From sle-security-updates at lists.suse.com Fri Jun 1 09:08:27 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 1 Jun 2012 17:08:27 +0200 (CEST) Subject: SUSE-SU-2012:0682-1: moderate: Security update for ecryptfs-utils Message-ID: <20120601150827.DF1BC321C0@maintenance.suse.de> SUSE Security Update: Security update for ecryptfs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0682-1 Rating: moderate References: #735342 #745372 #745581 #745584 #745825 Cross-References: CVE-2011-3145 Affected Products: SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: ecryptfs-utils was updated to fix a security issue and some bugs. Security issue fixed: mount.ecryptfs_private did not set correct group ownerships when it modifies mtab (CVE-2011-3145). Also some bugs that made this set of tools non-working were fixed. You need to manually hand setuid root permissions to /sbin/mount.ecryptfs_private if you want to use it as a non-root user. Security Issues: * CVE-2011-3145 Contraindications: Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-ecryptfs-utils-6187 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-ecryptfs-utils-6187 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-ecryptfs-utils-6187 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-ecryptfs-utils-6187 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-ecryptfs-utils-6187 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ecryptfs-utils-61-1.33.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): ecryptfs-utils-32bit-61-1.33.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): ecryptfs-utils-x86-61-1.33.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): ecryptfs-utils-61-1.33.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): ecryptfs-utils-32bit-61-1.33.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): ecryptfs-utils-61-1.33.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): ecryptfs-utils-32bit-61-1.33.1 - SUSE Linux Enterprise Server 11 SP1 (ia64): ecryptfs-utils-x86-61-1.33.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): ecryptfs-utils-61-1.33.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): ecryptfs-utils-32bit-61-1.33.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): ecryptfs-utils-61-1.33.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): ecryptfs-utils-32bit-61-1.33.1 References: http://support.novell.com/security/cve/CVE-2011-3145.html https://bugzilla.novell.com/735342 https://bugzilla.novell.com/745372 https://bugzilla.novell.com/745581 https://bugzilla.novell.com/745584 https://bugzilla.novell.com/745825 http://download.novell.com/patch/finder/?keywords=e78040dfb7b945bcde597140adc40742 From sle-security-updates at lists.suse.com Fri Jun 1 12:08:27 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 1 Jun 2012 20:08:27 +0200 (CEST) Subject: SUSE-SU-2012:0686-1: moderate: Security update for strongswan Message-ID: <20120601180827.B13E0323F5@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0686-1 Rating: moderate References: #761325 Cross-References: CVE-2012-2388 Affected Products: SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This update fixed a security issue in strongswan's "gmp" plugin which could be exploited by attackers to forge RSA signature/certificate to authenticate as any legitimate user (CVE-2012-2388 ). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-strongswan-6333 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-strongswan-6333 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-strongswan-6333 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-strongswan-6333 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-strongswan-6333 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 4.4.0]: strongswan-4.4.0-6.13.1 strongswan-doc-4.4.0-6.13.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 4.4.0]: strongswan-4.4.0-6.13.1 strongswan-doc-4.4.0-6.13.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 4.4.0]: strongswan-4.4.0-6.13.1 strongswan-doc-4.4.0-6.13.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): strongswan-4.4.0-6.9.1 strongswan-doc-4.4.0-6.9.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 4.4.0]: strongswan-4.4.0-6.13.1 strongswan-doc-4.4.0-6.13.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 4.4.0]: strongswan-4.4.0-6.13.1 strongswan-doc-4.4.0-6.13.1 References: http://support.novell.com/security/cve/CVE-2012-2388.html https://bugzilla.novell.com/761325 http://download.novell.com/patch/finder/?keywords=6182785f4415eddda64fc010041fd1e1 http://download.novell.com/patch/finder/?keywords=b4b9e72b6ba8e6ab546311ccb9332c19 From sle-security-updates at lists.suse.com Fri Jun 1 18:08:29 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 2 Jun 2012 02:08:29 +0200 (CEST) Subject: SUSE-SU-2012:0688-1: important: Security update for MozillaFirefox Message-ID: <20120602000829.8E638323F5@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0688-1 Rating: important References: #758408 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes two new package versions. Description: MozillaFirefox was updated to the 10.0.4 ESR release to fix various bugs and security issues. * Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-20) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. o Christian Holler a reported memory safety and security problem affecting Firefox 11. (CVE-2012-0468) o Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay reported memory safety problems and crashes that affect Firefox ESR and Firefox 11. (CVE-2012-0467) * Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. When it is destroyed, this causes a use-after-free, which is potentially exploitable. (MFSA 2012-22 / CVE-2012-0469) * Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found a heap corruption in gfxImageSurface which allows for invalid frees and possible remote code execution. This happens due to float error, resulting from graphics values being passed through different number systems. (MFSA 2012-23 / CVE-2012-0470) * Anne van Kesteren of Opera Software found a multi-octet encoding issue where certain octets will destroy the following octets in the processing of some multibyte character sets. This can leave users vulnerable to cross-site scripting (XSS) attacks on maliciously crafted web pages. (MFSA 2012-24 / CVE-2012-0471) * Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. This is created by using cairo-dwrite to attempt to render fonts on an unsupported code path. This corruption causes a potentially exploitable crash on affected systems. (MFSA 2012-25 / CVE-2012-0472) * Mozilla community member Matias Juntunen discovered an error in WebGLBuffer where FindMaxElementInSubArray receives wrong template arguments from FindMaxUshortElement. This bug causes maximum index to be computed incorrectly within WebGL.drawElements, allowing the reading of illegal video memory. (MFSA 2012-26 / CVE-2012-0473) * Security researchers Jordi Chancel and Eddy Bordi reported that they could short-circuit page loads to show the address of a different site than what is loaded in the window in the addressbar. Security researcher Chris McGowen independently reported the same flaw, and further demonstrated that this could lead to loading scripts from the attacker's site, leaving users vulnerable to cross-site scripting (XSS) attacks. (MFSA 2012-27 / CVE-2012-0474) * Security researcher Simone Fabiano reported that if a cross-site XHR or WebSocket is opened on a web server on a non-standard port for web traffic while using an IPv6 address, the browser will send an ambiguous origin headers if the IPv6 address contains at least 2 consecutive 16-bit fields of zeroes. If there is an origin access control list that uses IPv6 literals, this issue could be used to bypass these access controls on the server. (MFSA 2012-28 / CVE-2012-0475) * Security researcher Masato Kinugawa found that during the decoding of ISO-2022-KR and ISO-2022-CN character sets, characters near 1024 bytes are treated incorrectly, either doubling or deleting bytes. On certain pages it might be possible for an attacker to pad the output of the page such that these errors fall in the right place to affect the structure of the page, allowing for cross-site script (XSS) injection. (MFSA 2012-29 / CVE-2012-0477) * Mozilla community member Ms2ger found an image rendering issue with WebGL when texImage2D uses use JSVAL_TO_OBJECT on arbitrary objects. This can lead to a crash on a maliciously crafted web page. While there is no evidence that this is directly exploitable, there is a possibility of remote code execution. (MFSA 2012-30 / CVE-2012-0478) * Mateusz Jurczyk of the Google Security Team discovered an off-by-one error in the OpenType Sanitizer using the Address Sanitizer tool. This can lead to an out-of-bounds read and execution of an uninitialized function pointer during parsing and possible remote code execution. (MFSA 2012-31 / CVE-2011-3062) * Security researcher Daniel Divricean reported that a defect in the error handling of javascript errors can leak the file names and location of javascript files on a server, leading to inadvertent information disclosure and a vector for further attacks. (MFSA 2012-32 / CVE-2011-1187) * Security researcher Jeroen van der Gun reported that if RSS or Atom XML invalid content is loaded over HTTPS, the addressbar updates to display the new location of the loaded resource, including SSL indicators, while the main window still displays the previously loaded content. This allows for phishing attacks where a malicious page can spoof the identify of another seemingly secure site. (MFSA 2012-33 / CVE-2012-0479) Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.13.4]: firefox3-gtk2-2.10.6-0.10.1 mozilla-nss-3.13.4-0.5.5 mozilla-nss-devel-3.13.4-0.5.5 mozilla-nss-tools-3.13.4-0.5.5 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x) [New Version: 7]: MozillaFirefox-10.0.4-0.7.6 MozillaFirefox-branding-SLED-7-0.8.12 MozillaFirefox-translations-10.0.4-0.7.6 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 3.13.4]: firefox3-gtk2-32bit-2.10.6-0.10.1 mozilla-nss-32bit-3.13.4-0.5.5 - SUSE Linux Enterprise Server 10 SP4 (ia64) [New Version: 3.13.4]: mozilla-nss-x86-3.13.4-0.5.5 - SUSE Linux Enterprise Server 10 SP4 (ppc) [New Version: 3.13.4]: mozilla-nss-64bit-3.13.4-0.5.5 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 3.13.4]: beagle-0.2.18-78.13.1.102 beagle-evolution-0.2.18-78.13.1.102 beagle-firefox-0.2.18-78.13.1.102 beagle-gui-0.2.18-78.13.1.102 firefox3-gtk2-2.10.6-0.10.1 mhtml-firefox-0.5-1.11.5 mozilla-nss-3.13.4-0.5.5 mozilla-nss-devel-3.13.4-0.5.5 mozilla-nss-tools-3.13.4-0.5.5 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 3.13.4]: firefox3-gtk2-32bit-2.10.6-0.10.1 mozilla-nss-32bit-3.13.4-0.5.5 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 7]: MozillaFirefox-10.0.4-0.7.6 MozillaFirefox-branding-SLED-7-0.8.12 MozillaFirefox-translations-10.0.4-0.7.6 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.13.4]: beagle-0.2.18-78.13.1.102 beagle-evolution-0.2.18-78.13.1.102 beagle-firefox-0.2.18-78.13.1.102 beagle-gui-0.2.18-78.13.1.102 firefox3-autoconf261-2.61-0.5.5 firefox3-binutils-2.21.1-0.8.5 firefox3-gtk2-devel-2.10.6-0.10.1 firefox3-gtk2-doc-2.10.6-0.10.1 firefox3-make-3.81-0.129.5 firefox3-python-base-2.6.8-0.7.4 mozilla-nss-tools-3.13.4-0.5.5 yasm-1.1.0-10.5.5 yasm-devel-1.1.0-10.5.5 - SLE SDK 10 SP4 (i586 ia64 ppc s390x): MozillaFirefox-branding-upstream-10.0.4-0.7.6 References: https://bugzilla.novell.com/758408 