openSUSE alert openSUSE-SU-2012:0862-1 (libgdata) [LWN.net]


From:
    	       opensuse-security@opensuse.org 
To:
    	       opensuse-updates@opensuse.org 
Subject:
    	       openSUSE-SU-2012:0862-1: moderate: libgdata for SSL certificate checking 
Date:
    	       Wed, 11 Jul 2012 11:08:59 +0200 (CEST)
Message-ID:
    	       <20120711090859.A4E6032850@maintenance.suse.de>
Archive-link:
    	       Article, Thread
              
   openSUSE Security Update: libgdata for SSL certificate checking
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:0862-1
Rating:             moderate
References:         #752088 
Cross-References:   CVE-2012-1177
Affected Products:
                    openSUSE 12.1
                    openSUSE 11.4
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   Changes in libgdata:
   - Add libgdata-validate-ssl-cert.patch: validate SSL
   certificates for all connections. Fix bnc#752088,
   CVE-2012-1177.
   - Add gnome-common BuildRequires and call gnome-autogen.sh:
   needed for above patch.
   - Pass --with-ca-certs=/etc/ssl/ca-bundle.pem to configure
   to let libgdata know about the location of our
   certificates.


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.1:

      zypper in -t patch openSUSE-2012-381

   - openSUSE 11.4:

      zypper in -t patch openSUSE-2012-381

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 12.1 (i586 ia64 x86_64):

      libgdata-debugsource-0.10.1-2.4.1

   - openSUSE 12.1 (i586 x86_64):

      libgdata-devel-0.10.1-2.4.1
      libgdata13-0.10.1-2.4.1
      libgdata13-debuginfo-0.10.1-2.4.1

   - openSUSE 12.1 (x86_64):

      libgdata13-32bit-0.10.1-2.4.1
      libgdata13-debuginfo-32bit-0.10.1-2.4.1

   - openSUSE 12.1 (noarch):

      libgdata-lang-0.10.1-2.4.1

   - openSUSE 12.1 (ia64):

      libgdata13-debuginfo-x86-0.10.1-2.4.1
      libgdata13-debuginfo-x86-debuginfo-0.10.1-2.4.1
      libgdata13-x86-0.10.1-2.4.1

   - openSUSE 11.4 (i586 ia64 x86_64):

      libgdata-debugsource-0.6.6-5.1

   - openSUSE 11.4 (i586 x86_64):

      libgdata-devel-0.6.6-5.1
      libgdata7-0.6.6-5.1
      libgdata7-debuginfo-0.6.6-5.1

   - openSUSE 11.4 (x86_64):

      libgdata7-32bit-0.6.6-5.1
      libgdata7-debuginfo-32bit-0.6.6-5.1

   - openSUSE 11.4 (noarch):

      libgdata-lang-0.6.6-5.1

   - openSUSE 11.4 (ia64):

      libgdata7-debuginfo-x86-0.6.6-5.1
      libgdata7-debuginfo-x86-debuginfo-0.6.6-5.1
      libgdata7-x86-0.6.6-5.1


References:

   http://support.novell.com/security/cve/CVE-2012-1177.html
   https://bugzilla.novell.com/752088
(Log in to post comments)