LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

openSUSE alert openSUSE-SU-2011:0848-1 (opie)



From:
    	      opensuse-security@opensuse.org 


To:
    	      opensuse-updates@opensuse.org 


Subject:
    	      openSUSE-SU-2011:0848-1: moderate: opie 


Date:
    	      Wed, 27 Jul 2011 17:08:19 +0200 (CEST)


Message-ID:
    	      <20110727150819.8AA65323A8@maintenance.suse.de>


Archive-link:
    	      Article, Thread
              


   openSUSE Security Update: opie
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2011:0848-1
Rating:             moderate
References:         #698772 
Cross-References:   CVE-2011-2489 CVE-2011-2490
Affected Products:
                    openSUSE 11.4
                    openSUSE 11.3
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.
   It includes one version update.

Description:

   This update fixes off-by-one errors in opiesu
   (CVE-2011-2489) and missing setuid() return value checks in
   opielogin (CVE-2011-2490).

   This update also removes the setuid bit from opiesu
   program. If you rely on the setuid bit on opiesu, add the
   following line to /etc/permissions.local:

   /usr/bin/opiesu root:root 4755


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 11.4:

      zypper in -t patch opie-4812

   - openSUSE 11.3:

      zypper in -t patch opie-4812

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 11.4 (i586 x86_64) [New Version: 2011.03.07.1608]:

      opie-2.4-711.714.1
      permissions-2011.03.07.1608-1.5.1

   - openSUSE 11.4 (x86_64):

      opie-32bit-2.4-711.714.1

   - openSUSE 11.3 (i586 x86_64):

      opie-2.4-706.5.1
      permissions-2010.04.23.1140-2.2.1

   - openSUSE 11.3 (x86_64):

      opie-32bit-2.4-706.5.1


References:

   http://support.novell.com/security/cve/CVE-2011-2489.html
   http://support.novell.com/security/cve/CVE-2011-2490.html
   https://bugzilla.novell.com/698772
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds