 11.0 A buffer underflow (CVE-2008-2327) has been fixed in libtiff. libtiff-devel-3.8.2-108.2.i586.rpm libtiff-devel-3.8.2-108.2.ppc.rpm libtiff-devel-3.8.2-108.2.x86_64.rpm libtiff-devel-32bit-3.8.2-108.2.x86_64.rpm libtiff-devel-64bit-3.8.2-108.2.ppc.rpm libtiff3-3.8.2-108.2.i586.rpm libtiff3-3.8.2-108.2.ppc.rpm libtiff3-3.8.2-108.2.x86_64.rpm libtiff3-32bit-3.8.2-108.2.x86_64.rpm libtiff3-64bit-3.8.2-108.2.ppc.rpm tiff-3.8.2-108.2.i586.rpm tiff-3.8.2-108.2.ppc.rpm tiff-3.8.2-108.2.x86_64.rpm libxslt openSUSE 11.0 A heap overflow in the RC4 cryptographic routines in libxslt was fixed which could be used by attackers to potentially execute code. (CVE-2008-2935) libxslt-1.1.23-13.2.i586.rpm libxslt-1.1.23-13.2.ppc.rpm libxslt-1.1.23-13.2.x86_64.rpm libxslt-32bit-1.1.23-13.2.x86_64.rpm libxslt-64bit-1.1.23-13.2.ppc.rpm libxslt-devel-1.1.23-13.2.i586.rpm libxslt-devel-1.1.23-13.2.ppc.rpm libxslt-devel-1.1.23-13.2.x86_64.rpm libxslt-devel-32bit-1.1.23-13.2.x86_64.rpm libxslt-devel-64bit-1.1.23-13.2.ppc.rpm bytefx-data-mysql openSUSE 11.0 This patch fixes two security problems and one critical bug: Makes sure that values of all the tags which can be exploited are encoded to make sure no exploit is possible. (CVE-2008-3422) A header injection problem in Sys.Web was fixed. bytefx-data-mysql-1.9.1-6.3.i586.rpm bytefx-data-mysql-1.9.1-6.3.ppc.rpm bytefx-data-mysql-1.9.1-6.3.x86_64.rpm ibm-data-db2-1.9.1-6.3.i586.rpm ibm-data-db2-1.9.1-6.3.ppc.rpm ibm-data-db2-1.9.1-6.3.x86_64.rpm mono-complete-1.9.1-6.3.i586.rpm mono-complete-1.9.1-6.3.ppc.rpm mono-complete-1.9.1-6.3.x86_64.rpm mono-core-1.9.1-6.3.i586.rpm mono-core-1.9.1-6.3.ppc.rpm mono-core-1.9.1-6.3.x86_64.rpm mono-core-32bit-1.9.1-6.3.x86_64.rpm mono-data-1.9.1-6.3.i586.rpm mono-data-1.9.1-6.3.ppc.rpm mono-data-1.9.1-6.3.x86_64.rpm mono-data-firebird-1.9.1-6.3.i586.rpm mono-data-firebird-1.9.1-6.3.ppc.rpm mono-data-firebird-1.9.1-6.3.x86_64.rpm mono-data-oracle-1.9.1-6.3.i586.rpm mono-data-oracle-1.9.1-6.3.ppc.rpm mono-data-oracle-1.9.1-6.3.x86_64.rpm mono-data-postgresql-1.9.1-6.3.i586.rpm mono-data-postgresql-1.9.1-6.3.ppc.rpm mono-data-postgresql-1.9.1-6.3.x86_64.rpm mono-data-sqlite-1.9.1-6.3.i586.rpm mono-data-sqlite-1.9.1-6.3.ppc.rpm mono-data-sqlite-1.9.1-6.3.x86_64.rpm mono-data-sybase-1.9.1-6.3.i586.rpm mono-data-sybase-1.9.1-6.3.ppc.rpm mono-data-sybase-1.9.1-6.3.x86_64.rpm mono-devel-1.9.1-6.3.i586.rpm mono-devel-1.9.1-6.3.ppc.rpm mono-devel-1.9.1-6.3.x86_64.rpm mono-extras-1.9.1-6.3.i586.rpm mono-extras-1.9.1-6.3.ppc.rpm mono-extras-1.9.1-6.3.x86_64.rpm mono-jscript-1.9.1-6.3.i586.rpm mono-jscript-1.9.1-6.3.ppc.rpm mono-jscript-1.9.1-6.3.x86_64.rpm mono-locale-extras-1.9.1-6.3.i586.rpm mono-locale-extras-1.9.1-6.3.ppc.rpm mono-locale-extras-1.9.1-6.3.x86_64.rpm mono-nunit-1.9.1-6.3.i586.rpm mono-nunit-1.9.1-6.3.ppc.rpm mono-nunit-1.9.1-6.3.x86_64.rpm mono-web-1.9.1-6.3.i586.rpm mono-web-1.9.1-6.3.ppc.rpm mono-web-1.9.1-6.3.x86_64.rpm mono-winforms-1.9.1-6.3.i586.rpm mono-winforms-1.9.1-6.3.ppc.rpm mono-winforms-1.9.1-6.3.x86_64.rpm libopensc2 openSUSE 11.0 This update fixes a security issues with opensc that occurs during initializing blank smart cards with Siemens CardOS M4. It allows to set the PIN of the smart card without authorization. (CVE-2008-2235) NOTE: Already initialized cards are still vulnerable after this update. Please use the command-line tool pkcs15-tool with option --test-update and --update when necessary. libopensc2-0.11.4-37.2.i586.rpm libopensc2-0.11.4-37.2.ppc.rpm libopensc2-0.11.4-37.2.x86_64.rpm libopensc2-32bit-0.11.4-37.2.x86_64.rpm libopensc2-64bit-0.11.4-37.2.ppc.rpm opensc-0.11.4-37.2.i586.rpm opensc-0.11.4-37.2.ppc.rpm opensc-0.11.4-37.2.x86_64.rpm opensc-32bit-0.11.4-37.2.x86_64.rpm opensc-64bit-0.11.4-37.2.ppc.rpm opensc-devel-0.11.4-37.2.i586.rpm opensc-devel-0.11.4-37.2.ppc.rpm opensc-devel-0.11.4-37.2.x86_64.rpm devhelp openSUSE 11.0 Because of a missing initialization call, the port of devhelp using xulrunner 1.9 was not fully usable and crashing in various circumstances. devhelp-0.19-35.2.i586.rpm devhelp-0.19-35.2.ppc.rpm devhelp-0.19-35.2.x86_64.rpm devhelp-devel-0.19-35.2.i586.rpm devhelp-devel-0.19-35.2.ppc.rpm devhelp-devel-0.19-35.2.x86_64.rpm gcalctool openSUSE 11.0 Calculator failed to start in some locales and caused 100% CPU load instead. This update fixes this problem. gcalctool-5.22.1-22.2.i586.rpm gcalctool-5.22.1-22.2.ppc.rpm gcalctool-5.22.1-22.2.x86_64.rpm pure-ftpd openSUSE 11.0 A bug in an optimization of TCP buffers did cause a segmentation fault in any upload request. This patch fixes this. pure-ftpd-1.0.21-145.2.i586.rpm pure-ftpd-1.0.21-145.2.ppc.rpm pure-ftpd-1.0.21-145.2.x86_64.rpm gvfs openSUSE 11.0 This patch fixes multiple bugs in GNOME's virtual filesystem daemon and its FUSE compatibility layer that could cause crashes during normal operation. gvfs-0.2.3-29.2.i586.rpm gvfs-0.2.3-29.2.ppc.rpm gvfs-0.2.3-29.2.x86_64.rpm gvfs-backends-0.2.3-29.2.i586.rpm gvfs-backends-0.2.3-29.2.ppc.rpm gvfs-backends-0.2.3-29.2.x86_64.rpm gvfs-devel-0.2.3-29.2.i586.rpm gvfs-devel-0.2.3-29.2.ppc.rpm gvfs-devel-0.2.3-29.2.x86_64.rpm gvfs-fuse-0.2.3-29.2.i586.rpm gvfs-fuse-0.2.3-29.2.ppc.rpm gvfs-fuse-0.2.3-29.2.x86_64.rpm libgvfscommon0-0.2.3-29.2.i586.rpm libgvfscommon0-0.2.3-29.2.ppc.rpm libgvfscommon0-0.2.3-29.2.x86_64.rpm SuSEfirewall2 openSUSE 11.0 This update fixes a regression related to the handling of the iptables "recent" module introduced by the previous update. SuSEfirewall2-3.6_SVNr195-9.4.noarch.rpm tomcat6 openSUSE 11.0 This update of tomcat fixes another directory traversal bug which occurs when allowLinking and UTF-8 are enabled. (CVE-2008-2938) tomcat6-6.0.16-6.4.noarch.rpm tomcat6-admin-webapps-6.0.16-6.4.noarch.rpm tomcat6-docs-webapp-6.0.16-6.4.noarch.rpm tomcat6-javadoc-6.0.16-6.4.noarch.rpm tomcat6-jsp-2_1-api-6.0.16-6.4.noarch.rpm tomcat6-lib-6.0.16-6.4.noarch.rpm tomcat6-servlet-2_5-api-6.0.16-6.4.noarch.rpm tomcat6-webapps-6.0.16-6.4.noarch.rpm git openSUSE 11.0 This patch fixes several buffer overflows in some git tools, when repositories contain very long pathnames. (CVE-2008-3546) git-1.5.6-43.1.i586.rpm git-1.5.6-43.1.ppc.rpm git-1.5.6-43.1.x86_64.rpm git-arch-1.5.6-43.1.i586.rpm git-arch-1.5.6-43.1.ppc.rpm git-arch-1.5.6-43.1.x86_64.rpm git-core-1.5.6-43.1.i586.rpm git-core-1.5.6-43.1.ppc.rpm git-core-1.5.6-43.1.x86_64.rpm git-cvs-1.5.6-43.1.i586.rpm git-cvs-1.5.6-43.1.ppc.rpm git-cvs-1.5.6-43.1.x86_64.rpm git-email-1.5.6-43.1.i586.rpm git-email-1.5.6-43.1.ppc.rpm git-email-1.5.6-43.1.x86_64.rpm git-svn-1.5.6-43.1.i586.rpm git-svn-1.5.6-43.1.ppc.rpm git-svn-1.5.6-43.1.x86_64.rpm gitk-1.5.6-43.1.i586.rpm gitk-1.5.6-43.1.ppc.rpm gitk-1.5.6-43.1.x86_64.rpm kernel openSUSE 11.0 The openSUSE 11.0 kernel was updated to 2.6.25.16. It fixes various stability bugs and also security bugs. CVE-2008-1673: Fixed the range checking in the ASN.1 decoder in NAT for SNMP and CIFS, which could have been used by a remote attacker to crash the machine. CVE-2008-3276: An integer overflow flaw was found in the Linux kernel dccp_setsockopt_change() function. An attacker may leverage this vulnerability to trigger a kernel panic on a victim's machine remotely. CVE-2008-3272: The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information. CVE-2008-3275: The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories. Also lots of bugs were fixed. kernel-debug-2.6.25.16-0.1.i586.rpm 1 kernel-debug-2.6.25.16-0.1.x86_64.rpm 1 kernel-default-2.6.25.16-0.1.i586.rpm 1 kernel-default-2.6.25.16-0.1.ppc.rpm 1 kernel-default-2.6.25.16-0.1.x86_64.rpm 1 kernel-docs-2.6.25.16-0.1.noarch.rpm 1 kernel-kdump-2.6.25.16-0.1.ppc.rpm 1 kernel-pae-2.6.25.16-0.1.i586.rpm 1 kernel-ppc64-2.6.25.16-0.1.ppc.rpm 1 kernel-rt-2.6.25.16-0.1.i586.rpm 1 kernel-rt-2.6.25.16-0.1.x86_64.rpm 1 kernel-rt_debug-2.6.25.16-0.1.i586.rpm 1 kernel-source-2.6.25.16-0.1.i586.rpm 1 kernel-source-2.6.25.16-0.1.ppc.rpm 1 kernel-source-2.6.25.16-0.1.x86_64.rpm 1 kernel-syms-2.6.25.16-0.1.i586.rpm 1 kernel-syms-2.6.25.16-0.1.ppc.rpm 1 kernel-syms-2.6.25.16-0.1.x86_64.rpm 1 kernel-vanilla-2.6.25.16-0.1.i586.rpm 1 kernel-vanilla-2.6.25.16-0.1.ppc.rpm 1 kernel-vanilla-2.6.25.16-0.1.x86_64.rpm 1 kernel-xen-2.6.25.16-0.1.i586.rpm 1 kernel-xen-2.6.25.16-0.1.x86_64.rpm 1 clamav openSUSE 11.0 This version update to 0.94 fixes numerous problems including some security relevant ones (CVE-2008-3912, CVE-2008-1389, CVE-2008-3913, CVE-2008-3914). clamav-0.94-0.1.i586.rpm clamav-0.94-0.1.ppc.rpm clamav-0.94-0.1.x86_64.rpm clamav-db-0.94-0.1.i586.rpm clamav-db-0.94-0.1.ppc.rpm clamav-db-0.94-0.1.x86_64.rpm imlib2 openSUSE 11.0 This update fixes two security problems in imlib2. Specially crafted xpm files could trigger a stack based buffer overflow in imlib2 which could potentially be exploited to execute arbitrary code (CVE-2008-2426). A crash in PNM handling due to a NULL pointer dereference was fixed. imlib2-1.4.0-46.3.i586.rpm imlib2-1.4.0-46.3.ppc.rpm imlib2-1.4.0-46.3.x86_64.rpm imlib2-devel-1.4.0-46.3.i586.rpm imlib2-devel-1.4.0-46.3.ppc.rpm imlib2-devel-1.4.0-46.3.x86_64.rpm imlib2-filters-1.4.0-46.3.i586.rpm imlib2-filters-1.4.0-46.3.ppc.rpm imlib2-filters-1.4.0-46.3.x86_64.rpm imlib2-loaders-1.4.0-46.3.i586.rpm imlib2-loaders-1.4.0-46.3.ppc.rpm imlib2-loaders-1.4.0-46.3.x86_64.rpm finch openSUSE 11.0 - specially crafted MSN SLP messages could cause an integer overflow in pidgin. Attackers could potentially exploit that to execute arbitrary code (CVE-2008-2927). - overly long file names in MSN file transfers could crash pidgin (CVE-2008-2955). - SSL certifcates were not verfied. Therefore piding didn't notice faked certificates (CVE-2008-3532) Additionally a problem was fixed that prevented gaim clients from connecting to the ICQ network after a server change on July 1st 2008. finch-2.4.1-28.4.i586.rpm finch-2.4.1-28.4.ppc.rpm finch-2.4.1-28.4.x86_64.rpm finch-devel-2.4.1-28.4.i586.rpm finch-devel-2.4.1-28.4.ppc.rpm finch-devel-2.4.1-28.4.x86_64.rpm libpurple-2.4.1-28.4.i586.rpm libpurple-2.4.1-28.4.ppc.rpm libpurple-2.4.1-28.4.x86_64.rpm libpurple-devel-2.4.1-28.4.i586.rpm libpurple-devel-2.4.1-28.4.ppc.rpm libpurple-devel-2.4.1-28.4.x86_64.rpm libpurple-meanwhile-2.4.1-28.4.i586.rpm libpurple-meanwhile-2.4.1-28.4.ppc.rpm libpurple-meanwhile-2.4.1-28.4.x86_64.rpm libpurple-mono-2.4.1-28.4.i586.rpm libpurple-mono-2.4.1-28.4.ppc.rpm libpurple-mono-2.4.1-28.4.x86_64.rpm pidgin-2.4.1-28.4.i586.rpm pidgin-2.4.1-28.4.ppc.rpm pidgin-2.4.1-28.4.x86_64.rpm pidgin-devel-2.4.1-28.4.i586.rpm pidgin-devel-2.4.1-28.4.ppc.rpm pidgin-devel-2.4.1-28.4.x86_64.rpm MozillaThunderbird openSUSE 11.0 Mozilla Thunderbird was updated to 2.0.0.16. MFSA 2008-34 / CVE-2008-2785: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla CSS reference counting code. The vulnerability was caused by an insufficiently sized variable being used as a reference counter for CSS objects. By creating a very large number of references to a common CSS object, this counter could be overflowed which could cause a crash when the browser attempts to free the CSS object while still in use. An attacker could use this crash to run arbitrary code on the victim's computer MozillaThunderbird-2.0.0.16-0.1.i586.rpm MozillaThunderbird-2.0.0.16-0.1.ppc.rpm MozillaThunderbird-2.0.0.16-0.1.x86_64.rpm MozillaThunderbird-devel-2.0.0.16-0.1.i586.rpm MozillaThunderbird-devel-2.0.0.16-0.1.ppc.rpm MozillaThunderbird-devel-2.0.0.16-0.1.x86_64.rpm MozillaThunderbird-translations-2.0.0.16-0.1.i586.rpm MozillaThunderbird-translations-2.0.0.16-0.1.ppc.rpm MozillaThunderbird-translations-2.0.0.16-0.1.x86_64.rpm seamonkey openSUSE 11.0 Seamonkey was updated to version 1.1.11. Problems fixed in the 1.1.11 update: CVE-2008-2785 MFSA 2008-34: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla's internal CSSValue array data structure. The vulnerability was caused by an insufficiently sized variable being used as a reference counter for CSS objects. By creating a very large number of references to a common CSS object, this counter could be overflowed which could cause a crash when the browser attempts to free the CSS object while still in use. An attacker could use this crash to run arbitrary code on the victim's computer. Problems fixed in the 1.1.10 update: CVE-2008-2811 MFSA 2008-33: Security research firm Astabis reported a vulnerability in Firefox 2 submitted through the iSIGHT Partners GVP Program by Greg McManus, Primary GVP Researcher. The reported crash in Mozilla's block reflow code could be used by an attacker to crash the browser and run arbitrary code on the victim's computer. CVE-2008-2810 MFSA-2008-32: Mozilla community member Geoff reported a vulnerability in the way Mozilla opens URL files sent directly to the browser. He demonstrated that such files were opened with local file privileges, giving the remote content access to read from the local filesystem. If a user opened a bookmark to a malicious page in this manner, the page could potentially read from other local files on the user's computer. CVE-2008-2809 MFSA-2008-31: Mozilla developer John G. Myers reported a weakness in the trust model used by Mozilla regarding alternate names on self-signed certificates. A user could be prompted to accept a self-signed certificate from a website which includes alt-name entries. If the user accepted the certificate, they would also extend trust to any alternate domains listed in the certificate, despite not being prompted about the additional domains. This technique could be used by an attacker to impersonate another server. CVE-2008-2808 MFSA-2008-30: Mozilla contributor Masahiro Yamada reported that file URLs in directory listings were not being HTML escaped properly when the filenames contained particular characters. This resulted in files from directory listings being opened in unintended ways or files not being able to be opened by the browser altogether. CVE-2008-2807 MFSA-2008-29: Mozilla developer Daniel Glazman demonstrated that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. This could potentially result in small chunks of data from other programs being exposed in the browser. CVE-2008-2806 MFSA-2008-28: Security researcher Gregory Fleischer reported a vulnerability in the way Mozilla indicates the origin of a document to the Java plugin. This vulnerability could allow a malicious Java applet to bypass the same-origin policy and create arbitrary socket connections to other domains. CVE-2008-2805 MFSA-2008-27: Opera developer Claudio Santambrogio reported a vulnerability which allows malicious content to force the browser into uploading local files to the remote server. This could be used by an attacker to steal arbitrary files from a victim's computer. MFSA-2008-26: As a follow-up to vulnerability reported in MFSA 2008-12 Mozilla has checked similar constructs in the rest of the MIME handling code. Although no further buffer overflows were found we changed several function calls to use safer versions of the string routines that will be more robust in the face of future code changes. CVE-2008-2803 MFSA-2008-25: Mozilla contributor moz_bug_r_a4 reported a vulnerability which allows arbitrary JavaScript to be executed with chrome privileges. The privilege escalation was possible because JavaScript loaded via mozIJSSubScriptLoader.loadSubScript() was not using XPCNativeWrappers when accessing content. This could allow an attacker to overwrite trusted objects with arbitrary code which would be executed with chrome privileges when the trusted objects were called by the browser. CVE-2008-2802 MFSA-2008-24: Mozilla contributor moz_bug_r_a4 reported a vulnerability that allowed non-priviliged XUL documents to load chrome scripts from the fastload file. This could allow an attacker to run arbitrary JavaScript code with chrome privileges. CVE-2008-2801 MFSA-2008-23: Security researcher Collin Jackson reported a series of vulnerabilities which allow JavaScript to be injected into signed JARs and executed under the context of the JAR's signer. This could allow an attacker to run JavaScript in a victim's browser with the privileges of a different website, provided the attacker possesses a JAR signed by the other website. CVE-2008-2800 MFSA-2008-22: Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities which allow scripts from one document to be executed in the context of a different document. These vulnerabilities could be used by an attacker to violate the same-origin policy and perform an XSS attack. CVE-2008-2798 CVE-2008-2799 MFSA-2008-21: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. seamonkey-1.1.11-3.1.i586.rpm seamonkey-1.1.11-3.1.ppc.rpm seamonkey-1.1.11-3.1.x86_64.rpm seamonkey-dom-inspector-1.1.11-3.1.i586.rpm seamonkey-dom-inspector-1.1.11-3.1.ppc.rpm seamonkey-dom-inspector-1.1.11-3.1.x86_64.rpm seamonkey-irc-1.1.11-3.1.i586.rpm seamonkey-irc-1.1.11-3.1.ppc.rpm seamonkey-irc-1.1.11-3.1.x86_64.rpm seamonkey-mail-1.1.11-3.1.i586.rpm seamonkey-mail-1.1.11-3.1.ppc.rpm seamonkey-mail-1.1.11-3.1.x86_64.rpm seamonkey-spellchecker-1.1.11-3.1.i586.rpm seamonkey-spellchecker-1.1.11-3.1.ppc.rpm seamonkey-spellchecker-1.1.11-3.1.x86_64.rpm seamonkey-venkman-1.1.11-3.1.i586.rpm seamonkey-venkman-1.1.11-3.1.ppc.rpm seamonkey-venkman-1.1.11-3.1.x86_64.rpm emacs openSUSE 11.0 When editing Python files Emacs accidently imported other Python script in the current directory (CVE-2008-3949). emacs-22.2-24.2.i586.rpm emacs-22.2-24.2.ppc.rpm emacs-22.2-24.2.x86_64.rpm emacs-el-22.2-24.2.i586.rpm emacs-el-22.2-24.2.ppc.rpm emacs-el-22.2-24.2.x86_64.rpm emacs-info-22.2-24.2.i586.rpm emacs-info-22.2-24.2.ppc.rpm emacs-info-22.2-24.2.x86_64.rpm emacs-nox-22.2-24.2.i586.rpm emacs-nox-22.2-24.2.ppc.rpm emacs-nox-22.2-24.2.x86_64.rpm emacs-x11-22.2-24.2.i586.rpm emacs-x11-22.2-24.2.ppc.rpm emacs-x11-22.2-24.2.x86_64.rpm libxml2 openSUSE 11.0 Specially crafted xml files could cause a crash or a heap based buffer overlow in libxml2 (CVE-2008-3281, CVE-2008-3529). libxml2-2.6.32-11.3.i586.rpm libxml2-2.6.32-11.3.ppc.rpm libxml2-2.6.32-11.3.x86_64.rpm libxml2-32bit-2.6.32-11.3.x86_64.rpm libxml2-64bit-2.6.32-11.3.ppc.rpm libxml2-devel-2.6.32-11.3.i586.rpm libxml2-devel-2.6.32-11.3.ppc.rpm libxml2-devel-2.6.32-11.3.x86_64.rpm libxml2-devel-32bit-2.6.32-11.3.x86_64.rpm libxml2-devel-64bit-2.6.32-11.3.ppc.rpm libxml2-doc-2.6.32-11.3.i586.rpm libxml2-doc-2.6.32-11.3.ppc.rpm libxml2-doc-2.6.32-11.3.x86_64.rpm aufs openSUSE 11.0 The aufs kernel module did not support weak updates on kernel updates, which caused aufs-cvs20080429-13.2.i586.rpm aufs-cvs20080429-13.2.ppc.rpm aufs-cvs20080429-13.2.x86_64.rpm aufs-kmp-debug-cvs20080429_2.6.25.16_0.1-13.2.i586.rpm aufs-kmp-debug-cvs20080429_2.6.25.16_0.1-13.2.x86_64.rpm aufs-kmp-default-cvs20080429_2.6.25.16_0.1-13.2.i586.rpm aufs-kmp-default-cvs20080429_2.6.25.16_0.1-13.2.ppc.rpm aufs-kmp-default-cvs20080429_2.6.25.16_0.1-13.2.x86_64.rpm aufs-kmp-pae-cvs20080429_2.6.25.16_0.1-13.2.i586.rpm aufs-kmp-ppc64-cvs20080429_2.6.25.16_0.1-13.2.ppc.rpm aufs-kmp-xen-cvs20080429_2.6.25.16_0.1-13.2.i586.rpm aufs-kmp-xen-cvs20080429_2.6.25.16_0.1-13.2.x86_64.rpm apache2-mod_php5 openSUSE 11.0 CVE-2008-3658, CVE-2008-3659 and CVE-2008-3660 have been fixed in the php5 update. apache2-mod_php5-5.2.6-0.4.i586.rpm apache2-mod_php5-5.2.6-0.4.ppc.rpm apache2-mod_php5-5.2.6-0.4.x86_64.rpm php5-5.2.6-0.4.i586.rpm php5-5.2.6-0.4.ppc.rpm php5-5.2.6-0.4.x86_64.rpm php5-bcmath-5.2.6-0.4.i586.rpm php5-bcmath-5.2.6-0.4.ppc.rpm php5-bcmath-5.2.6-0.4.x86_64.rpm php5-bz2-5.2.6-0.4.i586.rpm php5-bz2-5.2.6-0.4.ppc.rpm php5-bz2-5.2.6-0.4.x86_64.rpm php5-calendar-5.2.6-0.4.i586.rpm php5-calendar-5.2.6-0.4.ppc.rpm php5-calendar-5.2.6-0.4.x86_64.rpm php5-ctype-5.2.6-0.4.i586.rpm php5-ctype-5.2.6-0.4.ppc.rpm php5-ctype-5.2.6-0.4.x86_64.rpm php5-curl-5.2.6-0.4.i586.rpm php5-curl-5.2.6-0.4.ppc.rpm php5-curl-5.2.6-0.4.x86_64.rpm php5-dba-5.2.6-0.4.i586.rpm php5-dba-5.2.6-0.4.ppc.rpm php5-dba-5.2.6-0.4.x86_64.rpm php5-dbase-5.2.6-0.4.i586.rpm php5-dbase-5.2.6-0.4.ppc.rpm php5-dbase-5.2.6-0.4.x86_64.rpm php5-devel-5.2.6-0.4.i586.rpm php5-devel-5.2.6-0.4.ppc.rpm php5-devel-5.2.6-0.4.x86_64.rpm php5-dom-5.2.6-0.4.i586.rpm php5-dom-5.2.6-0.4.ppc.rpm php5-dom-5.2.6-0.4.x86_64.rpm php5-exif-5.2.6-0.4.i586.rpm php5-exif-5.2.6-0.4.ppc.rpm php5-exif-5.2.6-0.4.x86_64.rpm php5-fastcgi-5.2.6-0.4.i586.rpm php5-fastcgi-5.2.6-0.4.ppc.rpm php5-fastcgi-5.2.6-0.4.x86_64.rpm php5-ftp-5.2.6-0.4.i586.rpm php5-ftp-5.2.6-0.4.ppc.rpm php5-ftp-5.2.6-0.4.x86_64.rpm php5-gd-5.2.6-0.4.i586.rpm php5-gd-5.2.6-0.4.ppc.rpm php5-gd-5.2.6-0.4.x86_64.rpm php5-gettext-5.2.6-0.4.i586.rpm php5-gettext-5.2.6-0.4.ppc.rpm php5-gettext-5.2.6-0.4.x86_64.rpm php5-gmp-5.2.6-0.4.i586.rpm php5-gmp-5.2.6-0.4.ppc.rpm php5-gmp-5.2.6-0.4.x86_64.rpm php5-hash-5.2.6-0.4.i586.rpm php5-hash-5.2.6-0.4.ppc.rpm php5-hash-5.2.6-0.4.x86_64.rpm php5-iconv-5.2.6-0.4.i586.rpm php5-iconv-5.2.6-0.4.ppc.rpm php5-iconv-5.2.6-0.4.x86_64.rpm php5-imap-5.2.6-0.4.i586.rpm php5-imap-5.2.6-0.4.ppc.rpm php5-imap-5.2.6-0.4.x86_64.rpm php5-json-5.2.6-0.4.i586.rpm php5-json-5.2.6-0.4.ppc.rpm php5-json-5.2.6-0.4.x86_64.rpm php5-ldap-5.2.6-0.4.i586.rpm php5-ldap-5.2.6-0.4.ppc.rpm php5-ldap-5.2.6-0.4.x86_64.rpm php5-mbstring-5.2.6-0.4.i586.rpm php5-mbstring-5.2.6-0.4.ppc.rpm php5-mbstring-5.2.6-0.4.x86_64.rpm php5-mcrypt-5.2.6-0.4.i586.rpm php5-mcrypt-5.2.6-0.4.ppc.rpm php5-mcrypt-5.2.6-0.4.x86_64.rpm php5-mysql-5.2.6-0.4.i586.rpm php5-mysql-5.2.6-0.4.ppc.rpm php5-mysql-5.2.6-0.4.x86_64.rpm php5-ncurses-5.2.6-0.4.i586.rpm php5-ncurses-5.2.6-0.4.ppc.rpm php5-ncurses-5.2.6-0.4.x86_64.rpm php5-odbc-5.2.6-0.4.i586.rpm php5-odbc-5.2.6-0.4.ppc.rpm php5-odbc-5.2.6-0.4.x86_64.rpm php5-openssl-5.2.6-0.4.i586.rpm php5-openssl-5.2.6-0.4.ppc.rpm php5-openssl-5.2.6-0.4.x86_64.rpm php5-pcntl-5.2.6-0.4.i586.rpm php5-pcntl-5.2.6-0.4.ppc.rpm php5-pcntl-5.2.6-0.4.x86_64.rpm php5-pdo-5.2.6-0.4.i586.rpm php5-pdo-5.2.6-0.4.ppc.rpm php5-pdo-5.2.6-0.4.x86_64.rpm php5-pear-5.2.6-0.4.i586.rpm php5-pear-5.2.6-0.4.ppc.rpm php5-pear-5.2.6-0.4.x86_64.rpm php5-pgsql-5.2.6-0.4.i586.rpm php5-pgsql-5.2.6-0.4.ppc.rpm php5-pgsql-5.2.6-0.4.x86_64.rpm php5-posix-5.2.6-0.4.i586.rpm php5-posix-5.2.6-0.4.ppc.rpm php5-posix-5.2.6-0.4.x86_64.rpm php5-pspell-5.2.6-0.4.i586.rpm php5-pspell-5.2.6-0.4.ppc.rpm php5-pspell-5.2.6-0.4.x86_64.rpm php5-readline-5.2.6-0.4.i586.rpm php5-readline-5.2.6-0.4.ppc.rpm php5-readline-5.2.6-0.4.x86_64.rpm php5-shmop-5.2.6-0.4.i586.rpm php5-shmop-5.2.6-0.4.ppc.rpm php5-shmop-5.2.6-0.4.x86_64.rpm php5-snmp-5.2.6-0.4.i586.rpm php5-snmp-5.2.6-0.4.ppc.rpm php5-snmp-5.2.6-0.4.x86_64.rpm php5-soap-5.2.6-0.4.i586.rpm php5-soap-5.2.6-0.4.ppc.rpm php5-soap-5.2.6-0.4.x86_64.rpm php5-sockets-5.2.6-0.4.i586.rpm php5-sockets-5.2.6-0.4.ppc.rpm php5-sockets-5.2.6-0.4.x86_64.rpm php5-sqlite-5.2.6-0.4.i586.rpm php5-sqlite-5.2.6-0.4.ppc.rpm php5-sqlite-5.2.6-0.4.x86_64.rpm php5-suhosin-5.2.6-0.4.i586.rpm php5-suhosin-5.2.6-0.4.ppc.rpm php5-suhosin-5.2.6-0.4.x86_64.rpm php5-sysvmsg-5.2.6-0.4.i586.rpm php5-sysvmsg-5.2.6-0.4.ppc.rpm php5-sysvmsg-5.2.6-0.4.x86_64.rpm php5-sysvsem-5.2.6-0.4.i586.rpm php5-sysvsem-5.2.6-0.4.ppc.rpm php5-sysvsem-5.2.6-0.4.x86_64.rpm php5-sysvshm-5.2.6-0.4.i586.rpm php5-sysvshm-5.2.6-0.4.ppc.rpm php5-sysvshm-5.2.6-0.4.x86_64.rpm php5-tidy-5.2.6-0.4.i586.rpm php5-tidy-5.2.6-0.4.ppc.rpm php5-tidy-5.2.6-0.4.x86_64.rpm php5-tokenizer-5.2.6-0.4.i586.rpm php5-tokenizer-5.2.6-0.4.ppc.rpm php5-tokenizer-5.2.6-0.4.x86_64.rpm php5-wddx-5.2.6-0.4.i586.rpm php5-wddx-5.2.6-0.4.ppc.rpm php5-wddx-5.2.6-0.4.x86_64.rpm php5-xmlreader-5.2.6-0.4.i586.rpm php5-xmlreader-5.2.6-0.4.ppc.rpm php5-xmlreader-5.2.6-0.4.x86_64.rpm php5-xmlrpc-5.2.6-0.4.i586.rpm php5-xmlrpc-5.2.6-0.4.ppc.rpm php5-xmlrpc-5.2.6-0.4.x86_64.rpm php5-xmlwriter-5.2.6-0.4.i586.rpm php5-xmlwriter-5.2.6-0.4.ppc.rpm php5-xmlwriter-5.2.6-0.4.x86_64.rpm php5-xsl-5.2.6-0.4.i586.rpm php5-xsl-5.2.6-0.4.ppc.rpm php5-xsl-5.2.6-0.4.x86_64.rpm php5-zip-5.2.6-0.4.i586.rpm php5-zip-5.2.6-0.4.ppc.rpm php5-zip-5.2.6-0.4.x86_64.rpm php5-zlib-5.2.6-0.4.i586.rpm php5-zlib-5.2.6-0.4.ppc.rpm php5-zlib-5.2.6-0.4.x86_64.rpm postfix openSUSE 11.0 When exectuting external programs postfix didn't close the file descriptor of the epoll system call. This could potentially be exploited to shutdown postfix (CVE-2008-3889). postfix-2.5.1-28.5.i586.rpm postfix-2.5.1-28.5.ppc.rpm postfix-2.5.1-28.5.x86_64.rpm postfix-devel-2.5.1-28.5.i586.rpm postfix-devel-2.5.1-28.5.ppc.rpm postfix-devel-2.5.1-28.5.x86_64.rpm postfix-mysql-2.5.1-28.5.i586.rpm postfix-mysql-2.5.1-28.5.ppc.rpm postfix-mysql-2.5.1-28.5.x86_64.rpm postfix-postgresql-2.5.1-28.5.i586.rpm postfix-postgresql-2.5.1-28.5.ppc.rpm postfix-postgresql-2.5.1-28.5.x86_64.rpm aide openSUSE 11.0 Aide was configured incorrectly with signature protection but without signature, so its database was not accessible and could not work. aide-0.13.1-20.2.i586.rpm aide-0.13.1-20.2.ppc.rpm aide-0.13.1-20.2.x86_64.rpm klamav openSUSE 11.0 clamav has been updated due to security problems. The version number of the clamav library has been changed with that update. Therefore programs like klamav that are linked against libclamav need to be updated as well. klamav-0.42-54.1.i586.rpm klamav-0.42-54.1.ppc.rpm klamav-0.42-54.1.x86_64.rpm uvcvideo-kmp-bigsmp openSUSE 11.0 The kernel driver uvcvideo was vulnerable to a buffer overflow in format descriptor parsing. (CVE-2008-3496) uvcvideo-kmp-debug-r200_2.6.25.11_0.1-2.4.i586.rpm uvcvideo-kmp-debug-r200_2.6.25.11_0.1-2.4.x86_64.rpm uvcvideo-kmp-default-r200_2.6.25.11_0.1-2.4.i586.rpm uvcvideo-kmp-default-r200_2.6.25.11_0.1-2.4.ppc.rpm uvcvideo-kmp-default-r200_2.6.25.11_0.1-2.4.x86_64.rpm uvcvideo-kmp-pae-r200_2.6.25.11_0.1-2.4.i586.rpm uvcvideo-kmp-ppc64-r200_2.6.25.11_0.1-2.4.ppc.rpm uvcvideo-kmp-xen-r200_2.6.25.11_0.1-2.4.i586.rpm uvcvideo-kmp-xen-r200_2.6.25.11_0.1-2.4.x86_64.rpm pam_mount openSUSE 11.0 pam_mount allowed users to mount arbitrary devices to any directory when the 'luserconf' configuration directive was set (CVE-2008-3970). pam_mount-0.35-15.2.i586.rpm pam_mount-0.35-15.2.ppc.rpm pam_mount-0.35-15.2.x86_64.rpm pam_mount-32bit-0.35-15.2.x86_64.rpm pam_mount-64bit-0.35-15.2.ppc.rpm libopensc2 openSUSE 11.0 This update fixes a security issues with opensc that occured when initializing blank smart cards with Siemens CardOS M4. After the initialization anyone could set the PIN of the smart card without authorization (CVE-2008-2235). NOTE: Already initialized cards are still vulnerable after this update. Please use the command-line tool pkcs15-tool with option --test-update and --update when necessary. Please find more information at http://www.opensc-project.org/security.html This is the second attempt to fix this problem. The previous update was unforunately incomplete. libopensc2-0.11.4-37.4.i586.rpm libopensc2-0.11.4-37.4.ppc.rpm libopensc2-0.11.4-37.4.x86_64.rpm libopensc2-32bit-0.11.4-37.4.x86_64.rpm libopensc2-64bit-0.11.4-37.4.ppc.rpm opensc-0.11.4-37.4.i586.rpm opensc-0.11.4-37.4.ppc.rpm opensc-0.11.4-37.4.x86_64.rpm opensc-32bit-0.11.4-37.4.x86_64.rpm opensc-64bit-0.11.4-37.4.ppc.rpm opensc-devel-0.11.4-37.4.i586.rpm opensc-devel-0.11.4-37.4.ppc.rpm opensc-devel-0.11.4-37.4.x86_64.rpm klamav openSUSE 11.0 clamav has been updated due to security problems. The version number of the clamav library has been changed with that update. Therefore programs like klamav that are linked against libclamav need to be updated as well. klamav-0.42-54.3.i586.rpm klamav-0.42-54.3.ppc.rpm klamav-0.42-54.3.x86_64.rpm libQtWebKit-devel openSUSE 11.0 A flaw in the CSS loader of the WebKit engine could crash programs and potentially allows execution of arbitrary code (CVE-2008-3632). This update also fixes unrelated problems with printing. libQtWebKit-devel-4.4.0-12.3.i586.rpm libQtWebKit-devel-4.4.0-12.3.ppc.rpm libQtWebKit-devel-4.4.0-12.3.x86_64.rpm libQtWebKit4-4.4.0-12.3.i586.rpm libQtWebKit4-4.4.0-12.3.ppc.rpm libQtWebKit4-4.4.0-12.3.x86_64.rpm libqt4-4.4.0-12.4.i586.rpm libqt4-4.4.0-12.4.ppc.rpm libqt4-4.4.0-12.4.x86_64.rpm libqt4-32bit-4.4.0-12.4.x86_64.rpm libqt4-64bit-4.4.0-12.4.ppc.rpm libqt4-devel-4.4.0-12.4.i586.rpm libqt4-devel-4.4.0-12.4.ppc.rpm libqt4-devel-4.4.0-12.4.x86_64.rpm libqt4-devel-doc-4.4.0-12.3.i586.rpm libqt4-devel-doc-4.4.0-12.3.ppc.rpm libqt4-devel-doc-4.4.0-12.3.x86_64.rpm libqt4-qt3support-4.4.0-12.4.i586.rpm libqt4-qt3support-4.4.0-12.4.ppc.rpm libqt4-qt3support-4.4.0-12.4.x86_64.rpm libqt4-qt3support-32bit-4.4.0-12.4.x86_64.rpm libqt4-qt3support-64bit-4.4.0-12.4.ppc.rpm libqt4-sql-4.4.0-12.4.i586.rpm libqt4-sql-4.4.0-12.4.ppc.rpm libqt4-sql-4.4.0-12.4.x86_64.rpm libqt4-sql-32bit-4.4.0-12.4.x86_64.rpm libqt4-sql-64bit-4.4.0-12.4.ppc.rpm libqt4-sql-sqlite-4.4.0-12.4.i586.rpm libqt4-sql-sqlite-4.4.0-12.4.ppc.rpm libqt4-sql-sqlite-4.4.0-12.4.x86_64.rpm libqt4-x11-4.4.0-12.4.i586.rpm libqt4-x11-4.4.0-12.4.ppc.rpm libqt4-x11-4.4.0-12.4.x86_64.rpm libqt4-x11-32bit-4.4.0-12.4.x86_64.rpm libqt4-x11-64bit-4.4.0-12.4.ppc.rpm qt4-x11-tools-4.4.0-12.3.i586.rpm qt4-x11-tools-4.4.0-12.3.ppc.rpm qt4-x11-tools-4.4.0-12.3.x86_64.rpm WebKitGtk openSUSE 11.0 A flaw in the CSS loader of the WebKit engine could crash programs and potentially allows execution of arbitrary code (CVE-2008-3632). WebKitGtk-1.0.29509-49.2.i586.rpm WebKitGtk-1.0.29509-49.2.ppc.rpm WebKitGtk-1.0.29509-49.2.x86_64.rpm WebKitGtk-devel-1.0.29509-49.2.i586.rpm WebKitGtk-devel-1.0.29509-49.2.ppc.rpm WebKitGtk-devel-1.0.29509-49.2.x86_64.rpm libWebKitGtk0-1.0.29509-49.2.i586.rpm libWebKitGtk0-1.0.29509-49.2.ppc.rpm libWebKitGtk0-1.0.29509-49.2.x86_64.rpm bluez-audio openSUSE 11.0 Missing length checks in bluez-libs could cause a buffer overflow in Bluetooth applications. Malicious bluetooth devices could potentially exploit that to execute arbitrary code (CVE-2008-2374). Note: The source code of each application that uses vulnerable functions of bluez-libs needs to be adapted to actually fix the problem. bluez-audio-3.32-8.2.i586.rpm bluez-cups-3.32-8.2.i586.rpm bluez-cups-3.32-8.2.ppc.rpm bluez-cups-3.32-8.2.x86_64.rpm bluez-libs-3.32-3.2.i586.rpm bluez-libs-3.32-3.2.ppc.rpm bluez-libs-3.32-3.2.x86_64.rpm bluez-test-3.32-8.2.i586.rpm bluez-test-3.32-8.2.ppc.rpm bluez-test-3.32-8.2.x86_64.rpm bluez-utils-3.32-8.2.i586.rpm bluez-utils-3.32-8.2.ppc.rpm bluez-utils-3.32-8.2.x86_64.rpm obex-data-server-0.3-26.2.i586.rpm obex-data-server-0.3-26.2.ppc.rpm obex-data-server-0.3-26.2.x86_64.rpm xgl openSUSE 11.0 This update fixes multiple vulnerabilities reported by iDefense for the included X server: - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption xgl-git_071026-79.3.i586.rpm xgl-git_071026-79.3.ppc.rpm xgl-git_071026-79.3.x86_64.rpm yast2-pkg-bindings openSUSE 11.0 The one click installer for 11.0/x86_64 selected packages for i586 if they had a higher release number than the one in x86_64 (bnc#413150). The problem with setting priorities greater than 99 in the repository manager has been also fixed (bnc#402135). yast2-pkg-bindings-2.16.41-0.1.i586.rpm yast2-pkg-bindings-2.16.41-0.1.ppc.rpm yast2-pkg-bindings-2.16.41-0.1.x86_64.rpm dhcpcd openSUSE 11.0 A suse specific patch caused dhcpcd to re-read lease files incorrectly. The patch also adds documentation about extended DHCP queries being sent by our dhcpcd (bnc#423145). dhcpcd-3.2.3-6.3.i586.rpm dhcpcd-3.2.3-6.3.ppc.rpm dhcpcd-3.2.3-6.3.x86_64.rpm gnome-main-menu openSUSE 11.0 This makes gnome-main-menu not do thumbnailing by itself anymore, as the thumbnail creation process would halt main-menu for as long as thumbnails were being generated. Instead, we now rely on Nautilus to generate thumbnails for the user's files. gnome-main-menu-0.9.10-30.2.i586.rpm gnome-main-menu-0.9.10-30.2.ppc.rpm gnome-main-menu-0.9.10-30.2.x86_64.rpm gnome-main-menu-devel-0.9.10-30.2.i586.rpm gnome-main-menu-devel-0.9.10-30.2.ppc.rpm gnome-main-menu-devel-0.9.10-30.2.x86_64.rpm nautilus-gnome-main-menu-0.9.10-30.2.i586.rpm nautilus-gnome-main-menu-0.9.10-30.2.ppc.rpm nautilus-gnome-main-menu-0.9.10-30.2.x86_64.rpm GraphicsMagick openSUSE 11.0 Specially crafted image files could crash GraphicsMagick (CVE-2008-3134). GraphicsMagick-1.1.11-29.2.i586.rpm GraphicsMagick-1.1.11-29.2.ppc.rpm GraphicsMagick-1.1.11-29.2.x86_64.rpm GraphicsMagick-devel-1.1.11-29.2.i586.rpm GraphicsMagick-devel-1.1.11-29.2.ppc.rpm GraphicsMagick-devel-1.1.11-29.2.x86_64.rpm libGraphicsMagick++-devel-1.1.11-29.2.i586.rpm libGraphicsMagick++-devel-1.1.11-29.2.ppc.rpm libGraphicsMagick++-devel-1.1.11-29.2.x86_64.rpm libGraphicsMagick++1-1.1.11-29.2.i586.rpm libGraphicsMagick++1-1.1.11-29.2.ppc.rpm libGraphicsMagick++1-1.1.11-29.2.x86_64.rpm libGraphicsMagick1-1.1.11-29.2.i586.rpm libGraphicsMagick1-1.1.11-29.2.ppc.rpm libGraphicsMagick1-1.1.11-29.2.x86_64.rpm libGraphicsMagickWand0-1.1.11-29.2.i586.rpm libGraphicsMagickWand0-1.1.11-29.2.ppc.rpm libGraphicsMagickWand0-1.1.11-29.2.x86_64.rpm perl-GraphicsMagick-1.1.11-29.2.i586.rpm perl-GraphicsMagick-1.1.11-29.2.ppc.rpm perl-GraphicsMagick-1.1.11-29.2.x86_64.rpm mercurial openSUSE 11.0 The hgweb script didn't enforce the 'allowpull' permission setting which allowed anyone to retrieve files from the repository (CVE-2008-4297) mercurial-1.0-30.4.i586.rpm mercurial-1.0-30.4.ppc.rpm mercurial-1.0-30.4.x86_64.rpm digikam openSUSE 11.0 This patch resolves a race condition in Digikam's photo download code that could cause loss of pictures. The download code now uses unique pathnames for each photo's temporary file during download, preventing overwrites. digikam-0.9.3-70.2.i586.rpm digikam-0.9.3-70.2.ppc.rpm digikam-0.9.3-70.2.x86_64.rpm digikamimageplugins-0.9.3-70.2.i586.rpm digikamimageplugins-0.9.3-70.2.ppc.rpm digikamimageplugins-0.9.3-70.2.x86_64.rpm digikamimageplugins-superimpose-0.9.3-70.2.i586.rpm digikamimageplugins-superimpose-0.9.3-70.2.ppc.rpm digikamimageplugins-superimpose-0.9.3-70.2.x86_64.rpm libdigikam-devel-0.9.3-70.2.i586.rpm libdigikam-devel-0.9.3-70.2.ppc.rpm libdigikam-devel-0.9.3-70.2.x86_64.rpm yast2-pkg-bindings openSUSE 11.0 The one click installer for 11.0/x86_64 selected packages for i586 if they had a higher release number than the one in x86_64 (bnc#413150). The problem with setting priorities greater than 99 in the repository manager has been also fixed (bnc#402135). yast2-pkg-bindings-2.16.41-0.3.i586.rpm yast2-pkg-bindings-2.16.41-0.3.ppc.rpm yast2-pkg-bindings-2.16.41-0.3.x86_64.rpm yast2-pkg-bindings-devel-doc-2.16.41-0.3.noarch.rpm MozillaFirefox openSUSE 11.0 This update brings MozillaFirefox to version 3.0.3, fixing a number of bugs and security problems: MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters stripped from JavaScript before execution CVE-2008-4065: Stripped BOM characters bug CVE-2008-4066: HTML escaped low surrogates bug MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17): CVE-2008-4061: Jesse Ruderman reported a crash in the layout engine. CVE-2008-4062: Igor Bukanov, Philip Taylor, Georgi Guninski, and Antoine Labour reported crashes in the JavaScript engine. CVE-2008-4063: Jesse Ruderman, Bob Clary, and Martijn Wargers reported crashes in the layout engine which only affected Firefox 3. CVE-2008-4064: David Maciejak and Drew Yao reported crashes in graphics rendering which only affected Firefox 3. MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution CVE-2008-4058: XPCnativeWrapper pollution bugs CVE-2008-4059: XPCnativeWrapper pollution (Firefox 2) CVE-2008-4060: Documents without script handling objects MFSA 2008-40 / CVE-2008-3837: Forced mouse drag MozillaFirefox-3.0.3-1.1.i586.rpm MozillaFirefox-3.0.3-1.1.ppc.rpm MozillaFirefox-3.0.3-1.1.x86_64.rpm MozillaFirefox-translations-3.0.3-1.1.i586.rpm MozillaFirefox-translations-3.0.3-1.1.ppc.rpm MozillaFirefox-translations-3.0.3-1.1.x86_64.rpm mozilla-xulrunner190 openSUSE 11.0 This update brings the mozilla-xulrunner190 engine to version 1.9.0.3, fixing a number of bugs and security problems: MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters stripped from JavaScript before execution CVE-2008-4065: Stripped BOM characters bug CVE-2008-4066: HTML escaped low surrogates bug MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17): CVE-2008-4061: Jesse Ruderman reported a crash in the layout engine. CVE-2008-4062: Igor Bukanov, Philip Taylor, Georgi Guninski, and Antoine Labour reported crashes in the JavaScript engine. CVE-2008-4063: Jesse Ruderman, Bob Clary, and Martijn Wargers reported crashes in the layout engine which only affected Firefox 3. CVE-2008-4064: David Maciejak and Drew Yao reported crashes in graphics rendering which only affected Firefox 3. MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution CVE-2008-4058: XPCnativeWrapper pollution bugs CVE-2008-4059: XPCnativeWrapper pollution (Firefox 2) CVE-2008-4060: Documents without script handling objects MFSA 2008-40 / CVE-2008-3837: Forced mouse drag mozilla-xulrunner190-1.9.0.3-1.1.i586.rpm mozilla-xulrunner190-1.9.0.3-1.1.ppc.rpm mozilla-xulrunner190-1.9.0.3-1.1.x86_64.rpm mozilla-xulrunner190-32bit-1.9.0.3-1.1.x86_64.rpm mozilla-xulrunner190-64bit-1.9.0.3-1.1.ppc.rpm mozilla-xulrunner190-devel-1.9.0.3-1.1.i586.rpm mozilla-xulrunner190-devel-1.9.0.3-1.1.ppc.rpm mozilla-xulrunner190-devel-1.9.0.3-1.1.x86_64.rpm mozilla-xulrunner190-gnomevfs-1.9.0.3-1.1.i586.rpm mozilla-xulrunner190-gnomevfs-1.9.0.3-1.1.ppc.rpm mozilla-xulrunner190-gnomevfs-1.9.0.3-1.1.x86_64.rpm mozilla-xulrunner190-gnomevfs-32bit-1.9.0.3-1.1.x86_64.rpm mozilla-xulrunner190-gnomevfs-64bit-1.9.0.3-1.1.ppc.rpm mozilla-xulrunner190-translations-1.9.0.3-1.1.i586.rpm mozilla-xulrunner190-translations-1.9.0.3-1.1.ppc.rpm mozilla-xulrunner190-translations-1.9.0.3-1.1.x86_64.rpm mozilla-xulrunner190-translations-32bit-1.9.0.3-1.1.x86_64.rpm mozilla-xulrunner190-translations-64bit-1.9.0.3-1.1.ppc.rpm MozillaThunderbird openSUSE 11.0 This update brings Mozilla Thunderbird to version 2.0.0.17. It contains the following security fixes: MFSA 2008-46 / CVE-2008-4070: Heap overflow when canceling a newsgroup message MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters stripped from JavaScript before execution CVE-2008-4065: Stripped BOM characters bug CVE-2008-4066: HTML escaped low surrogates bug MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17): CVE-2008-4061: Jesse Ruderman reported a crash in the layout engine. CVE-2008-4062: Igor Bukanov, Philip Taylor, Georgi Guninski, and Antoine Labour reported crashes in the JavaScript engine. CVE-2008-4063: Jesse Ruderman, Bob Clary, and Martijn Wargers reported crashes in the layout engine which only affected Firefox 3. CVE-2008-4064: David Maciejak and Drew Yao reported crashes in graphics rendering which only affected Firefox 3. MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution CVE-2008-4058: XPCnativeWrapper pollution bugs CVE-2008-4059: XPCnativeWrapper pollution (Firefox 2) CVE-2008-4060: Documents without script handling objects MFSA 2008-38 / CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-37 / CVE-2008-0016: UTF-8 URL stack buffer overflow For more details: http://www.mozilla.org/security/known-vulnerabilities/thunde rbird20.html MozillaThunderbird-2.0.0.17-0.1.i586.rpm MozillaThunderbird-2.0.0.17-0.1.ppc.rpm MozillaThunderbird-2.0.0.17-0.1.x86_64.rpm MozillaThunderbird-devel-2.0.0.17-0.1.i586.rpm MozillaThunderbird-devel-2.0.0.17-0.1.ppc.rpm MozillaThunderbird-devel-2.0.0.17-0.1.x86_64.rpm MozillaThunderbird-translations-2.0.0.17-0.1.i586.rpm MozillaThunderbird-translations-2.0.0.17-0.1.ppc.rpm MozillaThunderbird-translations-2.0.0.17-0.1.x86_64.rpm seamonkey openSUSE 11.0 This patch updates Seamonkey to version 1.1.12, fixing security and other bugs: MFSA 2008-45 / CVE-2008-4069: XBM image uninitialized memory reading MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters stripped from JavaScript before execution CVE-2008-4065: Stripped BOM characters bug CVE-2008-4066: HTML escaped low surrogates bug MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17): CVE-2008-4061: Jesse Ruderman reported a crash in the layout engine. CVE-2008-4062: Igor Bukanov, Philip Taylor, Georgi Guninski, and Antoine Labour reported crashes in the JavaScript engine. CVE-2008-4063: Jesse Ruderman, Bob Clary, and Martijn Wargers reported crashes in the layout engine which only affected Firefox 3. CVE-2008-4064: David Maciejak and Drew Yao reported crashes in graphics rendering which only affected Firefox 3. MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution CVE-2008-4058: XPCnativeWrapper pollution bugs CVE-2008-4059: XPCnativeWrapper pollution (Firefox 2) CVE-2008-4060: Documents without script handling objects MFSA 2008-40 / CVE-2008-3837: Forced mouse drag MFSA 2008-38 / CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-37 / CVE-2008-0016: UTF-8 URL stack buffer overflow Details can be found here: http://www.mozilla.org/security/known-vulnerabilities/seamon key11.html seamonkey-1.1.12-0.1.i586.rpm seamonkey-1.1.12-0.1.ppc.rpm seamonkey-1.1.12-0.1.x86_64.rpm seamonkey-dom-inspector-1.1.12-0.1.i586.rpm seamonkey-dom-inspector-1.1.12-0.1.ppc.rpm seamonkey-dom-inspector-1.1.12-0.1.x86_64.rpm seamonkey-irc-1.1.12-0.1.i586.rpm seamonkey-irc-1.1.12-0.1.ppc.rpm seamonkey-irc-1.1.12-0.1.x86_64.rpm seamonkey-mail-1.1.12-0.1.i586.rpm seamonkey-mail-1.1.12-0.1.ppc.rpm seamonkey-mail-1.1.12-0.1.x86_64.rpm seamonkey-spellchecker-1.1.12-0.1.i586.rpm seamonkey-spellchecker-1.1.12-0.1.ppc.rpm seamonkey-spellchecker-1.1.12-0.1.x86_64.rpm seamonkey-venkman-1.1.12-0.1.i586.rpm seamonkey-venkman-1.1.12-0.1.ppc.rpm seamonkey-venkman-1.1.12-0.1.x86_64.rpm cups openSUSE 11.0 Specially crafted print jobs could trigger buffer overflows in the 'imagetops', 'texttops' and 'hpgltops' filters. Attackers could potentially exploit that to execute arbitrary code on the cups server (CVE-2008-3639, CVE-2008-3640, CVE-2008-3641). cups-1.3.7-25.2.i586.rpm cups-1.3.7-25.2.ppc.rpm cups-1.3.7-25.2.x86_64.rpm cups-client-1.3.7-25.2.i586.rpm cups-client-1.3.7-25.2.ppc.rpm cups-client-1.3.7-25.2.x86_64.rpm cups-devel-1.3.7-25.2.i586.rpm cups-devel-1.3.7-25.2.ppc.rpm cups-devel-1.3.7-25.2.x86_64.rpm cups-libs-1.3.7-25.2.i586.rpm cups-libs-1.3.7-25.2.ppc.rpm cups-libs-1.3.7-25.2.x86_64.rpm cups-libs-32bit-1.3.7-25.2.x86_64.rpm cups-libs-64bit-1.3.7-25.2.ppc.rpm mozilla-xulrunner181 openSUSE 11.0 This update brings mozilla-xulrunner181 to security fix version 1.8.1.17. It contains the following security fixes: MFSA 2008-45 / CVE-2008-4069: XBM image uninitialized memory reading MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters stripped from JavaScript before execution CVE-2008-4065: Stripped BOM characters bug CVE-2008-4066: HTML escaped low surrogates bug MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17): CVE-2008-4061: Jesse Ruderman reported a crash in the layout engine. CVE-2008-4062: Igor Bukanov, Philip Taylor, Georgi Guninski, and Antoine Labour reported crashes in the JavaScript engine. CVE-2008-4063: Jesse Ruderman, Bob Clary, and Martijn Wargers reported crashes in the layout engine which only affected Firefox 3. CVE-2008-4064: David Maciejak and Drew Yao reported crashes in graphics rendering which only affected Firefox 3. MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution CVE-2008-4058: XPCnativeWrapper pollution bugs CVE-2008-4059: XPCnativeWrapper pollution (Firefox 2) CVE-2008-4060: Documents without script handling objects MFSA 2008-40 / CVE-2008-3837: Forced mouse drag MFSA 2008-39 / CVE-2008-3836: Privilege escalation using feed preview page and XSS flaw MFSA 2008-38 / CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-37 / CVE-2008-0016: UTF-8 URL stack buffer overflow For more details: http://www.mozilla.org/security/known-vulnerabilities/firefo x20.html mozilla-xulrunner181-1.8.1.13-22.1.i586.rpm mozilla-xulrunner181-1.8.1.13-22.1.ppc.rpm mozilla-xulrunner181-1.8.1.13-22.1.x86_64.rpm mozilla-xulrunner181-32bit-1.8.1.13-22.1.x86_64.rpm mozilla-xulrunner181-64bit-1.8.1.13-22.1.ppc.rpm mozilla-xulrunner181-devel-1.8.1.13-22.1.i586.rpm mozilla-xulrunner181-devel-1.8.1.13-22.1.ppc.rpm mozilla-xulrunner181-devel-1.8.1.13-22.1.x86_64.rpm mozilla-xulrunner181-l10n-1.8.1.13-22.1.i586.rpm mozilla-xulrunner181-l10n-1.8.1.13-22.1.ppc.rpm mozilla-xulrunner181-l10n-1.8.1.13-22.1.x86_64.rpm epiphany openSUSE 11.0 This patch updates epiphany to match the current mozilla-xulrunner181 package. epiphany-2.22.1.1-25.1.i586.rpm epiphany-2.22.1.1-25.1.ppc.rpm epiphany-2.22.1.1-25.1.x86_64.rpm epiphany-devel-2.22.1.1-25.1.i586.rpm epiphany-devel-2.22.1.1-25.1.ppc.rpm epiphany-devel-2.22.1.1-25.1.x86_64.rpm epiphany-doc-2.22.1.1-25.1.i586.rpm epiphany-doc-2.22.1.1-25.1.ppc.rpm epiphany-doc-2.22.1.1-25.1.x86_64.rpm epiphany-extensions-2.22.0-37.1.i586.rpm epiphany-extensions-2.22.0-37.1.ppc.rpm epiphany-extensions-2.22.0-37.1.x86_64.rpm mkinitrd openSUSE 11.0 Fixup some issues with NFS-root systems: - Update static IP configuration - Update DHCP network configuration - Parse ip= parameter correctly And also fix booting from LVM devices mkinitrd-2.2-19.2.i586.rpm mkinitrd-2.2-19.2.ppc.rpm mkinitrd-2.2-19.2.x86_64.rpm seamonkey openSUSE 11.0 The Mozilla Seamonkey browser suite was updated to version 1.1.14. The following security issues were fixed: MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher moz_bug_r_a4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website. moz_bug_r_a4 also reported two vulnerabilities by which page content can pollute XPCNativeWrappers and run arbitary JavaScript with chrome priviliges. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form '\0' was ignored by the CSS parser and treated as if it was not present in the CSS input string. This issue could potentially be used to bypass script sanitization routines in web applications. The severity of this issue was determined to be low. MFSA 2008-66 / CVE-2008-5508: Perl developer Chip Salzenberg reported that certain control characters, when placed at the beginning of a URL, would lead to incorrect parsing resulting in a malformed URL being output by the parser. IBM researchers Justin Schuh, Tom Cross, and Peter William also reported a related symptom as part of their research that resulted in MFSA 2008-37. There was no direct security impact from this issue and its effect was limited to the improper rendering of hyperlinks containing specific characters. The severity of this issue was determined to be low. MFSA 2008-65 / CVE-2008-5507: Google security researcher Chris Evans reported that a website could access a limited amount of data from a different domain by loading a same-domain JavaScript URL which redirects to an off-domain target resource containing data which is not parsable as JavaScript. Upon attempting to load the data as JavaScript a syntax error is generated that can reveal some of the file context via the window.onerror DOM API. This issue could be used by a malicious website to steal private data from users who are authenticated on the redirected website. How much data could be at risk would depend on the format of the data and how the JavaScript parser attempts to interpret it. For most files the amount of data that can be recovered would be limited to the first word or two. Some data files might allow deeper probing with repeated loads. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-64 / CVE-2008-5506: Marius Schilder of Google Security reported that when a XMLHttpRequest is made to a same-origin resource which 302 redirects to a resource in a different domain, the response from the cross-domain resource is readable by the site issuing the XHR. Cookies marked HttpOnly were not readable, but other potentially sensitive data could be revealed in the XHR response including URL parameters and content in the response body. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-61 / CVE-2008-5503: Mozilla developer Boris Zbarsky reported that XBL bindings could be used to read data from other domains, a violation of the same-origin policy. The severity of this issue was determined to be moderate due to several mitigating factors: The target document requires a <bindingsi> element in the XBL namespace in order to be read. The reader of the data needs to know the id attribute of the binding being read in advance. It is unlikely that web services will expose private data in the manner described above. Firefox 3 is not affected by this issue. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Products built from the Mozilla 1.9.0 branch and later, Firefox 3 for example, are not affected by this issue. Upgrading to one of these products is a reliable workaround for this particular issue and it is also Mozilla's recommendation that the most current version of any Mozilla product be used. Alternatively, you can disable JavaScript until a version containing these fixes can be installed. MFSA 2008-60 / CVE-2008-5500: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images. Workaround Disable JavaScript until a version containing these fixes can be installed. seamonkey-1.1.14-0.1.i586.rpm seamonkey-1.1.14-0.1.ppc.rpm seamonkey-1.1.14-0.1.x86_64.rpm seamonkey-dom-inspector-1.1.14-0.1.i586.rpm seamonkey-dom-inspector-1.1.14-0.1.ppc.rpm seamonkey-dom-inspector-1.1.14-0.1.x86_64.rpm seamonkey-irc-1.1.14-0.1.i586.rpm seamonkey-irc-1.1.14-0.1.ppc.rpm seamonkey-irc-1.1.14-0.1.x86_64.rpm seamonkey-mail-1.1.14-0.1.i586.rpm seamonkey-mail-1.1.14-0.1.ppc.rpm seamonkey-mail-1.1.14-0.1.x86_64.rpm seamonkey-spellchecker-1.1.14-0.1.i586.rpm seamonkey-spellchecker-1.1.14-0.1.ppc.rpm seamonkey-spellchecker-1.1.14-0.1.x86_64.rpm seamonkey-venkman-1.1.14-0.1.i586.rpm seamonkey-venkman-1.1.14-0.1.ppc.rpm seamonkey-venkman-1.1.14-0.1.x86_64.rpm pam_mount openSUSE 11.0 In the script /sbin/umount.crypt the losetup command is accessed by a variable named LOSETUP. This variable is not specified, so container files will not be unbound from /dev/loop* by umount.crypt. pam_mount-0.35-15.4.i586.rpm pam_mount-0.35-15.4.ppc.rpm pam_mount-0.35-15.4.x86_64.rpm pam_mount-32bit-0.35-15.4.x86_64.rpm pam_mount-64bit-0.35-15.4.ppc.rpm openldap2 openSUSE 11.0 This update fixes a security problem in the liblber client library of openldap that allowed remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams, which triggers an assertion error. (CVE-2008-2952) Additionally a bug was fixed in ldap_free_connection which could result in client crashes when the server closed a connection while an operation is active. openldap2-2.4.9-7.4.i586.rpm openldap2-2.4.9-7.4.ppc.rpm openldap2-2.4.9-7.4.x86_64.rpm openldap2-back-meta-2.4.9-7.4.i586.rpm openldap2-back-meta-2.4.9-7.4.ppc.rpm openldap2-back-meta-2.4.9-7.4.x86_64.rpm openldap2-back-perl-2.4.9-7.4.i586.rpm openldap2-back-perl-2.4.9-7.4.ppc.rpm openldap2-back-perl-2.4.9-7.4.x86_64.rpm openldap2-client-2.4.9-7.4.i586.rpm openldap2-client-2.4.9-7.4.ppc.rpm openldap2-client-2.4.9-7.4.x86_64.rpm openldap2-client-32bit-2.4.9-7.4.x86_64.rpm openldap2-client-64bit-2.4.9-7.4.ppc.rpm openldap2-devel-2.4.9-7.4.i586.rpm openldap2-devel-2.4.9-7.4.ppc.rpm openldap2-devel-2.4.9-7.4.x86_64.rpm openldap2-devel-32bit-2.4.9-7.4.x86_64.rpm openldap2-devel-64bit-2.4.9-7.4.ppc.rpm opera openSUSE 11.0 This update of opera fixes several security problems. See: http://www.opera.com/docs/changelogs/linux/960/#sec opera-9.60-0.1.i586.rpm opera-9.60-0.1.ppc.rpm opera-9.60-0.1.x86_64.rpm timezone openSUSE 11.0 Various timezone information updates: * DST changes for Indian/Mauritius, Africa/Casablanca, Asia/Karachi, Asia/Gaza, Asia/Damascus, Argentina and Brazil * Historical DST information change for Central Europe and America/Nassau * Leap second introduction for 2008 * Fix location of Pacific/Niue Also, glibc dladdr() call has been fixed not to return incorrect values sometimes. timezone-2008h-1.1.i586.rpm timezone-2008h-1.1.ppc.rpm timezone-2008h-1.1.x86_64.rpm libgnomecanvas openSUSE 11.0 This is a fix for https://bugzilla.novell.com/show_bug.cgi?id=430785, where libgnomecanvas would cause some applications like xournal and teg to repaint incorrectly. libgnomecanvas-2.20.1.1-42.2.i586.rpm libgnomecanvas-2.20.1.1-42.2.ppc.rpm libgnomecanvas-2.20.1.1-42.2.x86_64.rpm libgnomecanvas-32bit-2.20.1.1-42.2.x86_64.rpm libgnomecanvas-64bit-2.20.1.1-42.2.ppc.rpm libgnomecanvas-devel-2.20.1.1-42.2.i586.rpm libgnomecanvas-devel-2.20.1.1-42.2.ppc.rpm libgnomecanvas-devel-2.20.1.1-42.2.x86_64.rpm libgnomecanvas-doc-2.20.1.1-42.2.i586.rpm libgnomecanvas-doc-2.20.1.1-42.2.ppc.rpm libgnomecanvas-doc-2.20.1.1-42.2.x86_64.rpm systemtap openSUSE 11.0 The systemtap package for i386 on openSUSE 11.0 doesn't work with the recent kernel including the shipped openSUSE kernel. This update fixes the breakage. systemtap-0.6-60.2.i586.rpm systemtap-0.6-60.2.ppc.rpm systemtap-0.6-60.2.x86_64.rpm timezone openSUSE 11.0 This updates the timezone data files to version 2008f, current as of 2008-09-19. Amongst other it changes the daylight saving time rules for Brazil. timezone-2008f-0.1.i586.rpm timezone-2008f-0.1.ppc.rpm timezone-2008f-0.1.x86_64.rpm opera openSUSE 11.0 Opera 9.61 fixes several security vulnerabilities. opera-9.61-0.1.i586.rpm opera-9.61-0.1.ppc.rpm opera-9.61-0.1.x86_64.rpm tsclient openSUSE 11.0 This update for tsclient fixes a crash when saving a connection (bnc#430070). tsclient-0.150-28.2.i586.rpm tsclient-0.150-28.2.ppc.rpm tsclient-0.150-28.2.x86_64.rpm pam_mount openSUSE 11.0 pam_mount does not work any longer if a local user specific configuration is active. pam_mount-0.35-15.6.i586.rpm pam_mount-0.35-15.6.ppc.rpm pam_mount-0.35-15.6.x86_64.rpm pam_mount-32bit-0.35-15.6.x86_64.rpm pam_mount-64bit-0.35-15.6.ppc.rpm lvm2 openSUSE 11.0 lvm2 was missing the symlinks to shared libraries, which did not work with the default configuration in lvm.conf. This update adds those symlinks (bnc#422839). lvm2-2.02.33-28.2.i586.rpm lvm2-2.02.33-28.2.ppc.rpm lvm2-2.02.33-28.2.x86_64.rpm lvm2-clvm-2.02.33-28.2.i586.rpm lvm2-clvm-2.02.33-28.2.ppc.rpm lvm2-clvm-2.02.33-28.2.x86_64.rpm yum openSUSE 11.0 This update fixes the default channel configuration to match openSUSE 11.0. yum-3.2.14-15.2.i586.rpm yum-3.2.14-15.2.ppc.rpm yum-3.2.14-15.2.x86_64.rpm yum-updatesd-3.2.14-15.2.i586.rpm yum-updatesd-3.2.14-15.2.ppc.rpm yum-updatesd-3.2.14-15.2.x86_64.rpm libsatsolver openSUSE 11.0 A remotely exploitable code execution vulnerability via shell metachars has been fixed in libzypp. libsatsolver-devel-0.9.5-0.1.i586.rpm libsatsolver-devel-0.9.5-0.1.ppc.rpm libsatsolver-devel-0.9.5-0.1.x86_64.rpm libsatsolver-perl-0.9.5-0.1.i586.rpm libsatsolver-perl-0.9.5-0.1.ppc.rpm libsatsolver-perl-0.9.5-0.1.x86_64.rpm libsatsolver-ruby-0.9.5-0.1.i586.rpm libsatsolver-ruby-0.9.5-0.1.ppc.rpm libsatsolver-ruby-0.9.5-0.1.x86_64.rpm libzypp-4.27.3-0.1.i586.rpm libzypp-4.27.3-0.1.ppc.rpm libzypp-4.27.3-0.1.x86_64.rpm libzypp-devel-4.27.3-0.1.i586.rpm libzypp-devel-4.27.3-0.1.ppc.rpm libzypp-devel-4.27.3-0.1.x86_64.rpm satsolver-tools-0.9.5-0.1.i586.rpm satsolver-tools-0.9.5-0.1.ppc.rpm satsolver-tools-0.9.5-0.1.x86_64.rpm kernel openSUSE 11.0 This patch updates the openSUSE 11.0 kernel to the 2.6.25.18 stable release. It also includes bugfixes and security fixes: CVE-2008-4410: The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the Virtual Machine Interface (VMI) in the Linux kernel 2.6.26.5 invokes write_idt_entry where write_ldt_entry was intended, which allows local users to cause a denial of service (persistent application failure) via crafted function calls, related to the Java Runtime Environment (JRE) experiencing improper LDT selector state. sctp: Fix kernel panic while process protocol violation parameter. CVE-2008-3528: The ext[234] filesystem code fails to properly handle corrupted data structures. With a mounted filesystem image or partition that have corrupted dir->i_size and dir->i_blocks, a user performing either a read or write operation on the mounted image or partition can lead to a possible denial of service by spamming the logfile. CVE-2008-3526: Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option. CVE-2008-3525: Added missing capability checks in sbni_ioctl(). CVE-2008-4576: SCTP in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires. CVE-2008-4445: The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function. CVE-2008-3792: net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.26.3 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7) sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or (9) sctp_getsockopt_local_auth_chunks. CVE-2008-4113: The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function. CVE-2008-3911: The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the /proc/sys/sunrpc/transports file. kernel-debug-2.6.25.18-0.2.i586.rpm 1 kernel-debug-2.6.25.18-0.2.x86_64.rpm 1 kernel-default-2.6.25.18-0.2.i586.rpm 1 kernel-default-2.6.25.18-0.2.ppc.rpm 1 kernel-default-2.6.25.18-0.2.x86_64.rpm 1 kernel-docs-2.6.25.18-0.2.noarch.rpm 1 kernel-kdump-2.6.25.18-0.2.ppc.rpm 1 kernel-pae-2.6.25.18-0.2.i586.rpm 1 kernel-ppc64-2.6.25.18-0.2.ppc.rpm 1 kernel-ps3-2.6.25.18-0.2.ppc.rpm 1 kernel-rt-2.6.25.18-0.2.i586.rpm 1 kernel-rt-2.6.25.18-0.2.x86_64.rpm 1 kernel-rt_debug-2.6.25.18-0.2.i586.rpm 1 kernel-rt_debug-2.6.25.18-0.2.x86_64.rpm 1 kernel-source-2.6.25.18-0.2.i586.rpm 1 kernel-source-2.6.25.18-0.2.ppc.rpm 1 kernel-source-2.6.25.18-0.2.x86_64.rpm 1 kernel-syms-2.6.25.18-0.2.i586.rpm 1 kernel-syms-2.6.25.18-0.2.ppc.rpm 1 kernel-syms-2.6.25.18-0.2.x86_64.rpm 1 kernel-vanilla-2.6.25.18-0.2.i586.rpm 1 kernel-vanilla-2.6.25.18-0.2.ppc.rpm 1 kernel-vanilla-2.6.25.18-0.2.x86_64.rpm 1 kernel-xen-2.6.25.18-0.2.i586.rpm 1 kernel-xen-2.6.25.18-0.2.x86_64.rpm 1 graphviz openSUSE 11.0 This update of graphviz fixes a buffer overflow that occurs while parsing a DOT file. (CVE-2008-4555) graphviz-2.18-25.2.i586.rpm graphviz-2.18-25.2.ppc.rpm graphviz-2.18-25.2.x86_64.rpm graphviz-devel-2.18-25.2.i586.rpm graphviz-devel-2.18-25.2.ppc.rpm graphviz-devel-2.18-25.2.x86_64.rpm graphviz-doc-2.18-25.2.i586.rpm graphviz-doc-2.18-25.2.ppc.rpm graphviz-doc-2.18-25.2.x86_64.rpm graphviz-gd-2.18-25.2.i586.rpm graphviz-gd-2.18-25.2.ppc.rpm graphviz-gd-2.18-25.2.x86_64.rpm graphviz-gnome-2.18-25.2.i586.rpm graphviz-gnome-2.18-25.2.ppc.rpm graphviz-gnome-2.18-25.2.x86_64.rpm graphviz-guile-2.18-25.2.i586.rpm graphviz-guile-2.18-25.2.ppc.rpm graphviz-guile-2.18-25.2.x86_64.rpm graphviz-java-2.18-25.2.i586.rpm graphviz-java-2.18-25.2.ppc.rpm graphviz-java-2.18-25.2.x86_64.rpm graphviz-lua-2.18-25.2.i586.rpm graphviz-lua-2.18-25.2.ppc.rpm graphviz-lua-2.18-25.2.x86_64.rpm graphviz-ocaml-2.18-25.2.i586.rpm graphviz-ocaml-2.18-25.2.ppc.rpm graphviz-ocaml-2.18-25.2.x86_64.rpm graphviz-perl-2.18-25.2.i586.rpm graphviz-perl-2.18-25.2.ppc.rpm graphviz-perl-2.18-25.2.x86_64.rpm graphviz-php-2.18-25.2.i586.rpm graphviz-php-2.18-25.2.ppc.rpm graphviz-php-2.18-25.2.x86_64.rpm graphviz-python-2.18-25.2.i586.rpm graphviz-python-2.18-25.2.ppc.rpm graphviz-python-2.18-25.2.x86_64.rpm graphviz-ruby-2.18-25.2.i586.rpm graphviz-ruby-2.18-25.2.ppc.rpm graphviz-ruby-2.18-25.2.x86_64.rpm graphviz-sharp-2.18-25.2.i586.rpm graphviz-sharp-2.18-25.2.ppc.rpm graphviz-sharp-2.18-25.2.x86_64.rpm graphviz-tcl-2.18-25.2.i586.rpm graphviz-tcl-2.18-25.2.ppc.rpm graphviz-tcl-2.18-25.2.x86_64.rpm exiv2 openSUSE 11.0 This update of exiv2 solves a denial of service bug that can be triggered by using crafted metadata. (CVE-2008-2696) exiv2-0.16-29.2.i586.rpm exiv2-0.16-29.2.ppc.rpm exiv2-0.16-29.2.x86_64.rpm libexiv2-2-0.16-29.2.i586.rpm libexiv2-2-0.16-29.2.ppc.rpm libexiv2-2-0.16-29.2.x86_64.rpm libexiv2-2-32bit-0.16-29.2.x86_64.rpm libexiv2-2-64bit-0.16-29.2.ppc.rpm libexiv2-devel-0.16-29.2.i586.rpm libexiv2-devel-0.16-29.2.ppc.rpm libexiv2-devel-0.16-29.2.x86_64.rpm libgadu openSUSE 11.0 This update fixes a remote denial of service bug in libgadu. (CVE-2008-4776) libgadu-1.8.0-16.2.i586.rpm libgadu-1.8.0-16.2.ppc.rpm libgadu-1.8.0-16.2.x86_64.rpm libgadu-devel-1.8.0-16.2.i586.rpm libgadu-devel-1.8.0-16.2.ppc.rpm libgadu-devel-1.8.0-16.2.x86_64.rpm opera openSUSE 11.0 This update to Opera 9.62 fixes a security bug that allowed the execution of arbitrary commands remotely. http://www.opera.com/docs/changelogs/linux/962/ opera-9.62-0.1.i586.rpm opera-9.62-0.1.ppc.rpm opera-9.62-0.1.x86_64.rpm yelp openSUSE 11.0 This update of yelp fixes a format string bug. (CVE-2008-3533) yelp-2.22.1-25.2.i586.rpm yelp-2.22.1-25.2.ppc.rpm yelp-2.22.1-25.2.x86_64.rpm libzypp openSUSE 11.0 This update fixes the handling of meta-characters in repos. libzypp-4.27.4-0.1.i586.rpm libzypp-4.27.4-0.1.ppc.rpm libzypp-4.27.4-0.1.x86_64.rpm libzypp-devel-4.27.4-0.1.i586.rpm libzypp-devel-4.27.4-0.1.ppc.rpm libzypp-devel-4.27.4-0.1.x86_64.rpm apache2 openSUSE 11.0 Missing sanity checks of FTP URLs allowed cross site scripting (XSS) attacks via the mod_proxy_ftp module (CVE-2008-2939). Missing precautions allowed cross site request forgery (CSRF) via the mod_proxy_balancer interface (CVE-2007-6420). A memory leak in the ssl module could crash apache (CVE-2008-1678) apache2-2.2.8-28.2.i586.rpm apache2-2.2.8-28.2.ppc.rpm apache2-2.2.8-28.2.x86_64.rpm apache2-devel-2.2.8-28.2.i586.rpm apache2-devel-2.2.8-28.2.ppc.rpm apache2-devel-2.2.8-28.2.x86_64.rpm apache2-doc-2.2.8-28.2.i586.rpm apache2-doc-2.2.8-28.2.ppc.rpm apache2-doc-2.2.8-28.2.x86_64.rpm apache2-example-pages-2.2.8-28.2.i586.rpm apache2-example-pages-2.2.8-28.2.ppc.rpm apache2-example-pages-2.2.8-28.2.x86_64.rpm apache2-prefork-2.2.8-28.2.i586.rpm apache2-prefork-2.2.8-28.2.ppc.rpm apache2-prefork-2.2.8-28.2.x86_64.rpm apache2-utils-2.2.8-28.2.i586.rpm apache2-utils-2.2.8-28.2.ppc.rpm apache2-utils-2.2.8-28.2.x86_64.rpm apache2-worker-2.2.8-28.2.i586.rpm apache2-worker-2.2.8-28.2.ppc.rpm apache2-worker-2.2.8-28.2.x86_64.rpm enscript openSUSE 11.0 This update of enscript fixes buffer overflows in the setfilename (CVE-2008-3863), process_file and read_special_escape function that can be exploited during file processing. enscript-1.6.4-124.2.i586.rpm enscript-1.6.4-124.2.ppc.rpm enscript-1.6.4-124.2.x86_64.rpm libcdaudio openSUSE 11.0 This update fixes a heap-based buffer overflow in libcdaudio that can be exploited remotely to execute arbitrary code. libcdaudio-0.99.12-114.2.i586.rpm libcdaudio-0.99.12-114.2.ppc.rpm libcdaudio-0.99.12-114.2.x86_64.rpm libcdaudio-devel-0.99.12-114.2.i586.rpm libcdaudio-devel-0.99.12-114.2.ppc.rpm libcdaudio-devel-0.99.12-114.2.x86_64.rpm perl-Socket6 openSUSE 11.0 perl-5.10.0's Socket module defines PF_INET6, this clashes when perl-Socket6 also tries to define this symbol. This update brings perl-Socket6 to version 0.22 which fixes the problem. perl-Socket6-0.22-0.1.i586.rpm perl-Socket6-0.22-0.1.ppc.rpm perl-Socket6-0.22-0.1.x86_64.rpm ipsec-tools openSUSE 11.0 Remote attackers could exploit memory leaks in the 'racoon' daemon to crash it (CVE-2008-3651, CVE-2008-3652) ipsec-tools-0.7-61.3.i586.rpm ipsec-tools-0.7-61.3.ppc.rpm ipsec-tools-0.7-61.3.x86_64.rpm kpowersave openSUSE 11.0 This update fixes several autosuspend related problems in KPowersave: stop autosuspend if the first suspend call or resume from suspend fails (bnc#429546), add zypper and rpm to the generic autosuspend blacklist to prevent autosuspend while updates (bnc#396241). Also fixed: handling of the 'Apply' button in the configure dialog to set the config correctly for the actual scheme (bnc#395042), fixed problems/handling if a DBus call fails (bnc#397871), fixed problems with Console-/PolicyKit policies for a user - read always the actual values before call a DBus method. kpowersave-0.7.3-100.2.i586.rpm kpowersave-0.7.3-100.2.ppc.rpm kpowersave-0.7.3-100.2.x86_64.rpm flash-player openSUSE 11.0 This update of flash-player fixes several critical security vulnerabilities. (CVE-2007-6243, CVE-2008-3873, CVE-2007-4324, CVE-2008-4401, CVE-2008-4503, CVE-2008-4546) flash-player-9.0.151.0-0.1.i586.rpm sudo openSUSE 11.0 After configuring LDAP logins with YaST on an 11.0 system, I discovered a problem with sudo, relating to users who are in LDAP but not in sudoers. Attempting to do anything with sudo (even "sudo -l") as such a user results in the error message "sudo: parse error in /etc/sudoers near line -1". Sudo never even prompts for a password, and worse, it sends a security email to root with this error message. This is a regression from 10.3, and it is definitely a problem with sudo itself, rather than pam_ldap or something else. sudo-1.6.9p15-13.2.i586.rpm sudo-1.6.9p15-13.2.ppc.rpm sudo-1.6.9p15-13.2.x86_64.rpm aaa_base openSUSE 11.0 The netfs list in the beginning of the script doesn't mention the (nb. Novell Netware) ncpfs, which causes machines using netware volumes to hang during shutdown. aaa_base-11.0-79.4.i586.rpm aaa_base-11.0-79.4.ppc.rpm aaa_base-11.0-79.4.x86_64.rpm ktorrent openSUSE 11.0 This update of ktorrent fixes several security issues. ktorrent-3.0.2-22.2.i586.rpm ktorrent-3.0.2-22.2.ppc.rpm ktorrent-3.0.2-22.2.x86_64.rpm ktorrent-devel-3.0.2-22.2.i586.rpm ktorrent-devel-3.0.2-22.2.ppc.rpm ktorrent-devel-3.0.2-22.2.x86_64.rpm lighttpd openSUSE 11.0 Various issues have been fixed in lighttpd. CVE-2008-4298, CVE-2008-4359 and CVE-2008-4360 have been assigned to thess issues. lighttpd-1.4.19-6.2.i586.rpm lighttpd-1.4.19-6.2.ppc.rpm lighttpd-1.4.19-6.2.x86_64.rpm lighttpd-mod_cml-1.4.19-6.2.i586.rpm lighttpd-mod_cml-1.4.19-6.2.ppc.rpm lighttpd-mod_cml-1.4.19-6.2.x86_64.rpm lighttpd-mod_magnet-1.4.19-6.2.i586.rpm lighttpd-mod_magnet-1.4.19-6.2.ppc.rpm lighttpd-mod_magnet-1.4.19-6.2.x86_64.rpm lighttpd-mod_mysql_vhost-1.4.19-6.2.i586.rpm lighttpd-mod_mysql_vhost-1.4.19-6.2.ppc.rpm lighttpd-mod_mysql_vhost-1.4.19-6.2.x86_64.rpm lighttpd-mod_rrdtool-1.4.19-6.2.i586.rpm lighttpd-mod_rrdtool-1.4.19-6.2.ppc.rpm lighttpd-mod_rrdtool-1.4.19-6.2.x86_64.rpm lighttpd-mod_trigger_b4_dl-1.4.19-6.2.i586.rpm lighttpd-mod_trigger_b4_dl-1.4.19-6.2.ppc.rpm lighttpd-mod_trigger_b4_dl-1.4.19-6.2.x86_64.rpm lighttpd-mod_webdav-1.4.19-6.2.i586.rpm lighttpd-mod_webdav-1.4.19-6.2.ppc.rpm lighttpd-mod_webdav-1.4.19-6.2.x86_64.rpm cifs-mount openSUSE 