http://download.novell.com/patch/finder/?keywords=f83092661fed82089220795937f323d2 From sle-security-updates at lists.suse.com Fri Jun 1 18:08:32 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 2 Jun 2012 02:08:32 +0200 (CEST) Subject: SUSE-SU-2012:0689-1: important: kernel update for SLE11 SP2 Message-ID: <20120602000832.3F07432403@maintenance.suse.de> SUSE Security Update: kernel update for SLE11 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0689-1 Rating: important References: #704280 #708836 #718521 #721857 #725592 #732296 #738528 #738644 #743232 #744758 #745088 #746938 #748112 #748463 #748806 #748859 #750426 #751550 #752022 #752634 #753172 #753698 #754085 #754428 #754690 #754969 #755178 #755537 #755758 #755812 #756236 #756821 #756840 #756940 #757077 #757202 #757205 #757289 #757373 #757517 #757565 #757719 #757783 #757789 #757950 #758104 #758279 #758532 #758540 #758731 #758813 #758833 #759340 #759539 #759541 #759657 #759908 #759971 #760015 #760279 #760346 #760974 #761158 #761387 #761772 #762285 #762329 #762424 Cross-References: CVE-2012-2127 CVE-2012-2133 CVE-2012-2313 CVE-2012-2319 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves four vulnerabilities and has 64 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.31, fixing lots of bugs and security issues. Various security and bug fixes contained in the Linux 3.0 stable releases 3.0.27 up to 3.0.31 are included, but not explicitly listed below. Following security issues were fixed: CVE-2012-2313: The dl2k network card driver lacked permission handling for some ethtool ioctls, which could allow local attackers to start/stop the network card. CVE-2012-2133: A use after free bug in hugetlb support could be used by local attackers to crash the system. CVE-2012-2127: Various leaks in namespace handling over fork where fixed, which could be exploited by e.g. vsftpd access by remote users. CVE-2012-2319: A memory corruption when mounting a hfsplus filesystem was fixed that could be used by local attackers able to mount filesystem to crash the system. Following non security bugs were fixed by this update: BTRFS: - btrfs: partial revert of truncation improvements (bnc#748463 bnc#760279). - btrfs: fix eof while discarding extents - btrfs: check return value of bio_alloc() properly - btrfs: return void from clear_state_bit - btrfs: avoid possible use-after-free in clear_extent_bit() - btrfs: Make free_ipath() deal gracefully with NULL pointers - btrfs: do not call free_extent_buffer twice in iterate_irefs - btrfs: add missing read locks in backref.c - btrfs: fix max chunk size check in chunk allocator - btrfs: double unlock bug in error handling - btrfs: do not return EINTR - btrfs: fix btrfs_ioctl_dev_info() crash on missing device - btrfs: fix that check_int_data mount option was ignored - btrfs: do not mount when we have a sectorsize unequal to PAGE_SIZE - btrfs: avoid possible use-after-free in clear_extent_bit() - btrfs: retrurn void from clear_state_bit - btrfs: Fix typo in free-space-cache.c - btrfs: remove the ideal caching code - btrfs: remove search_start and search_end from find_free_extent and callers - btrfs: adjust the write_lock_level as we unlock - btrfs: actually call btrfs_init_lockdep - btrfs: fix regression in scrub path resolving - btrfs: show useful info in space reservation tracepoint - btrfs: flush out and clean up any block device pages during mount - btrfs: fix deadlock during allocating chunks - btrfs: fix race between direct io and autodefrag - btrfs: fix the mismatch of page->mapping - btrfs: fix recursive defragment with autodefrag option - btrfs: add a check to decide if we should defrag the range - btrfs: do not bother to defrag an extent if it is a big real extent - btrfs: update to the right index of defragment - btrfs: Fix use-after-free in __btrfs_end_transaction - btrfs: stop silently switching single chunks to raid0 on balance - btrfs: add wrappers for working with alloc profiles - btrfs: make profile_is_valid() check more strict - btrfs: move alloc_profile_is_valid() to volumes.c - btrfs: add get_restripe_target() helper - btrfs: add __get_block_group_index() helper - btrfs: improve the logic in btrfs_can_relocate() - btrfs: validate target profiles only if we are going to use them - btrfs: allow dup for data chunks in mixed mode - btrfs: fix memory leak in resolver code - btrfs: fix infinite loop in btrfs_shrink_device() - btrfs: error handling locking fixu - btrfs: fix uninit variable in repair_eb_io_failure - btrfs: always store the mirror we read the eb from - btrfs: do not count CRC or header errors twice while scrubbing - btrfs: do not start delalloc inodes during sync - btrfs: fix repair code for RAID10 - btrfs: Prevent root_list corruption - btrfs: fix block_rsv and space_info lock ordering - btrfs: Fix space checking during fs resize - btrfs: avoid deadlocks from GFP_KERNEL allocations during btrfs_real_readdir - btrfs: reduce lock contention during extent insertion - btrfs: Add properly locking around add_root_to_dirty_list - btrfs: Fix mismatching struct members in ioctl.h netfilter: - netfilter: nf_conntrack: make event callback registration per-netns (bnc#758540). DRM: - drm/edid: Add a workaround for 1366x768 HD panel (bnc#753172). - drm/edid: Add extra_modes (bnc#753172). - drm/edid: Add packed attribute to new gtf2 and cvt structs (bnc#753172). - drm/edid: Add the reduced blanking DMT modes to the DMT list (bnc#753172). - drm/edid: Allow drm_mode_find_dmt to hunt for reduced-blanking modes (bnc#753172). - drm/edid: Do drm_dmt_modes_for_range() for all range descriptor types (bnc#753172). - drm/edid: Document drm_mode_find_dmt (bnc#753172). - drm/edid: Fix some comment typos in the DMT mode list (bnc#753172). - drm/edid: Generate modes from extra_modes for range descriptors (bnc#753172). - drm/edid: Give the est3 mode struct a real name (bnc#753172). - drm/edid: Remove a misleading comment (bnc#753172). - drm/edid: Rewrite drm_mode_find_dmt search loop (bnc#753172). - drm/edid: Update range descriptor struct for EDID 1.4 (bnc#753172). - drm/edid: add missing NULL checks (bnc#753172). - drm/edid: s/drm_gtf_modes_for_range/drm_dmt_modes_for_range/ (bnc#753172). - Fix kABI for drm EDID improvement patches (bnc#753172). - drm: Fix the case where multiple modes are returned from EDID (bnc#753172) - drm/i915: Add more standard modes to LVDS output (bnc#753172). - drm/i915: Disable LVDS at mode change (bnc#752022). - drm/i915: add Ivy Bridge GT2 Server entries (bnc#759971). - drm/i915: delay drm_irq_install() at resume (bnc#753698). - EDD: Check for correct EDD 3.0 length (bnc#762285). XEN: - blkfront: make blkif_io_lock spinlock per-device. - blkback: streamline main processing loop (fate#309305). - blkback: Implement discard requests handling (fate#309305). - blkback: Enhance discard support with secure erasing support (fate#309305). - blkfront: Handle discard requests (fate#309305). - blkfront: Enhance discard support with secure erasing support (fate#309305). - blkif: support discard (fate#309305). - blkif: Enhance discard support with secure erasing support (fate#309305). - xen/smpboot: adjust ordering of operations. - x86-64: provide a memset() that can deal with 4Gb or above at a time (bnc#738528). - Update Xen patches to 3.0.27. - Update Xen patches to 3.0.31. - xen: fix VM_FOREIGN users after c/s 878:eba6fe6d8d53 (bnc#760974). - xen/gntdev: fix multi-page slot allocation (bnc#760974). TG3: - tg3: Avoid panic from reserved statblk field access (bnc#760346). - tg3: Fix 5717 serdes powerdown problem (bnc#756940). - tg3: Fix RSS ring refill race condition (bnc#756940). - tg3: Fix single-vector MSI-X code (bnc#756940). - tg3: fix ipv6 header length computation (bnc#756940). S/390: - dasd: Fix I/O stall when reserving dasds (bnc#757719). - s390/af_iucv: detect down state of HS transport interface (bnc#758279,LTC#80859). - s390/af_iucv: allow shutdown for HS transport sockets (bnc#758279,LTC#80860). - mm: s390: Fix BUG by using __set_page_dirty_no_writeback on swap. (bnc#751550) - s390/qeth: Improve OSA Express 4 blkt defaults (bnc#754969,LTC#80325). - s390/zcrypt: Fix parameter checking for ZSECSENDCPRB ioctl (bnc#754969,LTC#80378). - zfcpdump: Implement async sdias event processing (bnc#761387,LTC#81330). ALSA: - ALSA: hda - Always resume the codec immediately (bnc#750426). - ALSA: hda - Add Creative CA0132 HDA codec support (bnc#762424). - ALSA: hda - Fix error handling in patch_ca0132.c (bnc#762424). - ALSA: hda - Add the support for Creative SoundCore3D (bnc#762424). OTHER: - ixgbe: fix ring assignment issues for SR-IOV and drop cases (bnc#761158). - ixgbe: add missing rtnl_lock in PM resume path (bnc#748859). - MCE, AMD: Drop too granulary family model checks (bnc#758833). - EDAC, MCE, AMD: Print CPU number when reporting the error (bnc#758833). - EDAC, MCE, AMD: Print valid addr when reporting an error (bnc#758833). - libata: skip old error history when counting probe trials. - x86: kdb: restore kdb stack trace (bnc#760015). - ehea: fix allmulticast support, - ehea: fix promiscuous mode (both bnc#757289) - ehea: only register irq after setting up ports (bnc#758731). - ehea: fix losing of NEQ events when one event occurred early (bnc#758731). - scsi: Silence unnecessary warnings about ioctl to partition (bnc#758104). - scsi_dh_rdac: Update match function to check page C8 (bnc#757077). - scsi_dh_rdac: Add new NetApp IDs (bnc#757077). - bluetooth: Add support for Foxconn/Hon Hai AR5BBU22 0489:E03C (bnc#759908). - x86/amd: Add missing feature flag for fam15h models 10h-1fh processors (bnc#759340). - x86: Report cpb and eff_freq_ro flags correctly (bnc#759340). - x86, amd: Fix up numa_node information for AMD CPU family 15h model 0-0fh northbridge functions (bnc#759340). - x86/PCI: amd: Kill misleading message about enablement of IO access to PCI ECS] (bnc#759340). - cdc-wdm: fix race leading leading to memory corruption (bnc#759539). - tlan: add cast needed for proper 64 bit operation (bnc#756840). - bonding:update speed/duplex for NETDEV_CHANGE (bnc#752634). - bonding: comparing a u8 with -1 is always false (bnc#752634). - bonding: start slaves with link down for ARP monitor (bnc#752634). - bonding: do not increase rx_dropped after processing LACPDUs (bnc#759657). - x86: fix the initialization of physnode_map (bnc#748112). - sched,rt: fix isolated CPUs leaving root_task_group indefinitely throttled (bnc#754085). - Fix SLE11-SP1->SLE11-SP2 interrupt latency regression. Revert 0209f649, and turn tick skew on globally, since 0209f649 came about to mitigate lock contention that skew removal induces, both on xtime_lock and on RCU leaf node locks. NOTE: This change trades ~400% latency regression fix for power consumption progression that skew removal bought (at high cost). - Revert mainline 0209f649 - rcu: limit rcu_node leaf-level fanout (bnc#718521). - md: fix possible corruption of array metadata on shutdown. - md/bitmap: prevent bitmap_daemon_work running while initialising bitmap. - md: ensure changes to write-mostly are reflected in metadata (bnc#755178). - cciss: Add IRQF_SHARED back in for the non-MSI(X) interrupt handler (bnc#757789). - procfs, namespace, pid_ns: fix leakage upon fork() failure (bnc#757783). - mqueue: fix a vfsmount longterm reference leak (bnc#757783). - procfs: fix a vfsmount longterm reference leak (bnc#757783). - scsi_dh_alua: Optimize stpg command (bnc#744758). - scsi_dh_alua: Store pref bit from RTPG (bnc#755758). - scsi_dh_alua: set_params interface (bnc#755758). - uwb: fix error handling (bnc#757950). - uwb: fix use of del_timer_sync() in interrupt (bnc#757950). - usbhid: fix error handling of not enough bandwidth (bnc#704280). - mm: Improve preservation of page-age information (bnc#754690) - pagecache limit: Fix the shmem deadlock (bnc#755537). - USB: sierra: add support for Sierra Wireless MC7710 (bnc#757517). - USB: fix resource leak in xhci power loss path (bnc#746938). - x86/iommu/intel: Fix identity mapping for sandy bridge (bnc#743232). - ipv6: Check dest prefix length on original route not copied one in rt6_alloc_cow() (bnc#757202). - ipv6: do not use inetpeer to store metrics for routes (bnc#757202). - ipv6: fix problem with expired dst cache (bnc#757205). - ipv6: unshare inetpeers. - bridge: correct IPv6 checksum after pull (bnc#738644). - scsi: storvsc: Account for in-transit packets in the RESET path. - patches.fixes/mm-mempolicy.c-fix-pgoff-in-mbind-vma-merge.pa tch: - patches.fixes/mm-mempolicy.c-refix-mbind_range-vma-issue.pat ch: Fix vma merging issue during mbind affecting JVMs. - ACPI, APEI: Fix incorrect APEI register bit width check and usage (bnc#725592). - vmxnet3: cap copy length at size of skb to prevent dropped frames on tx (bnc#755812). - rt2x00: rt2x00dev: move rfkill_polling register to proper place (bnc#748806). - pagecache: fix the BUG_ON safety belt - pagecache: Fixed the GFP_NOWAIT is zero and not suitable for tests bug (bnc#755537) - igb: reset PHY after recovering from PHY power down. (bnc#745088) - igb: fix rtnl race in PM resume path (bnc#748859). - watchdog: iTCO_wdt.c - problems with newer hardware due to SMI clearing (bnc#757373). - watchdog: iTCO_wdt.c - problems with newer hardware due to SMI clearing (bnc#757373, redhat#727875). - cfq-iosched: Reduce linked group count upon group destruction (bnc#759541). - cdc_ether: Ignore bogus union descriptor for RNDIS devices (bnc#761772). - sys_poll: fix incorrect type for timeout parameter (bnc#754428). - staging:rts_pstor:Avoid "Bad target number" message when probing driver (bnc#762329). - staging:rts_pstor:Complete scanning_done variable (bnc#762329). - staging:rts_pstor:Fix SDIO issue (bnc#762329). - staging:rts_pstor: Fix a bug that a MMCPlus card ca not be accessed (bnc#762329). - staging:rts_pstor: Fix a miswriting (bnc#762329). - staging:rts_pstor:Fix possible panic by NULL pointer dereference (bnc#762329). - staging:rts_pstor: fix thread synchronization flow (bnc#762329). - freezer:do not unnecessarily set PF_NOFREEZE explicitly (bnc#762329). - staging:rts_pstor: off by one in for loop (bnc#762329). - patches.suse/cgroup-disable-memcg-when-low-lowmem.patch: fix typo: use if defined(CONFIG_*) rather than if CONFIG_* Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Contraindications: Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kernel-6338 slessp2-kernel-6349 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kernel-6338 slessp2-kernel-6339 slessp2-kernel-6345 slessp2-kernel-6348 slessp2-kernel-6349 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-kernel-6338 sleshasp2-kernel-6339 sleshasp2-kernel-6345 sleshasp2-kernel-6348 sleshasp2-kernel-6349 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kernel-6338 sledsp2-kernel-6349 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.31]: kernel-default-3.0.31-0.9.1 kernel-default-base-3.0.31-0.9.1 kernel-default-devel-3.0.31-0.9.1 kernel-source-3.0.31-0.9.1 kernel-syms-3.0.31-0.9.1 kernel-trace-3.0.31-0.9.1 kernel-trace-base-3.0.31-0.9.1 kernel-trace-devel-3.0.31-0.9.1 kernel-xen-devel-3.0.31-0.9.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.31]: kernel-pae-3.0.31-0.9.1 kernel-pae-base-3.0.31-0.9.1 kernel-pae-devel-3.0.31-0.9.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.31]: kernel-default-3.0.31-0.9.1 kernel-default-base-3.0.31-0.9.1 kernel-default-devel-3.0.31-0.9.1 kernel-source-3.0.31-0.9.1 kernel-syms-3.0.31-0.9.1 kernel-trace-3.0.31-0.9.1 kernel-trace-base-3.0.31-0.9.1 kernel-trace-devel-3.0.31-0.9.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.31]: kernel-ec2-3.0.31-0.9.1 kernel-ec2-base-3.0.31-0.9.1 kernel-ec2-devel-3.0.31-0.9.1 kernel-xen-3.0.31-0.9.1 kernel-xen-base-3.0.31-0.9.1 kernel-xen-devel-3.0.31-0.9.1 - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.31]: kernel-default-man-3.0.31-0.9.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.31]: kernel-ppc64-3.0.31-0.9.1 kernel-ppc64-base-3.0.31-0.9.1 kernel-ppc64-devel-3.0.31-0.9.1 - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.31]: kernel-pae-3.0.31-0.9.1 kernel-pae-base-3.0.31-0.9.1 kernel-pae-devel-3.0.31-0.9.1 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.31_0.9-2.10.23 cluster-network-kmp-trace-1.4_3.0.31_0.9-2.10.23 gfs2-kmp-default-2_3.0.31_0.9-0.7.23 gfs2-kmp-trace-2_3.0.31_0.9-0.7.23 ocfs2-kmp-default-1.6_3.0.31_0.9-0.7.23 ocfs2-kmp-trace-1.6_3.0.31_0.9-0.7.23 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.31_0.9-2.10.23 gfs2-kmp-xen-2_3.0.31_0.9-0.7.23 ocfs2-kmp-xen-1.6_3.0.31_0.9-0.7.23 - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.31_0.9-2.10.23 gfs2-kmp-ppc64-2_3.0.31_0.9-0.7.23 ocfs2-kmp-ppc64-1.6_3.0.31_0.9-0.7.23 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586): cluster-network-kmp-pae-1.4_3.0.31_0.9-2.10.23 gfs2-kmp-pae-2_3.0.31_0.9-0.7.23 ocfs2-kmp-pae-1.6_3.0.31_0.9-0.7.23 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.31]: kernel-default-3.0.31-0.9.1 kernel-default-base-3.0.31-0.9.1 kernel-default-devel-3.0.31-0.9.1 kernel-default-extra-3.0.31-0.9.1 kernel-source-3.0.31-0.9.1 kernel-syms-3.0.31-0.9.1 kernel-trace-3.0.31-0.9.1 kernel-trace-base-3.0.31-0.9.1 kernel-trace-devel-3.0.31-0.9.1 kernel-trace-extra-3.0.31-0.9.1 kernel-xen-3.0.31-0.9.1 kernel-xen-base-3.0.31-0.9.1 kernel-xen-devel-3.0.31-0.9.1 kernel-xen-extra-3.0.31-0.9.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.31]: kernel-pae-3.0.31-0.9.1 kernel-pae-base-3.0.31-0.9.1 kernel-pae-devel-3.0.31-0.9.1 kernel-pae-extra-3.0.31-0.9.1 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): ext4-writeable-kmp-default-0_3.0.31_0.9-0.14.4 kernel-default-extra-3.0.31-0.9.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.31_0.9-0.14.4 kernel-xen-extra-3.0.31-0.9.1 - SLE 11 SERVER Unsupported Extras (ppc64): ext4-writeable-kmp-ppc64-0_3.0.31_0.9-0.14.4 kernel-ppc64-extra-3.0.31-0.9.1 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.31_0.9-0.14.4 kernel-pae-extra-3.0.31-0.9.1 References: http://support.novell.com/security/cve/CVE-2012-2127.html http://support.novell.com/security/cve/CVE-2012-2133.html http://support.novell.com/security/cve/CVE-2012-2313.html http://support.novell.com/security/cve/CVE-2012-2319.html https://bugzilla.novell.com/704280 https://bugzilla.novell.com/708836 https://bugzilla.novell.com/718521 https://bugzilla.novell.com/721857 https://bugzilla.novell.com/725592 https://bugzilla.novell.com/732296 https://bugzilla.novell.com/738528 https://bugzilla.novell.com/738644 https://bugzilla.novell.com/743232 https://bugzilla.novell.com/744758 https://bugzilla.novell.com/745088 https://bugzilla.novell.com/746938 https://bugzilla.novell.com/748112 https://bugzilla.novell.com/748463 https://bugzilla.novell.com/748806 https://bugzilla.novell.com/748859 https://bugzilla.novell.com/750426 https://bugzilla.novell.com/751550 https://bugzilla.novell.com/752022 https://bugzilla.novell.com/752634 https://bugzilla.novell.com/753172 https://bugzilla.novell.com/753698 https://bugzilla.novell.com/754085 https://bugzilla.novell.com/754428 https://bugzilla.novell.com/754690 https://bugzilla.novell.com/754969 https://bugzilla.novell.com/755178 https://bugzilla.novell.com/755537 https://bugzilla.novell.com/755758 https://bugzilla.novell.com/755812 https://bugzilla.novell.com/756236 https://bugzilla.novell.com/756821 https://bugzilla.novell.com/756840 https://bugzilla.novell.com/756940 https://bugzilla.novell.com/757077 https://bugzilla.novell.com/757202 https://bugzilla.novell.com/757205 https://bugzilla.novell.com/757289 https://bugzilla.novell.com/757373 https://bugzilla.novell.com/757517 https://bugzilla.novell.com/757565 https://bugzilla.novell.com/757719 https://bugzilla.novell.com/757783 https://bugzilla.novell.com/757789 https://bugzilla.novell.com/757950 https://bugzilla.novell.com/758104 https://bugzilla.novell.com/758279 https://bugzilla.novell.com/758532 https://bugzilla.novell.com/758540 https://bugzilla.novell.com/758731 https://bugzilla.novell.com/758813 https://bugzilla.novell.com/758833 https://bugzilla.novell.com/759340 https://bugzilla.novell.com/759539 https://bugzilla.novell.com/759541 https://bugzilla.novell.com/759657 https://bugzilla.novell.com/759908 https://bugzilla.novell.com/759971 https://bugzilla.novell.com/760015 https://bugzilla.novell.com/760279 https://bugzilla.novell.com/760346 https://bugzilla.novell.com/760974 https://bugzilla.novell.com/761158 https://bugzilla.novell.com/761387 https://bugzilla.novell.com/761772 https://bugzilla.novell.com/762285 https://bugzilla.novell.com/762329 https://bugzilla.novell.com/762424 http://download.novell.com/patch/finder/?keywords=1807bcd2b9628830e46f87bbce0c68fb http://download.novell.com/patch/finder/?keywords=2f14534cc5f6410a84a13bedeae921e5 http://download.novell.com/patch/finder/?keywords=433a101aa3e734c55d581257cd100f6b http://download.novell.com/patch/finder/?keywords=5d93f32b6c5678423315d9763dcdea53 http://download.novell.com/patch/finder/?keywords=62d70aee81de7f4d62272d33326be568 http://download.novell.com/patch/finder/?keywords=6ecf603bc7f492a1e4ab33c86ef6115a http://download.novell.com/patch/finder/?keywords=780f3653ec4f849b5c346c0dab9cd91c http://download.novell.com/patch/finder/?keywords=b1249381226b03cee526b6949e9fbba4 http://download.novell.com/patch/finder/?keywords=b13b5578bab912738d92e3b37e444732 http://download.novell.com/patch/finder/?keywords=f39e72bf933211809d610be1747cfb3e From sle-security-updates at lists.suse.com Tue Jun 5 16:08:57 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 6 Jun 2012 00:08:57 +0200 (CEST) Subject: SUSE-SU-2012:0700-1: Security update for PostgreSQL Message-ID: <20120605220857.B311A3217B@maintenance.suse.de> SUSE Security Update: Security update for PostgreSQL ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0700-1 Rating: low References: #701489 #749299 #749303 Cross-References: CVE-2012-0866 CVE-2012-0868 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. It includes one version update. Description: * Security and bugfix release 8.3.18: o Require execute permission on the trigger function for CREATE TRIGGER (CVE-2012-0866, bnc#749299). o Convert newlines to spaces in names written in pg_dump comments (CVE-2012-0868, bnc#749303). Please see the PostgreSQL release notes document for full changelog and details: http://www.postgresql.org/docs/8.3/static/release.html Security Issue references: * CVE-2012-0868 * CVE-2012-0866 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-postgresql-6023 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-postgresql-6023 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-postgresql-6023 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-postgresql-6023 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-postgresql-6023 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-postgresql-6023 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-postgresql-6023 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 8.3.18]: postgresql-devel-8.3.18-0.3.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 8.3.18]: postgresql-devel-8.3.18-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 8.3.18]: postgresql-8.3.18-0.3.1 postgresql-contrib-8.3.18-0.3.1 postgresql-docs-8.3.18-0.3.1 postgresql-libs-8.3.18-0.3.1 postgresql-server-8.3.18-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 8.3.18]: postgresql-libs-32bit-8.3.18-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 8.3.18]: postgresql-libs-x86-8.3.18-0.3.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 8.3.18]: postgresql-8.3.18-0.3.1 postgresql-contrib-8.3.18-0.3.1 postgresql-docs-8.3.18-0.3.1 postgresql-libs-8.3.18-0.3.1 postgresql-server-8.3.18-0.3.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version: 8.3.18]: postgresql-libs-32bit-8.3.18-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 8.3.18]: postgresql-8.3.18-0.3.1 postgresql-contrib-8.3.18-0.3.1 postgresql-docs-8.3.18-0.3.1 postgresql-libs-8.3.18-0.3.1 postgresql-server-8.3.18-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64) [New Version: 8.3.18]: postgresql-libs-32bit-8.3.18-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (ia64) [New Version: 8.3.18]: postgresql-libs-x86-8.3.18-0.3.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 8.3.18]: postgresql-8.3.18-0.3.1 postgresql-libs-8.3.18-0.3.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 8.3.18]: postgresql-libs-32bit-8.3.18-0.3.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 8.3.18]: postgresql-8.3.18-0.3.1 postgresql-libs-8.3.18-0.3.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 8.3.18]: postgresql-libs-32bit-8.3.18-0.3.1 References: http://support.novell.com/security/cve/CVE-2012-0866.html http://support.novell.com/security/cve/CVE-2012-0868.html https://bugzilla.novell.com/701489 https://bugzilla.novell.com/749299 https://bugzilla.novell.com/749303 http://download.novell.com/patch/finder/?keywords=6c8d0102b4f4c35e6b48e8424a7d993b From sle-security-updates at lists.suse.com Tue Jun 5 17:08:29 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 6 Jun 2012 01:08:29 +0200 (CEST) Subject: SUSE-SU-2012:0702-1: Security update for PostgreSQL Message-ID: <20120605230829.BC9CB3217B@maintenance.suse.de> SUSE Security Update: Security update for PostgreSQL ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0702-1 Rating: low References: #749299 #749303 Cross-References: CVE-2012-0866 CVE-2012-0868 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: * Security and bugfix release: * Require execute permission on the trigger function for CREATE TRIGGER (CVE-2012-0866, bnc#749299). * Convert newlines to spaces in names written in pg_dump comments (CVE-2012-0868, bnc#749303). Please see the PostgreSQL release notes document for full changelog and details: http://www.postgresql.org/docs/8.3/static/release.html Security Issue references: * CVE-2012-0868 * CVE-2012-0866 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc ppc64 s390x x86_64): postgresql-8.1.22-0.8.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): postgresql-contrib-8.1.22-0.8.1 postgresql-devel-8.1.22-0.8.1 postgresql-docs-8.1.22-0.8.1 postgresql-libs-8.1.22-0.8.1 postgresql-server-8.1.22-0.8.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): postgresql-libs-32bit-8.1.22-0.8.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): postgresql-libs-x86-8.1.22-0.8.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): postgresql-libs-64bit-8.1.22-0.8.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): postgresql-devel-8.1.22-0.8.1 postgresql-libs-8.1.22-0.8.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): postgresql-libs-32bit-8.1.22-0.8.1 - SLE SDK 10 SP4 (i586 ia64 ppc ppc64 s390x x86_64): postgresql-8.1.22-0.8.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): postgresql-contrib-8.1.22-0.8.1 postgresql-devel-8.1.22-0.8.1 postgresql-docs-8.1.22-0.8.1 postgresql-server-8.1.22-0.8.1 References: http://support.novell.com/security/cve/CVE-2012-0866.html http://support.novell.com/security/cve/CVE-2012-0868.html https://bugzilla.novell.com/749299 https://bugzilla.novell.com/749303 http://download.novell.com/patch/finder/?keywords=bb8dbe40ca6eb550de22331990660c8f From sle-security-updates at lists.suse.com Tue Jun 5 19:08:27 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 6 Jun 2012 03:08:27 +0200 (CEST) Subject: SUSE-SU-2012:0703-1: important: Security update for pidgin-otr Message-ID: <20120606010827.602EA3240F@maintenance.suse.de> SUSE Security Update: Security update for pidgin-otr ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0703-1 Rating: important References: #762498 Cross-References: CVE-2012-2369 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A format string flaw in pidgin-otr could have caused a denial of service condition or even potentially allowed attackers to execute arbitrary code. This has been fixed. Security Issue reference: * CVE-2012-2369 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-pidgin-otr-6380 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-pidgin-otr-6380 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): pidgin-otr-3.2.0-1.40.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): pidgin-otr-3.2.0-1.40.1 References: http://support.novell.com/security/cve/CVE-2012-2369.html https://bugzilla.novell.com/762498 http://download.novell.com/patch/finder/?keywords=88a4e0d56e88f035f398a36e479c669e From sle-security-updates at lists.suse.com Wed Jun 6 10:08:32 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 6 Jun 2012 18:08:32 +0200 (CEST) Subject: SUSE-SU-2012:0706-1: moderate: Security update for quagga Message-ID: <20120606160832.9903E327F6@maintenance.suse.de> SUSE Security Update: Security update for quagga ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0706-1 Rating: moderate References: #677335 #752204 #752205 #752206 #759081 Cross-References: CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update of quagga fixes multiple security flaws that could have caused a Denial of Service via specially crafted packets (CVE-2012-1820, CVE-2012-0249, CVE-2012-0250, CVE-2012-0255). Additionally, issues with service owned directories in combination with logrotate were fixed. Security Issue references: * CVE-2012-0249 * CVE-2012-0250 * CVE-2012-0255 * CVE-2012-1820 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-quagga-6241 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-quagga-6241 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-quagga-6241 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-quagga-6241 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-quagga-6241 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): quagga-devel-0.99.15-0.10.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): quagga-0.99.15-0.10.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): quagga-devel-0.99.15-0.10.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64): quagga-0.99.15-0.10.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): quagga-0.99.15-0.10.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): quagga-0.99.15-0.10.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): quagga-0.99.15-0.10.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): quagga-0.99.9-14.15.1 quagga-devel-0.99.9-14.15.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): quagga-0.99.9-14.15.1 quagga-devel-0.99.9-14.15.1 References: http://support.novell.com/security/cve/CVE-2012-0249.html http://support.novell.com/security/cve/CVE-2012-0250.html http://support.novell.com/security/cve/CVE-2012-0255.html http://support.novell.com/security/cve/CVE-2012-1820.html https://bugzilla.novell.com/677335 https://bugzilla.novell.com/752204 https://bugzilla.novell.com/752205 https://bugzilla.novell.com/752206 https://bugzilla.novell.com/759081 http://download.novell.com/patch/finder/?keywords=9bef93966149baad96780e499beb1fec http://download.novell.com/patch/finder/?keywords=cca62683f5972913c5a953595b8b67f9 From sle-security-updates at lists.suse.com Fri Jun 8 17:08:40 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 9 Jun 2012 01:08:40 +0200 (CEST) Subject: SUSE-SU-2012:0721-1: important: Security update for PHP5 Message-ID: <20120608230840.6A9FA327F7@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0721-1 Rating: important References: #761631 Cross-References: CVE-2012-2335 CVE-2012-2336 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: PHP5 was updated with incremental fixes to the previous update: * CVE-2012-2335: Additional unsafe cgi wrapper scripts are also fixed now. * CVE-2012-2336: Even more commandline option handling is filtered, which could lead to crashes of the php interpreter. Security Issue references: * CVE-2012-2335 * CVE-2012-2336 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-apache2-mod_php5-6316 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-apache2-mod_php5-6316 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-apache2-mod_php5-6316 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-apache2-mod_php5-6316 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-apache2-mod_php5-6316 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.2.14]: php5-devel-5.2.14-0.7.30.40.1 php5-imap-5.2.14-0.7.30.40.1 php5-ncurses-5.2.14-0.7.30.40.1 php5-posix-5.2.14-0.7.30.40.1 php5-readline-5.2.14-0.7.30.40.1 php5-sockets-5.2.14-0.7.30.40.1 php5-sqlite-5.2.14-0.7.30.40.1 php5-tidy-5.2.14-0.7.30.40.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.40.1 php5-5.2.14-0.7.30.40.1 php5-bcmath-5.2.14-0.7.30.40.1 php5-bz2-5.2.14-0.7.30.40.1 php5-calendar-5.2.14-0.7.30.40.1 php5-ctype-5.2.14-0.7.30.40.1 php5-curl-5.2.14-0.7.30.40.1 php5-dba-5.2.14-0.7.30.40.1 php5-dbase-5.2.14-0.7.30.40.1 php5-dom-5.2.14-0.7.30.40.1 php5-exif-5.2.14-0.7.30.40.1 php5-fastcgi-5.2.14-0.7.30.40.1 php5-ftp-5.2.14-0.7.30.40.1 php5-gd-5.2.14-0.7.30.40.1 php5-gettext-5.2.14-0.7.30.40.1 php5-gmp-5.2.14-0.7.30.40.1 php5-hash-5.2.14-0.7.30.40.1 php5-iconv-5.2.14-0.7.30.40.1 php5-json-5.2.14-0.7.30.40.1 php5-ldap-5.2.14-0.7.30.40.1 php5-mbstring-5.2.14-0.7.30.40.1 php5-mcrypt-5.2.14-0.7.30.40.1 php5-mysql-5.2.14-0.7.30.40.1 php5-odbc-5.2.14-0.7.30.40.1 php5-openssl-5.2.14-0.7.30.40.1 php5-pcntl-5.2.14-0.7.30.40.1 php5-pdo-5.2.14-0.7.30.40.1 php5-pear-5.2.14-0.7.30.40.1 php5-pgsql-5.2.14-0.7.30.40.1 php5-pspell-5.2.14-0.7.30.40.1 php5-shmop-5.2.14-0.7.30.40.1 php5-snmp-5.2.14-0.7.30.40.1 php5-soap-5.2.14-0.7.30.40.1 php5-suhosin-5.2.14-0.7.30.40.1 php5-sysvmsg-5.2.14-0.7.30.40.1 php5-sysvsem-5.2.14-0.7.30.40.1 php5-sysvshm-5.2.14-0.7.30.40.1 php5-tokenizer-5.2.14-0.7.30.40.1 php5-wddx-5.2.14-0.7.30.40.1 php5-xmlreader-5.2.14-0.7.30.40.1 php5-xmlrpc-5.2.14-0.7.30.40.1 php5-xmlwriter-5.2.14-0.7.30.40.1 php5-xsl-5.2.14-0.7.30.40.1 php5-zip-5.2.14-0.7.30.40.1 php5-zlib-5.2.14-0.7.30.40.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.2.14]: php5-devel-5.2.14-0.7.30.40.1 php5-imap-5.2.14-0.7.30.40.1 php5-ncurses-5.2.14-0.7.30.40.1 php5-posix-5.2.14-0.7.30.40.1 php5-readline-5.2.14-0.7.30.40.1 php5-sockets-5.2.14-0.7.30.40.1 php5-sqlite-5.2.14-0.7.30.40.1 php5-tidy-5.2.14-0.7.30.40.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.40.1 php5-5.2.14-0.7.30.40.1 php5-bcmath-5.2.14-0.7.30.40.1 php5-bz2-5.2.14-0.7.30.40.1 php5-calendar-5.2.14-0.7.30.40.1 php5-ctype-5.2.14-0.7.30.40.1 php5-curl-5.2.14-0.7.30.40.1 php5-dba-5.2.14-0.7.30.40.1 php5-dbase-5.2.14-0.7.30.40.1 php5-dom-5.2.14-0.7.30.40.1 php5-exif-5.2.14-0.7.30.40.1 php5-fastcgi-5.2.14-0.7.30.40.1 php5-ftp-5.2.14-0.7.30.40.1 php5-gd-5.2.14-0.7.30.40.1 php5-gettext-5.2.14-0.7.30.40.1 php5-gmp-5.2.14-0.7.30.40.1 php5-hash-5.2.14-0.7.30.40.1 php5-iconv-5.2.14-0.7.30.40.1 php5-json-5.2.14-0.7.30.40.1 php5-ldap-5.2.14-0.7.30.40.1 php5-mbstring-5.2.14-0.7.30.40.1 php5-mcrypt-5.2.14-0.7.30.40.1 php5-mysql-5.2.14-0.7.30.40.1 php5-odbc-5.2.14-0.7.30.40.1 php5-openssl-5.2.14-0.7.30.40.1 php5-pcntl-5.2.14-0.7.30.40.1 php5-pdo-5.2.14-0.7.30.40.1 php5-pear-5.2.14-0.7.30.40.1 php5-pgsql-5.2.14-0.7.30.40.1 php5-pspell-5.2.14-0.7.30.40.1 php5-shmop-5.2.14-0.7.30.40.1 php5-snmp-5.2.14-0.7.30.40.1 php5-soap-5.2.14-0.7.30.40.1 php5-suhosin-5.2.14-0.7.30.40.1 php5-sysvmsg-5.2.14-0.7.30.40.1 php5-sysvsem-5.2.14-0.7.30.40.1 php5-sysvshm-5.2.14-0.7.30.40.1 php5-tokenizer-5.2.14-0.7.30.40.1 php5-wddx-5.2.14-0.7.30.40.1 php5-xmlreader-5.2.14-0.7.30.40.1 php5-xmlrpc-5.2.14-0.7.30.40.1 php5-xmlwriter-5.2.14-0.7.30.40.1 php5-xsl-5.2.14-0.7.30.40.1 php5-zip-5.2.14-0.7.30.40.1 php5-zlib-5.2.14-0.7.30.40.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.40.1 php5-5.2.14-0.7.30.40.1 php5-bcmath-5.2.14-0.7.30.40.1 php5-bz2-5.2.14-0.7.30.40.1 php5-calendar-5.2.14-0.7.30.40.1 php5-ctype-5.2.14-0.7.30.40.1 php5-curl-5.2.14-0.7.30.40.1 php5-dba-5.2.14-0.7.30.40.1 php5-dbase-5.2.14-0.7.30.40.1 php5-dom-5.2.14-0.7.30.40.1 php5-exif-5.2.14-0.7.30.40.1 php5-fastcgi-5.2.14-0.7.30.40.1 php5-ftp-5.2.14-0.7.30.40.1 php5-gd-5.2.14-0.7.30.40.1 php5-gettext-5.2.14-0.7.30.40.1 php5-gmp-5.2.14-0.7.30.40.1 php5-hash-5.2.14-0.7.30.40.1 php5-iconv-5.2.14-0.7.30.40.1 php5-json-5.2.14-0.7.30.40.1 php5-ldap-5.2.14-0.7.30.40.1 php5-mbstring-5.2.14-0.7.30.40.1 php5-mcrypt-5.2.14-0.7.30.40.1 php5-mysql-5.2.14-0.7.30.40.1 php5-odbc-5.2.14-0.7.30.40.1 php5-openssl-5.2.14-0.7.30.40.1 php5-pcntl-5.2.14-0.7.30.40.1 php5-pdo-5.2.14-0.7.30.40.1 php5-pear-5.2.14-0.7.30.40.1 php5-pgsql-5.2.14-0.7.30.40.1 php5-pspell-5.2.14-0.7.30.40.1 php5-shmop-5.2.14-0.7.30.40.1 php5-snmp-5.2.14-0.7.30.40.1 php5-soap-5.2.14-0.7.30.40.1 php5-suhosin-5.2.14-0.7.30.40.1 php5-sysvmsg-5.2.14-0.7.30.40.1 php5-sysvsem-5.2.14-0.7.30.40.1 php5-sysvshm-5.2.14-0.7.30.40.1 php5-tokenizer-5.2.14-0.7.30.40.1 php5-wddx-5.2.14-0.7.30.40.1 php5-xmlreader-5.2.14-0.7.30.40.1 php5-xmlrpc-5.2.14-0.7.30.40.1 php5-xmlwriter-5.2.14-0.7.30.40.1 php5-xsl-5.2.14-0.7.30.40.1 php5-zip-5.2.14-0.7.30.40.1 php5-zlib-5.2.14-0.7.30.40.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.40.1 php5-5.2.14-0.7.30.40.1 php5-bcmath-5.2.14-0.7.30.40.1 php5-bz2-5.2.14-0.7.30.40.1 php5-calendar-5.2.14-0.7.30.40.1 php5-ctype-5.2.14-0.7.30.40.1 php5-curl-5.2.14-0.7.30.40.1 php5-dba-5.2.14-0.7.30.40.1 php5-dbase-5.2.14-0.7.30.40.1 php5-dom-5.2.14-0.7.30.40.1 php5-exif-5.2.14-0.7.30.40.1 php5-fastcgi-5.2.14-0.7.30.40.1 php5-ftp-5.2.14-0.7.30.40.1 php5-gd-5.2.14-0.7.30.40.1 php5-gettext-5.2.14-0.7.30.40.1 php5-gmp-5.2.14-0.7.30.40.1 php5-hash-5.2.14-0.7.30.40.1 php5-iconv-5.2.14-0.7.30.40.1 php5-json-5.2.14-0.7.30.40.1 php5-ldap-5.2.14-0.7.30.40.1 php5-mbstring-5.2.14-0.7.30.40.1 php5-mcrypt-5.2.14-0.7.30.40.1 php5-mysql-5.2.14-0.7.30.40.1 php5-odbc-5.2.14-0.7.30.40.1 php5-openssl-5.2.14-0.7.30.40.1 php5-pcntl-5.2.14-0.7.30.40.1 php5-pdo-5.2.14-0.7.30.40.1 php5-pear-5.2.14-0.7.30.40.1 php5-pgsql-5.2.14-0.7.30.40.1 php5-pspell-5.2.14-0.7.30.40.1 php5-shmop-5.2.14-0.7.30.40.1 php5-snmp-5.2.14-0.7.30.40.1 php5-soap-5.2.14-0.7.30.40.1 php5-suhosin-5.2.14-0.7.30.40.1 php5-sysvmsg-5.2.14-0.7.30.40.1 php5-sysvsem-5.2.14-0.7.30.40.1 php5-sysvshm-5.2.14-0.7.30.40.1 php5-tokenizer-5.2.14-0.7.30.40.1 php5-wddx-5.2.14-0.7.30.40.1 php5-xmlreader-5.2.14-0.7.30.40.1 php5-xmlrpc-5.2.14-0.7.30.40.1 php5-xmlwriter-5.2.14-0.7.30.40.1 php5-xsl-5.2.14-0.7.30.40.1 php5-zip-5.2.14-0.7.30.40.1 php5-zlib-5.2.14-0.7.30.40.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.40.1 php5-5.2.14-0.7.30.40.1 php5-bcmath-5.2.14-0.7.30.40.1 php5-bz2-5.2.14-0.7.30.40.1 php5-calendar-5.2.14-0.7.30.40.1 php5-ctype-5.2.14-0.7.30.40.1 php5-curl-5.2.14-0.7.30.40.1 php5-dba-5.2.14-0.7.30.40.1 php5-dbase-5.2.14-0.7.30.40.1 php5-dom-5.2.14-0.7.30.40.1 php5-exif-5.2.14-0.7.30.40.1 php5-fastcgi-5.2.14-0.7.30.40.1 php5-ftp-5.2.14-0.7.30.40.1 php5-gd-5.2.14-0.7.30.40.1 php5-gettext-5.2.14-0.7.30.40.1 php5-gmp-5.2.14-0.7.30.40.1 php5-hash-5.2.14-0.7.30.40.1 php5-iconv-5.2.14-0.7.30.40.1 php5-json-5.2.14-0.7.30.40.1 php5-ldap-5.2.14-0.7.30.40.1 php5-mbstring-5.2.14-0.7.30.40.1 php5-mcrypt-5.2.14-0.7.30.40.1 php5-mysql-5.2.14-0.7.30.40.1 php5-odbc-5.2.14-0.7.30.40.1 php5-openssl-5.2.14-0.7.30.40.1 php5-pcntl-5.2.14-0.7.30.40.1 php5-pdo-5.2.14-0.7.30.40.1 php5-pear-5.2.14-0.7.30.40.1 php5-pgsql-5.2.14-0.7.30.40.1 php5-pspell-5.2.14-0.7.30.40.1 php5-shmop-5.2.14-0.7.30.40.1 php5-snmp-5.2.14-0.7.30.40.1 php5-soap-5.2.14-0.7.30.40.1 php5-suhosin-5.2.14-0.7.30.40.1 php5-sysvmsg-5.2.14-0.7.30.40.1 php5-sysvsem-5.2.14-0.7.30.40.1 php5-sysvshm-5.2.14-0.7.30.40.1 php5-tokenizer-5.2.14-0.7.30.40.1 php5-wddx-5.2.14-0.7.30.40.1 php5-xmlreader-5.2.14-0.7.30.40.1 php5-xmlrpc-5.2.14-0.7.30.40.1 php5-xmlwriter-5.2.14-0.7.30.40.1 php5-xsl-5.2.14-0.7.30.40.1 php5-zip-5.2.14-0.7.30.40.1 php5-zlib-5.2.14-0.7.30.40.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): apache2-mod_php5-5.2.14-0.34.1 php5-5.2.14-0.34.1 php5-bcmath-5.2.14-0.34.1 php5-bz2-5.2.14-0.34.1 php5-calendar-5.2.14-0.34.1 php5-ctype-5.2.14-0.34.1 php5-curl-5.2.14-0.34.1 php5-dba-5.2.14-0.34.1 php5-dbase-5.2.14-0.34.1 php5-devel-5.2.14-0.34.1 php5-dom-5.2.14-0.34.1 php5-exif-5.2.14-0.34.1 php5-fastcgi-5.2.14-0.34.1 php5-ftp-5.2.14-0.34.1 php5-gd-5.2.14-0.34.1 php5-gettext-5.2.14-0.34.1 php5-gmp-5.2.14-0.34.1 php5-hash-5.2.14-0.34.1 php5-iconv-5.2.14-0.34.1 php5-imap-5.2.14-0.34.1 php5-json-5.2.14-0.34.1 php5-ldap-5.2.14-0.34.1 php5-mbstring-5.2.14-0.34.1 php5-mcrypt-5.2.14-0.34.1 php5-mhash-5.2.14-0.34.1 php5-mysql-5.2.14-0.34.1 php5-ncurses-5.2.14-0.34.1 php5-odbc-5.2.14-0.34.1 php5-openssl-5.2.14-0.34.1 php5-pcntl-5.2.14-0.34.1 php5-pdo-5.2.14-0.34.1 php5-pear-5.2.14-0.34.1 php5-pgsql-5.2.14-0.34.1 php5-posix-5.2.14-0.34.1 php5-pspell-5.2.14-0.34.1 php5-shmop-5.2.14-0.34.1 php5-snmp-5.2.14-0.34.1 php5-soap-5.2.14-0.34.1 php5-sockets-5.2.14-0.34.1 php5-sqlite-5.2.14-0.34.1 php5-suhosin-5.2.14-0.34.1 php5-sysvmsg-5.2.14-0.34.1 php5-sysvsem-5.2.14-0.34.1 php5-sysvshm-5.2.14-0.34.1 php5-tokenizer-5.2.14-0.34.1 php5-wddx-5.2.14-0.34.1 php5-xmlreader-5.2.14-0.34.1 php5-xmlrpc-5.2.14-0.34.1 php5-xsl-5.2.14-0.34.1 php5-zlib-5.2.14-0.34.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): apache2-mod_php5-5.2.14-0.34.1 php5-5.2.14-0.34.1 php5-bcmath-5.2.14-0.34.1 php5-bz2-5.2.14-0.34.1 php5-calendar-5.2.14-0.34.1 php5-ctype-5.2.14-0.34.1 php5-curl-5.2.14-0.34.1 php5-dba-5.2.14-0.34.1 php5-dbase-5.2.14-0.34.1 php5-devel-5.2.14-0.34.1 php5-dom-5.2.14-0.34.1 php5-exif-5.2.14-0.34.1 php5-fastcgi-5.2.14-0.34.1 php5-ftp-5.2.14-0.34.1 php5-gd-5.2.14-0.34.1 php5-gettext-5.2.14-0.34.1 php5-gmp-5.2.14-0.34.1 php5-hash-5.2.14-0.34.1 php5-iconv-5.2.14-0.34.1 php5-imap-5.2.14-0.34.1 php5-ldap-5.2.14-0.34.1 php5-mbstring-5.2.14-0.34.1 php5-mcrypt-5.2.14-0.34.1 php5-mhash-5.2.14-0.34.1 php5-mysql-5.2.14-0.34.1 php5-ncurses-5.2.14-0.34.1 php5-odbc-5.2.14-0.34.1 php5-openssl-5.2.14-0.34.1 php5-pcntl-5.2.14-0.34.1 php5-pdo-5.2.14-0.34.1 php5-pear-5.2.14-0.34.1 php5-pgsql-5.2.14-0.34.1 php5-posix-5.2.14-0.34.1 php5-pspell-5.2.14-0.34.1 php5-shmop-5.2.14-0.34.1 php5-snmp-5.2.14-0.34.1 php5-soap-5.2.14-0.34.1 php5-sockets-5.2.14-0.34.1 php5-sqlite-5.2.14-0.34.1 php5-suhosin-5.2.14-0.34.1 php5-sysvmsg-5.2.14-0.34.1 php5-sysvsem-5.2.14-0.34.1 php5-sysvshm-5.2.14-0.34.1 php5-tidy-5.2.14-0.34.1 php5-tokenizer-5.2.14-0.34.1 php5-wddx-5.2.14-0.34.1 php5-xmlreader-5.2.14-0.34.1 php5-xmlrpc-5.2.14-0.34.1 php5-xsl-5.2.14-0.34.1 php5-zlib-5.2.14-0.34.1 References: http://support.novell.com/security/cve/CVE-2012-2335.html http://support.novell.com/security/cve/CVE-2012-2336.html https://bugzilla.novell.com/761631 http://download.novell.com/patch/finder/?keywords=9254c34a3137091631d58336e794751f http://download.novell.com/patch/finder/?keywords=e24fcb47191769c91e3f4a461e16add2 From sle-security-updates at lists.suse.com Mon Jun 11 12:08:28 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 11 Jun 2012 20:08:28 +0200 (CEST) Subject: SUSE-SU-2012:0724-1: critical: Security update for flash-player Message-ID: <20120611180828.93F11327FB@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0724-1 Rating: critical References: #766241 Cross-References: CVE-2012-2034 CVE-2012-2035 CVE-2012-2036 CVE-2012-2037 CVE-2012-2038 CVE-2012-2039 CVE-2012-2040 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. It includes one version update. Description: Flash Player has been updated to 11.2.202.236 which fixes various bugs and critical security issues. The advisory published by Adobe can be found here: https://www.adobe.com/support/security/bulletins/apsb12-14.h tml These updates resolve * a memory corruption vulnerability that could lead to code execution (CVE-2012-2034). * a stack overflow vulnerability that could lead to code execution (CVE-2012-2035). * an integer overflow vulnerability that could lead to code execution (CVE-2012-2036). * a memory corruption vulnerability that could lead to code execution (CVE-2012-2037). * a security bypass vulnerability that could lead to information disclosure (CVE-2012-2038). * null dereference vulnerabilities that could lead to code execution (CVE-2012-2039). * a binary planting vulnerability in the Flash Player installer that could lead to code execution (CVE-2012-2040). Security Issue references: * CVE-2012-2034 * CVE-2012-2035 * CVE-2012-2036 * CVE-2012-2037 * CVE-2012-2038 * CVE-2012-2039 * CVE-2012-2040 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-flash-player-6404 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-flash-player-6404 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.236]: flash-player-11.2.202.236-0.3.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 11.2.202.236]: flash-player-11.2.202.236-0.3.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 11.2.202.236]: flash-player-11.2.202.236-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-2034.html http://support.novell.com/security/cve/CVE-2012-2035.html http://support.novell.com/security/cve/CVE-2012-2036.html http://support.novell.com/security/cve/CVE-2012-2037.html http://support.novell.com/security/cve/CVE-2012-2038.html http://support.novell.com/security/cve/CVE-2012-2039.html http://support.novell.com/security/cve/CVE-2012-2040.html https://bugzilla.novell.com/766241 http://download.novell.com/patch/finder/?keywords=32f63c722aa23420e1bd3dc2156e2cda http://download.novell.com/patch/finder/?keywords=887bb347a8b547f7a9640dc2346b0aab From sle-security-updates at lists.suse.com Tue Jun 12 15:08:27 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 12 Jun 2012 23:08:27 +0200 (CEST) Subject: SUSE-SU-2012:0730-1: critical: Security update for Xen Message-ID: <20120612210827.25C66327FC@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0730-1 Rating: critical References: #757537 #757970 #764077 Cross-References: CVE-2012-0217 CVE-2012-0218 CVE-2012-2934 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Server 10 SP3 LTSS SUSE Linux Enterprise Server 10 SP2 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: Three security issues were found in XEN. Two security issues are fixed by this update: * CVE-2012-0217: Due to incorrect fault handling in the XEN hypervisor it was possible for a XEN guest domain administrator to execute code in the XEN host environment. * CVE-2012-0218: Also a guest user could crash the guest XEN kernel due to a protection fault bounce. The third fix is changing the Xen behaviour on certain hardware: * CVE-2012-2934: The issue is a denial of service issue on older pre-SVM AMD CPUs (AMD Erratum 121). AMD Erratum #121 is described in "Revision Guide for AMD Athlon 64 and AMD Opteron Processors": http://support.amd.com/us/Processor_TechDocs/25759.pdf The following 130nm and 90nm (DDR1-only) AMD processors are subject to this erratum: o First-generation AMD-Opteron(tm) single and dual core processors in either 939 or 940 packages: + AMD Opteron(tm) 100-Series Processors + AMD Opteron(tm) 200-Series Processors + AMD Opteron(tm) 800-Series Processors + AMD Athlon(tm) processors in either 754, 939 or 940 packages + AMD Sempron(tm) processor in either 754 or 939 packages + AMD Turion(tm) Mobile Technology in 754 package This issue does not effect Intel processors. The impact of this flaw is that a malicious PV guest user can halt the host system. As this is a hardware flaw, it is not fixable except by upgrading your hardware to a newer revision, or not allowing untrusted 64bit guestsystems. The patch changes the behaviour of the host system booting, which makes it unable to create guest machines until a specific boot option is set. There is a new XEN boot option "allow_unsafe" for GRUB which allows the host to start guests again. This is added to /boot/grub/menu.lst in the line looking like this: kernel /boot/xen.gz .... allow_unsafe Note: .... in this example represents the existing boot options for the host. Security Issue references: * CVE-2012-0217 * CVE-2012-0218 * CVE-2012-2934 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-xen-201206-6399 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-xen-201206-6399 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-xen-201206-6399 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-xen-201206-6399 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64): xen-devel-4.0.3_21548_04-0.9.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): xen-kmp-trace-4.0.3_21548_04_2.6.32.59_0.5-0.9.1 - SUSE Linux Enterprise Server 11 SP1 (i586 x86_64): xen-4.0.3_21548_04-0.9.1 xen-doc-html-4.0.3_21548_04-0.9.1 xen-doc-pdf-4.0.3_21548_04-0.9.1 xen-kmp-default-4.0.3_21548_04_2.6.32.59_0.5-0.9.1 xen-kmp-trace-4.0.3_21548_04_2.6.32.59_0.5-0.9.1 xen-libs-4.0.3_21548_04-0.9.1 xen-tools-4.0.3_21548_04-0.9.1 xen-tools-domU-4.0.3_21548_04-0.9.1 - SUSE Linux Enterprise Server 11 SP1 (i586): xen-kmp-pae-4.0.3_21548_04_2.6.32.59_0.5-0.9.1 - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64): xen-3.2.3_17040_38-0.11.1 xen-devel-3.2.3_17040_38-0.11.1 xen-doc-html-3.2.3_17040_38-0.11.1 xen-doc-pdf-3.2.3_17040_38-0.11.1 xen-doc-ps-3.2.3_17040_38-0.11.1 xen-kmp-debug-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1 xen-kmp-default-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1 xen-kmp-kdump-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1 xen-kmp-smp-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1 xen-libs-3.2.3_17040_38-0.11.1 xen-tools-3.2.3_17040_38-0.11.1 xen-tools-domU-3.2.3_17040_38-0.11.1 xen-tools-ioemu-3.2.3_17040_38-0.11.1 - SUSE Linux Enterprise Server 10 SP4 (x86_64): xen-libs-32bit-3.2.3_17040_38-0.11.1 - SUSE Linux Enterprise Server 10 SP4 (i586): xen-kmp-bigsmp-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1 xen-kmp-kdumppae-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1 xen-kmp-vmi-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1 xen-kmp-vmipae-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 x86_64): xen-3.2.3_17040_28-0.6.11.1 xen-devel-3.2.3_17040_28-0.6.11.1 xen-doc-html-3.2.3_17040_28-0.6.11.1 xen-doc-pdf-3.2.3_17040_28-0.6.11.1 xen-doc-ps-3.2.3_17040_28-0.6.11.1 xen-kmp-debug-3.2.3_17040_28_2.6.16.60_0.83.131-0.6.11.1 xen-kmp-default-3.2.3_17040_28_2.6.16.60_0.83.131-0.6.11.1 xen-kmp-kdump-3.2.3_17040_28_2.6.16.60_0.83.131-0.6.11.1 xen-kmp-smp-3.2.3_17040_28_2.6.16.60_0.83.131-0.6.11.1 xen-libs-3.2.3_17040_28-0.6.11.1 xen-tools-3.2.3_17040_28-0.6.11.1 xen-tools-domU-3.2.3_17040_28-0.6.11.1 xen-tools-ioemu-3.2.3_17040_28-0.6.11.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (x86_64): xen-libs-32bit-3.2.3_17040_28-0.6.11.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586): xen-kmp-bigsmp-3.2.3_17040_28_2.6.16.60_0.83.131-0.6.11.1 xen-kmp-kdumppae-3.2.3_17040_28_2.6.16.60_0.83.131-0.6.11.1 xen-kmp-vmi-3.2.3_17040_28_2.6.16.60_0.83.131-0.6.11.1 xen-kmp-vmipae-3.2.3_17040_28_2.6.16.60_0.83.131-0.6.11.1 - SUSE Linux Enterprise Server 10 SP2 (i586 x86_64): xen-3.2.0_16718_26-0.8.1 xen-devel-3.2.0_16718_26-0.8.1 xen-doc-html-3.2.0_16718_26-0.8.1 xen-doc-pdf-3.2.0_16718_26-0.8.1 xen-doc-ps-3.2.0_16718_26-0.8.1 xen-kmp-debug-3.2.0_16718_26_2.6.16.60_0.42.54.11-0.8.1 xen-kmp-default-3.2.0_16718_26_2.6.16.60_0.42.54.11-0.8.1 xen-kmp-kdump-3.2.0_16718_26_2.6.16.60_0.42.54.11-0.8.1 xen-kmp-smp-3.2.0_16718_26_2.6.16.60_0.42.54.11-0.8.1 xen-libs-3.2.0_16718_26-0.8.1 xen-tools-3.2.0_16718_26-0.8.1 xen-tools-domU-3.2.0_16718_26-0.8.1 xen-tools-ioemu-3.2.0_16718_26-0.8.1 - SUSE Linux Enterprise Server 10 SP2 (x86_64): xen-libs-32bit-3.2.0_16718_26-0.8.1 - SUSE Linux Enterprise Server 10 SP2 (i586): xen-kmp-bigsmp-3.2.0_16718_26_2.6.16.60_0.42.54.11-0.8.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): xen-4.0.3_21548_04-0.9.1 xen-kmp-default-4.0.3_21548_04_2.6.32.59_0.5-0.9.1 xen-libs-4.0.3_21548_04-0.9.1 xen-tools-4.0.3_21548_04-0.9.1 xen-tools-domU-4.0.3_21548_04-0.9.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586): xen-kmp-pae-4.0.3_21548_04_2.6.32.59_0.5-0.9.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): xen-3.2.3_17040_38-0.11.1 xen-devel-3.2.3_17040_38-0.11.1 xen-doc-html-3.2.3_17040_38-0.11.1 xen-doc-pdf-3.2.3_17040_38-0.11.1 xen-doc-ps-3.2.3_17040_38-0.11.1 xen-kmp-default-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1 xen-kmp-smp-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1 xen-libs-3.2.3_17040_38-0.11.1 xen-tools-3.2.3_17040_38-0.11.1 xen-tools-domU-3.2.3_17040_38-0.11.1 xen-tools-ioemu-3.2.3_17040_38-0.11.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): xen-libs-32bit-3.2.3_17040_38-0.11.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586): xen-kmp-bigsmp-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1 - SLE SDK 10 SP4 (i586 x86_64): xen-3.2.3_17040_38-0.11.1 xen-devel-3.2.3_17040_38-0.11.1 xen-kmp-debug-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1 xen-kmp-kdump-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1 xen-libs-3.2.3_17040_38-0.11.1 xen-tools-3.2.3_17040_38-0.11.1 xen-tools-ioemu-3.2.3_17040_38-0.11.1 - SLE SDK 10 SP4 (x86_64): xen-libs-32bit-3.2.3_17040_38-0.11.1 References: http://support.novell.com/security/cve/CVE-2012-0217.html http://support.novell.com/security/cve/CVE-2012-0218.html http://support.novell.com/security/cve/CVE-2012-2934.html https://bugzilla.novell.com/757537 https://bugzilla.novell.com/757970 https://bugzilla.novell.com/764077 http://download.novell.com/patch/finder/?keywords=1428153e4b377d6519b568fc4a847a50 http://download.novell.com/patch/finder/?keywords=1fd339d2b48672edeccbed4bd3b9dd9d http://download.novell.com/patch/finder/?keywords=bbca71d17e042f39532a8e3060358202 http://download.novell.com/patch/finder/?keywords=c25fa3090bc865a8836ebaff073cd9b6 From sle-security-updates at lists.suse.com Wed Jun 13 09:08:31 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Jun 2012 17:08:31 +0200 (CEST) Subject: SUSE-SU-2012:0732-1: moderate: Security update for libpng Message-ID: <20120613150831.E8BC532832@maintenance.suse.de> SUSE Security Update: Security update for libpng ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0732-1 Rating: moderate References: #754745 Cross-References: CVE-2011-3048 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The following security issue has been fixed: * specially crafted png files could have caused a memory corruption in libpng's png_set_text_2() function (CVE-2011-3048). Security Issue reference: * CVE-2011-3048 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-libpng-devel-6077 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-libpng-devel-6077 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-libpng-devel-6077 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-libpng-devel-6077 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-libpng-devel-6077 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-libpng-devel-6077 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-libpng-devel-6077 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libpng-devel-1.2.31-5.29.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): libpng-devel-32bit-1.2.31-5.29.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): libpng-devel-1.2.31-5.29.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64): libpng-devel-32bit-1.2.31-5.29.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libpng12-0-1.2.31-5.29.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libpng12-0-32bit-1.2.31-5.29.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libpng12-0-x86-1.2.31-5.29.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): libpng12-0-1.2.31-5.29.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): libpng12-0-32bit-1.2.31-5.29.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): libpng12-0-1.2.31-5.29.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): libpng12-0-32bit-1.2.31-5.29.1 - SUSE Linux Enterprise Server 11 SP1 (ia64): libpng12-0-x86-1.2.31-5.29.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): libpng-1.2.8-19.35.4 libpng-devel-1.2.8-19.35.4 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): libpng-32bit-1.2.8-19.35.4 libpng-devel-32bit-1.2.8-19.35.4 - SUSE Linux Enterprise Server 10 SP4 (ia64): libpng-x86-1.2.8-19.35.4 - SUSE Linux Enterprise Server 10 SP4 (ppc): libpng-64bit-1.2.8-19.35.4 libpng-devel-64bit-1.2.8-19.35.4 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libpng-devel-1.2.31-5.29.1 libpng12-0-1.2.31-5.29.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libpng12-0-32bit-1.2.31-5.29.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): libpng-devel-1.2.31-5.29.1 libpng12-0-1.2.31-5.29.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): libpng12-0-32bit-1.2.31-5.29.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): libpng-1.2.8-19.35.4 libpng-devel-1.2.8-19.35.4 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): libpng-32bit-1.2.8-19.35.4 libpng-devel-32bit-1.2.8-19.35.4 References: http://support.novell.com/security/cve/CVE-2011-3048.html https://bugzilla.novell.com/754745 http://download.novell.com/patch/finder/?keywords=62fa6d82a602002d1a921c7a7707c533 http://download.novell.com/patch/finder/?keywords=9b497e6ba7d48d9b4aa16c679cc768b6 From sle-security-updates at lists.suse.com Wed Jun 13 12:08:23 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Jun 2012 20:08:23 +0200 (CEST) Subject: SUSE-SU-2012:0734-1: important: Security update for IBM Java Message-ID: <20120613180823.7E27532833@maintenance.suse.de> SUSE Security Update: Security update for IBM Java ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0734-1 Rating: important References: #763805 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Java 11 SP1 SUSE Linux Enterprise Java 10 SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: IBM Java 1.4.2 SR13 FP12 has been released which fixes various bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ has more informations. CVEs addressed: CVE-2011-3563 CVE-2012-0499 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-java-1_4_2-ibm-6360 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-java-1_4_2-ibm-6360 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-java-1_4_2-ibm-6360 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-java-1_4_2-ibm-6360 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-java-1_4_2-ibm-6360 - SUSE Linux Enterprise Java 11 SP1: zypper in -t patch slejsp1-java-1_4_2-ibm-6360 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): java-1_4_2-ibm-devel-1.4.2_sr13.12-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): java-1_4_2-ibm-1.4.2_sr13.12-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): java-1_4_2-ibm-devel-1.4.2_sr13.12-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64): java-1_4_2-ibm-1.4.2_sr13.12-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.12-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.12-0.2.1 java-1_4_2-ibm-plugin-1.4.2_sr13.12-0.2.