gnome2-SuSE.rpm Updated GDM theme to include the pam-message label for displaying informational messages from pam, to the user. susehelp.rpm Launching the help system from the Help menu in KDE and GNOME applications is broken out of the box. This patch solves the problem for both desktops. Alternatively the help system can be launched manually with 'khelpcenter' for KDE and 'yelp' for GNOME. netbeans.rpm The NetBeans IDE is a world-class development environment written in Java. It can be used to develop code in Java, HTML, XML, JSP, C/C++, and other languages. The IDE is modular and there is a huge variety of commercial and free extensions for it that support various technologies. awstats.rpm This update fixes remote code execution vulnerabilities in awstats. Since backporting awstats fixes is error prone we have upgraded it to upstream version 6.6, which also includes new features. Security issues fixed: - CVE-2006-2237: missing sanitizing of the "migrate" parameter. #173041 - CVE-2006-2644: missing sanitizing of the "configdir" parameter. #173041 - Make sure open() only opens files for read/write by adding explicit < and >. yast2-trans-da.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-cs.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-el_GR.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-nb.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-es.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-zh_TW.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-it.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-zh_CN.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-ru.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-pt.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-de.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-nl.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-ko.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-fi.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-ro.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-pl.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-pt_BR.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-ja.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-sk.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-hu.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-bg.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-fr.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-uk.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-sl_SI.rpm This Update enhances and improves the YaST translations of several languages. yast2-trans-km.rpm This Update enhances and improves the YaST translations of several languages. yast2-security.rpm This update includes fixes for the following bugs: * Fixed updating rug.rpm and other packages that "Provide" themselves without edition (#186079) * Fixed progress reporting when installing from YUM sources (#182003) * Fixes for autorefresh (#186115, #181613, #181182) * parse-metadata consumed much memory because of duplicating entries in zmd.db (#187779) * Do a media change request for CD or DVD only (#183315) * ZENworks automatically subscribes to YUM services (single catalog, #175721) * Do not complain if ZMD cannot be stopped (#166900) * Handle passwords in URLs (#186978, #186842, #186804) * Do not leave stale temporary files (#178292) * Handle signing in zen-updater, zmd * Fix some bugs in interaction of libzypp and zmd * Fix applying of kernel patch to not install kernel-kdump (#191483) autoyast2-utils.rpm This update includes fixes for the following bugs: * Fixed updating rug.rpm and other packages that "Provide" themselves without edition (#186079) * Fixed progress reporting when installing from YUM sources (#182003) * Fixes for autorefresh (#186115, #181613, #181182) * parse-metadata consumed much memory because of duplicating entries in zmd.db (#187779) * Do a media change request for CD or DVD only (#183315) * ZENworks automatically subscribes to YUM services (single catalog, #175721) * Do not complain if ZMD cannot be stopped (#166900) * Handle passwords in URLs (#186978, #186842, #186804) * Do not leave stale temporary files (#178292) * Handle signing in zen-updater, zmd * Fix some bugs in interaction of libzypp and zmd * Fix applying of kernel patch to not install kernel-kdump (#191483) autoyast2-installation.rpm This update includes fixes for the following bugs: * Fixed updating rug.rpm and other packages that "Provide" themselves without edition (#186079) * Fixed progress reporting when installing from YUM sources (#182003) * Fixes for autorefresh (#186115, #181613, #181182) * parse-metadata consumed much memory because of duplicating entries in zmd.db (#187779) * Do a media change request for CD or DVD only (#183315) * ZENworks automatically subscribes to YUM services (single catalog, #175721) * Do not complain if ZMD cannot be stopped (#166900) * Handle passwords in URLs (#186978, #186842, #186804) * Do not leave stale temporary files (#178292) * Handle signing in zen-updater, zmd * Fix some bugs in interaction of libzypp and zmd * Fix applying of kernel patch to not install kernel-kdump (#191483) autoyast2.rpm This update includes fixes for the following bugs: * Fixed updating rug.rpm and other packages that "Provide" themselves without edition (#186079) * Fixed progress reporting when installing from YUM sources (#182003) * Fixes for autorefresh (#186115, #181613, #181182) * parse-metadata consumed much memory because of duplicating entries in zmd.db (#187779) * Do a media change request for CD or DVD only (#183315) * ZENworks automatically subscribes to YUM services (single catalog, #175721) * Do not complain if ZMD cannot be stopped (#166900) * Handle passwords in URLs (#186978, #186842, #186804) * Do not leave stale temporary files (#178292) * Handle signing in zen-updater, zmd * Fix some bugs in interaction of libzypp and zmd * Fix applying of kernel patch to not install kernel-kdump (#191483) yast2-instserver.rpm This update includes fixes for the following bugs: * Fixed updating rug.rpm and other packages that "Provide" themselves without edition (#186079) * Fixed progress reporting when installing from YUM sources (#182003) * Fixes for autorefresh (#186115, #181613, #181182) * parse-metadata consumed much memory because of duplicating entries in zmd.db (#187779) * Do a media change request for CD or DVD only (#183315) * ZENworks automatically subscribes to YUM services (single catalog, #175721) * Do not complain if ZMD cannot be stopped (#166900) * Handle passwords in URLs (#186978, #186842, #186804) * Do not leave stale temporary files (#178292) * Handle signing in zen-updater, zmd * Fix some bugs in interaction of libzypp and zmd * Fix applying of kernel patch to not install kernel-kdump (#191483) suseRegister.rpm This update includes fixes for the following bugs: * Fixed updating rug.rpm and other packages that "Provide" themselves without edition (#186079) * Fixed progress reporting when installing from YUM sources (#182003) * Fixes for autorefresh (#186115, #181613, #181182) * parse-metadata consumed much memory because of duplicating entries in zmd.db (#187779) * Do a media change request for CD or DVD only (#183315) * ZENworks automatically subscribes to YUM services (single catalog, #175721) * Do not complain if ZMD cannot be stopped (#166900) * Handle passwords in URLs (#186978, #186842, #186804) * Do not leave stale temporary files (#178292) * Handle signing in zen-updater, zmd * Fix some bugs in interaction of libzypp and zmd * Fix applying of kernel patch to not install kernel-kdump (#191483) yast2-apparmor.rpm This update fixes security problems in the AppArmor confinment technology. Since it adds new flags to the profile syntax, you likely should review and adapt your profiles. - If a profile allowed unconfined execution ("ux") of a child binary it was possible to inject code via LD_PRELOAD or similar environment variables into this child binary and execute code without confiment. We have added new flag "Ux" (and "Px" for "px") which makes the executed child clear the most critical environment variables (similar to setuid programs). Special care needs to be taken nevertheless that this interaction between parent and child programs can not be exploited in other ways to gain the rights of the child process. - If a resource is marked as "r" in the profile it was possible to use mmap with PROT_EXEC flag set to load this resource as executable piece of code, making it effectively "ix". This could be used by a coordinated attack between two applications to potentially inject code into the reader. To allow mmap() executable access, supply the "m" flag to the applications profile. Please also review the updated documentation. apparmor-profiles.rpm This update fixes security problems in the AppArmor confinment technology. Since it adds new flags to the profile syntax, you likely should review and adapt your profiles. - If a profile allowed unconfined execution ("ux") of a child binary it was possible to inject code via LD_PRELOAD or similar environment variables into this child binary and execute code without confiment. We have added new flag "Ux" (and "Px" for "px") which makes the executed child clear the most critical environment variables (similar to setuid programs). Special care needs to be taken nevertheless that this interaction between parent and child programs can not be exploited in other ways to gain the rights of the child process. - If a resource is marked as "r" in the profile it was possible to use mmap with PROT_EXEC flag set to load this resource as executable piece of code, making it effectively "ix". This could be used by a coordinated attack between two applications to potentially inject code into the reader. To allow mmap() executable access, supply the "m" flag to the applications profile. Please also review the updated documentation. apparmor-utils.rpm This update fixes security problems in the AppArmor confinment technology. Since it adds new flags to the profile syntax, you likely should review and adapt your profiles. - If a profile allowed unconfined execution ("ux") of a child binary it was possible to inject code via LD_PRELOAD or similar environment variables into this child binary and execute code without confiment. We have added new flag "Ux" (and "Px" for "px") which makes the executed child clear the most critical environment variables (similar to setuid programs). Special care needs to be taken nevertheless that this interaction between parent and child programs can not be exploited in other ways to gain the rights of the child process. - If a resource is marked as "r" in the profile it was possible to use mmap with PROT_EXEC flag set to load this resource as executable piece of code, making it effectively "ix". This could be used by a coordinated attack between two applications to potentially inject code into the reader. To allow mmap() executable access, supply the "m" flag to the applications profile. Please also review the updated documentation. apparmor-docs.rpm This update fixes security problems in the AppArmor confinment technology. Since it adds new flags to the profile syntax, you likely should review and adapt your profiles. - If a profile allowed unconfined execution ("ux") of a child binary it was possible to inject code via LD_PRELOAD or similar environment variables into this child binary and execute code without confiment. We have added new flag "Ux" (and "Px" for "px") which makes the executed child clear the most critical environment variables (similar to setuid programs). Special care needs to be taken nevertheless that this interaction between parent and child programs can not be exploited in other ways to gain the rights of the child process. - If a resource is marked as "r" in the profile it was possible to use mmap with PROT_EXEC flag set to load this resource as executable piece of code, making it effectively "ix". This could be used by a coordinated attack between two applications to potentially inject code into the reader. To allow mmap() executable access, supply the "m" flag to the applications profile. Please also review the updated documentation. apparmor-admin_en.rpm This update fixes security problems in the AppArmor confinment technology. Since it adds new flags to the profile syntax, you likely should review and adapt your profiles. - If a profile allowed unconfined execution ("ux") of a child binary it was possible to inject code via LD_PRELOAD or similar environment variables into this child binary and execute code without confiment. We have added new flag "Ux" (and "Px" for "px") which makes the executed child clear the most critical environment variables (similar to setuid programs). Special care needs to be taken nevertheless that this interaction between parent and child programs can not be exploited in other ways to gain the rights of the child process. - If a resource is marked as "r" in the profile it was possible to use mmap with PROT_EXEC flag set to load this resource as executable piece of code, making it effectively "ix". This could be used by a coordinated attack between two applications to potentially inject code into the reader. To allow mmap() executable access, supply the "m" flag to the applications profile. Please also review the updated documentation. xkeyboard-config.rpm Unterstützung von multilingualem Kanadischen Keyboard Layout hinzugefügt. yast2-backup.rpm There were some UI problems, e.g., filenames or package names cut off when the backup tool was reporting its progress. These dialogs were fixed to display the full information. Exceptions of calling /bin/df were also fixed, e.g., a missing /bin/df binary. yast2-repair.rpm yast2-repair proposed adding entry for CD-ROM to /etc/fstab, but they are not used any more. createrepo.rpm This update enables createrepo to create repos with suse:license_to_confirm tags. For every rpm, filename.eula. will be picked up as license information and inserted into primary.xml.gz. xsp.rpm Insufficient path checks allowed to access arbitrary files via relative path names in the HTTP request. The affected code is used by mod_mono. yast2-installation.rpm This update contains the following new features: * support for patch/delta RPMs in YUM sources (#168844) This update includes fixes for the following bugs: * various performance enhancements * 190163 - *-kmp-* dependencies match multiple kernel packages * 176568 - Evaluate possible xml parser optimizations * 195567 - 100 /var/tmp/TmpFile.xxxxx in 3 Days * 193584 - cut-off package description in zen-updater * 194424 - Online update setup creates unusable cron job * 191676 - zen installer/updater cannot add an FTP YUM repository * 190295 - zen-updater/zmd/rug does not install update stack patches first * 193212 - zmd does not unblock transactions after transaction preparation failure * 191506 - zen-updated showing updates from non-subscribed catalog * 183656 - mono needed for YaST package management since last update * 195911 - Missing dependency of package management on 'unzip' * 192535 - test fetchmsttfonts script does not get run yast2-online-update.rpm This update contains the following new features: * support for patch/delta RPMs in YUM sources (#168844) This update includes fixes for the following bugs: * various performance enhancements * 190163 - *-kmp-* dependencies match multiple kernel packages * 176568 - Evaluate possible xml parser optimizations * 195567 - 100 /var/tmp/TmpFile.xxxxx in 3 Days * 193584 - cut-off package description in zen-updater * 194424 - Online update setup creates unusable cron job * 191676 - zen installer/updater cannot add an FTP YUM repository * 190295 - zen-updater/zmd/rug does not install update stack patches first * 193212 - zmd does not unblock transactions after transaction preparation failure * 191506 - zen-updated showing updates from non-subscribed catalog * 183656 - mono needed for YaST package management since last update * 195911 - Missing dependency of package management on 'unzip' * 192535 - test fetchmsttfonts script does not get run yast2-online-update-frontend.rpm This update contains the following new features: * support for patch/delta RPMs in YUM sources (#168844) This update includes fixes for the following bugs: * various performance enhancements * 190163 - *-kmp-* dependencies match multiple kernel packages * 176568 - Evaluate possible xml parser optimizations * 195567 - 100 /var/tmp/TmpFile.xxxxx in 3 Days * 193584 - cut-off package description in zen-updater * 194424 - Online update setup creates unusable cron job * 191676 - zen installer/updater cannot add an FTP YUM repository * 190295 - zen-updater/zmd/rug does not install update stack patches first * 193212 - zmd does not unblock transactions after transaction preparation failure * 191506 - zen-updated showing updates from non-subscribed catalog * 183656 - mono needed for YaST package management since last update * 195911 - Missing dependency of package management on 'unzip' * 192535 - test fetchmsttfonts script does not get run release-notes.rpm Information about activating the online update in case you skipped this step during the installation. xgl-hardware-list.rpm Add 8 newly-tested video cards to the "known to work with xgl" list, and 1 more to the "known to not work" list. ttf-founder-traditional.rpm Without this patch, flash-player cannot find the founder fonts to display Chinese flash. flash-player does find the Arphic PL fonts, but these don't look as nice as the founder fonts. And if only the founder fonts are installed and the Arphic PL fonts are not installed, Chinese text within flash is not displayed at all. This patch adds entries to the fonts.dir files (which are parsed by flash-player to find fonts) to make flash-player find and use the founder fonts if these are installed. ttf-founder-simplified.rpm Without this patch, flash-player cannot find the founder fonts to display Chinese flash. flash-player does find the Arphic PL fonts, but these don't look as nice as the founder fonts. And if only the founder fonts are installed and the Arphic PL fonts are not installed, Chinese text within flash is not displayed at all. This patch adds entries to the fonts.dir files (which are parsed by flash-player to find fonts) to make flash-player find and use the founder fonts if these are installed. sazanami-fonts.rpm Without this patch, flash-player cannot find the sazanami fonts to display Japanese flash. As it cannot find any other Japanese fonts among the fonts which are installed by default, Japanese flash cannot be displayed at all. This patch adds entries to the fonts.dir files (which are parsed by flash-player to find fonts) to make flash-player find and use the sazanami-fonts for Japanese if these are installed. yast2-samba-client.rpm yast2-samba-client was not able to write changes in command line mode. During autoinstallation, joining the domain was not possible. This patch fixes these problems. jboss.rpm This update fixes a problem in the JBOSS server where it was possible to potentially execute code if the console manager was enabled. (CVE-2006-5750) jboss4.rpm This update fixes a problem in the JBOSS server where it was possible to potentially execute code if the console manager was enabled. (CVE-2006-5750) agfa-fonts.rpm Agfa-fonts is not under GPL. Proper license text added. horde.rpm This udpate fixes a cross site scripting bug (XSS) in horde (CVE-2007-1473). tomcat5-webapps.rpm Certain characters of the URL were not properly filtered. This allowed directory reverse traversal attacks to access the web-root of tomcat. (CVE-2007-0450) tomcat5.rpm Certain characters of the URL were not properly filtered. This allowed directory reverse traversal attacks to access the web-root of tomcat. (CVE-2007-0450) tomcat5-admin-webapps.rpm Certain characters of the URL were not properly filtered. This allowed directory reverse traversal attacks to access the web-root of tomcat. (CVE-2007-0450) phpMyAdmin.rpm Multiple bugs in phpMyAdmin could lead to cross-site-scripting (XSS) attacks, injection of Javascript code or to crashing the php interpreter. (CVE-2007-1325,PMASA-2007-1,PMASA-2007-2,PMASA-2007-3,PMASA-2007-4) qt3-devel-doc.rpm This update fixes a buffer overflow in qt3 while handling UTF8 characters. (CVE-2007-4137) squirrelmail.rpm This update contains a squirrelmail bugfix update, that fixes config files being overwritten. derby.rpm Apache Derby did not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode. (CVE-2006-7217) This update also brings a new requirement of a Java 1.5 JRE. update-alternatives.rpm This update fixes a problem in update-alternatives which has switched Java modules from Auto to Manual on java online updates. cacti.rpm This update fixes a SQL injection bug. (CVE-2007-6035) gnump3d.rpm This update fixes a restriction bypass in gnump3d's plugins. (CVE-2007-6130) samba-doc.rpm This update of samba fixes a buffer overflow in function send_mailslot() that allows to overwrite the stack with zero-bytes. (CVE-2007-6015) geronimo-jetty-servlet-container.rpm A chown in the geronimo init script could change ownership of directories it did not own, due to following symlinks. The default setup would corrupt /var/tmp on start. geronimo.rpm A chown in the geronimo init script could change ownership of directories it did not own, due to following symlinks. The default setup would corrupt /var/tmp on start. geronimo-tomcat-servlet-container.rpm A chown in the geronimo init script could change ownership of directories it did not own, due to following symlinks. The default setup would corrupt /var/tmp on start.