11.0 This update fixes a bug that allowed the client to retrieve arbitrary memory content from the server process. (CVE-2008-4314) Additionally another bug was fixed that affects environments that enabled registry shares by setting "registry shares = yes". In this case an authenticated user is accidently allowed to access the root filesystem "/". (CVE-2009-0022) cifs-mount-3.2.4-4.3.i586.rpm cifs-mount-3.2.4-4.3.ppc.rpm cifs-mount-3.2.4-4.3.x86_64.rpm ldapsmb-1.34b-195.8.i586.rpm ldapsmb-1.34b-195.8.ppc.rpm ldapsmb-1.34b-195.8.x86_64.rpm libnetapi-devel-3.2.4-4.3.i586.rpm libnetapi-devel-3.2.4-4.3.ppc.rpm libnetapi-devel-3.2.4-4.3.x86_64.rpm libnetapi0-3.2.4-4.3.i586.rpm libnetapi0-3.2.4-4.3.ppc.rpm libnetapi0-3.2.4-4.3.x86_64.rpm libsmbclient-devel-3.2.4-4.3.i586.rpm libsmbclient-devel-3.2.4-4.3.ppc.rpm libsmbclient-devel-3.2.4-4.3.x86_64.rpm libsmbclient0-3.2.4-4.3.i586.rpm libsmbclient0-3.2.4-4.3.ppc.rpm libsmbclient0-3.2.4-4.3.x86_64.rpm libsmbclient0-32bit-3.2.4-4.3.x86_64.rpm libsmbclient0-64bit-3.2.4-4.3.ppc.rpm libsmbsharemodes-devel-3.2.4-4.3.i586.rpm libsmbsharemodes-devel-3.2.4-4.3.ppc.rpm libsmbsharemodes-devel-3.2.4-4.3.x86_64.rpm libsmbsharemodes0-3.2.4-4.3.i586.rpm libsmbsharemodes0-3.2.4-4.3.ppc.rpm libsmbsharemodes0-3.2.4-4.3.x86_64.rpm libtalloc-devel-3.2.4-4.3.i586.rpm libtalloc-devel-3.2.4-4.3.ppc.rpm libtalloc-devel-3.2.4-4.3.x86_64.rpm libtalloc1-3.2.4-4.3.i586.rpm libtalloc1-3.2.4-4.3.ppc.rpm libtalloc1-3.2.4-4.3.x86_64.rpm libtalloc1-32bit-3.2.4-4.3.x86_64.rpm libtalloc1-64bit-3.2.4-4.3.ppc.rpm libtdb-devel-3.2.4-4.3.i586.rpm libtdb-devel-3.2.4-4.3.ppc.rpm libtdb-devel-3.2.4-4.3.x86_64.rpm libtdb1-3.2.4-4.3.i586.rpm libtdb1-3.2.4-4.3.ppc.rpm libtdb1-3.2.4-4.3.x86_64.rpm libtdb1-32bit-3.2.4-4.3.x86_64.rpm libtdb1-64bit-3.2.4-4.3.ppc.rpm libwbclient-devel-3.2.4-4.3.i586.rpm libwbclient-devel-3.2.4-4.3.ppc.rpm libwbclient-devel-3.2.4-4.3.x86_64.rpm libwbclient0-3.2.4-4.3.i586.rpm libwbclient0-3.2.4-4.3.ppc.rpm libwbclient0-3.2.4-4.3.x86_64.rpm libwbclient0-32bit-3.2.4-4.3.x86_64.rpm libwbclient0-64bit-3.2.4-4.3.ppc.rpm samba-3.2.4-4.3.i586.rpm samba-3.2.4-4.3.ppc.rpm samba-3.2.4-4.3.x86_64.rpm samba-32bit-3.2.4-4.3.x86_64.rpm samba-64bit-3.2.4-4.3.ppc.rpm samba-client-3.2.4-4.3.i586.rpm samba-client-3.2.4-4.3.ppc.rpm samba-client-3.2.4-4.3.x86_64.rpm samba-client-32bit-3.2.4-4.3.x86_64.rpm samba-client-64bit-3.2.4-4.3.ppc.rpm samba-devel-3.2.4-4.3.i586.rpm samba-devel-3.2.4-4.3.ppc.rpm samba-devel-3.2.4-4.3.x86_64.rpm samba-krb-printing-3.2.4-4.3.i586.rpm samba-krb-printing-3.2.4-4.3.ppc.rpm samba-krb-printing-3.2.4-4.3.x86_64.rpm samba-winbind-3.2.4-4.3.i586.rpm samba-winbind-3.2.4-4.3.ppc.rpm samba-winbind-3.2.4-4.3.x86_64.rpm samba-winbind-32bit-3.2.4-4.3.x86_64.rpm samba-winbind-64bit-3.2.4-4.3.ppc.rpm phpMyAdmin openSUSE 11.0 This is a version upgrade to phpMyAdmin 2.11.9.4 to fix various security bugs. (CVE-2008-2960, CVE-2008-3197, CVE-2008-1149, CVE-2008-1567, CVE-2008-1924, CVE-2008-4096, CVE-2008-4326, CVE-2008-5621, CVE-2008-5622) phpMyAdmin-2.11.9.4-0.1.noarch.rpm OpenOffice_org openSUSE 11.0 This update fixes an integer overflow in the WMF handler (CVE-2008-2237) and multiple bugs in the EMF parser (CVE-2008-2238). Additionally multiple non-security fixes were added. OpenOffice_org-2.4.0.14-1.2.i586.rpm OpenOffice_org-2.4.0.14-1.2.ppc.rpm OpenOffice_org-2.4.0.14-1.2.x86_64.rpm OpenOffice_org-af-2.4.0.14-1.2.noarch.rpm OpenOffice_org-ar-2.4.0.14-1.2.noarch.rpm OpenOffice_org-base-2.4.0.14-1.2.i586.rpm OpenOffice_org-base-2.4.0.14-1.2.ppc.rpm OpenOffice_org-base-2.4.0.14-1.2.x86_64.rpm OpenOffice_org-be-BY-2.4.0.14-1.2.noarch.rpm OpenOffice_org-bg-2.4.0.14-1.2.noarch.rpm OpenOffice_org-branding-upstream-2.4.0.14-1.2.i586.rpm OpenOffice_org-branding-upstream-2.4.0.14-1.2.ppc.rpm OpenOffice_org-branding-upstream-2.4.0.14-1.2.x86_64.rpm OpenOffice_org-ca-2.4.0.14-1.2.noarch.rpm OpenOffice_org-calc-2.4.0.14-1.2.i586.rpm OpenOffice_org-calc-2.4.0.14-1.2.ppc.rpm OpenOffice_org-calc-2.4.0.14-1.2.x86_64.rpm OpenOffice_org-cs-2.4.0.14-1.2.noarch.rpm OpenOffice_org-cy-2.4.0.14-1.2.noarch.rpm OpenOffice_org-da-2.4.0.14-1.2.noarch.rpm OpenOffice_org-de-2.4.0.14-1.2.noarch.rpm OpenOffice_org-devel-2.4.0.14-1.2.i586.rpm OpenOffice_org-devel-2.4.0.14-1.2.ppc.rpm OpenOffice_org-devel-2.4.0.14-1.2.x86_64.rpm OpenOffice_org-draw-2.4.0.14-1.2.i586.rpm OpenOffice_org-draw-2.4.0.14-1.2.ppc.rpm OpenOffice_org-draw-2.4.0.14-1.2.x86_64.rpm OpenOffice_org-el-2.4.0.14-1.2.noarch.rpm OpenOffice_org-en-GB-2.4.0.14-1.2.noarch.rpm OpenOffice_org-es-2.4.0.14-1.2.noarch.rpm OpenOffice_org-et-2.4.0.14-1.2.noarch.rpm OpenOffice_org-fi-2.4.0.14-1.2.noarch.rpm OpenOffice_org-filters-2.4.0.14-1.2.i586.rpm OpenOffice_org-filters-2.4.0.14-1.2.ppc.rpm OpenOffice_org-filters-2.4.0.14-1.2.x86_64.rpm OpenOffice_org-fr-2.4.0.14-1.2.noarch.rpm OpenOffice_org-gnome-2.4.0.14-1.2.i586.rpm OpenOffice_org-gnome-2.4.0.14-1.2.ppc.rpm OpenOffice_org-gnome-2.4.0.14-1.2.x86_64.rpm OpenOffice_org-gu-IN-2.4.0.14-1.2.noarch.rpm OpenOffice_org-hi-IN-2.4.0.14-1.2.noarch.rpm OpenOffice_org-hr-2.4.0.14-1.2.noarch.rpm OpenOffice_org-hu-2.4.0.14-1.2.noarch.rpm OpenOffice_org-icon-themes-prebuilt-2.4.0.14-1.2.i586.rpm OpenOffice_org-icon-themes-prebuilt-2.4.0.14-1.2.ppc.rpm OpenOffice_org-icon-themes-prebuilt-2.4.0.14-1.2.x86_64.rpm OpenOffice_org-impress-2.4.0.14-1.2.i586.rpm OpenOffice_org-impress-2.4.0.14-1.2.ppc.rpm OpenOffice_org-impress-2.4.0.14-1.2.x86_64.rpm OpenOffice_org-it-2.4.0.14-1.2.noarch.rpm OpenOffice_org-ja-2.4.0.14-1.2.noarch.rpm OpenOffice_org-kde-2.4.0.14-1.2.i586.rpm OpenOffice_org-kde-2.4.0.14-1.2.ppc.rpm OpenOffice_org-kde-2.4.0.14-1.2.x86_64.rpm OpenOffice_org-km-2.4.0.14-1.2.noarch.rpm OpenOffice_org-ko-2.4.0.14-1.2.noarch.rpm OpenOffice_org-lt-2.4.0.14-1.2.noarch.rpm OpenOffice_org-mailmerge-2.4.0.14-1.2.i586.rpm OpenOffice_org-mailmerge-2.4.0.14-1.2.ppc.rpm OpenOffice_org-mailmerge-2.4.0.14-1.2.x86_64.rpm OpenOffice_org-math-2.4.0.14-1.2.i586.rpm OpenOffice_org-math-2.4.0.14-1.2.ppc.rpm OpenOffice_org-math-2.4.0.14-1.2.x86_64.rpm OpenOffice_org-mk-2.4.0.14-1.2.noarch.rpm OpenOffice_org-mono-2.4.0.14-1.2.i586.rpm OpenOffice_org-mono-2.4.0.14-1.2.ppc.rpm OpenOffice_org-mono-2.4.0.14-1.2.x86_64.rpm OpenOffice_org-nb-2.4.0.14-1.2.noarch.rpm OpenOffice_org-nl-2.4.0.14-1.2.noarch.rpm OpenOffice_org-nn-2.4.0.14-1.2.noarch.rpm OpenOffice_org-officebean-2.4.0.14-1.2.i586.rpm OpenOffice_org-officebean-2.4.0.14-1.2.ppc.rpm OpenOffice_org-officebean-2.4.0.14-1.2.x86_64.rpm OpenOffice_org-pa-IN-2.4.0.14-1.2.noarch.rpm OpenOffice_org-pl-2.4.0.14-1.2.noarch.rpm OpenOffice_org-pt-2.4.0.14-1.2.noarch.rpm OpenOffice_org-pt-BR-2.4.0.14-1.2.noarch.rpm OpenOffice_org-pyuno-2.4.0.14-1.2.i586.rpm OpenOffice_org-pyuno-2.4.0.14-1.2.ppc.rpm OpenOffice_org-pyuno-2.4.0.14-1.2.x86_64.rpm OpenOffice_org-ru-2.4.0.14-1.2.noarch.rpm OpenOffice_org-rw-2.4.0.14-1.2.noarch.rpm OpenOffice_org-sdk-2.4.0.14-1.2.i586.rpm OpenOffice_org-sdk-2.4.0.14-1.2.ppc.rpm OpenOffice_org-sdk-2.4.0.14-1.2.x86_64.rpm OpenOffice_org-sdk-doc-2.4.0.14-1.2.i586.rpm OpenOffice_org-sdk-doc-2.4.0.14-1.2.ppc.rpm OpenOffice_org-sdk-doc-2.4.0.14-1.2.x86_64.rpm OpenOffice_org-sk-2.4.0.14-1.2.noarch.rpm OpenOffice_org-sl-2.4.0.14-1.2.noarch.rpm OpenOffice_org-sr-CS-2.4.0.14-1.2.noarch.rpm OpenOffice_org-st-2.4.0.14-1.2.noarch.rpm OpenOffice_org-sv-2.4.0.14-1.2.noarch.rpm OpenOffice_org-testtool-2.4.0.14-1.2.i586.rpm OpenOffice_org-testtool-2.4.0.14-1.2.ppc.rpm OpenOffice_org-testtool-2.4.0.14-1.2.x86_64.rpm OpenOffice_org-tr-2.4.0.14-1.2.noarch.rpm OpenOffice_org-ts-2.4.0.14-1.2.noarch.rpm OpenOffice_org-vi-2.4.0.14-1.2.noarch.rpm OpenOffice_org-writer-2.4.0.14-1.2.i586.rpm OpenOffice_org-writer-2.4.0.14-1.2.ppc.rpm OpenOffice_org-writer-2.4.0.14-1.2.x86_64.rpm OpenOffice_org-xh-2.4.0.14-1.2.noarch.rpm OpenOffice_org-zh-CN-2.4.0.14-1.2.noarch.rpm OpenOffice_org-zh-TW-2.4.0.14-1.2.noarch.rpm OpenOffice_org-zu-2.4.0.14-1.2.noarch.rpm strongswan openSUSE 11.0 This update of strongswan fixes a denial of service problem that occurs while parsing a IKE_SA_INIT message dursing key exchange. This allows an remote attacker to crash the daemon. (CVE-2008-4551) strongswan-4.2.1-11.4.i586.rpm strongswan-4.2.1-11.4.ppc.rpm strongswan-4.2.1-11.4.x86_64.rpm strongswan-doc-4.2.1-11.4.i586.rpm strongswan-doc-4.2.1-11.4.ppc.rpm strongswan-doc-4.2.1-11.4.x86_64.rpm imp openSUSE 11.0 This update fixes a XSS vulnerability in imp. (CVE-2008-4182) imp-4.1.4-70.2.noarch.rpm clamav openSUSE 11.0 Various bugs such as a get_unicode_name() off-by-one buffer overflow, a bug in URL parsing of phishing checks as well as minor other issues have been fixed in clamav. (CVE-2008-5050) clamav-0.94.1-2.1.i586.rpm clamav-0.94.1-2.1.ppc.rpm clamav-0.94.1-2.1.x86_64.rpm clamav-db-0.94.1-2.1.i586.rpm clamav-db-0.94.1-2.1.ppc.rpm clamav-db-0.94.1-2.1.x86_64.rpm acroread openSUSE 11.0 The acroread package was update to fix several security vulnerabilities in the JavaScript engine. (CVE-2008-2992, CVE-2008-2549, CVE-2008-4812, CVE-2008-4813, CVE-2008-4817, CVE-2008-4816, CVE-2008-4814, CVE-2008-4815) acroread-8.1.3-1.1.i586.rpm htop openSUSE 11.0 insufficient character filters in htop when displaying commands allowed programs that rewrite their program name to inject escape sequences (CVE-2008-5076). htop-0.7-32.2.i586.rpm htop-0.7-32.2.ppc.rpm htop-0.7-32.2.x86_64.rpm cups openSUSE 11.0 local users could crash cups by adding a large number of RSS subscriptions (CVE-2008-5183, CVE-2008-5184). cups-1.3.7-25.4.i586.rpm cups-1.3.7-25.4.ppc.rpm cups-1.3.7-25.4.x86_64.rpm cups-client-1.3.7-25.4.i586.rpm cups-client-1.3.7-25.4.ppc.rpm cups-client-1.3.7-25.4.x86_64.rpm cups-devel-1.3.7-25.4.i586.rpm cups-devel-1.3.7-25.4.ppc.rpm cups-devel-1.3.7-25.4.x86_64.rpm cups-libs-1.3.7-25.4.i586.rpm cups-libs-1.3.7-25.4.ppc.rpm cups-libs-1.3.7-25.4.x86_64.rpm cups-libs-32bit-1.3.7-25.4.x86_64.rpm cups-libs-64bit-1.3.7-25.4.ppc.rpm MozillaThunderbird openSUSE 11.0 This update brings the Mozilla Thunderbird E-Mail program to version 2.0.0.18. It fixes following security problems: CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. CVE-2008-5014 / MFSA 2008-50 jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. CVE-2008-5016 / MFSA 2008-52: The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. CVE-2008-5017 / MFSA 2008-52: Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. CVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class. CVE-2008-5019 / MFSA 2008-53: The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors. CVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. CVE-2008-5022 / MFSA 2008-56: The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. CVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. CVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js. MFSA 2008-59: Mozilla developer Boris Zbarsky reported that a malicious mail message might be able to glean personal information about the recipient from the mailbox URI (such as computer account name) if the mail recipient has enabled JavaScript in mail. If a malicious mail is forwarded "in-line" to a recipient who has enabled JavaScript, then comments added by the forwarder could be accessed by scripts in the message and potentially revealed to the original malicious author if that message has also been allowed to load remote content. Scripts in mail messages no longer have access to the DOM properties .documentURI and .textContent. MozillaThunderbird-2.0.0.18-1.1.i586.rpm MozillaThunderbird-2.0.0.18-1.1.ppc.rpm MozillaThunderbird-2.0.0.18-1.1.x86_64.rpm MozillaThunderbird-devel-2.0.0.18-1.1.i586.rpm MozillaThunderbird-devel-2.0.0.18-1.1.ppc.rpm MozillaThunderbird-devel-2.0.0.18-1.1.x86_64.rpm MozillaThunderbird-translations-2.0.0.18-1.1.i586.rpm MozillaThunderbird-translations-2.0.0.18-1.1.ppc.rpm MozillaThunderbird-translations-2.0.0.18-1.1.x86_64.rpm horde openSUSE 11.0 This update of horde fixes the following vulnerabilities: - CVE-2008-1284: directory traversal allows authenticated user to access and execute arbitrary files - CVE-2008-3330: remotely exploitable XSS - CVE-2008-3824: remotely exploitable XSS horde-3.1.4-121.2.noarch.rpm mozilla-xulrunner181 openSUSE 11.0 This update backports security fixes to the Mozilla XULRunner engine. It fixes following security issues: CVE-2008-0017 / MFSA 2008-54: The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. CVE-2008-5013 / MFSA 2008-49: Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address. CVE-2008-5014 / MFSA 2008-50: jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. CVE-2008-5016 / MFSA 2008-52: The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. CVE-2008-5017 / MFSA 2008-52: Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. CVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class. CVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. CVE-2008-5022 / MFSA 2008-56: The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. CVE-2008-5023 / MFSA 2008-57: Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. CVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. CVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js. epiphany-2.22.1.1-25.2.i586.rpm epiphany-2.22.1.1-25.2.ppc.rpm epiphany-2.22.1.1-25.2.x86_64.rpm epiphany-devel-2.22.1.1-25.2.i586.rpm epiphany-devel-2.22.1.1-25.2.ppc.rpm epiphany-devel-2.22.1.1-25.2.x86_64.rpm epiphany-doc-2.22.1.1-25.2.i586.rpm epiphany-doc-2.22.1.1-25.2.ppc.rpm epiphany-doc-2.22.1.1-25.2.x86_64.rpm epiphany-extensions-2.22.0-37.2.i586.rpm epiphany-extensions-2.22.0-37.2.ppc.rpm epiphany-extensions-2.22.0-37.2.x86_64.rpm mozilla-xulrunner181-1.8.1.18-0.1.i586.rpm mozilla-xulrunner181-1.8.1.18-0.1.ppc.rpm mozilla-xulrunner181-1.8.1.18-0.1.x86_64.rpm mozilla-xulrunner181-32bit-1.8.1.18-0.1.x86_64.rpm mozilla-xulrunner181-64bit-1.8.1.18-0.1.ppc.rpm mozilla-xulrunner181-devel-1.8.1.18-0.1.i586.rpm mozilla-xulrunner181-devel-1.8.1.18-0.1.ppc.rpm mozilla-xulrunner181-devel-1.8.1.18-0.1.x86_64.rpm mozilla-xulrunner181-l10n-1.8.1.18-0.1.i586.rpm mozilla-xulrunner181-l10n-1.8.1.18-0.1.ppc.rpm mozilla-xulrunner181-l10n-1.8.1.18-0.1.x86_64.rpm seamonkey openSUSE 11.0 This update brings the Mozilla Seamonkey browser to version 1.1.13. It fixes following security issues: CVE-2008-0017 / MFSA 2008-54: The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. CVE-2008-5013 / MFSA 2008-49: Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address. CVE-2008-5014 / MFSA 2008-50 jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. CVE-2008-5016 / MFSA 2008-52: The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. CVE-2008-5017 / MFSA 2008-52: Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. CVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class. CVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. CVE-2008-5022 / MFSA 2008-56: The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. CVE-2008-5023 / MFSA 2008-57: Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. CVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. CVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js. seamonkey-1.1.13-1.1.i586.rpm seamonkey-1.1.13-1.1.ppc.rpm seamonkey-1.1.13-1.1.x86_64.rpm seamonkey-dom-inspector-1.1.13-1.1.i586.rpm seamonkey-dom-inspector-1.1.13-1.1.ppc.rpm seamonkey-dom-inspector-1.1.13-1.1.x86_64.rpm seamonkey-irc-1.1.13-1.1.i586.rpm seamonkey-irc-1.1.13-1.1.ppc.rpm seamonkey-irc-1.1.13-1.1.x86_64.rpm seamonkey-mail-1.1.13-1.1.i586.rpm seamonkey-mail-1.1.13-1.1.ppc.rpm seamonkey-mail-1.1.13-1.1.x86_64.rpm seamonkey-spellchecker-1.1.13-1.1.i586.rpm seamonkey-spellchecker-1.1.13-1.1.ppc.rpm seamonkey-spellchecker-1.1.13-1.1.x86_64.rpm seamonkey-venkman-1.1.13-1.1.i586.rpm seamonkey-venkman-1.1.13-1.1.ppc.rpm seamonkey-venkman-1.1.13-1.1.x86_64.rpm yast2-backup openSUSE 11.0 This updated of yast2-backup fixes a sellcode injection vulnerability and improves handling of symlinks for the backup process. yast2-backup-2.16.6-0.1.noarch.rpm jasper openSUSE 11.0 Multiple, potentially dangerous integer overflows, buffer overflows and a problem with temporary files have been fixed (CVE-2008-3520, CVE-2008-3521, CVE-2008-3522). jasper-1.900.1-98.3.i586.rpm jasper-1.900.1-98.3.ppc.rpm jasper-1.900.1-98.3.x86_64.rpm libjasper-1.900.1-98.3.i586.rpm libjasper-1.900.1-98.3.ppc.rpm libjasper-1.900.1-98.3.x86_64.rpm libjasper-32bit-1.900.1-98.3.x86_64.rpm libjasper-64bit-1.900.1-98.3.ppc.rpm libjasper-devel-1.900.1-98.3.i586.rpm libjasper-devel-1.900.1-98.3.ppc.rpm libjasper-devel-1.900.1-98.3.x86_64.rpm MozillaFirefox openSUSE 11.0 This update brings the Mozilla Firefox browser to version 3.0.4. It fixes following security issues: CVE-2008-0017 / MFSA 2008-54: The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. CVE-2008-5013 / MFSA 2008-49: Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address. CVE-2008-5014 / MFSA 2008-50 jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. CVE-2008-5015 / MFSA 2008-51: Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system. CVE-2008-5016 / MFSA 2008-52: The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. CVE-2008-5017 / MFSA 2008-52: Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. CVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class. CVE-2008-5019 / MFSA 2008-53: The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors. CVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. CVE-2008-5022 / MFSA 2008-56: The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. CVE-2008-5023 / MFSA 2008-57: Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. CVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. CVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js. MozillaFirefox-3.0.4-3.1.i586.rpm MozillaFirefox-3.0.4-3.1.ppc.rpm MozillaFirefox-3.0.4-3.1.x86_64.rpm MozillaFirefox-translations-3.0.4-3.1.i586.rpm MozillaFirefox-translations-3.0.4-3.1.ppc.rpm MozillaFirefox-translations-3.0.4-3.1.x86_64.rpm mozilla-xulrunner190-1.9.0.4-2.1.i586.rpm mozilla-xulrunner190-1.9.0.4-2.1.ppc.rpm mozilla-xulrunner190-1.9.0.4-2.1.x86_64.rpm mozilla-xulrunner190-32bit-1.9.0.4-2.1.x86_64.rpm mozilla-xulrunner190-64bit-1.9.0.4-2.1.ppc.rpm mozilla-xulrunner190-devel-1.9.0.4-2.1.i586.rpm mozilla-xulrunner190-devel-1.9.0.4-2.1.ppc.rpm mozilla-xulrunner190-devel-1.9.0.4-2.1.x86_64.rpm mozilla-xulrunner190-gnomevfs-1.9.0.4-2.1.i586.rpm mozilla-xulrunner190-gnomevfs-1.9.0.4-2.1.ppc.rpm mozilla-xulrunner190-gnomevfs-1.9.0.4-2.1.x86_64.rpm mozilla-xulrunner190-gnomevfs-32bit-1.9.0.4-2.1.x86_64.rpm mozilla-xulrunner190-gnomevfs-64bit-1.9.0.4-2.1.ppc.rpm mozilla-xulrunner190-translations-1.9.0.4-2.1.i586.rpm mozilla-xulrunner190-translations-1.9.0.4-2.1.ppc.rpm mozilla-xulrunner190-translations-1.9.0.4-2.1.x86_64.rpm mozilla-xulrunner190-translations-32bit-1.9.0.4-2.1.x86_64.rpm mozilla-xulrunner190-translations-64bit-1.9.0.4-2.1.ppc.rpm hal openSUSE 11.0 This update contains serveral fixes: HAL now gets storage.model via a ioctl instead from sysfs if the storage device use the SCSI-layer to prevent truncated strings (bnc#397871), fix internal handling of PropertyModified signal (fd.o#16427), fix battery handling on PPC (PMU) machines to prevent list the same battery multiple times (fd.o#15482), fix some memory leaks (fd.o#16376 and other), fix handling of volume devices (dont set storage.model), fixed rc file (bnc#405332), fixed keymapping for machines using the ThinkPad kernel module (bnc#382855); Sony (bnc#410730); HP (bnc#411189,#398846); a Toshiba A110 (bnc#430263) and Dell (bnc#410174), fixed interface Lock() handling to prevent locks get not removed if the lock owner dies or exit without calling Unlock(), fix generation of UDIs to prevent problems with invalid DBus paths causing crashes (fd.o#16040), fix brightness handling for some machines (bnc#42968) which handle brightness keys directly in hardware/bios, enable support for the ppdev subsystem (bnc#235059) including ACL handling, mark another CDMA device as modem (bnc#405332). hal-0.5.11-8.2.i586.rpm hal-0.5.11-8.2.ppc.rpm hal-0.5.11-8.2.x86_64.rpm hal-32bit-0.5.11-8.2.x86_64.rpm hal-64bit-0.5.11-8.2.ppc.rpm hal-devel-0.5.11-8.2.i586.rpm hal-devel-0.5.11-8.2.ppc.rpm hal-devel-0.5.11-8.2.x86_64.rpm hal-doc-0.5.11-9.2.i586.rpm hal-doc-0.5.11-9.2.ppc.rpm hal-doc-0.5.11-9.2.x86_64.rpm xorg-x11 openSUSE 11.0 Due to changes in mktemp's behaviour, the X Font Server (xfs) startup in /etc/init.d/xfs did no longer work, thereby preventing xfs to be started. xorg-x11-7.3-96.4.i586.rpm xorg-x11-7.3-96.4.ppc.rpm xorg-x11-7.3-96.4.x86_64.rpm openvpn openSUSE 11.0 This update fixes pid file related start/stop problems in the openvpn init script. openvpn-2.0.9-96.2.i586.rpm openvpn-2.0.9-96.2.ppc.rpm openvpn-2.0.9-96.2.x86_64.rpm openvpn-auth-pam-plugin-2.0.9-96.2.i586.rpm openvpn-auth-pam-plugin-2.0.9-96.2.ppc.rpm openvpn-auth-pam-plugin-2.0.9-96.2.x86_64.rpm openvpn-down-root-plugin-2.0.9-96.2.i586.rpm openvpn-down-root-plugin-2.0.9-96.2.ppc.rpm openvpn-down-root-plugin-2.0.9-96.2.x86_64.rpm rsh openSUSE 11.0 in.rexecd was not using the system wide limits, potentially allowing remote rexec users to exhaust all system resources. This patch fixes it. rsh-0.17-680.2.i586.rpm rsh-0.17-680.2.ppc.rpm rsh-0.17-680.2.x86_64.rpm rsh-server-0.17-680.2.i586.rpm rsh-server-0.17-680.2.ppc.rpm rsh-server-0.17-680.2.x86_64.rpm valgrind openSUSE 11.0 valgrind reads a file .valgrindrc in the current directory. Therefore local users could place such a file a world writable directory such as /tmp and influence other users' valgrind when it's executed there (CVE-2008-4865). valgrind-3.3.0-43.2.i586.rpm valgrind-3.3.0-43.2.ppc.rpm valgrind-3.3.0-43.2.x86_64.rpm valgrind-devel-3.3.0-43.2.i586.rpm valgrind-devel-3.3.0-43.2.ppc.rpm valgrind-devel-3.3.0-43.2.x86_64.rpm apache2 openSUSE 11.0 This updated fixes a problem in mod_proxy_http that was introduced by previous security update. apache2-2.2.8-28.4.i586.rpm apache2-2.2.8-28.4.ppc.rpm apache2-2.2.8-28.4.x86_64.rpm apache2-devel-2.2.8-28.4.i586.rpm apache2-devel-2.2.8-28.4.ppc.rpm apache2-devel-2.2.8-28.4.x86_64.rpm