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): java-1_4_2-ibm-1.4.2_sr13.12-0.2.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.12-0.2.1 java-1_4_2-ibm-plugin-1.4.2_sr13.12-0.2.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.12-0.2.1 - SUSE Linux Enterprise Server 11 SP1 (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.12-0.2.1 java-1_4_2-ibm-plugin-1.4.2_sr13.12-0.2.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.12-0.5.1 java-1_4_2-ibm-devel-1.4.2_sr13.12-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc): java-1_4_2-ibm-jdbc-1.4.2_sr13.12-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (i586): java-1_4_2-ibm-plugin-1.4.2_sr13.12-0.5.1 - SUSE Linux Enterprise Java 11 SP1 (i586 ia64 ppc64 s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.12-0.2.1 - SUSE Linux Enterprise Java 11 SP1 (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.12-0.2.1 java-1_4_2-ibm-plugin-1.4.2_sr13.12-0.2.1 - SUSE Linux Enterprise Java 10 SP4 (i586 ia64 ppc s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.12-0.5.1 java-1_4_2-ibm-devel-1.4.2_sr13.12-0.5.1 - SUSE Linux Enterprise Java 10 SP4 (i586 ppc): java-1_4_2-ibm-jdbc-1.4.2_sr13.12-0.5.1 - SUSE Linux Enterprise Java 10 SP4 (i586): java-1_4_2-ibm-plugin-1.4.2_sr13.12-0.5.1 References: https://bugzilla.novell.com/763805 http://download.novell.com/patch/finder/?keywords=91410c4f201444d1c10815a8d2e98c88 http://download.novell.com/patch/finder/?keywords=adc0df3a81b3b146456e8e1893f4ddd4 From sle-security-updates at lists.suse.com Thu Jun 14 10:08:30 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 14 Jun 2012 18:08:30 +0200 (CEST) Subject: SUSE-SU-2012:0736-1: important: Security update for Linux kernel Message-ID: <20120614160830.9A0AA32835@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0736-1 Rating: important References: #671124 #671479 #683270 #693639 #713430 #718343 #721869 #722400 #723294 #724692 #724734 #726600 #729685 #730118 #730200 #731673 #732613 #733155 #734707 #737325 #737899 #740131 #742148 #742881 #744592 #745640 #745732 #745760 #745929 #746397 #746980 #747381 #749168 #750168 #750928 #751880 #752486 #754964 #758813 #760902 #761389 #762111 #764128 Cross-References: CVE-2011-2928 CVE-2011-4077 CVE-2011-4324 CVE-2011-4330 CVE-2012-2313 CVE-2012-2319 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 37 fixes is now available. Description: This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. The following security issues have been fixed: * CVE-2012-2319: A memory corruption when mounting a hfsplus filesystem was fixed that could be used by local attackers able to mount filesystem to crash the system. * CVE-2012-2313: The dl2k network card driver lacked permission handling for some ethtool ioctls, which could allow local attackers to start/stop the network card. * CVE-2011-2928: The befs_follow_linkl function in fs/befs/linuxvfs.c in the Linux kernel did not validate the lenght attribute of long symlinsk, which allowed local users to cause a denial of service (incorrect pointer dereference and Ooops) by accessing a long symlink on a malformed Be filesystem. * CVE-2011-4077: Fixed a memory corruption possibility in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. * CVE-2011-4324: A BUG() error report in the nfs4xdr routines on a NFSv4 mount was fixed that could happen during mknod. * CVE-2011-4330: Mounting a corrupted hfs filesystem could lead to a buffer overflow. The following non-security issues have been fixed: * kernel: pfault task state race (bnc#764128,LTC#81724). * ap: Toleration for ap bus devices with device type 10 (bnc#761389). * hugetlb, numa: fix interleave mpol reference count (bnc#762111). * cciss: fixup kdump (bnc#730200). * kdump: Avoid allocating bootmem map over crash reserved region (bnc#749168, bnc#722400, bnc#742881). * qeth: Improve OSA Express 4 blkt defaults (bnc#754964,LTC#80325). * zcrypt: Fix parameter checking for ZSECSENDCPRB ioctl (bnc#754964,LTC#80378). * virtio: add names to virtqueue struct, mapping from devices to queues (bnc#742148). * virtio: find_vqs/del_vqs virtio operations (bnc#742148). * virtio_pci: optional MSI-X support (bnc#742148). * virtio_pci: split up vp_interrupt (bnc#742148). * knfsd: nfsd4: fix laundromat shutdown race (752556). * driver core: Check for valid device in bus_find_device() (bnc#729685). * VMware detection backport from mainline (bnc#671124, bnc#747381). * net: adding memory barrier to the poll and receive callbacks (bnc#746397 bnc#750928). * qla2xxx: drop reference before wait for completion (bnc#744592). * qla2xxx: drop reference before wait for completion (bnc#744592). * ixgbe driver sets all WOL flags upon initialization so that machine is powered on as soon at it is switched off (bnc#693639) * Properly release MSI(X) vector(s) when MSI(X) gets disabled (bnc#723294, bnc#721869). * scsi: Always retry internal target error (bnc#745640). * cxgb4: fix parent device access in netdev_printk (bnc#733155). * lcs: lcs offline failure (bnc#752486,LTC#79788). * qeth: add missing wake_up call (bnc#752486,LTC#79899). * NFSD: Fill in WCC data for REMOVE, RMDIR, MKNOD, and MKDIR (bnc#751880). * xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. * xenbus_dev: add missing error checks to watch handling. * blkfront: properly fail packet requests (bnc#745929). * blkback: failure to write "feature-barrier" node is non-fatal. * igb: Free MSI and MSIX interrupt vectors on driver remove or shutdown (bnc#723294). * igb: Fix for Alt MAC Address feature on 82580 and later devices (bnc#746980). * igb: Free MSI and MSIX interrupt vectors on driver remove or shutdown (bnc#723294). * cfq: Fix infinite loop in cfq_preempt_queue() (bnc#724692). * dasd: fix fixpoint divide exception in define_extent (bnc#750168,LTC#79125). * ctcmpc: use correct idal word list for ctcmpc (bnc#750168,LTC#79264). * patches.fixes/ext3-fix-reuse-of-freed-blocks.diff: Delete. Patch should not really be needed and apparently causes a performance regression (bnc#683270) * tcp: fix race condition leading to premature termination of sockets in FIN_WAIT2 state and connection being reset (bnc#745760) * kernel: console interrupts vs. panic (bnc#737325,LTC#77272). * af_iucv: remove IUCV-pathes completely (bnc#737325,LTC#78292). * qdio: wrong buffers-used counter for ERROR buffers (bnc#737325,LTC#78758). * ext3: Fix credit estimate for DIO allocation (bnc#745732). * jbd: validate sb->s_first in journal_get_superblock() (bnc#730118). * ocfs2: serialize unaligned aio (bnc#671479). * cifs: eliminate usage of kthread_stop for cifsd (bnc#718343). * virtio: fix wrong type used, resulting in truncated addresses in bigsmp kernel. (bnc#737899) * cciss: Adds simple mode functionality (bnc#730200). * blktap: fix locking (again) (bnc#724734). * block: Initial support for data-less (or empty) barrier support (bnc#734707 FATE#313126). * xen: Do not allow empty barriers to be passed down to queues that do not grok them (bnc#734707 FATE#313126). * linkwatch: Handle jiffies wrap-around (bnc#740131). Security Issue references: * CVE-2011-2928 * CVE-2011-4077 * CVE-2011-4324 * CVE-2011-4330 * CVE-2012-2319 * CVE-2012-2313 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): kernel-default-2.6.16.60-0.97.1 kernel-source-2.6.16.60-0.97.1 kernel-syms-2.6.16.60-0.97.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64): kernel-debug-2.6.16.60-0.97.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64): kernel-kdump-2.6.16.60-0.97.1 - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64): kernel-smp-2.6.16.60-0.97.1 kernel-xen-2.6.16.60-0.97.1 - SUSE Linux Enterprise Server 10 SP4 (i586): kernel-bigsmp-2.6.16.60-0.97.1 kernel-kdumppae-2.6.16.60-0.97.1 kernel-vmi-2.6.16.60-0.97.1 kernel-vmipae-2.6.16.60-0.97.1 kernel-xenpae-2.6.16.60-0.97.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): kernel-iseries64-2.6.16.60-0.97.1 kernel-ppc64-2.6.16.60-0.97.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): kernel-default-2.6.16.60-0.97.1 kernel-smp-2.6.16.60-0.97.1 kernel-source-2.6.16.60-0.97.1 kernel-syms-2.6.16.60-0.97.1 kernel-xen-2.6.16.60-0.97.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586): kernel-bigsmp-2.6.16.60-0.97.1 kernel-xenpae-2.6.16.60-0.97.1 - SLE SDK 10 SP4 (i586 ia64 x86_64): kernel-debug-2.6.16.60-0.97.1 - SLE SDK 10 SP4 (i586 ppc x86_64): kernel-kdump-2.6.16.60-0.97.1 - SLE SDK 10 SP4 (i586 x86_64): kernel-xen-2.6.16.60-0.97.1 - SLE SDK 10 SP4 (i586): kernel-xenpae-2.6.16.60-0.97.1 References: http://support.novell.com/security/cve/CVE-2011-2928.html http://support.novell.com/security/cve/CVE-2011-4077.html http://support.novell.com/security/cve/CVE-2011-4324.html http://support.novell.com/security/cve/CVE-2011-4330.html http://support.novell.com/security/cve/CVE-2012-2313.html http://support.novell.com/security/cve/CVE-2012-2319.html https://bugzilla.novell.com/671124 https://bugzilla.novell.com/671479 https://bugzilla.novell.com/683270 https://bugzilla.novell.com/693639 https://bugzilla.novell.com/713430 https://bugzilla.novell.com/718343 https://bugzilla.novell.com/721869 https://bugzilla.novell.com/722400 https://bugzilla.novell.com/723294 https://bugzilla.novell.com/724692 https://bugzilla.novell.com/724734 https://bugzilla.novell.com/726600 https://bugzilla.novell.com/729685 https://bugzilla.novell.com/730118 https://bugzilla.novell.com/730200 https://bugzilla.novell.com/731673 https://bugzilla.novell.com/732613 https://bugzilla.novell.com/733155 https://bugzilla.novell.com/734707 https://bugzilla.novell.com/737325 https://bugzilla.novell.com/737899 https://bugzilla.novell.com/740131 https://bugzilla.novell.com/742148 https://bugzilla.novell.com/742881 https://bugzilla.novell.com/744592 https://bugzilla.novell.com/745640 https://bugzilla.novell.com/745732 https://bugzilla.novell.com/745760 https://bugzilla.novell.com/745929 https://bugzilla.novell.com/746397 https://bugzilla.novell.com/746980 https://bugzilla.novell.com/747381 https://bugzilla.novell.com/749168 https://bugzilla.novell.com/750168 https://bugzilla.novell.com/750928 https://bugzilla.novell.com/751880 https://bugzilla.novell.com/752486 https://bugzilla.novell.com/754964 https://bugzilla.novell.com/758813 https://bugzilla.novell.com/760902 https://bugzilla.novell.com/761389 https://bugzilla.novell.com/762111 https://bugzilla.novell.com/764128 http://download.novell.com/patch/finder/?keywords=3395803e5857d3e0f44b39331dc3b010 http://download.novell.com/patch/finder/?keywords=74169532cbeb6a34c2168ce4ce202dbf http://download.novell.com/patch/finder/?keywords=96d47125b6fb737bee4bf3f7619aa63d http://download.novell.com/patch/finder/?keywords=9fe1c1f891de7bb8b0abad73549e497a http://download.novell.com/patch/finder/?keywords=d66830daf8e6d37d2c64dfa779e3a77d From sle-security-updates at lists.suse.com Thu Jun 14 16:08:56 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 15 Jun 2012 00:08:56 +0200 (CEST) Subject: SUSE-SU-2012:0740-1: moderate: Security update for t1lib Message-ID: <20120614220856.EC7F732831@maintenance.suse.de> SUSE Security Update: Security update for t1lib ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0740-1 Rating: moderate References: #684802 #757961 Cross-References: CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update of t1lib fixes memory corruptions and a heap-based overflow in the afm font parser. Security Issue references: * CVE-2011-0764 * CVE-2011-1552 * CVE-2011-1553 * CVE-2011-1554 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): t1lib-1.3.1-585.11.1 t1lib-devel-1.3.1-585.11.