apache2-doc-2.2.8-28.4.i586.rpm apache2-doc-2.2.8-28.4.ppc.rpm apache2-doc-2.2.8-28.4.x86_64.rpm apache2-example-pages-2.2.8-28.4.i586.rpm apache2-example-pages-2.2.8-28.4.ppc.rpm apache2-example-pages-2.2.8-28.4.x86_64.rpm apache2-prefork-2.2.8-28.4.i586.rpm apache2-prefork-2.2.8-28.4.ppc.rpm apache2-prefork-2.2.8-28.4.x86_64.rpm apache2-utils-2.2.8-28.4.i586.rpm apache2-utils-2.2.8-28.4.ppc.rpm apache2-utils-2.2.8-28.4.x86_64.rpm apache2-worker-2.2.8-28.4.i586.rpm apache2-worker-2.2.8-28.4.ppc.rpm apache2-worker-2.2.8-28.4.x86_64.rpm java-1_4_2-sun openSUSE 11.0 This update changes the timezone information in Sun Java to 2008g. This includes changes in Brazilia, Mauritius, Moroco, Gaza, Pakistan, Turkey and Argentina. java-1_5_0-sun-1.5.0_update16-1.3.i586.rpm java-1_5_0-sun-1.5.0_update16-1.3.x86_64.rpm java-1_5_0-sun-alsa-1.5.0_update16-1.3.i586.rpm java-1_5_0-sun-alsa-1.5.0_update16-1.3.x86_64.rpm java-1_5_0-sun-demo-1.5.0_update16-1.3.i586.rpm java-1_5_0-sun-demo-1.5.0_update16-1.3.x86_64.rpm java-1_5_0-sun-devel-1.5.0_update16-1.3.i586.rpm java-1_5_0-sun-devel-1.5.0_update16-1.3.x86_64.rpm java-1_5_0-sun-jdbc-1.5.0_update16-1.3.i586.rpm java-1_5_0-sun-jdbc-1.5.0_update16-1.3.x86_64.rpm java-1_5_0-sun-plugin-1.5.0_update16-1.3.i586.rpm java-1_5_0-sun-src-1.5.0_update16-1.3.i586.rpm java-1_5_0-sun-src-1.5.0_update16-1.3.x86_64.rpm java-1_6_0-sun-1.6.0.u7-1.3.i586.rpm java-1_6_0-sun-1.6.0.u7-1.3.x86_64.rpm java-1_6_0-sun-alsa-1.6.0.u7-1.3.i586.rpm java-1_6_0-sun-alsa-1.6.0.u7-1.3.x86_64.rpm java-1_6_0-sun-demo-1.6.0.u7-1.3.i586.rpm java-1_6_0-sun-demo-1.6.0.u7-1.3.x86_64.rpm java-1_6_0-sun-devel-1.6.0.u7-1.3.i586.rpm java-1_6_0-sun-devel-1.6.0.u7-1.3.x86_64.rpm java-1_6_0-sun-jdbc-1.6.0.u7-1.3.i586.rpm java-1_6_0-sun-jdbc-1.6.0.u7-1.3.x86_64.rpm java-1_6_0-sun-plugin-1.6.0.u7-1.3.i586.rpm pdns-recursor openSUSE 11.0 PowerDNS recursor was looking in the wrong path for its configuration file. pdns-recursor-3.1.5-14.2.i586.rpm pdns-recursor-3.1.5-14.2.ppc.rpm pdns-recursor-3.1.5-14.2.x86_64.rpm libxml2 openSUSE 11.0 libxml2 could run into an endless loop when processing specially crafted XML files (CVE-2008-4225) libxml2-2.6.32-11.5.i586.rpm libxml2-2.6.32-11.5.ppc.rpm libxml2-2.6.32-11.5.x86_64.rpm libxml2-32bit-2.6.32-11.5.x86_64.rpm libxml2-64bit-2.6.32-11.5.ppc.rpm libxml2-devel-2.6.32-11.5.i586.rpm libxml2-devel-2.6.32-11.5.ppc.rpm libxml2-devel-2.6.32-11.5.x86_64.rpm libxml2-devel-32bit-2.6.32-11.5.x86_64.rpm libxml2-devel-64bit-2.6.32-11.5.ppc.rpm libxml2-doc-2.6.32-11.5.i586.rpm libxml2-doc-2.6.32-11.5.ppc.rpm libxml2-doc-2.6.32-11.5.x86_64.rpm lynx openSUSE 11.0 This update of lynx fixes a security bug that can be exploited by remote attackers to execute arbitrary commands when advanced mode is enabled and lynx is used as URL handler (CVE-2008-4690) lynx-2.8.6-109.2.i586.rpm lynx-2.8.6-109.2.ppc.rpm lynx-2.8.6-109.2.x86_64.rpm rubygem-activerecord openSUSE 11.0 Missing sanity checks of the :limit and :offset parameters in SQL queries could potentially be exploited to conduct SQL inection attacks (CVE-2008-4094). rubygem-activerecord-1.15.5-71.2.i586.rpm rubygem-activerecord-1.15.5-71.2.ppc.rpm rubygem-activerecord-1.15.5-71.2.x86_64.rpm rubygem-actionpack openSUSE 11.0 Missing input sanitation in rubygem-actionpack allowed remote attackers to inject arbitrary HTTP headers via specially crafted URLs (CVE-2008-5189). rubygem-actionpack-1.13.5-71.2.i586.rpm rubygem-actionpack-1.13.5-71.2.ppc.rpm rubygem-actionpack-1.13.5-71.2.x86_64.rpm imlib2 openSUSE 11.0 A security problem was fixed in imlib2 where loading a specific XPM file could corrupt memory. (CVE-2008-5187) imlib2-1.4.0-46.5.i586.rpm imlib2-1.4.0-46.5.ppc.rpm imlib2-1.4.0-46.5.x86_64.rpm imlib2-devel-1.4.0-46.5.i586.rpm imlib2-devel-1.4.0-46.5.ppc.rpm imlib2-devel-1.4.0-46.5.x86_64.rpm imlib2-filters-1.4.0-46.5.i586.rpm imlib2-filters-1.4.0-46.5.ppc.rpm imlib2-filters-1.4.0-46.5.x86_64.rpm imlib2-loaders-1.4.0-46.5.i586.rpm imlib2-loaders-1.4.0-46.5.ppc.rpm imlib2-loaders-1.4.0-46.5.x86_64.rpm apache2-mod_php5 openSUSE 11.0 This update fixes a buffer overflow in php_imap.c that uses an old IMAP API. This bug can be exploited to execute arbitrary code remotely via long IMAP requests. (CVE-2008-2829) apache2-mod_php5-5.2.6-0.6.i586.rpm apache2-mod_php5-5.2.6-0.6.ppc.rpm apache2-mod_php5-5.2.6-0.6.x86_64.rpm php5-5.2.6-0.6.i586.rpm php5-5.2.6-0.6.ppc.rpm php5-5.2.6-0.6.x86_64.rpm php5-bcmath-5.2.6-0.6.i586.rpm php5-bcmath-5.2.6-0.6.ppc.rpm php5-bcmath-5.2.6-0.6.x86_64.rpm php5-bz2-5.2.6-0.6.i586.rpm php5-bz2-5.2.6-0.6.ppc.rpm php5-bz2-5.2.6-0.6.x86_64.rpm php5-calendar-5.2.6-0.6.i586.rpm php5-calendar-5.2.6-0.6.ppc.rpm php5-calendar-5.2.6-0.6.x86_64.rpm php5-ctype-5.2.6-0.6.i586.rpm php5-ctype-5.2.6-0.6.ppc.rpm php5-ctype-5.2.6-0.6.x86_64.rpm php5-curl-5.2.6-0.6.i586.rpm php5-curl-5.2.6-0.6.ppc.rpm php5-curl-5.2.6-0.6.x86_64.rpm php5-dba-5.2.6-0.6.i586.rpm php5-dba-5.2.6-0.6.ppc.rpm php5-dba-5.2.6-0.6.x86_64.rpm php5-dbase-5.2.6-0.6.i586.rpm php5-dbase-5.2.6-0.6.ppc.rpm php5-dbase-5.2.6-0.6.x86_64.rpm php5-devel-5.2.6-0.6.i586.rpm php5-devel-5.2.6-0.6.ppc.rpm php5-devel-5.2.6-0.6.x86_64.rpm php5-dom-5.2.6-0.6.i586.rpm php5-dom-5.2.6-0.6.ppc.rpm php5-dom-5.2.6-0.6.x86_64.rpm php5-exif-5.2.6-0.6.i586.rpm php5-exif-5.2.6-0.6.ppc.rpm php5-exif-5.2.6-0.6.x86_64.rpm php5-fastcgi-5.2.6-0.6.i586.rpm php5-fastcgi-5.2.6-0.6.ppc.rpm php5-fastcgi-5.2.6-0.6.x86_64.rpm php5-ftp-5.2.6-0.6.i586.rpm php5-ftp-5.2.6-0.6.ppc.rpm php5-ftp-5.2.6-0.6.x86_64.rpm php5-gd-5.2.6-0.6.i586.rpm php5-gd-5.2.6-0.6.ppc.rpm php5-gd-5.2.6-0.6.x86_64.rpm php5-gettext-5.2.6-0.6.i586.rpm php5-gettext-5.2.6-0.6.ppc.rpm php5-gettext-5.2.6-0.6.x86_64.rpm php5-gmp-5.2.6-0.6.i586.rpm php5-gmp-5.2.6-0.6.ppc.rpm php5-gmp-5.2.6-0.6.x86_64.rpm php5-hash-5.2.6-0.6.i586.rpm php5-hash-5.2.6-0.6.ppc.rpm php5-hash-5.2.6-0.6.x86_64.rpm php5-iconv-5.2.6-0.6.i586.rpm php5-iconv-5.2.6-0.6.ppc.rpm php5-iconv-5.2.6-0.6.x86_64.rpm php5-imap-5.2.6-0.6.i586.rpm php5-imap-5.2.6-0.6.ppc.rpm php5-imap-5.2.6-0.6.x86_64.rpm php5-json-5.2.6-0.6.i586.rpm php5-json-5.2.6-0.6.ppc.rpm php5-json-5.2.6-0.6.x86_64.rpm php5-ldap-5.2.6-0.6.i586.rpm php5-ldap-5.2.6-0.6.ppc.rpm php5-ldap-5.2.6-0.6.x86_64.rpm php5-mbstring-5.2.6-0.6.i586.rpm php5-mbstring-5.2.6-0.6.ppc.rpm php5-mbstring-5.2.6-0.6.x86_64.rpm php5-mcrypt-5.2.6-0.6.i586.rpm php5-mcrypt-5.2.6-0.6.ppc.rpm php5-mcrypt-5.2.6-0.6.x86_64.rpm php5-mysql-5.2.6-0.6.i586.rpm php5-mysql-5.2.6-0.6.ppc.rpm php5-mysql-5.2.6-0.6.x86_64.rpm php5-ncurses-5.2.6-0.6.i586.rpm php5-ncurses-5.2.6-0.6.ppc.rpm php5-ncurses-5.2.6-0.6.x86_64.rpm php5-odbc-5.2.6-0.6.i586.rpm php5-odbc-5.2.6-0.6.ppc.rpm php5-odbc-5.2.6-0.6.x86_64.rpm php5-openssl-5.2.6-0.6.i586.rpm php5-openssl-5.2.6-0.6.ppc.rpm php5-openssl-5.2.6-0.6.x86_64.rpm php5-pcntl-5.2.6-0.6.i586.rpm php5-pcntl-5.2.6-0.6.ppc.rpm php5-pcntl-5.2.6-0.6.x86_64.rpm php5-pdo-5.2.6-0.6.i586.rpm php5-pdo-5.2.6-0.6.ppc.rpm php5-pdo-5.2.6-0.6.x86_64.rpm php5-pear-5.2.6-0.6.i586.rpm php5-pear-5.2.6-0.6.ppc.rpm php5-pear-5.2.6-0.6.x86_64.rpm php5-pgsql-5.2.6-0.6.i586.rpm php5-pgsql-5.2.6-0.6.ppc.rpm php5-pgsql-5.2.6-0.6.x86_64.rpm php5-posix-5.2.6-0.6.i586.rpm php5-posix-5.2.6-0.6.ppc.rpm php5-posix-5.2.6-0.6.x86_64.rpm php5-pspell-5.2.6-0.6.i586.rpm php5-pspell-5.2.6-0.6.ppc.rpm php5-pspell-5.2.6-0.6.x86_64.rpm php5-readline-5.2.6-0.6.i586.rpm php5-readline-5.2.6-0.6.ppc.rpm php5-readline-5.2.6-0.6.x86_64.rpm php5-shmop-5.2.6-0.6.i586.rpm php5-shmop-5.2.6-0.6.ppc.rpm php5-shmop-5.2.6-0.6.x86_64.rpm php5-snmp-5.2.6-0.6.i586.rpm php5-snmp-5.2.6-0.6.ppc.rpm php5-snmp-5.2.6-0.6.x86_64.rpm php5-soap-5.2.6-0.6.i586.rpm php5-soap-5.2.6-0.6.ppc.rpm php5-soap-5.2.6-0.6.x86_64.rpm php5-sockets-5.2.6-0.6.i586.rpm php5-sockets-5.2.6-0.6.ppc.rpm php5-sockets-5.2.6-0.6.x86_64.rpm php5-sqlite-5.2.6-0.6.i586.rpm php5-sqlite-5.2.6-0.6.ppc.rpm php5-sqlite-5.2.6-0.6.x86_64.rpm php5-suhosin-5.2.6-0.6.i586.rpm php5-suhosin-5.2.6-0.6.ppc.rpm php5-suhosin-5.2.6-0.6.x86_64.rpm php5-sysvmsg-5.2.6-0.6.i586.rpm php5-sysvmsg-5.2.6-0.6.ppc.rpm php5-sysvmsg-5.2.6-0.6.x86_64.rpm php5-sysvsem-5.2.6-0.6.i586.rpm php5-sysvsem-5.2.6-0.6.ppc.rpm php5-sysvsem-5.2.6-0.6.x86_64.rpm php5-sysvshm-5.2.6-0.6.i586.rpm php5-sysvshm-5.2.6-0.6.ppc.rpm php5-sysvshm-5.2.6-0.6.x86_64.rpm php5-tidy-5.2.6-0.6.i586.rpm php5-tidy-5.2.6-0.6.ppc.rpm php5-tidy-5.2.6-0.6.x86_64.rpm php5-tokenizer-5.2.6-0.6.i586.rpm php5-tokenizer-5.2.6-0.6.ppc.rpm php5-tokenizer-5.2.6-0.6.x86_64.rpm php5-wddx-5.2.6-0.6.i586.rpm php5-wddx-5.2.6-0.6.ppc.rpm php5-wddx-5.2.6-0.6.x86_64.rpm php5-xmlreader-5.2.6-0.6.i586.rpm php5-xmlreader-5.2.6-0.6.ppc.rpm php5-xmlreader-5.2.6-0.6.x86_64.rpm php5-xmlrpc-5.2.6-0.6.i586.rpm php5-xmlrpc-5.2.6-0.6.ppc.rpm php5-xmlrpc-5.2.6-0.6.x86_64.rpm php5-xmlwriter-5.2.6-0.6.i586.rpm php5-xmlwriter-5.2.6-0.6.ppc.rpm php5-xmlwriter-5.2.6-0.6.x86_64.rpm php5-xsl-5.2.6-0.6.i586.rpm php5-xsl-5.2.6-0.6.ppc.rpm php5-xsl-5.2.6-0.6.x86_64.rpm php5-zip-5.2.6-0.6.i586.rpm php5-zip-5.2.6-0.6.ppc.rpm php5-zip-5.2.6-0.6.x86_64.rpm php5-zlib-5.2.6-0.6.i586.rpm php5-zlib-5.2.6-0.6.ppc.rpm php5-zlib-5.2.6-0.6.x86_64.rpm pam_krb5 openSUSE 11.0 Insufficient file access permissions checks allowed users to read Kerberos tickes of other users if pam_krb5 was configured with the option "existing_ticket" (CVE-2008-3825). pam_krb5-2.2.22-35.3.i586.rpm pam_krb5-2.2.22-35.3.ppc.rpm pam_krb5-2.2.22-35.3.x86_64.rpm pam_krb5-32bit-2.2.22-35.3.x86_64.rpm pam_krb5-64bit-2.2.22-35.3.ppc.rpm libsnmp15 openSUSE 11.0 Remote attackers could crash net-snmp via GETBULK-Request (CVE-2008-4309). In addition the following non-security issues have been fixed: - typo in error message (bnc#439857) - fix duplicate registration warnings on startup (bnc#326957) - container insert errors reproducable with shared ip setups (bnc#396773) - typo in the snmpd init script to really load all agents (bnc#415127) - logrotate config to restart the snmptrapd aswell (bnc#378069) libsnmp15-5.4.1-77.4.i586.rpm libsnmp15-5.4.1-77.4.ppc.rpm libsnmp15-5.4.1-77.4.x86_64.rpm net-snmp-5.4.1-77.4.i586.rpm net-snmp-5.4.1-77.4.ppc.rpm net-snmp-5.4.1-77.4.x86_64.rpm net-snmp-32bit-5.4.1-77.4.x86_64.rpm net-snmp-64bit-5.4.1-77.4.ppc.rpm net-snmp-devel-5.4.1-77.4.i586.rpm net-snmp-devel-5.4.1-77.4.ppc.rpm net-snmp-devel-5.4.1-77.4.x86_64.rpm net-snmp-devel-64bit-5.4.1-77.4.ppc.rpm perl-SNMP-5.4.1-77.4.i586.rpm perl-SNMP-5.4.1-77.4.ppc.rpm perl-SNMP-5.4.1-77.4.x86_64.rpm snmp-mibs-5.4.1-77.4.i586.rpm snmp-mibs-5.4.1-77.4.ppc.rpm snmp-mibs-5.4.1-77.4.x86_64.rpm cifs-mount openSUSE 11.0 Malicious clients could potentially retrieve arbitrary memory content from a samba server (CVE-2008-4314). cifs-mount-3.2.4-4.1.i586.rpm cifs-mount-3.2.4-4.1.ppc.rpm cifs-mount-3.2.4-4.1.x86_64.rpm ldapsmb-1.34b-195.6.i586.rpm ldapsmb-1.34b-195.6.ppc.rpm ldapsmb-1.34b-195.6.x86_64.rpm libnetapi-devel-3.2.4-4.1.i586.rpm libnetapi-devel-3.2.4-4.1.ppc.rpm libnetapi-devel-3.2.4-4.1.x86_64.rpm libnetapi0-3.2.4-4.1.i586.rpm libnetapi0-3.2.4-4.1.ppc.rpm libnetapi0-3.2.4-4.1.x86_64.rpm libsmbclient-devel-3.2.4-4.1.i586.rpm libsmbclient-devel-3.2.4-4.1.ppc.rpm libsmbclient-devel-3.2.4-4.1.x86_64.rpm libsmbclient0-3.2.4-4.1.i586.rpm libsmbclient0-3.2.4-4.1.ppc.rpm libsmbclient0-3.2.4-4.1.x86_64.rpm libsmbclient0-32bit-3.2.4-4.1.x86_64.rpm libsmbclient0-64bit-3.2.4-4.1.ppc.rpm libsmbsharemodes-devel-3.2.4-4.1.i586.rpm libsmbsharemodes-devel-3.2.4-4.1.ppc.rpm libsmbsharemodes-devel-3.2.4-4.1.x86_64.rpm libsmbsharemodes0-3.2.4-4.1.i586.rpm libsmbsharemodes0-3.2.4-4.1.ppc.rpm libsmbsharemodes0-3.2.4-4.1.x86_64.rpm libtalloc-devel-3.2.4-4.1.i586.rpm libtalloc-devel-3.2.4-4.1.ppc.rpm libtalloc-devel-3.2.4-4.1.x86_64.rpm libtalloc1-3.2.4-4.1.i586.rpm libtalloc1-3.2.4-4.1.ppc.rpm libtalloc1-3.2.4-4.1.x86_64.rpm libtalloc1-32bit-3.2.4-4.1.x86_64.rpm libtalloc1-64bit-3.2.4-4.1.ppc.rpm libtdb-devel-3.2.4-4.1.i586.rpm libtdb-devel-3.2.4-4.1.ppc.rpm libtdb-devel-3.2.4-4.1.x86_64.rpm libtdb1-3.2.4-4.1.i586.rpm libtdb1-3.2.4-4.1.ppc.rpm libtdb1-3.2.4-4.1.x86_64.rpm libtdb1-32bit-3.2.4-4.1.x86_64.rpm libtdb1-64bit-3.2.4-4.1.ppc.rpm libwbclient-devel-3.2.4-4.1.i586.rpm libwbclient-devel-3.2.4-4.1.ppc.rpm libwbclient-devel-3.2.4-4.1.x86_64.rpm libwbclient0-3.2.4-4.1.i586.rpm libwbclient0-3.2.4-4.1.ppc.rpm libwbclient0-3.2.4-4.1.x86_64.rpm libwbclient0-32bit-3.2.4-4.1.x86_64.rpm libwbclient0-64bit-3.2.4-4.1.ppc.rpm samba-3.2.4-4.1.i586.rpm samba-3.2.4-4.1.ppc.rpm samba-3.2.4-4.1.x86_64.rpm samba-32bit-3.2.4-4.1.x86_64.rpm samba-64bit-3.2.4-4.1.ppc.rpm samba-client-3.2.4-4.1.i586.rpm samba-client-3.2.4-4.1.ppc.rpm samba-client-3.2.4-4.1.x86_64.rpm samba-client-32bit-3.2.4-4.1.x86_64.rpm samba-client-64bit-3.2.4-4.1.ppc.rpm samba-devel-3.2.4-4.1.i586.rpm samba-devel-3.2.4-4.1.ppc.rpm samba-devel-3.2.4-4.1.x86_64.rpm samba-krb-printing-3.2.4-4.1.i586.rpm samba-krb-printing-3.2.4-4.1.ppc.rpm samba-krb-printing-3.2.4-4.1.x86_64.rpm samba-winbind-3.2.4-4.1.i586.rpm samba-winbind-3.2.4-4.1.ppc.rpm samba-winbind-3.2.4-4.1.x86_64.rpm samba-winbind-32bit-3.2.4-4.1.x86_64.rpm samba-winbind-64bit-3.2.4-4.1.ppc.rpm pdns openSUSE 11.0 Remote attackers could crash pdnsd if the daemon was configured with distributor-threads=1. With the default configuration pdns is not affected by this problem (CVE-2008-5277). pdns-2.9.21-143.5.i586.rpm pdns-2.9.21-143.5.ppc.rpm pdns-2.9.21-143.5.x86_64.rpm pdns-backend-ldap-2.9.21-143.5.i586.rpm pdns-backend-ldap-2.9.21-143.5.ppc.rpm pdns-backend-ldap-2.9.21-143.5.x86_64.rpm pdns-backend-mysql-2.9.21-143.5.i586.rpm pdns-backend-mysql-2.9.21-143.5.ppc.rpm pdns-backend-mysql-2.9.21-143.5.x86_64.rpm pdns-backend-postgresql-2.9.21-143.5.i586.rpm pdns-backend-postgresql-2.9.21-143.5.ppc.rpm pdns-backend-postgresql-2.9.21-143.5.x86_64.rpm pdns-backend-sqlite2-2.9.21-143.5.i586.rpm pdns-backend-sqlite2-2.9.21-143.5.ppc.rpm pdns-backend-sqlite2-2.9.21-143.5.x86_64.rpm pdns-backend-sqlite3-2.9.21-143.5.i586.rpm pdns-backend-sqlite3-2.9.21-143.5.ppc.rpm pdns-backend-sqlite3-2.9.21-143.5.x86_64.rpm translation-update openSUSE 11.0 Fix several translation issues. translation-update-10.3-27.3.noarch.rpm translation-update-de-10.3-27.3.noarch.rpm translation-update-es-10.3-27.3.noarch.rpm translation-update-fi-10.3-27.3.noarch.rpm translation-update-ja-10.3-27.3.noarch.rpm translation-update-pt_BR-10.3-27.3.noarch.rpm dbus-1 openSUSE 11.0 This update fixes a denial of service bug in dbus. (CVE-2008-3834) dbus-1-1.2.1-15.2.i586.rpm dbus-1-1.2.1-15.2.ppc.rpm dbus-1-1.2.1-15.2.x86_64.rpm dbus-1-32bit-1.2.1-15.2.x86_64.rpm dbus-1-64bit-1.2.1-15.2.ppc.rpm dbus-1-devel-1.2.1-15.2.i586.rpm dbus-1-devel-1.2.1-15.2.ppc.rpm dbus-1-devel-1.2.1-15.2.x86_64.rpm dbus-1-devel-doc-1.2.1-15.2.i586.rpm dbus-1-devel-doc-1.2.1-15.2.ppc.rpm dbus-1-devel-doc-1.2.1-15.2.x86_64.rpm dbus-1-x11-1.2.1-18.2.i586.rpm dbus-1-x11-1.2.1-18.2.ppc.rpm dbus-1-x11-1.2.1-18.2.x86_64.rpm ndiswrapper openSUSE 11.0 The ndiswrapper was updated to fix multiple buffer overflows that can be exploited over a connected WLAN by using long ESSID stings. (CVE-2008-4395) ndiswrapper-1.52-29.2.i586.rpm ndiswrapper-1.52-29.2.x86_64.rpm ndiswrapper-kmp-default-1.52_2.6.25.18_0.2-29.2.i586.rpm ndiswrapper-kmp-default-1.52_2.6.25.18_0.2-29.2.x86_64.rpm ndiswrapper-kmp-pae-1.52_2.6.25.18_0.2-29.2.i586.rpm ndiswrapper-kmp-xen-1.52_2.6.25.18_0.2-29.2.i586.rpm ndiswrapper-kmp-xen-1.52_2.6.25.18_0.2-29.2.x86_64.rpm gnutls openSUSE 11.0 gnutls did not properly verify x509 certificate chains. An attacker could exploit that to trick client programs into trusting servers that would normally get rejected (CVE-2008-4989). gnutls-2.2.2-17.2.i586.rpm gnutls-2.2.2-17.2.ppc.rpm gnutls-2.2.2-17.2.x86_64.rpm libgnutls-devel-2.2.2-17.2.i586.rpm libgnutls-devel-2.2.2-17.2.ppc.rpm libgnutls-devel-2.2.2-17.2.x86_64.rpm libgnutls-extra-devel-2.2.2-17.2.i586.rpm libgnutls-extra-devel-2.2.2-17.2.ppc.rpm libgnutls-extra-devel-2.2.2-17.2.x86_64.rpm libgnutls-extra26-2.2.2-17.2.i586.rpm libgnutls-extra26-2.2.2-17.2.ppc.rpm libgnutls-extra26-2.2.2-17.2.x86_64.rpm libgnutls26-2.2.2-17.2.i586.rpm libgnutls26-2.2.2-17.2.ppc.rpm libgnutls26-2.2.2-17.2.x86_64.rpm libgnutls26-32bit-2.2.2-17.2.x86_64.rpm libgnutls26-64bit-2.2.2-17.2.ppc.rpm novell-nortelplugins openSUSE 11.0 Nortel VPN Update from SP2 cannot start a connection anymore while the SP1 package worked fine with the same configuration. This patch brings the interface up with a default route instead of failing if no routes were specified by the VPN server (i.e. bifurcation was not used). Also applies for 11.0. novell-nortelplugins-0.1.3-54.2.i586.rpm novell-nortelplugins-0.1.3-54.2.ppc.rpm novell-nortelplugins-0.1.3-54.2.x86_64.rpm java-1_6_0-sun openSUSE 11.0 Update to Sun Java 1.6.0u10. This is a non security bugfix only release (like bnc#355868: java.lang.NoClassDefFoundError: Could not initialize class javax.crypto.SunJCE_b). java-1_6_0-sun-1.6.0.u10-2.1.i586.rpm java-1_6_0-sun-1.6.0.u10-2.1.x86_64.rpm java-1_6_0-sun-alsa-1.6.0.u10-2.1.i586.rpm java-1_6_0-sun-alsa-1.6.0.u10-2.1.x86_64.rpm java-1_6_0-sun-demo-1.6.0.u10-2.1.i586.rpm java-1_6_0-sun-demo-1.6.0.u10-2.1.x86_64.rpm java-1_6_0-sun-devel-1.6.0.u10-2.1.i586.rpm java-1_6_0-sun-devel-1.6.0.u10-2.1.x86_64.rpm java-1_6_0-sun-jdbc-1.6.0.u10-2.1.i586.rpm java-1_6_0-sun-jdbc-1.6.0.u10-2.1.x86_64.rpm java-1_6_0-sun-plugin-1.6.0.u10-2.1.i586.rpm glib2 openSUSE 11.0 This fixes memory leaks found in gnome-main-menu when it refreshes the list of recently-used files (bnc#402256). glib2-2.16.3-20.4.i586.rpm glib2-2.16.3-20.4.ppc.rpm glib2-2.16.3-20.4.x86_64.rpm glib2-branding-upstream-2.16.3-20.4.i586.rpm glib2-branding-upstream-2.16.3-20.4.ppc.rpm glib2-branding-upstream-2.16.3-20.4.x86_64.rpm glib2-devel-2.16.3-20.4.i586.rpm glib2-devel-2.16.3-20.4.ppc.rpm glib2-devel-2.16.3-20.4.x86_64.rpm glib2-devel-64bit-2.16.3-20.4.ppc.rpm glib2-doc-2.16.3-20.4.i586.rpm glib2-doc-2.16.3-20.4.ppc.rpm glib2-doc-2.16.3-20.4.x86_64.rpm gnome-main-menu-0.9.10-30.4.i586.rpm gnome-main-menu-0.9.10-30.4.ppc.rpm gnome-main-menu-0.9.10-30.4.x86_64.rpm gnome-main-menu-devel-0.9.10-30.4.i586.rpm gnome-main-menu-devel-0.9.10-30.4.ppc.rpm gnome-main-menu-devel-0.9.10-30.4.x86_64.rpm libgio-2_0-0-2.16.3-20.4.i586.rpm libgio-2_0-0-2.16.3-20.4.ppc.rpm libgio-2_0-0-2.16.3-20.4.x86_64.rpm libgio-2_0-0-32bit-2.16.3-20.4.x86_64.rpm libgio-2_0-0-64bit-2.16.3-20.4.ppc.rpm libgio-fam-2.16.3-20.4.i586.rpm libgio-fam-2.16.3-20.4.ppc.rpm libgio-fam-2.16.3-20.4.x86_64.rpm libglib-2_0-0-2.16.3-20.4.i586.rpm libglib-2_0-0-2.16.3-20.4.ppc.rpm libglib-2_0-0-2.16.3-20.4.x86_64.rpm libglib-2_0-0-32bit-2.16.3-20.4.x86_64.rpm libglib-2_0-0-64bit-2.16.3-20.4.ppc.rpm libgmodule-2_0-0-2.16.3-20.4.i586.rpm libgmodule-2_0-0-2.16.3-20.4.ppc.rpm libgmodule-2_0-0-2.16.3-20.4.x86_64.rpm libgmodule-2_0-0-32bit-2.16.3-20.4.x86_64.rpm libgmodule-2_0-0-64bit-2.16.3-20.4.ppc.rpm libgobject-2_0-0-2.16.3-20.4.i586.rpm libgobject-2_0-0-2.16.3-20.4.ppc.rpm libgobject-2_0-0-2.16.3-20.4.x86_64.rpm libgobject-2_0-0-32bit-2.16.3-20.4.x86_64.rpm libgobject-2_0-0-64bit-2.16.3-20.4.ppc.rpm libgthread-2_0-0-2.16.3-20.4.i586.rpm libgthread-2_0-0-2.16.3-20.4.ppc.rpm libgthread-2_0-0-2.16.3-20.4.x86_64.rpm libgthread-2_0-0-32bit-2.16.3-20.4.x86_64.rpm libgthread-2_0-0-64bit-2.16.3-20.4.ppc.rpm nautilus-gnome-main-menu-0.9.10-30.4.i586.rpm nautilus-gnome-main-menu-0.9.10-30.4.ppc.rpm nautilus-gnome-main-menu-0.9.10-30.4.x86_64.rpm freeradius-server openSUSE 11.0 This update fixes a possible symlink attack in the script freeradius-dialupadmin. (CVE-2008-4474) freeradius-server-2.0.5-8.3.i586.rpm freeradius-server-2.0.5-8.3.ppc.rpm freeradius-server-2.0.5-8.3.x86_64.rpm freeradius-server-devel-2.0.5-8.3.i586.rpm freeradius-server-devel-2.0.5-8.3.ppc.rpm freeradius-server-devel-2.0.5-8.3.x86_64.rpm freeradius-server-dialupadmin-2.0.5-8.3.i586.rpm freeradius-server-dialupadmin-2.0.5-8.3.ppc.rpm freeradius-server-dialupadmin-2.0.5-8.3.x86_64.rpm freeradius-server-doc-2.0.5-8.3.i586.rpm freeradius-server-doc-2.0.5-8.3.ppc.rpm freeradius-server-doc-2.0.5-8.3.x86_64.rpm freeradius-server-libs-2.0.5-8.3.i586.rpm freeradius-server-libs-2.0.5-8.3.ppc.rpm freeradius-server-libs-2.0.5-8.3.x86_64.rpm freeradius-server-utils-2.0.5-8.3.i586.rpm freeradius-server-utils-2.0.5-8.3.ppc.rpm freeradius-server-utils-2.0.5-8.3.x86_64.rpm clamav openSUSE 11.0 Specially crafted jpg files could crash the clamd daemon of clamav. (CVE-2008-5314) clamav-0.94.2-1.1.i586.rpm clamav-0.94.2-1.1.ppc.rpm clamav-0.94.2-1.1.x86_64.rpm clamav-db-0.94.2-1.1.i586.rpm clamav-db-0.94.2-1.1.ppc.rpm clamav-db-0.94.2-1.1.x86_64.rpm postgresql openSUSE 11.0 Multiple security vulnerabilities have been fixed in PostgrSQL - CVE-2009-3229: allows remote authenticated users to cause a denial of service - CVE-2009-3230: allows remote authenticated users to gain higher privileges - CVE-2009-3231: when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password postgresql-8.3.8-0.1.i586.rpm postgresql-8.3.8-0.1.ppc.rpm postgresql-8.3.8-0.1.ppc64.rpm postgresql-8.3.8-0.1.x86_64.rpm postgresql-contrib-8.3.8-0.1.i586.rpm postgresql-contrib-8.3.8-0.1.ppc.rpm postgresql-contrib-8.3.8-0.1.x86_64.rpm postgresql-devel-8.3.8-0.1.i586.rpm postgresql-devel-8.3.8-0.1.ppc.rpm postgresql-devel-8.3.8-0.1.x86_64.rpm postgresql-docs-8.3.8-0.1.i586.rpm postgresql-docs-8.3.8-0.1.ppc.rpm postgresql-docs-8.3.8-0.1.x86_64.rpm postgresql-libs-8.3.8-0.1.i586.rpm postgresql-libs-8.3.8-0.1.ppc.rpm postgresql-libs-8.3.8-0.1.x86_64.rpm postgresql-libs-32bit-8.3.8-0.1.x86_64.rpm postgresql-libs-64bit-8.3.8-0.1.ppc.rpm postgresql-server-8.3.8-0.1.i586.rpm postgresql-server-8.3.8-0.1.ppc.rpm postgresql-server-8.3.8-0.1.x86_64.rpm java-1_5_0-gcj-compat openSUSE 11.0 Add a trusted keystore (cacerts) of root certificates to java-1_5_0-gcj-compat package for gcc-java. This allows to use SSL connections, for example. java-1_5_0-gcj-compat-1.5.0.0-65.2.i586.rpm java-1_5_0-gcj-compat-1.5.0.0-65.2.ppc.rpm java-1_5_0-gcj-compat-1.5.0.0-65.2.x86_64.rpm java-1_5_0-gcj-compat-32bit-1.5.0.0-65.2.x86_64.rpm java-1_5_0-gcj-compat-64bit-1.5.0.0-65.2.ppc.rpm java-1_5_0-gcj-compat-devel-1.5.0.0-65.2.i586.rpm java-1_5_0-gcj-compat-devel-1.5.0.0-65.2.ppc.rpm java-1_5_0-gcj-compat-devel-1.5.0.0-65.2.x86_64.rpm libmysqlclient-devel openSUSE 11.0 Empty bit-strings in a query could crash the MySQL server (CVE-2008-3963). Due to another flaw users could access tables of other users (CVE-2008-4097, CVE-2008-4098). This update also fixes problems with the 'ORDER BY' query libmysqlclient-devel-5.0.51a-27.2.i586.rpm libmysqlclient-devel-5.0.51a-27.2.ppc.rpm libmysqlclient-devel-5.0.51a-27.2.x86_64.rpm libmysqlclient15-5.0.51a-27.2.i586.rpm libmysqlclient15-5.0.51a-27.2.ppc.rpm libmysqlclient15-5.0.51a-27.2.x86_64.rpm libmysqlclient15-32bit-5.0.51a-27.2.x86_64.rpm libmysqlclient15-64bit-5.0.51a-27.2.ppc.rpm libmysqlclient_r15-5.0.51a-27.2.i586.rpm libmysqlclient_r15-5.0.51a-27.2.ppc.rpm libmysqlclient_r15-5.0.51a-27.2.x86_64.rpm libmysqlclient_r15-32bit-5.0.51a-27.2.x86_64.rpm libmysqlclient_r15-64bit-5.0.51a-27.2.ppc.rpm mysql-5.0.51a-27.2.i586.rpm mysql-5.0.51a-27.2.ppc.rpm mysql-5.0.51a-27.2.ppc64.rpm mysql-5.0.51a-27.2.x86_64.rpm mysql-Max-5.0.51a-27.2.i586.rpm mysql-Max-5.0.51a-27.2.ppc.rpm mysql-Max-5.0.51a-27.2.x86_64.rpm mysql-bench-5.0.51a-27.2.i586.rpm mysql-bench-5.0.51a-27.2.ppc.rpm mysql-bench-5.0.51a-27.2.x86_64.rpm mysql-client-5.0.51a-27.2.i586.rpm mysql-client-5.0.51a-27.2.ppc.rpm mysql-client-5.0.51a-27.2.x86_64.rpm mysql-debug-5.0.51a-27.2.i586.rpm mysql-debug-5.0.51a-27.2.ppc.rpm mysql-debug-5.0.51a-27.2.x86_64.rpm mysql-tools-5.0.51a-27.2.i586.rpm mysql-tools-5.0.51a-27.2.ppc.rpm mysql-tools-5.0.51a-27.2.x86_64.rpm courier-authlib openSUSE 11.0 Insufficient quoting allowed attackers to inject SQL statements when using the pgsql backend (CVE-2008-2380). courier-authlib-0.60.2-40.4.i586.rpm courier-authlib-0.60.2-40.4.ppc.rpm courier-authlib-0.60.2-40.4.x86_64.rpm courier-authlib-devel-0.60.2-40.4.i586.rpm courier-authlib-devel-0.60.2-40.4.ppc.rpm courier-authlib-devel-0.60.2-40.4.x86_64.rpm courier-authlib-ldap-0.60.2-40.4.i586.rpm courier-authlib-ldap-0.60.2-40.4.ppc.rpm courier-authlib-ldap-0.60.2-40.4.x86_64.rpm courier-authlib-mysql-0.60.2-40.4.i586.rpm courier-authlib-mysql-0.60.2-40.4.ppc.rpm courier-authlib-mysql-0.60.2-40.4.x86_64.rpm courier-authlib-pgsql-0.60.2-40.4.i586.rpm courier-authlib-pgsql-0.60.2-40.4.ppc.rpm courier-authlib-pgsql-0.60.2-40.4.x86_64.rpm courier-authlib-pipe-0.60.2-40.4.i586.rpm courier-authlib-pipe-0.60.2-40.4.ppc.rpm courier-authlib-pipe-0.60.2-40.4.x86_64.rpm courier-authlib-userdb-0.60.2-40.4.i586.rpm courier-authlib-userdb-0.60.2-40.4.ppc.rpm courier-authlib-userdb-0.60.2-40.4.x86_64.rpm mozilla-xulrunner190 openSUSE 11.0 The Mozilla XULRunner engine was updated to version 1.9.0.5. The following security issues were fixed: MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher moz_bug_r_a4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website. moz_bug_r_a4 also reported two vulnerabilities by which page content can pollute XPCNativeWrappers and run arbitary JavaScript with chrome priviliges. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form '\0' was ignored by the CSS parser and treated as if it was not present in the CSS input string. This issue could potentially be used to bypass script sanitization routines in web applications. The severity of this issue was determined to be low. MFSA 2008-66 / CVE-2008-5508: Perl developer Chip Salzenberg reported that certain control characters, when placed at the beginning of a URL, would lead to incorrect parsing resulting in a malformed URL being output by the parser. IBM researchers Justin Schuh, Tom Cross, and Peter William also reported a related symptom as part of their research that resulted in MFSA 2008-37. There was no direct security impact from this issue and its effect was limited to the improper rendering of hyperlinks containing specific characters. The severity of this issue was determined to be low. MFSA 2008-65 / CVE-2008-5507: Google security researcher Chris Evans reported that a website could access a limited amount of data from a different domain by loading a same-domain JavaScript URL which redirects to an off-domain target resource containing data which is not parsable as JavaScript. Upon attempting to load the data as JavaScript a syntax error is generated that can reveal some of the file context via the window.onerror DOM API. This issue could be used by a malicious website to steal private data from users who are authenticated on the redirected website. How much data could be at risk would depend on the format of the data and how the JavaScript parser attempts to interpret it. For most files the amount of data that can be recovered would be limited to the first word or two. Some data files might allow deeper probing with repeated loads. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-64 / CVE-2008-5506: Marius Schilder of Google Security reported that when a XMLHttpRequest is made to a same-origin resource which 302 redirects to a resource in a different domain, the response from the cross-domain resource is readable by the site issuing the XHR. Cookies marked HttpOnly were not readable, but other potentially sensitive data could be revealed in the XHR response including URL parameters and content in the response body. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-61 / CVE-2008-5503: Mozilla developer Boris Zbarsky reported that XBL bindings could be used to read data from other domains, a violation of the same-origin policy. The severity of this issue was determined to be moderate due to several mitigating factors: The target document requires a <bindingsi> element in the XBL namespace in order to be read. The reader of the data needs to know the id attribute of the binding being read in advance. It is unlikely that web services will expose private data in the manner described above. Firefox 3 is not affected by this issue. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Products built from the Mozilla 1.9.0 branch and later, Firefox 3 for example, are not affected by this issue. Upgrading to one of these products is a reliable workaround for this particular issue and it is also Mozilla's recommendation that the most current version of any Mozilla product be used. Alternatively, you can disable JavaScript until a version containing these fixes can be installed. MFSA 2008-60 / CVE-2008-5500: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images. Workaround Disable JavaScript until a version containing these fixes can be installed. mozilla-xulrunner190-1.9.0.5-0.1.i586.rpm mozilla-xulrunner190-1.9.0.5-0.1.ppc.rpm mozilla-xulrunner190-1.9.0.5-0.1.x86_64.rpm mozilla-xulrunner190-32bit-1.9.0.5-0.1.x86_64.rpm mozilla-xulrunner190-64bit-1.9.0.5-0.1.ppc.rpm mozilla-xulrunner190-devel-1.9.0.5-0.1.i586.rpm mozilla-xulrunner190-devel-1.9.0.5-0.1.ppc.rpm mozilla-xulrunner190-devel-1.9.0.5-0.1.x86_64.rpm mozilla-xulrunner190-gnomevfs-1.9.0.5-0.1.i586.rpm mozilla-xulrunner190-gnomevfs-1.9.0.5-0.1.ppc.rpm mozilla-xulrunner190-gnomevfs-1.9.0.5-0.1.x86_64.rpm mozilla-xulrunner190-gnomevfs-32bit-1.9.0.5-0.1.x86_64.rpm mozilla-xulrunner190-gnomevfs-64bit-1.9.0.5-0.1.ppc.rpm mozilla-xulrunner190-translations-1.9.0.5-0.1.i586.rpm mozilla-xulrunner190-translations-1.9.0.5-0.1.ppc.rpm mozilla-xulrunner190-translations-1.9.0.5-0.1.x86_64.rpm mozilla-xulrunner190-translations-32bit-1.9.0.5-0.1.x86_64.rpm mozilla-xulrunner190-translations-64bit-1.9.0.5-0.1.ppc.rpm MozillaFirefox openSUSE 11.0 The Mozilla Firefox browser was updated to version 3.0.5, fixing various security issues and stability problems. The following security issues were fixed: MFSA 2008-69 / CVE-2008-5513: Mozilla security researcher moz_bug_r_a4 reported vulnerabilities in the session-restore feature by which content could be injected into an incorrect document storage location, including storage locations for other domains. An attacker could utilize these issues to violate the browser's same-origin policy and perform an XSS attack while SessionStore data is being restored. moz_bug_r_a4 also reported that one variant could be used by an attacker to run arbitrary JavaScript with chrome privileges. MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher moz_bug_r_a4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website. moz_bug_r_a4 also reported two vulnerabilities by which page content can pollute XPCNativeWrappers and run arbitary JavaScript with chrome priviliges. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form '\0' was ignored by the CSS parser and treated as if it was not present in the CSS input string. This issue could potentially be used to bypass script sanitization routines in web applications. The severity of this issue was determined to be low. MFSA 2008-66 / CVE-2008-5508: Perl developer Chip Salzenberg reported that certain control characters, when placed at the beginning of a URL, would lead to incorrect parsing resulting in a malformed URL being output by the parser. IBM researchers Justin Schuh, Tom Cross, and Peter William also reported a related symptom as part of their research that resulted in MFSA 2008-37. There was no direct security impact from this issue and its effect was limited to the improper rendering of hyperlinks containing specific characters. The severity of this issue was determined to be low. MFSA 2008-65 / CVE-2008-5507: Google security researcher Chris Evans reported that a website could access a limited amount of data from a different domain by loading a same-domain JavaScript URL which redirects to an off-domain target resource containing data which is not parsable as JavaScript. Upon attempting to load the data as JavaScript a syntax error is generated that can reveal some of the file context via the window.onerror DOM API. This issue could be used by a malicious website to steal private data from users who are authenticated on the redirected website. How much data could be at risk would depend on the format of the data and how the JavaScript parser attempts to interpret it. For most files the amount of data that can be recovered would be limited to the first word or two. Some data files might allow deeper probing with repeated loads. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-64 / CVE-2008-5506: Marius Schilder of Google Security reported that when a XMLHttpRequest is made to a same-origin resource which 302 redirects to a resource in a different domain, the response from the cross-domain resource is readable by the site issuing the XHR. Cookies marked HttpOnly were not readable, but other potentially sensitive data could be revealed in the XHR response including URL parameters and content in the response body. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-63 / CVE-2008-5505: Security researcher Hish reported that the persist attribute in XUL elements can be used to store cookie-like information on a user's computer which could later be read by a website. This creates a privacy issue for users who have a non-standard cookie preference and wish to prevent sites from setting cookies on their machine. Even with cookies turned off, this issue could be used by a website to write persistent data in a user's browser and track the user across browsing sessions. Additionally, this issue could allow a website to bypass the limits normally placed on cookie size and number. MFSA 2008-60 / CVE-2008-5502 / CVE-2008-5501 / CVE-2008-5500: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images. Workaround Disable JavaScript until a version containing these fixes can be installed. MozillaFirefox-3.0.5-0.1.i586.rpm MozillaFirefox-3.0.5-0.1.ppc.rpm MozillaFirefox-3.0.5-0.1.x86_64.rpm MozillaFirefox-translations-3.0.5-0.1.i586.rpm MozillaFirefox-translations-3.0.5-0.1.ppc.rpm MozillaFirefox-translations-3.0.5-0.1.x86_64.rpm wireshark openSUSE 11.0 This update fixes problems that could crash wireshark when processing compressed data and when processing rf5 files (CVE-2008-3933, CVE-2008-3934) as well as CVE-2008-4680 (USB dissector crash), CVE-2008-4681 (Bluetooth RFCOMM dissector crash), CVE-2008-4682 (Tamos CommView dissector crash), CVE-2008-4683 (Bluetooth ACL dissector crash), CVE-2008-4684 (PRP and MATE dissector crash) and CVE-2008-4685 (Q.931 dissector crash). CVE-2008-5285 (SMTP dissector infinite loop) and an infinite loop problem in the WLCCP dissector wireshark-1.0.0-17.7.i586.rpm wireshark-1.0.0-17.7.ppc.rpm wireshark-1.0.0-17.7.x86_64.rpm wireshark-devel-1.0.0-17.7.i586.rpm wireshark-devel-1.0.0-17.7.ppc.rpm wireshark-devel-1.0.0-17.7.x86_64.rpm microcode_ctl openSUSE 11.0 This update installs the lates microcode data files from Intel. The microcode is loaded at system start (since the CPU doesn't keep the microcode if the system is powered down). microcode_ctl-1.17-78.2.i586.rpm microcode_ctl-1.17-78.2.x86_64.rpm glibc openSUSE 11.0 - nscd: Major improvement in nscd stability - two race conditions fixed. - glibc: Fix %EY strptime() specifier. - Fix backtracing through clone(). - Fix constraints for ppc atomic operations. glibc-2.8-14.2.i586.rpm glibc-2.8-14.2.i686.rpm glibc-2.8-14.2.ppc.rpm glibc-2.8-14.2.x86_64.rpm glibc-32bit-2.8-14.2.x86_64.rpm glibc-64bit-2.8-14.2.ppc.rpm glibc-devel-2.8-14.2.i586.rpm glibc-devel-2.8-14.2.i686.rpm glibc-devel-2.8-14.2.ppc.rpm glibc-devel-2.8-14.2.x86_64.rpm glibc-devel-32bit-2.8-14.2.x86_64.rpm glibc-devel-64bit-2.8-14.2.ppc.rpm glibc-html-2.8-14.2.i586.rpm glibc-html-2.8-14.2.ppc.rpm glibc-html-2.8-14.2.x86_64.rpm glibc-i18ndata-2.8-14.2.i586.rpm glibc-i18ndata-2.8-14.2.ppc.rpm glibc-i18ndata-2.8-14.2.x86_64.rpm glibc-info-2.8-14.2.i586.rpm glibc-info-2.8-14.2.ppc.rpm glibc-info-2.8-14.2.x86_64.rpm glibc-locale-2.8-14.2.i586.rpm glibc-locale-2.8-14.2.ppc.rpm glibc-locale-2.8-14.2.x86_64.rpm glibc-locale-32bit-2.8-14.2.x86_64.rpm glibc-locale-64bit-2.8-14.2.ppc.rpm glibc-obsolete-2.8-14.2.i586.rpm glibc-obsolete-2.8-14.2.ppc.rpm glibc-obsolete-2.8-14.2.x86_64.rpm glibc-profile-2.8-14.2.i586.rpm glibc-profile-2.8-14.2.ppc.rpm glibc-profile-2.8-14.2.x86_64.rpm glibc-profile-32bit-2.8-14.2.x86_64.rpm glibc-profile-64bit-2.8-14.2.ppc.rpm nscd-2.8-14.2.i586.rpm nscd-2.8-14.2.ppc.rpm nscd-2.8-14.2.x86_64.rpm mozilla-xulrunner181 openSUSE 11.0 The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed: MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher moz_bug_r_a4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website. moz_bug_r_a4 also reported two vulnerabilities by which page content can pollute XPCNativeWrappers and run arbitary JavaScript with chrome priviliges. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form '\0' was ignored by the CSS parser and treated as if it was not present in the CSS input string. This issue could potentially be used to bypass script sanitization routines in web applications. The severity of this issue was determined to be low. MFSA 2008-66 / CVE-2008-5508: Perl developer Chip Salzenberg reported that certain control characters, when placed at the beginning of a URL, would lead to incorrect parsing resulting in a malformed URL being output by the parser. IBM researchers Justin Schuh, Tom Cross, and Peter William also reported a related symptom as part of their research that resulted in MFSA 2008-37. There was no direct security impact from this issue and its effect was limited to the improper rendering of hyperlinks containing specific characters. The severity of this issue was determined to be low. MFSA 2008-65 / CVE-2008-5507: Google security researcher Chris Evans reported that a website could access a limited amount of data from a different domain by loading a same-domain JavaScript URL which redirects to an off-domain target resource containing data which is not parsable as JavaScript. Upon attempting to load the data as JavaScript a syntax error is generated that can reveal some of the file context via the window.onerror DOM API. This issue could be used by a malicious website to steal private data from users who are authenticated on the redirected website. How much data could be at risk would depend on the format of the data and how the JavaScript parser attempts to interpret it. For most files the amount of data that can be recovered would be limited to the first word or two. Some data files might allow deeper probing with repeated loads. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-64 / CVE-2008-5506: Marius Schilder of Google Security reported that when a XMLHttpRequest is made to a same-origin resource which 302 redirects to a resource in a different domain, the response from the cross-domain resource is readable by the site issuing the XHR. Cookies marked HttpOnly were not readable, but other potentially sensitive data could be revealed in the XHR response including URL parameters and content in the response body. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-61 / CVE-2008-5503: Mozilla developer Boris Zbarsky reported that XBL bindings could be used to read data from other domains, a violation of the same-origin policy. The severity of this issue was determined to be moderate due to several mitigating factors: The target document requires a <bindingsi> element in the XBL namespace in order to be read. The reader of the data needs to know the id attribute of the binding being read in advance. It is unlikely that web services will expose private data in the manner described above. Firefox 3 is not affected by this issue. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Products built from the Mozilla 1.9.0 branch and later, Firefox 3 for example, are not affected by this issue. Upgrading to one of these products is a reliable workaround for this particular issue and it is also Mozilla's recommendation that the most current version of any Mozilla product be used. Alternatively, you can disable JavaScript until a version containing these fixes can be installed. MFSA 2008-60 / CVE-2008-5500: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images. Workaround Disable JavaScript until a version containing these fixes can be installed. mozilla-xulrunner181-1.8.1.19-0.1.i586.rpm mozilla-xulrunner181-1.8.1.19-0.1.ppc.rpm mozilla-xulrunner181-1.8.1.19-0.1.x86_64.rpm mozilla-xulrunner181-32bit-1.8.1.19-0.1.x86_64.rpm mozilla-xulrunner181-64bit-1.8.1.19-0.1.ppc.rpm mozilla-xulrunner181-devel-1.8.1.19-0.1.i586.rpm mozilla-xulrunner181-devel-1.8.1.19-0.1.ppc.rpm mozilla-xulrunner181-devel-1.8.1.19-0.1.x86_64.rpm mozilla-xulrunner181-l10n-1.8.1.19-0.1.i586.rpm mozilla-xulrunner181-l10n-1.8.1.19-0.1.ppc.rpm mozilla-xulrunner181-l10n-1.8.1.19-0.1.x86_64.rpm epiphany openSUSE 11.0 The epiphany packages explicitly require mozilla-xulrunner181 versions so they need to be supplied together with the mozilla-xulrunner181 update. epiphany-2.22.1.1-25.3.i586.rpm epiphany-2.22.1.1-25.3.ppc.rpm epiphany-2.22.1.1-25.3.x86_64.rpm epiphany-devel-2.22.1.1-25.3.i586.rpm epiphany-devel-2.22.1.1-25.3.ppc.rpm epiphany-devel-2.22.1.1-25.3.x86_64.rpm epiphany-doc-2.22.1.1-25.3.i586.rpm epiphany-doc-2.22.1.1-25.3.ppc.rpm epiphany-doc-2.22.1.1-25.3.x86_64.rpm epiphany-extensions-2.22.0-37.3.i586.rpm epiphany-extensions-2.22.0-37.3.ppc.rpm epiphany-extensions-2.22.0-37.3.x86_64.rpm java-1_6_0-sun openSUSE 11.0 The version update to SUN Java 1.6.0_11-b03 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346) java-1_6_0-sun-1.6.0.u11-0.1.i586.rpm java-1_6_0-sun-1.6.0.u11-0.1.x86_64.rpm java-1_6_0-sun-alsa-1.6.0.u11-0.1.i586.rpm java-1_6_0-sun-alsa-1.6.0.u11-0.1.x86_64.rpm java-1_6_0-sun-demo-1.6.0.u11-0.1.i586.rpm java-1_6_0-sun-demo-1.6.0.u11-0.1.x86_64.rpm java-1_6_0-sun-devel-1.6.0.u11-0.1.i586.rpm java-1_6_0-sun-devel-1.6.0.u11-0.1.x86_64.rpm java-1_6_0-sun-jdbc-1.6.0.u11-0.1.i586.rpm java-1_6_0-sun-jdbc-1.6.0.u11-0.1.x86_64.rpm java-1_6_0-sun-plugin-1.6.0.u11-0.1.i586.rpm java-1_5_0-sun openSUSE 11.0 The version update to SUN Java 1.5.0u17 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346) java-1_5_0-sun-1.5.0_update17-0.1.i586.rpm java-1_5_0-sun-1.5.0_update17-0.1.x86_64.rpm java-1_5_0-sun-alsa-1.5.0_update17-0.1.i586.rpm java-1_5_0-sun-alsa-1.5.0_update17-0.1.x86_64.rpm java-1_5_0-sun-demo-1.5.0_update17-0.1.i586.rpm java-1_5_0-sun-demo-1.5.0_update17-0.1.x86_64.rpm java-1_5_0-sun-devel-1.5.0_update17-0.1.i586.rpm java-1_5_0-sun-devel-1.5.0_update17-0.1.x86_64.rpm java-1_5_0-sun-jdbc-1.5.0_update17-0.1.i586.rpm java-1_5_0-sun-jdbc-1.5.0_update17-0.1.x86_64.rpm java-1_5_0-sun-plugin-1.5.0_update17-0.1.i586.rpm java-1_5_0-sun-src-1.5.0_update17-0.1.i586.rpm java-1_5_0-sun-src-1.5.0_update17-0.1.x86_64.rpm MozillaThunderbird openSUSE 11.0 The Mozilla Thunderbird E-Mail client was updated to version 2.0.0.19. The following security issues were fixed: MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher moz_bug_r_a4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website. moz_bug_r_a4 also reported two vulnerabilities by which page content can pollute XPCNativeWrappers and run arbitary JavaScript with chrome priviliges. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form '\0' was ignored by the CSS parser and treated as if it was not present in the CSS input string. This issue could potentially be used to bypass script sanitization routines in web applications. The severity of this issue was determined to be low. MFSA 2008-66 / CVE-2008-5508: Perl developer Chip Salzenberg reported that certain control characters, when placed at the beginning of a URL, would lead to incorrect parsing resulting in a malformed URL being output by the parser. IBM researchers Justin Schuh, Tom Cross, and Peter William also reported a related symptom as part of their research that resulted in MFSA 2008-37. There was no direct security impact from this issue and its effect was limited to the improper rendering of hyperlinks containing specific characters. The severity of this issue was determined to be low. MFSA 2008-65 / CVE-2008-5507: Google security researcher Chris Evans reported that a website could access a limited amount of data from a different domain by loading a same-domain JavaScript URL which redirects to an off-domain target resource containing data which is not parsable as JavaScript. Upon attempting to load the data as JavaScript a syntax error is generated that can reveal some of the file context via the window.onerror DOM API. This issue could be used by a malicious website to steal private data from users who are authenticated on the redirected website. How much data could be at risk would depend on the format of the data and how the JavaScript parser attempts to interpret it. For most files the amount of data that can be recovered would be limited to the first word or two. Some data files might allow deeper probing with repeated loads. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-64 / CVE-2008-5506: Marius Schilder of Google Security reported that when a XMLHttpRequest is made to a same-origin resource which 302 redirects to a resource in a different domain, the response from the cross-domain resource is readable by the site issuing the XHR. Cookies marked HttpOnly were not readable, but other potentially sensitive data could be revealed in the XHR response including URL parameters and content in the response body. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-61 / CVE-2008-5503: Mozilla developer Boris Zbarsky reported that XBL bindings could be used to read data from other domains, a violation of the same-origin policy. The severity of this issue was determined to be moderate due to several mitigating factors: The target document requires a <bindingsi> element in the XBL namespace in order to be read. The reader of the data needs to know the id attribute of the binding being read in advance. It is unlikely that web services will expose private data in the manner described above. Firefox 3 is not affected by this issue. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Products built from the Mozilla 1.9.0 branch and later, Firefox 3 for example, are not affected by this issue. Upgrading to one of these products is a reliable workaround for this particular issue and it is also Mozilla's recommendation that the most current version of any Mozilla product be used. Alternatively, you can disable JavaScript until a version containing these fixes can be installed. MFSA 2008-60 / CVE-2008-5500: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images. Workaround Disable JavaScript until a version containing these fixes can be installed. MozillaThunderbird-2.0.0.19-0.1.i586.rpm MozillaThunderbird-2.0.0.19-0.1.ppc.rpm MozillaThunderbird-2.0.0.19-0.1.x86_64.rpm MozillaThunderbird-devel-2.0.0.19-0.1.i586.rpm MozillaThunderbird-devel-2.0.0.19-0.1.ppc.rpm MozillaThunderbird-devel-2.0.0.19-0.1.x86_64.rpm MozillaThunderbird-translations-2.0.0.19-0.1.i586.rpm MozillaThunderbird-translations-2.0.0.19-0.1.ppc.rpm MozillaThunderbird-translations-2.0.0.19-0.1.x86_64.rpm python openSUSE 11.0 Integer Overflows in the python imageop module potentially allowed attackers to execute arbitrary code (CVE-2008-4864). python-2.5.2-26.4.i586.rpm python-2.5.2-26.4.ppc.rpm python-2.5.2-26.4.x86_64.rpm python-32bit-2.5.2-26.4.x86_64.rpm python-64bit-2.5.2-26.4.ppc.rpm python-curses-2.5.2-26.4.i586.rpm python-curses-2.5.2-26.4.ppc.rpm python-curses-2.5.2-26.4.x86_64.rpm python-demo-2.5.2-26.4.i586.rpm python-demo-2.5.2-26.4.ppc.rpm python-demo-2.5.2-26.4.x86_64.rpm python-devel-2.5.2-26.4.i586.rpm python-devel-2.5.2-26.4.ppc.rpm python-devel-2.5.2-26.4.x86_64.rpm python-gdbm-2.5.2-26.4.i586.rpm python-gdbm-2.5.2-26.4.ppc.rpm python-gdbm-2.5.2-26.4.x86_64.rpm python-idle-2.5.2-26.4.i586.rpm python-idle-2.5.2-26.4.ppc.rpm python-idle-2.5.2-26.4.x86_64.rpm python-tk-2.5.2-26.4.i586.rpm python-tk-2.5.2-26.4.ppc.rpm python-tk-2.5.2-26.4.x86_64.rpm python-xml-2.5.2-26.4.i586.rpm python-xml-2.5.2-26.4.ppc.rpm python-xml-2.5.2-26.4.x86_64.rpm vinagre openSUSE 11.0 A format string problem in vinagre potentially allowed malicious VNC servers to have a vinagre client that connects to the server execute arbitrary code. (CVE-2008-5660) vinagre-0.5.1-20.2.i586.rpm vinagre-0.5.1-20.2.ppc.rpm vinagre-0.5.1-20.2.x86_64.rpm jhead openSUSE 11.0 This update of jhead fixes several security problems: - CVE-2008-4575: buffer overflow in DoCommand() - CVE-2008-4639: local symlink attack - CVE-2008-4640: DoCommand() allowed deletion of arbitrary files - CVE-2008-4641: execution of arbitrary shell commands in DoCommand() jhead-2.82-11.3.i586.rpm jhead-2.82-11.3.ppc.rpm jhead-2.82-11.3.x86_64.rpm git openSUSE 11.0 A malicious repository owner could specify a custom git diff command and therefore could execute arbitrary commands. git-1.5.6-43.3.i586.rpm git-1.5.6-43.3.ppc.rpm git-1.5.6-43.3.x86_64.rpm git-arch-1.5.6-43.3.i586.rpm git-arch-1.5.6-43.3.ppc.rpm git-arch-1.5.6-43.3.x86_64.rpm git-core-1.5.6-43.3.i586.rpm git-core-1.5.6-43.3.ppc.rpm git-core-1.5.6-43.3.x86_64.rpm git-cvs-1.5.6-43.3.i586.rpm git-cvs-1.5.6-43.3.ppc.rpm git-cvs-1.5.6-43.3.x86_64.rpm git-email-1.5.6-43.3.i586.rpm git-email-1.5.6-43.3.ppc.rpm git-email-1.5.6-43.3.x86_64.rpm git-svn-1.5.6-43.3.i586.rpm git-svn-1.5.6-43.3.ppc.rpm git-svn-1.5.6-43.3.x86_64.rpm gitk-1.5.6-43.3.i586.rpm gitk-1.5.6-43.3.ppc.rpm gitk-1.5.6-43.3.x86_64.rpm kvm openSUSE 11.0 Rogue VNC clients could make the built in VNC server of kvm run into an infinite loop (CVE-2008-2382) An off-by-one bug limited the length of VNC passwords to seven instead of eight (CVE-2008-5714) Virtualized guests could potentially execute code on the host by triggering a buffer overflow in the network emulation code via large ethernet frames (CVE-2007-5729) Virtualized guests could potentially execute code on the host by triggering a heap based buffer overflow in the Cirrus Graphics card emulation (CVE-2007-1320). kvm-63-31.2.i586.rpm kvm-63-31.2.x86_64.rpm kismet openSUSE 11.0 due to a build setup error the binaries gpsmap and gpsmap-helper-earthamaps were missing in the package (bnc#462695) kismet-2007_10_R1-60.2.i586.rpm kismet-2007_10_R1-60.2.ppc.rpm kismet-2007_10_R1-60.2.x86_64.rpm xterm openSUSE 11.0 XTerm evaluated various ANSI Escape sequences so that command execution was possible if an attacker could pipe raw data to an xterm. (CVE-2008-2383) (It is usually not recommended to display raw data on an xterm.) xterm-235-12.2.i586.rpm xterm-235-12.2.ppc.rpm xterm-235-12.2.x86_64.rpm cups openSUSE 11.0 Previous updates for the PNG and HPGL filters were incomplete and are corrected now. Also cups used a guest user account for RSS subscriptions which made it eeasier for attackers to conduct CSRF attacks. (CVE-2008-3641, CVE-2008-5184, CVE-2008-5286) cups-1.3.7-25.6.i586.rpm cups-1.3.7-25.6.ppc.rpm cups-1.3.7-25.6.x86_64.rpm cups-client-1.3.7-25.6.i586.rpm cups-client-1.3.7-25.6.ppc.rpm cups-client-1.3.7-25.6.x86_64.rpm cups-devel-1.3.7-25.6.i586.rpm cups-devel-1.3.7-25.6.ppc.rpm cups-devel-1.3.7-25.6.x86_64.rpm cups-libs-1.3.7-25.6.i586.rpm cups-libs-1.3.7-25.6.ppc.rpm cups-libs-1.3.7-25.6.x86_64.rpm cups-libs-32bit-1.3.7-25.6.x86_64.rpm cups-libs-64bit-1.3.7-25.6.ppc.rpm seccheck openSUSE 11.0 This update of seccheck does not sent annoying cron mails anymore. seccheck-2.0-631.2.noarch.rpm kernel openSUSE 11.0 This update fixes various security issues and several bugs in the openSUSE 11.0 kernel. It was also updated to the stable version 2.6.25.20. CVE-2008-5702: Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt.c might allow local users to have an unknown impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call. CVE-2008-5700: libata did not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program. CVE-2008-5079: net/atm/svc.c in the ATM subsystem allowed local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table. CVE-2008-5300: Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029. CVE-2008-5029: The __scm_destroy function in net/core/scm.c makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors. CVE-2008-4933: Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c allowed attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function. CVE-2008-5025: Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c allowed attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933. CVE-2008-5182: The inotify functionality might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. CVE-2008-3831: The i915 driver in drivers/char/drm/i915_dma.c does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration. CVE-2008-4554: The do_splice_from function in fs/splice.c did not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file. kernel-debug-2.6.25.20-0.1.i586.rpm 1 kernel-debug-2.6.25.20-0.1.x86_64.rpm 1 kernel-default-2.6.25.20-0.1.i586.rpm 1 kernel-default-2.6.25.20-0.1.ppc.rpm 1 kernel-default-2.6.25.20-0.1.x86_64.rpm 1 kernel-docs-2.6.25.20-0.1.noarch.rpm 1 kernel-kdump-2.6.25.20-0.1.ppc.rpm 1 kernel-pae-2.6.25.20-0.1.i586.rpm 1 kernel-ppc64-2.6.25.20-0.1.ppc.rpm 1 kernel-ps3-2.6.25.20-0.1.ppc.rpm 1 kernel-rt-2.6.25.20-0.1.i586.rpm 1 kernel-rt-2.6.25.20-0.1.x86_64.rpm 1 kernel-rt_debug-2.6.25.20-0.1.i586.rpm 1 kernel-rt_debug-2.6.25.20-0.1.x86_64.rpm 1 kernel-source-2.6.25.20-0.1.i586.rpm 1 kernel-source-2.6.25.20-0.1.ppc.rpm 1 kernel-source-2.6.25.20-0.1.x86_64.rpm 1 kernel-syms-2.6.25.20-0.1.i586.rpm 1 kernel-syms-2.6.25.20-0.1.ppc.rpm 1 kernel-syms-2.6.25.20-0.1.x86_64.rpm 1 kernel-vanilla-2.6.25.20-0.1.i586.rpm 1 kernel-vanilla-2.6.25.20-0.1.ppc.rpm 1 kernel-vanilla-2.6.25.20-0.1.x86_64.rpm 1 kernel-xen-2.6.25.20-0.1.i586.rpm 1 kernel-xen-2.6.25.20-0.1.x86_64.rpm 1 moodle openSUSE 11.0 Insufficient quoting of wiki page titles allowed attackers to conduct cross site scripting (XSS) attacks (CVE-2008-5432 ). moodle-1.9.0-24.4.noarch.rpm moodle-af-1.9.0-24.4.noarch.rpm moodle-ar-1.9.0-24.4.noarch.rpm moodle-be-1.9.0-24.4.noarch.rpm moodle-bg-1.9.0-24.4.noarch.rpm moodle-bs-1.9.0-24.4.noarch.rpm moodle-ca-1.9.0-24.4.noarch.rpm moodle-cs-1.9.0-24.4.noarch.rpm moodle-da-1.9.0-24.4.noarch.rpm moodle-de-1.9.0-24.4.noarch.rpm moodle-de_du-1.9.0-24.4.noarch.rpm moodle-el-1.9.0-24.4.noarch.rpm moodle-es-1.9.0-24.4.noarch.rpm moodle-et-1.9.0-24.4.noarch.rpm moodle-eu-1.9.0-24.4.noarch.rpm moodle-fa-1.9.0-24.4.noarch.rpm moodle-fi-1.9.0-24.4.noarch.rpm moodle-fr-1.9.0-24.4.noarch.rpm moodle-ga-1.9.0-24.4.noarch.rpm moodle-gl-1.9.0-24.4.noarch.rpm moodle-he-1.9.0-24.4.noarch.rpm moodle-hi-1.9.0-24.4.noarch.rpm moodle-hr-1.9.0-24.4.noarch.rpm moodle-hu-1.9.0-24.4.noarch.rpm moodle-id-1.9.0-24.4.noarch.rpm moodle-is-1.9.0-24.4.noarch.rpm moodle-it-1.9.0-24.4.noarch.rpm moodle-ja-1.9.0-24.4.noarch.rpm moodle-ka-1.9.0-24.4.noarch.rpm moodle-km-1.9.0-24.4.noarch.rpm moodle-kn-1.9.0-24.4.noarch.rpm moodle-ko-1.9.0-24.4.noarch.rpm moodle-lt-1.9.0-24.4.noarch.rpm moodle-lv-1.9.0-24.4.noarch.rpm moodle-mi_tn-1.9.0-24.4.noarch.rpm moodle-ms-1.9.0-24.4.noarch.rpm moodle-nl-1.9.0-24.4.noarch.rpm moodle-nn-1.9.0-24.4.noarch.rpm moodle-no-1.9.0-24.4.noarch.rpm moodle-pl-1.9.0-24.4.noarch.rpm moodle-pt-1.9.0-24.4.noarch.rpm moodle-ro-1.9.0-24.4.noarch.rpm moodle-ru-1.9.0-24.4.noarch.rpm moodle-sk-1.9.0-24.4.noarch.rpm moodle-sl-1.9.0-24.4.noarch.rpm moodle-so-1.9.0-24.4.noarch.rpm moodle-sq-1.9.0-24.4.noarch.rpm moodle-sr-1.9.0-24.4.noarch.rpm moodle-sv-1.9.0-24.4.noarch.rpm moodle-th-1.9.0-24.4.noarch.rpm moodle-tl-1.9.0-24.4.noarch.rpm moodle-tr-1.9.0-24.4.noarch.rpm moodle-uk-1.9.0-24.4.noarch.rpm moodle-vi-1.9.0-24.4.noarch.rpm moodle-zh_cn-1.9.0-24.4.noarch.rpm libnasl openSUSE 11.0 This update of libnasl adds missing return value checks for openssl function calls. (CVE-2009-0125) libnasl-2.2.10-59.2.i586.rpm libnasl-2.2.10-59.2.ppc.rpm libnasl-2.2.10-59.2.x86_64.rpm libpng-devel openSUSE 11.0 This update of libpng fixes the function png_check_keyword() that allowed setting arbitrary bytes in the process memory to 0. (CVE-2008-5907) libpng-devel-1.2.26-14.4.i586.rpm libpng-devel-1.2.26-14.4.ppc.rpm libpng-devel-1.2.26-14.4.x86_64.rpm libpng-devel-32bit-1.2.26-14.4.x86_64.rpm libpng-devel-64bit-1.2.26-14.4.ppc.rpm libpng12-0-1.2.26-14.4.i586.rpm libpng12-0-1.2.26-14.4.ppc.rpm libpng12-0-1.2.26-14.4.x86_64.rpm libpng12-0-32bit-1.2.26-14.4.x86_64.rpm libpng12-0-64bit-1.2.26-14.4.ppc.rpm libpng3-1.2.26-14.4.i586.rpm libpng3-1.2.26-14.4.ppc.rpm libpng3-1.2.26-14.4.x86_64.rpm bind openSUSE 11.0 This update improves the verification of return values of openssl functions. Prior this update it was possible to spoof answers signed with DSA and NSEC3DSA. (CVE-2009-0025) bind-9.4.2-39.4.i586.rpm bind-9.4.2-39.4.ppc.rpm bind-9.4.2-39.4.x86_64.rpm bind-chrootenv-9.4.2-39.4.i586.rpm bind-chrootenv-9.4.2-39.4.ppc.rpm bind-chrootenv-9.4.2-39.4.x86_64.rpm bind-devel-9.4.2-39.4.i586.rpm bind-devel-9.4.2-39.4.ppc.rpm bind-devel-9.4.2-39.4.x86_64.rpm bind-devel-64bit-9.4.2-39.4.ppc.rpm bind-doc-9.4.2-39.4.i586.rpm bind-doc-9.4.2-39.4.ppc.rpm bind-doc-9.4.2-39.4.x86_64.rpm bind-libs-9.4.2-39.4.i586.rpm bind-libs-9.4.2-39.4.ppc.rpm bind-libs-9.4.2-39.4.x86_64.rpm bind-libs-32bit-9.4.2-39.4.x86_64.rpm bind-libs-64bit-9.4.2-39.4.ppc.rpm bind-utils-9.4.2-39.4.i586.rpm bind-utils-9.4.2-39.4.ppc.rpm bind-utils-9.4.2-39.4.x86_64.rpm attr openSUSE 11.0 - #457660: REGRESSION: getfattr -P broken in SLES11 due to bug in the walk-attr.diff patch setfattr and getfattr with the -P flag recurse directory structures incorrectly. Expected behavior ============== trusted.9 trusted.a trusted.9 trusted.a trusted.9 trusted.a Current Behavior ============= trusted.9 trusted.a trusted.9 trusted.a attr-2.4.43-2.2.i586.rpm attr-2.4.43-2.2.ppc.rpm attr-2.4.43-2.2.x86_64.rpm libattr-2.4.43-2.2.i586.rpm libattr-2.4.43-2.2.ppc.rpm libattr-2.4.43-2.2.x86_64.rpm libattr-32bit-2.4.43-2.2.x86_64.rpm libattr-64bit-2.4.43-2.2.ppc.rpm libattr-devel-2.4.43-2.2.i586.rpm libattr-devel-2.4.43-2.2.ppc.rpm libattr-devel-2.4.43-2.2.x86_64.rpm libattr-devel-64bit-2.4.43-2.2.ppc.rpm libopenssl-devel openSUSE 11.0 This update improves the verification of return values. Prior to this udpate it was possible to bypass the certification chain checks of openssl. (CVE-2008-5077) libopenssl-devel-0.9.8g-47.2.i586.rpm libopenssl-devel-0.9.8g-47.2.ppc.rpm libopenssl-devel-0.9.8g-47.2.x86_64.rpm libopenssl0_9_8-0.9.8g-47.2.i586.rpm libopenssl0_9_8-0.9.8g-47.2.ppc.rpm libopenssl0_9_8-0.9.8g-47.2.x86_64.rpm libopenssl0_9_8-32bit-0.9.8g-47.2.x86_64.rpm libopenssl0_9_8-64bit-0.9.8g-47.2.ppc.rpm openssl-0.9.8g-47.2.i586.rpm openssl-0.9.8g-47.2.ppc.rpm openssl-0.9.8g-47.2.x86_64.rpm openssl-certs-0.9.8g-47.2.i586.rpm openssl-certs-0.9.8g-47.2.ppc.rpm openssl-certs-0.9.8g-47.2.x86_64.rpm openssl-doc-0.9.8g-47.2.i586.rpm openssl-doc-0.9.8g-47.2.ppc.rpm openssl-doc-0.9.8g-47.2.x86_64.rpm syslog-ng openSUSE 11.0 This update provides two fixes for following issues: - Bug #414955: Fix to avoid getpwnam/getgrnam calls with negative values (special meaning), that are causing an ldap request on system using nss_ldap and during a syslog reload a deadlock with a locally running ldap server trying to log (the request). - Bug #423470: Fix by Karsten Kuenne for a SEGV in host macro expansion in case when the host variable in the message structure isn't set. syslog-ng-1.6.12-76.2.i586.rpm syslog-ng-1.6.12-76.2.ppc.rpm syslog-ng-1.6.12-76.2.x86_64.rpm sudo openSUSE 11.0 This update of sudo fixes a bug that allowed - depending on the sudoers rules - a sudo-user to execute arbitrary shell commands as root. sudo-1.6.9p15-13.4.i586.rpm sudo-1.6.9p15-13.4.ppc.rpm sudo-1.6.9p15-13.4.x86_64.rpm nouveau-kmp-debug openSUSE 11.0 The updated kernel in the update repository caused the nouveau-kmp to no longer work due to a kernel version mismatch and the KMP being in the wrong directory under /lib/modules. nouveau-kmp-debug-0.10.1.20081112_2.6.25.18_0.2-0.3.i586.rpm nouveau-kmp-debug-0.10.1.20081112_2.6.25.18_0.2-0.3.x86_64.rpm nouveau-kmp-default-0.10.1.20081112_2.6.25.18_0.2-0.3.i586.rpm nouveau-kmp-default-0.10.1.20081112_2.6.25.18_0.2-0.3.ppc.rpm nouveau-kmp-default-0.10.1.20081112_2.6.25.18_0.2-0.3.x86_64.rpm nouveau-kmp-pae-0.10.1.20081112_2.6.25.18_0.2-0.3.i586.rpm nouveau-kmp-xen-0.10.1.20081112_2.6.25.18_0.2-0.3.i586.rpm nouveau-kmp-xen-0.10.1.20081112_2.6.25.18_0.2-0.3.x86_64.rpm xorg-x11-driver-video-nouveau-0.10.1.20081112-0.3.i586.rpm xorg-x11-driver-video-nouveau-0.10.1.20081112-0.3.ppc.rpm xorg-x11-driver-video-nouveau-0.10.1.20081112-0.3.x86_64.rpm xorg-x11-driver-video-nouveau-3d-0.10.1.20081112-0.3.i586.rpm xorg-x11-driver-video-nouveau-3d-0.10.1.20081112-0.3.ppc.rpm xorg-x11-driver-video-nouveau-3d-0.10.1.20081112-0.3.x86_64.rpm audiofile openSUSE 11.0 A heap-overflow in libaudiofile was fixed. The overflow existsed in the WAV processing code and can be exploited to execute arbitrary code. (CVE-2008-5824) audiofile-0.2.6-115.2.i586.rpm audiofile-0.2.6-115.2.ppc.rpm audiofile-0.2.6-115.2.x86_64.rpm audiofile-32bit-0.2.6-115.2.x86_64.rpm audiofile-64bit-0.2.6-115.2.ppc.rpm audiofile-devel-0.2.6-115.2.i586.rpm audiofile-devel-0.2.6-115.2.ppc.rpm audiofile-devel-0.2.6-115.2.x86_64.rpm gstreamer-0_10-plugins-good openSUSE 11.0 gstreamer-0_10: several heap overflows (CVE-2009-0386, CVE-2009-0387,CVE-2009-0397) have been fixed. Remote attackers could exploit these to execute arbitrary code via QuickTime media files. gstreamer-0_10-plugins-good-0.10.7-38.2.i586.rpm gstreamer-0_10-plugins-good-0.10.7-38.2.ppc.rpm gstreamer-0_10-plugins-good-0.10.7-38.2.x86_64.rpm gstreamer-0_10-plugins-good-doc-0.10.7-38.2.i586.rpm gstreamer-0_10-plugins-good-doc-0.10.7-38.2.ppc.rpm gstreamer-0_10-plugins-good-doc-0.10.7-38.2.x86_64.rpm gstreamer-0_10-plugins-good-extra-0.10.7-38.2.i586.rpm gstreamer-0_10-plugins-good-extra-0.10.7-38.2.ppc.rpm gstreamer-0_10-plugins-good-extra-0.10.7-38.2.x86_64.rpm gstreamer-0_10-plugins-good-lang-0.10.7-38.2.i586.rpm gstreamer-0_10-plugins-good-lang-0.10.7-38.2.ppc.rpm gstreamer-0_10-plugins-good-lang-0.10.7-38.2.x86_64.rpm compat-openssl097g openSUSE 11.0 This update improves the verification of return values. Prior to this udpate it was possible to bypass the certification chain checks of openssl. (CVE-2008-5077) compat-openssl097g-0.9.7g-119.3.i586.rpm compat-openssl097g-0.9.7g-119.3.ppc.rpm compat-openssl097g-0.9.7g-119.3.x86_64.rpm compat-openssl097g-32bit-0.9.7g-119.3.x86_64.rpm compat-openssl097g-64bit-0.9.7g-119.3.ppc.rpm amarok openSUSE 11.0 This update of amarok fixes several integer overflows and unchecked memory allocations that can be exploited by malformed Audible digital audio files. These bugs could be used in a user-assisted attack scenario to execute arbitrary code remotely. (CVE-2009-0135, CVE-2009-0136) amarok-1.4.9.1-27.2.i586.rpm amarok-1.4.9.1-27.2.ppc.rpm amarok-1.4.9.1-27.2.x86_64.rpm amarok-lang-1.4.9.1-27.2.i586.rpm amarok-lang-1.4.9.1-27.2.ppc.rpm amarok-lang-1.4.9.1-27.2.x86_64.rpm amarok-libvisual-1.4.9.1-27.2.i586.rpm amarok-libvisual-1.4.9.1-27.2.ppc.rpm amarok-libvisual-1.4.9.1-27.2.x86_64.rpm amarok-xine-1.4.9.1-27.2.i586.rpm amarok-xine-1.4.9.1-27.2.ppc.rpm amarok-xine-1.4.9.1-27.2.x86_64.rpm amarok-yauap-1.4.9.1-27.2.i586.rpm amarok-yauap-1.4.9.1-27.2.ppc.rpm amarok-yauap-1.4.9.1-27.2.x86_64.rpm avahi openSUSE 11.0 Specially crafted mDNS packets could crash the Avahi daemon (CVE-2008-5081). avahi-0.6.22-68.2.i586.rpm avahi-0.6.22-68.2.ppc.rpm avahi-0.6.22-68.2.x86_64.rpm avahi-compat-howl-devel-0.6.22-68.2.i586.rpm avahi-compat-howl-devel-0.6.22-68.2.ppc.rpm avahi-compat-howl-devel-0.6.22-68.2.x86_64.rpm avahi-compat-mDNSResponder-devel-0.6.22-68.2.i586.rpm avahi-compat-mDNSResponder-devel-0.6.22-68.2.ppc.rpm avahi-compat-mDNSResponder-devel-0.6.22-68.2.x86_64.rpm avahi-utils-0.6.22-68.2.i586.rpm avahi-utils-0.6.22-68.2.ppc.rpm avahi-utils-0.6.22-68.2.x86_64.rpm avahi-utils-gtk-0.6.22-68.2.i586.rpm avahi-utils-gtk-0.6.22-68.2.ppc.rpm avahi-utils-gtk-0.6.22-68.2.x86_64.rpm libavahi-client3-0.6.22-68.2.i586.rpm libavahi-client3-0.6.22-68.2.ppc.rpm libavahi-client3-0.6.22-68.2.x86_64.rpm libavahi-client3-32bit-0.6.22-68.2.x86_64.rpm libavahi-client3-64bit-0.6.22-68.2.ppc.rpm libavahi-common3-0.6.22-68.2.i586.rpm libavahi-common3-0.6.22-68.2.ppc.rpm libavahi-common3-0.6.22-68.2.x86_64.rpm libavahi-common3-32bit-0.6.22-68.2.x86_64.rpm libavahi-common3-64bit-0.6.22-68.2.ppc.rpm libavahi-core5-0.6.22-68.2.i586.rpm libavahi-core5-0.6.22-68.2.ppc.rpm libavahi-core5-0.6.22-68.2.x86_64.rpm libavahi-devel-0.6.22-68.2.i586.rpm libavahi-devel-0.6.22-68.2.ppc.rpm libavahi-devel-0.6.22-68.2.x86_64.rpm libavahi-glib-devel-0.6.22-68.2.i586.rpm libavahi-glib-devel-0.6.22-68.2.ppc.rpm libavahi-glib-devel-0.6.22-68.2.x86_64.rpm libavahi-glib1-0.6.22-68.2.i586.rpm libavahi-glib1-0.6.22-68.2.ppc.rpm libavahi-glib1-0.6.22-68.2.x86_64.rpm libavahi-glib1-32bit-0.6.22-68.2.x86_64.rpm libavahi-glib1-64bit-0.6.22-68.2.ppc.rpm libavahi-gobject-devel-0.6.22-68.2.i586.rpm libavahi-gobject-devel-0.6.22-68.2.ppc.rpm libavahi-gobject-devel-0.6.22-68.2.x86_64.rpm libavahi-gobject0-0.6.22-68.2.i586.rpm libavahi-gobject0-0.6.22-68.2.ppc.rpm libavahi-gobject0-0.6.22-68.2.x86_64.rpm libavahi-ui0-0.6.22-68.2.i586.rpm libavahi-ui0-0.6.22-68.2.ppc.rpm libavahi-ui0-0.6.22-68.2.x86_64.rpm libdns_sd-0.6.22-68.2.i586.rpm libdns_sd-0.6.22-68.2.ppc.rpm libdns_sd-0.6.22-68.2.x86_64.rpm libdns_sd-32bit-0.6.22-68.2.x86_64.rpm libdns_sd-64bit-0.6.22-68.2.ppc.rpm libhowl0-0.6.22-68.2.i586.rpm libhowl0-0.6.22-68.2.ppc.rpm libhowl0-0.6.22-68.2.x86_64.rpm python-avahi-0.6.22-68.2.i586.rpm python-avahi-0.6.22-68.2.ppc.rpm python-avahi-0.6.22-68.2.x86_64.rpm nscd openSUSE 11.0 Fix instability during cache pruning and garbage collection phases that might lead to random segfaults and assertion failures - overflow in he_data setup and too risky alloca() usage. nscd-2.8-14.4.i586.rpm nscd-2.8-14.4.ppc.rpm nscd-2.8-14.4.x86_64.rpm wine openSUSE 11.0 A symlink vulnerability in handling tmp files in the winetricks helper scripts was fixed. (CVE-2009-0313) wine-0.9.64_aka_1.0.rc3-2.2.i586.rpm wine-devel-0.9.64_aka_1.0.rc3-2.2.i586.rpm xine-devel openSUSE 11.0 This update of xine fixes multiple buffer overflows while parsing files: - CVE-2008-3231 - CVE-2008-5233 - CVE-2008-5234 - CVE-2008-5235 - CVE-2008-5236 - CVE-2008-5237 - CVE-2008-5238 - CVE-2008-5239 - CVE-2008-5240 - CVE-2008-5241 - CVE-2008-5242 - CVE-2008-5243 - CVE-2008-5244 - CVE-2008-5245 - CVE-2008-5246 - CVE-2008-5247 - CVE-2008-5248 These bugs can lead to remote code execution. xine-devel-1.1.12-8.2.i586.rpm xine-devel-1.1.12-8.2.ppc.rpm xine-devel-1.1.12-8.2.x86_64.rpm xine-extra-1.1.12-8.2.i586.rpm xine-extra-1.1.12-8.2.ppc.rpm xine-extra-1.1.12-8.2.x86_64.rpm xine-lib-1.1.12-8.2.i586.rpm xine-lib-1.1.12-8.2.ppc.rpm xine-lib-1.1.12-8.2.x86_64.rpm xine-lib-32bit-1.1.12-8.2.x86_64.rpm xine-lib-64bit-1.1.12-8.2.ppc.rpm perl openSUSE 11.0 This perl update fixes a race condition in rmtree. (CVE-2008-5302) perl-5.10.0-37.6.i586.rpm perl-5.10.0-37.6.ppc.rpm perl-5.10.0-37.6.x86_64.rpm perl-32bit-5.10.0-37.6.x86_64.rpm perl-64bit-5.10.0-37.6.ppc.rpm perl-base-5.10.0-37.6.i586.rpm perl-base-5.10.0-37.6.ppc.rpm perl-base-5.10.0-37.6.x86_64.rpm perl-doc-5.10.0-37.6.i586.rpm perl-doc-5.10.0-37.6.ppc.rpm perl-doc-5.10.0-37.6.x86_64.rpm softwaremgmt openSUSE 11.0 This patch fixes a bug where the solver wants to install incompatible updates and downgrade kde from 4.1.3 to 4.0.4. Additionally, libzypp is compiled with -fPIC and a Gtk package selector crash on the conflict dialog is fixed. PackageKit-0.2.1-15.8.i586.rpm 1 PackageKit-0.2.1-15.8.ppc.rpm 1 PackageKit-0.2.1-15.8.x86_64.rpm 1 PackageKit-devel-0.2.1-15.8.i586.rpm 1 PackageKit-devel-0.2.1-15.8.ppc.rpm 1 PackageKit-devel-0.2.1-15.8.x86_64.rpm 1 gnome-packagekit-0.2.1-15.7.i586.rpm 1 gnome-packagekit-0.2.1-15.7.ppc.rpm 1 gnome-packagekit-0.2.1-15.7.x86_64.rpm 1 libsatsolver-devel-0.9.6-0.2.i586.rpm 1 libsatsolver-devel-0.9.6-0.2.ppc.rpm 1 libsatsolver-devel-0.9.6-0.2.x86_64.rpm 1 libsatsolver-perl-0.9.6-0.2.i586.rpm 1 libsatsolver-perl-0.9.6-0.2.ppc.rpm 1 libsatsolver-perl-0.9.6-0.2.x86_64.rpm 1 libsatsolver-ruby-0.9.6-0.2.i586.rpm 1 libsatsolver-ruby-0.9.6-0.2.ppc.rpm 1 libsatsolver-ruby-0.9.6-0.2.x86_64.rpm 1 libzypp-4.28.1-0.1.i586.rpm 1 libzypp-4.28.1-0.1.ppc.rpm 1 libzypp-4.28.1-0.1.x86_64.rpm 1 libzypp-devel-4.28.1-0.1.i586.rpm 1 libzypp-devel-4.28.1-0.1.ppc.rpm 1 libzypp-devel-4.28.1-0.1.x86_64.rpm 1 satsolver-tools-0.9.6-0.2.i586.rpm 1 satsolver-tools-0.9.6-0.2.ppc.rpm 1 satsolver-tools-0.9.6-0.2.x86_64.rpm 1 yast2-gtk-2.16.15-0.1.i586.rpm 1 yast2-gtk-2.16.15-0.1.ppc.rpm 1 yast2-gtk-2.16.15-0.1.x86_64.rpm 1 yast2-ncurses-pkg-2.16.14-0.4.i586.rpm 1 yast2-ncurses-pkg-2.16.14-0.4.ppc.rpm 1 yast2-ncurses-pkg-2.16.14-0.4.x86_64.rpm 1 yast2-online-update-2.16.15-6.1.noarch.rpm 1 yast2-online-update-frontend-2.16.15-6.1.noarch.rpm 1 yast2-packager-2.16.53-3.1.i586.rpm 1 yast2-packager-2.16.53-3.1.ppc.rpm 1 yast2-packager-2.16.53-3.1.x86_64.rpm 1 yast2-pkg-bindings-2.16.42-0.2.i586.rpm 1 yast2-pkg-bindings-2.16.42-0.2.ppc.rpm 1 yast2-pkg-bindings-2.16.42-0.2.x86_64.rpm 1 yast2-pkg-bindings-devel-doc-2.16.42-0.2.noarch.rpm 1 yast2-qt-pkg-2.16.48-0.2.i586.rpm 1 yast2-qt-pkg-2.16.48-0.2.ppc.rpm 1 yast2-qt-pkg-2.16.48-0.2.x86_64.rpm 1 zypper-0.11.10-0.3.i586.rpm 1 zypper-0.11.10-0.3.ppc.rpm 1 zypper-0.11.10-0.3.x86_64.rpm 1 apache2-mod_php5 openSUSE 11.0 This update of php5 fixes a directory traversal bug in ZipArchive (CVE-2008-5658) and a buffer overflow in the mstring extension (CVE-2008-5557). apache2-mod_php5-5.2.6-0.8.i586.rpm apache2-mod_php5-5.2.6-0.8.ppc.rpm apache2-mod_php5-5.2.6-0.8.x86_64.rpm php5-5.2.6-0.8.i586.rpm php5-5.2.6-0.8.ppc.rpm php5-5.2.6-0.8.x86_64.rpm php5-bcmath-5.2.6-0.8.i586.rpm php5-bcmath-5.2.6-0.8.ppc.rpm php5-bcmath-5.2.6-0.8.x86_64.rpm php5-bz2-5.2.6-0.8.i586.rpm php5-bz2-5.2.6-0.8.ppc.rpm php5-bz2-5.2.6-0.8.x86_64.rpm php5-calendar-5.2.6-0.8.i586.rpm php5-calendar-5.2.6-0.8.ppc.rpm php5-calendar-5.2.6-0.8.x86_64.rpm php5-ctype-5.2.6-0.8.i586.rpm php5-ctype-5.2.6-0.8.ppc.rpm php5-ctype-5.2.6-0.8.x86_64.rpm php5-curl-5.2.6-0.8.i586.rpm php5-curl-5.2.6-0.8.ppc.rpm php5-curl-5.2.6-0.8.x86_64.rpm php5-dba-5.2.6-0.8.i586.rpm php5-dba-5.2.6-0.8.ppc.rpm php5-dba-5.2.6-0.8.x86_64.rpm php5-dbase-5.2.6-0.8.i586.rpm php5-dbase-5.2.6-0.8.ppc.rpm php5-dbase-5.2.6-0.8.x86_64.rpm php5-devel-5.2.6-0.8.i586.rpm php5-devel-5.2.6-0.8.ppc.rpm php5-devel-5.2.6-0.8.x86_64.rpm php5-dom-5.2.6-0.8.i586.rpm php5-dom-5.2.6-0.8.ppc.rpm php5-dom-5.2.6-0.8.x86_64.rpm php5-exif-5.2.6-0.8.i586.rpm php5-exif-5.2.6-0.8.ppc.rpm php5-exif-5.2.6-0.8.x86_64.rpm php5-fastcgi-5.2.6-0.8.i586.rpm php5-fastcgi-5.2.6-0.8.ppc.rpm php5-fastcgi-5.2.6-0.8.x86_64.rpm php5-ftp-5.2.6-0.8.i586.rpm php5-ftp-5.2.6-0.8.ppc.rpm php5-ftp-5.2.6-0.8.x86_64.rpm php5-gd-5.2.6-0.8.i586.rpm php5-gd-5.2.6-0.8.ppc.rpm php5-gd-5.2.6-0.8.x86_64.rpm php5-gettext-5.2.6-0.8.i586.rpm php5-gettext-5.2.6-0.8.ppc.rpm php5-gettext-5.2.6-0.8.x86_64.rpm php5-gmp-5.2.6-0.8.i586.rpm php5-gmp-5.2.6-0.8.ppc.rpm php5-gmp-5.2.6-0.8.x86_64.rpm php5-hash-5.2.6-0.8.i586.rpm php5-hash-5.2.6-0.8.ppc.rpm php5-hash-5.2.6-0.8.x86_64.rpm php5-iconv-5.2.6-0.8.i586.rpm php5-iconv-5.2.6-0.8.ppc.rpm php5-iconv-5.2.6-0.8.x86_64.rpm php5-imap-5.2.6-0.8.i586.rpm php5-imap-5.2.6-0.8.ppc.rpm php5-imap-5.2.6-0.8.x86_64.rpm php5-json-5.2.6-0.8.i586.rpm php5-json-5.2.6-0.8.ppc.rpm php5-json-5.2.6-0.8.x86_64.rpm php5-ldap-5.2.6-0.8.i586.rpm php5-ldap-5.2.6-0.8.ppc.rpm php5-ldap-5.2.6-0.8.x86_64.rpm php5-mbstring-5.2.6-0.8.i586.rpm php5-mbstring-5.2.6-0.8.ppc.rpm php5-mbstring-5.2.6-0.8.x86_64.rpm php5-mcrypt-5.2.6-0.8.i586.rpm php5-mcrypt-5.2.6-0.8.ppc.rpm php5-mcrypt-5.2.6-0.8.x86_64.rpm php5-mysql-5.2.6-0.8.i586.rpm php5-mysql-5.2.6-0.8.ppc.rpm php5-mysql-5.2.6-0.8.x86_64.rpm php5-ncurses-5.2.6-0.8.i586.rpm php5-ncurses-5.2.6-0.8.ppc.rpm php5-ncurses-5.2.6-0.8.x86_64.rpm php5-odbc-5.2.6-0.8.i586.rpm php5-odbc-5.2.6-0.8.ppc.rpm php5-odbc-5.2.6-0.8.x86_64.rpm php5-openssl-5.2.6-0.8.i586.rpm php5-openssl-5.2.6-0.8.ppc.rpm php5-openssl-5.2.6-0.8.x86_64.rpm php5-pcntl-5.2.6-0.8.i586.rpm php5-pcntl-5.2.6-0.8.ppc.rpm php5-pcntl-5.2.6-0.8.x86_64.rpm php5-pdo-5.2.6-0.8.i586.rpm php5-pdo-5.2.6-0.8.ppc.rpm php5-pdo-5.2.6-0.8.x86_64.rpm php5-pear-5.2.6-0.8.i586.rpm php5-pear-5.2.6-0.8.ppc.rpm php5-pear-5.2.6-0.8.x86_64.rpm php5-pgsql-5.2.6-0.8.i586.rpm php5-pgsql-5.2.6-0.8.ppc.rpm php5-pgsql-5.2.6-0.8.x86_64.rpm php5-posix-5.2.6-0.8.i586.rpm php5-posix-5.2.6-0.8.ppc.rpm php5-posix-5.2.6-0.8.x86_64.rpm php5-pspell-5.2.6-0.8.i586.rpm php5-pspell-5.2.6-0.8.ppc.rpm php5-pspell-5.2.6-0.8.x86_64.rpm php5-readline-5.2.6-0.8.i586.rpm php5-readline-5.2.6-0.8.ppc.rpm php5-readline-5.2.6-0.8.x86_64.rpm php5-shmop-5.2.6-0.8.i586.rpm php5-shmop-5.2.6-0.8.ppc.rpm php5-shmop-5.2.6-0.8.x86_64.rpm php5-snmp-5.2.6-0.8.i586.rpm php5-snmp-5.2.6-0.8.ppc.rpm php5-snmp-5.2.6-0.8.x86_64.rpm php5-soap-5.2.6-0.8.i586.rpm php5-soap-5.2.6-0.8.ppc.rpm php5-soap-5.2.6-0.8.x86_64.rpm php5-sockets-5.2.6-0.8.i586.rpm php5-sockets-5.2.6-0.8.ppc.rpm php5-sockets-5.2.6-0.8.x86_64.rpm php5-sqlite-5.2.6-0.8.i586.rpm php5-sqlite-5.2.6-0.8.ppc.rpm php5-sqlite-5.2.6-0.8.x86_64.rpm php5-suhosin-5.2.6-0.8.i586.rpm php5-suhosin-5.2.6-0.8.ppc.rpm php5-suhosin-5.2.6-0.8.x86_64.rpm php5-sysvmsg-5.2.6-0.8.i586.rpm php5-sysvmsg-5.2.6-0.8.ppc.rpm php5-sysvmsg-5.2.6-0.8.x86_64.rpm php5-sysvsem-5.2.6-0.8.i586.rpm php5-sysvsem-5.2.6-0.8.ppc.rpm php5-sysvsem-5.2.6-0.8.x86_64.rpm php5-sysvshm-5.2.6-0.8.i586.rpm php5-sysvshm-5.2.6-0.8.ppc.rpm php5-sysvshm-5.2.6-0.8.x86_64.rpm php5-tidy-5.2.6-0.8.i586.rpm php5-tidy-5.2.6-0.8.ppc.rpm php5-tidy-5.2.6-0.8.x86_64.rpm php5-tokenizer-5.2.6-0.8.i586.rpm php5-tokenizer-5.2.6-0.8.ppc.rpm php5-tokenizer-5.2.6-0.8.x86_64.rpm php5-wddx-5.2.6-0.8.i586.rpm php5-wddx-5.2.6-0.8.ppc.rpm php5-wddx-5.2.6-0.8.x86_64.rpm php5-xmlreader-5.2.6-0.8.i586.rpm php5-xmlreader-5.2.6-0.8.ppc.rpm php5-xmlreader-5.2.6-0.8.x86_64.rpm php5-xmlrpc-5.2.6-0.8.i586.rpm php5-xmlrpc-5.2.6-0.8.ppc.rpm php5-xmlrpc-5.2.6-0.8.x86_64.rpm php5-xmlwriter-5.2.6-0.8.i586.rpm php5-xmlwriter-5.2.6-0.8.ppc.rpm php5-xmlwriter-5.2.6-0.8.x86_64.rpm php5-xsl-5.2.6-0.8.i586.rpm php5-xsl-5.2.6-0.8.ppc.rpm php5-xsl-5.2.6-0.8.x86_64.rpm php5-zip-5.2.6-0.8.i586.rpm php5-zip-5.2.6-0.8.ppc.rpm php5-zip-5.2.6-0.8.x86_64.rpm php5-zlib-5.2.6-0.8.i586.rpm php5-zlib-5.2.6-0.8.ppc.rpm php5-zlib-5.2.6-0.8.x86_64.rpm libvirt openSUSE 11.0 libvirt misses some read-only connection checks for certain methods. This flaw enables local unprivileged users for example to migrate virtual machines without authentication (CVE-2008-5086). libvirt-0.4.0-59.4.i586.rpm libvirt-0.4.0-59.4.x86_64.rpm libvirt-devel-0.4.0-59.4.i586.rpm libvirt-devel-0.4.0-59.4.x86_64.rpm libvirt-doc-0.4.0-59.4.i586.rpm libvirt-doc-0.4.0-59.4.x86_64.rpm libvirt-python-0.4.0-59.4.i586.rpm libvirt-python-0.4.0-59.4.x86_64.rpm java-1_6_0-sun openSUSE 11.0 Switch from old Java plugin (libjavaplugin_oji.so), which may causes a Firefox freeze to new one (libnpjp2.so) - bnc#465790. java-1_6_0-sun-1.6.0.u11-0.3.i586.rpm java-1_6_0-sun-1.6.0.u11-0.3.x86_64.rpm java-1_6_0-sun-alsa-1.6.0.u11-0.3.i586.rpm java-1_6_0-sun-alsa-1.6.0.u11-0.3.x86_64.rpm java-1_6_0-sun-demo-1.6.0.u11-0.3.i586.rpm java-1_6_0-sun-demo-1.6.0.u11-0.3.x86_64.rpm java-1_6_0-sun-devel-1.6.0.u11-0.3.i586.rpm java-1_6_0-sun-devel-1.6.0.u11-0.3.x86_64.rpm java-1_6_0-sun-jdbc-1.6.0.u11-0.3.i586.rpm java-1_6_0-sun-jdbc-1.6.0.u11-0.3.x86_64.rpm java-1_6_0-sun-plugin-1.6.0.u11-0.3.i586.rpm java-1_6_0-sun-src-1.6.0.u11-0.3.i586.rpm java-1_6_0-sun-src-1.6.0.u11-0.3.x86_64.rpm MozillaFirefox openSUSE 11.0 The Mozilla Firefox browser is updated to version 3.0.6 fixing various security and stability issues. MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2009-02 / CVE-2009-0354: Mozilla security researcher moz_bug_r_a4 reported that a chrome XBL method can be used in conjuction with window.eval to execute arbitrary JavaScript within the context of another website, violating the same origin policy. Firefox 2 releases are not affected. MFSA 2009-03 / CVE-2009-0355: Mozilla security researcher moz_bug_r_a4 reported that a form input control's type could be changed during the restoration of a closed tab. An attacker could set an input control's text value to the path of a local file whose location was known to the attacker. If the tab was then closed and the victim persuaded to re-open it, upon restoring the tab the attacker could use this vulnerability to change the input type to file. Scripts in the page could then automatically submit the form and steal the contents of the user's local file. MFSA 2009-04 / CVE-2009-0356: Mozilla security researcher Georgi Guninski reported that the fix for an earlier vulnerability reported by Liu Die Yu using local internet shortcut files to access other sites (MFSA 2008-47) could be bypassed by redirecting to a privileged about: URI such as about:plugins. If an attacker could get a victim to download two files, a malicious HTML file and a .desktop shortcut file, they could have the HTML document load a privileged chrome document via the shortcut and both documents would be treated as same origin. This vulnerability could potentially be used by an attacker to inject arbitrary code into the chrome document and execute with chrome privileges. Because this attack has relatively high complexity, the severity of this issue was determined to be moderate. MFSA 2009-05 / CVE-2009-0357: Developer and Mozilla community member Wladimir Palant reported that cookies marked HTTPOnly were readable by JavaScript via the XMLHttpRequest.getResponseHeader and XMLHttpRequest.getAllResponseHeaders APIs. This vulnerability bypasses the security mechanism provided by the HTTPOnly flag which intends to restrict JavaScript access to document.cookie. The fix prevents the XMLHttpRequest feature from accessing the Set-Cookie and Set-Cookie2 headers of any response whether or not the HTTPOnly flag was set for those cookies. MFSA 2009-06 / CVE-2009-0358: Paul Nel reported that certain HTTP directives to not cache web pages, Cache-Control: no-store and Cache-Control: no-cache for HTTPS pages, were being ignored by Firefox 3. On a shared system, applications relying upon these HTTP directives could potentially expose private data. Another user on the system could use this vulnerability to view improperly cached pages containing private data by navigating the browser back. MozillaFirefox-3.0.6-0.1.i586.rpm MozillaFirefox-3.0.6-0.1.ppc.rpm MozillaFirefox-3.0.6-0.1.x86_64.rpm MozillaFirefox-translations-3.0.6-0.1.i586.rpm MozillaFirefox-translations-3.0.6-0.1.ppc.rpm MozillaFirefox-translations-3.0.6-0.1.x86_64.rpm mozilla-xulrunner190-1.9.0.6-0.1.i586.rpm mozilla-xulrunner190-1.9.0.6-0.1.ppc.rpm mozilla-xulrunner190-1.9.0.6-0.1.x86_64.rpm mozilla-xulrunner190-32bit-1.9.0.6-0.1.x86_64.rpm mozilla-xulrunner190-64bit-1.9.0.6-0.1.ppc.rpm mozilla-xulrunner190-devel-1.9.0.6-0.1.i586.rpm mozilla-xulrunner190-devel-1.9.0.6-0.1.ppc.rpm mozilla-xulrunner190-devel-1.9.0.6-0.1.x86_64.rpm mozilla-xulrunner190-gnomevfs-1.9.0.6-0.1.i586.rpm mozilla-xulrunner190-gnomevfs-1.9.0.6-0.1.ppc.rpm mozilla-xulrunner190-gnomevfs-1.9.0.6-0.1.x86_64.rpm mozilla-xulrunner190-gnomevfs-32bit-1.9.0.6-0.1.x86_64.rpm mozilla-xulrunner190-gnomevfs-64bit-1.9.0.6-0.1.ppc.rpm mozilla-xulrunner190-translations-1.9.0.6-0.1.i586.rpm mozilla-xulrunner190-translations-1.9.0.6-0.1.ppc.rpm mozilla-xulrunner190-translations-1.9.0.6-0.1.x86_64.rpm mozilla-xulrunner190-translations-32bit-1.9.0.6-0.1.x86_64.rpm mozilla-xulrunner190-translations-64bit-1.9.0.6-0.1.ppc.rpm netatalk openSUSE 11.0 This update of netatalk adds a filter for characters of user-supplied data to papd. Prior to this update it was possible to execute arbitrary shell commands remotely. (CVE-2008-5718) netatalk-2.0.3-218.3.i586.rpm netatalk-2.0.3-218.3.ppc.rpm netatalk-2.0.3-218.3.x86_64.rpm netatalk-devel-2.0.3-218.3.i586.rpm netatalk-devel-2.0.3-218.3.ppc.rpm netatalk-devel-2.0.3-218.3.x86_64.rpm sbl openSUSE 11.0 A buffer overflow in the sbl package has been fixed. Incoming data and authentication-strings have not been checked properly. CVE-2009-0310 has been assigned to this issue. sbl-3.2.2-16.2.i586.rpm sbl-3.2.2-16.2.ppc.rpm sbl-3.2.2-16.2.x86_64.rpm sbl-orca-3.2.2-16.2.i586.rpm sbl-orca-3.2.2-16.2.ppc.rpm sbl-orca-3.2.2-16.2.x86_64.rpm dovecot openSUSE 11.0 Dovecot didn't properly treat negative access rights therefore allowing attackers to bypass intended access restrictions (CVE-2008-4577) dovecot-1.0.13-24.2.i586.rpm dovecot-1.0.13-24.2.ppc.rpm dovecot-1.0.13-24.2.x86_64.rpm dovecot-devel-1.0.13-24.2.i586.rpm dovecot-devel-1.0.13-24.2.ppc.rpm dovecot-devel-1.0.13-24.2.x86_64.rpm phpPgAdmin openSUSE 11.0 Attackers could read arbitrary files due to a directory traversal vulnerability in phpPgAdmin (CVE-2008-5587). phpPgAdmin-4.2-16.2.noarch.rpm sblim-sfcb openSUSE 11.0 A tmp file race condition in the genSslCerts.sh helper script could be used by local attackers to gain root privileges. (CVE-2009-0416) sblim-sfcb-1.3.0-6.2.i586.rpm sblim-sfcb-1.3.0-6.2.ppc.rpm sblim-sfcb-1.3.0-6.2.x86_64.rpm mediawiki openSUSE 11.0 Missing checks allowed remote attackers to conduct cross-site scripting (XSS) or cross-site request forgery (CSRF) attacks against MediaWiki (CVE-2008-5250, CVE-2008-5252). mediawiki-1.11.2-36.2.i586.rpm mediawiki-1.11.2-36.2.ppc.rpm mediawiki-1.11.2-36.2.x86_64.rpm virtualbox openSUSE 11.0 Insufficient checks on temporary files could allow users to trick others into overwriting arbitrary files (CVE-2008-5256). virtualbox-ose-1.5.6-33.2.i586.rpm virtualbox-ose-1.5.6-33.2.x86_64.rpm virtualbox-ose-guest-tools-1.5.6-33.2.i586.rpm virtualbox-ose-guest-tools-1.5.6-33.2.x86_64.rpm xorg-x11-driver-virtualbox-ose-1.5.6-33.2.i586.rpm xorg-x11-driver-virtualbox-ose-1.5.6-33.2.x86_64.rpm libtiff-devel openSUSE 11.0 specially crafted tiff images could lead to allocating large amounts of memory therefore crashing applications that process such files (CVE-2008-1586). libtiff-devel-3.8.2-108.4.i586.rpm libtiff-devel-3.8.2-108.4.ppc.rpm libtiff-devel-3.8.2-108.4.x86_64.rpm libtiff-devel-32bit-3.8.2-108.4.x86_64.rpm libtiff-devel-64bit-3.8.2-108.4.ppc.rpm libtiff3-3.8.2-108.4.i586.rpm libtiff3-3.8.2-108.4.ppc.rpm libtiff3-3.8.2-108.4.x86_64.rpm libtiff3-32bit-3.8.2-108.4.x86_64.rpm libtiff3-64bit-3.8.2-108.4.ppc.rpm tiff-3.8.2-108.4.i586.rpm tiff-3.8.2-108.4.ppc.rpm tiff-3.8.2-108.4.x86_64.rpm novell-ipsec-tools openSUSE 11.0 Remote attackers could exploit memory leaks in the 'racoon' daemon to crash it (CVE-2008-3651, CVE-2008-3652) novell-ipsec-tools-0.6.3-183.2.i586.rpm novell-ipsec-tools-0.6.3-183.2.ppc.rpm novell-ipsec-tools-0.6.3-183.2.x86_64.rpm novell-ipsec-tools-devel-0.6.3-183.2.i586.rpm novell-ipsec-tools-devel-0.6.3-183.2.ppc.rpm novell-ipsec-tools-devel-0.6.3-183.2.x86_64.rpm openslp openSUSE 11.0 OpenSLP prior this update does not correctly check the return values of OpenSSL functions. openslp-1.2.0-143.2.i586.rpm openslp-1.2.0-143.2.ppc.rpm openslp-1.2.0-143.2.x86_64.rpm openslp-32bit-1.2.0-143.2.x86_64.rpm openslp-64bit-1.2.0-143.2.ppc.rpm openslp-devel-1.2.0-143.2.i586.rpm openslp-devel-1.2.0-143.2.ppc.rpm openslp-devel-1.2.0-143.2.x86_64.rpm openslp-server-1.2.0-143.2.i586.rpm openslp-server-1.2.0-143.2.ppc.rpm openslp-server-1.2.0-143.2.x86_64.rpm swfdec openSUSE 11.0 The free Flash decoder engine "swfdec" was updated to version 0.6.8 to fix lots of crashers which are likely security relevant and could be exploited to remotely execute code. (CVE-2008-3796) swfdec-0.6.8-0.1.i586.rpm swfdec-0.6.8-0.1.ppc.rpm swfdec-0.6.8-0.1.x86_64.rpm swfdec-devel-0.6.8-0.1.i586.rpm swfdec-devel-0.6.8-0.1.ppc.rpm swfdec-devel-0.6.8-0.1.x86_64.rpm swfdec-doc-0.6.8-0.1.i586.rpm swfdec-doc-0.6.8-0.1.ppc.rpm swfdec-doc-0.6.8-0.1.x86_64.rpm audacity openSUSE 11.0 Specially crafted GRO files could cause a stack based buffer in audacity (CVE-2009-0490). audacity-1.3.4-56.2.i586.rpm audacity-1.3.4-56.2.ppc.rpm audacity-1.3.4-56.2.x86_64.rpm libxml2 openSUSE 11.0 A previous security fix for libxml2 caused problems when processing large xml files. The patch has been reworked so processing of large files works again. libxml2-2.6.32-11.8.i586.rpm libxml2-2.6.32-11.8.ppc.rpm libxml2-2.6.32-11.8.x86_64.rpm libxml2-32bit-2.6.32-11.8.x86_64.rpm libxml2-64bit-2.6.32-11.8.ppc.rpm libxml2-devel-2.6.32-11.8.i586.rpm libxml2-devel-2.6.32-11.8.ppc.rpm libxml2-devel-2.6.32-11.8.x86_64.rpm libxml2-devel-32bit-2.6.32-11.8.x86_64.rpm libxml2-devel-64bit-2.6.32-11.8.ppc.rpm libxml2-doc-2.6.32-11.8.i586.rpm libxml2-doc-2.6.32-11.8.ppc.rpm libxml2-doc-2.6.32-11.8.x86_64.rpm java-1_6_0-sun openSUSE 11.0 Sun Java 6 u12. This update brings a native 64bit Java Plugin and a Java Webstart support. Please install the java-1_6_0-sun-plugin package for x86_64. Warning: As the new Java plugin is not compatible with Firefox 2, there's no java-1_6_0-sun-plugin package available for x86_64 version of openSUSE 10.3. Read http://en.opensuse.org/Java/How_To_use_Java_with_Firefox_on_ 64-bit_openSuSE_10.3 for details. java-1_6_0-sun-1.6.0.u12-1.2.i586.rpm java-1_6_0-sun-1.6.0.u12-1.2.x86_64.rpm java-1_6_0-sun-alsa-1.6.0.u12-1.2.i586.rpm java-1_6_0-sun-alsa-1.6.0.u12-1.2.x86_64.rpm java-1_6_0-sun-demo-1.6.0.u12-1.2.i586.rpm java-1_6_0-sun-demo-1.6.0.u12-1.2.x86_64.rpm java-1_6_0-sun-devel-1.6.0.u12-1.2.i586.rpm java-1_6_0-sun-devel-1.6.0.u12-1.2.x86_64.rpm java-1_6_0-sun-jdbc-1.6.0.u12-1.2.i586.rpm java-1_6_0-sun-jdbc-1.6.0.u12-1.2.x86_64.rpm java-1_6_0-sun-plugin-1.6.0.u12-1.2.i586.rpm java-1_6_0-sun-plugin-1.6.0.u12-1.2.x86_64.rpm java-1_6_0-sun-src-1.6.0.u12-1.2.i586.rpm java-1_6_0-sun-src-1.6.0.u12-1.2.x86_64.rpm libQtWebKit-devel openSUSE 11.0 - fix threaded mysql issues - fix qtabbar sizing - fix path seperators in qmake - fix crash on QGraphicsProxyWidget deletion - fix recursive backing store crash - add QUrl revalidate speedup - fix crash on clear Focus in QGraphicsProxyWidget - fix fontconfig handling - fix zero height pixmaps not being considered null - fix crash in form layouting code - add display key support - fix select() handling in QNativeSocketEngine libQtWebKit-devel-4.4.0-12.5.i586.rpm libQtWebKit-devel-4.4.0-12.5.ppc.rpm libQtWebKit-devel-4.4.0-12.5.x86_64.rpm libQtWebKit4-4.4.0-12.5.i586.rpm libQtWebKit4-4.4.0-12.5.ppc.rpm libQtWebKit4-4.4.0-12.5.x86_64.rpm libqt4-4.4.0-12.6.i586.rpm libqt4-4.4.0-12.6.ppc.rpm libqt4-4.4.0-12.6.x86_64.rpm libqt4-32bit-4.4.0-12.6.x86_64.rpm libqt4-64bit-4.4.0-12.6.ppc.rpm libqt4-devel-4.4.0-12.6.i586.rpm libqt4-devel-4.4.0-12.6.ppc.rpm libqt4-devel-4.4.0-12.6.x86_64.rpm libqt4-devel-doc-4.4.0-12.5.i586.rpm libqt4-devel-doc-4.4.0-12.5.ppc.rpm libqt4-devel-doc-4.4.0-12.5.x86_64.rpm libqt4-devel-doc-data-4.4.0-12.4.noarch.rpm libqt4-qt3support-4.4.0-12.6.i586.rpm libqt4-qt3support-4.4.0-12.6.ppc.rpm libqt4-qt3support-4.4.0-12.6.x86_64.rpm libqt4-qt3support-32bit-4.4.0-12.6.x86_64.rpm libqt4-qt3support-64bit-4.4.0-12.6.ppc.rpm libqt4-sql-4.4.0-12.6.i586.rpm libqt4-sql-4.4.0-12.6.ppc.rpm libqt4-sql-4.4.0-12.6.x86_64.rpm libqt4-sql-32bit-4.4.0-12.6.x86_64.rpm libqt4-sql-64bit-4.4.0-12.6.ppc.rpm libqt4-sql-mysql-4.4.0-5.4.i586.rpm libqt4-sql-mysql-4.4.0-5.4.ppc.rpm libqt4-sql-mysql-4.4.0-5.4.x86_64.rpm libqt4-sql-postgresql-4.4.0-5.4.i586.rpm libqt4-sql-postgresql-4.4.0-5.4.ppc.rpm libqt4-sql-postgresql-4.4.0-5.4.x86_64.rpm libqt4-sql-sqlite-4.4.0-12.6.i586.rpm libqt4-sql-sqlite-4.4.0-12.6.ppc.rpm libqt4-sql-sqlite-4.4.0-12.6.x86_64.rpm libqt4-sql-unixODBC-4.4.0-5.4.i586.rpm libqt4-sql-unixODBC-4.4.0-5.4.ppc.rpm libqt4-sql-unixODBC-4.4.0-5.4.x86_64.rpm libqt4-x11-4.4.0-12.6.i586.rpm libqt4-x11-4.4.0-12.6.ppc.rpm libqt4-x11-4.4.0-12.6.x86_64.rpm libqt4-x11-32bit-4.4.0-12.6.x86_64.rpm libqt4-x11-64bit-4.4.0-12.6.ppc.rpm qt4-x11-tools-4.4.0-12.5.i586.rpm qt4-x11-tools-4.4.0-12.5.ppc.rpm qt4-x11-tools-4.4.0-12.5.x86_64.rpm libipulog openSUSE 11.0 This update provides a correction of the user and groupname in the /etc/logrotate.d/ulogd file (bnc#468419). libipulog-1.24-101.2.i586.rpm libipulog-1.24-101.2.ppc.rpm libipulog-1.24-101.2.x86_64.rpm ulogd-1.24-101.2.i586.rpm ulogd-1.24-101.2.ppc.rpm ulogd-1.24-101.2.x86_64.rpm ulogd-mysql-1.24-101.2.i586.rpm ulogd-mysql-1.24-101.2.