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): t1lib-1.3.1-585.11.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): t1lib-1.3.1-585.11.1 t1lib-devel-1.3.1-585.11.1 References: http://support.novell.com/security/cve/CVE-2011-0764.html http://support.novell.com/security/cve/CVE-2011-1552.html http://support.novell.com/security/cve/CVE-2011-1553.html http://support.novell.com/security/cve/CVE-2011-1554.html https://bugzilla.novell.com/684802 https://bugzilla.novell.com/757961 http://download.novell.com/patch/finder/?keywords=0a41b9d515732b420bea02ef6d7030a1 From sle-security-updates at lists.suse.com Thu Jun 14 17:08:31 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 15 Jun 2012 01:08:31 +0200 (CEST) Subject: SUSE-SU-2012:0741-1: important: Security update for bind Message-ID: <20120614230831.7B51F32837@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0741-1 Rating: important References: #765315 Cross-References: CVE-2012-1667 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: The following issue has been fixed: * Records with zero length rdata field could have crashed named or disclose portions of memory to clients (CVE-2012-1667). Security Issue reference: * CVE-2012-1667 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-bind-6388 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-bind-6388 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-bind-6388 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-bind-6388 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.6ESVR7P1]: bind-devel-9.6ESVR7P1-0.2.5.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64) [New Version: 9.6ESVR7P1]: bind-devel-32bit-9.6ESVR7P1-0.2.5.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 9.6ESVR7P1]: bind-9.6ESVR7P1-0.2.5.1 bind-chrootenv-9.6ESVR7P1-0.2.5.1 bind-doc-9.6ESVR7P1-0.2.5.1 bind-libs-9.6ESVR7P1-0.2.5.1 bind-utils-9.6ESVR7P1-0.2.5.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version: 9.6ESVR7P1]: bind-libs-32bit-9.6ESVR7P1-0.2.5.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.6ESVR7P1]: bind-9.6ESVR7P1-0.2.5.1 bind-chrootenv-9.6ESVR7P1-0.2.5.1 bind-doc-9.6ESVR7P1-0.2.5.1 bind-libs-9.6ESVR7P1-0.2.5.1 bind-utils-9.6ESVR7P1-0.2.5.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64) [New Version: 9.6ESVR7P1]: bind-libs-32bit-9.6ESVR7P1-0.2.5.1 - SUSE Linux Enterprise Server 11 SP1 (ia64) [New Version: 9.6ESVR7P1]: bind-libs-x86-9.6ESVR7P1-0.2.5.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 9.6ESVR7P1]: bind-libs-9.6ESVR7P1-0.2.5.1 bind-utils-9.6ESVR7P1-0.2.5.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 9.6ESVR7P1]: bind-libs-32bit-9.6ESVR7P1-0.2.5.1 References: http://support.novell.com/security/cve/CVE-2012-1667.html https://bugzilla.novell.com/765315 http://download.novell.com/patch/finder/?keywords=5a8f30aa7298342017cd0d068e2af050 From sle-security-updates at lists.suse.com Thu Jun 14 19:08:28 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 15 Jun 2012 03:08:28 +0200 (CEST) Subject: SUSE-SU-2012:0743-1: moderate: Security update for taglib Message-ID: <20120615010828.9CE8332839@maintenance.suse.de> SUSE Security Update: Security update for taglib ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0743-1 Rating: moderate References: #750690 #750691 #750693 Cross-References: CVE-2012-1108 CVE-2012-1584 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: The following issue has been fixed: * Specially crafted ogg files could have crashed taglib Security Issue references: * CVE-2012-1108 * CVE-2012-1584 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-taglib-6179 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-taglib-6179 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-taglib-6179 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-taglib-6179 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-taglib-6179 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-taglib-6179 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-taglib-6179 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): taglib-devel-1.5-19.23.4 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): taglib-devel-1.5-19.23.4 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): taglib-1.5-19.23.4 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): taglib-32bit-1.5-19.23.4 - SUSE Linux Enterprise Server 11 SP2 (ia64): taglib-x86-1.5-19.23.4 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): taglib-1.5-19.23.4 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): taglib-32bit-1.5-19.23.4 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): taglib-1.5-19.23.4 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): taglib-32bit-1.5-19.23.4 - SUSE Linux Enterprise Server 11 SP1 (ia64): taglib-x86-1.5-19.23.4 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): taglib-1.4-20.8.2 taglib-devel-1.4-20.8.2 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): taglib-32bit-1.4-20.8.2 - SUSE Linux Enterprise Server 10 SP4 (ia64): taglib-x86-1.4-20.8.2 - SUSE Linux Enterprise Server 10 SP4 (ppc): taglib-64bit-1.4-20.8.2 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): taglib-1.5-19.23.4 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): taglib-32bit-1.5-19.23.4 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): taglib-1.5-19.23.4 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): taglib-32bit-1.5-19.23.4 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): taglib-1.4-20.8.2 taglib-devel-1.4-20.8.2 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): taglib-32bit-1.4-20.8.2 References: http://support.novell.com/security/cve/CVE-2012-1108.html http://support.novell.com/security/cve/CVE-2012-1584.html https://bugzilla.novell.com/750690 https://bugzilla.novell.com/750691 https://bugzilla.novell.com/750693 http://download.novell.com/patch/finder/?keywords=5c89fe350359a52965c0528f42056cfb http://download.novell.com/patch/finder/?keywords=cd82b6b35d24911b6b1aa3e62fbad07c From sle-security-updates at lists.suse.com Thu Jun 14 20:08:26 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 15 Jun 2012 04:08:26 +0200 (CEST) Subject: SUSE-SU-2012:0744-1: moderate: Security update for t1lib Message-ID: <20120615020826.B6AFB32839@maintenance.suse.de> SUSE Security Update: Security update for t1lib ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0744-1 Rating: moderate References: #684802 #757961 Cross-References: CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update of t1lib fixes memory corruptions and a heap-based overflow in the afm font parser. Security Issue references: * CVE-2011-0764 * CVE-2011-1552 * CVE-2011-1553 * CVE-2011-1554 * CVE-2011-0433 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-t1lib-6195 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-t1lib-6195 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-t1lib-6195 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-t1lib-6195 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-t1lib-6195 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-t1lib-6195 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-t1lib-6195 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): t1lib-devel-5.1.1-100.21.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): t1lib-devel-5.1.1-100.21.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): t1lib-5.1.1-100.21.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): t1lib-5.1.1-100.21.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): t1lib-5.1.1-100.21.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): t1lib-5.1.1-100.21.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): t1lib-5.1.1-100.21.1 References: http://support.novell.com/security/cve/CVE-2011-0433.html http://support.novell.com/security/cve/CVE-2011-0764.html http://support.novell.com/security/cve/CVE-2011-1552.html http://support.novell.com/security/cve/CVE-2011-1553.html http://support.novell.com/security/cve/CVE-2011-1554.html https://bugzilla.novell.com/684802 https://bugzilla.novell.com/757961 http://download.novell.com/patch/finder/?keywords=1dd18a507815f6acda816b664d48a4cd From sle-security-updates at lists.suse.com Thu Jun 14 21:08:28 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 15 Jun 2012 05:08:28 +0200 (CEST) Subject: SUSE-SU-2012:0741-2: important: Security update for bind Message-ID: <20120615030828.36F9432835@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0741-2 Rating: important References: #765315 Cross-References: CVE-2012-1667 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: The following issue has been fixed: * Records with zero length rdata field could have crashed named or disclose portions of memory to clients (CVE-2012-1667). Security Issue reference: * CVE-2012-1667 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-bind-6382 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-bind-6382 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-bind-6382 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-bind-6382 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.6ESVR7P1]: bind-devel-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64) [New Version: 9.6ESVR7P1]: bind-devel-32bit-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 9.6ESVR7P1]: bind-9.6ESVR7P1-0.5.1 bind-chrootenv-9.6ESVR7P1-0.5.1 bind-doc-9.6ESVR7P1-0.5.1 bind-libs-9.6ESVR7P1-0.5.1 bind-utils-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 9.6ESVR7P1]: bind-libs-32bit-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.6ESVR7P1]: bind-9.6ESVR7P1-0.5.1 bind-chrootenv-9.6ESVR7P1-0.5.1 bind-doc-9.6ESVR7P1-0.5.1 bind-libs-9.6ESVR7P1-0.5.1 bind-utils-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 9.6ESVR7P1]: bind-libs-32bit-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 9.6ESVR7P1]: bind-libs-x86-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 9.6ESVR7P1]: bind-libs-9.6ESVR7P1-0.5.1 bind-utils-9.6ESVR7P1-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 9.6ESVR7P1]: bind-libs-32bit-9.6ESVR7P1-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-1667.html https://bugzilla.novell.com/765315 http://download.novell.com/patch/finder/?keywords=6c613f6b4f6b9ab1c13907a84d16ebda From sle-security-updates at lists.suse.com Fri Jun 15 14:08:23 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 15 Jun 2012 22:08:23 +0200 (CEST) Subject: SUSE-SU-2012:0746-1: important: Security update for Mozilla Firefox Message-ID: <20120615200823.343003283C@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0746-1 Rating: important References: #765204 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes three new package versions. Description: MozillaFirefox has been updated to 10.0.5ESR fixing various bugs and security issues. * MFSA 2012-34 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy reported memory safety problems and crashes that affect Firefox 12.(CVE-2012-1938) Christian Holler reported a memory safety problem that affects Firefox ESR. (CVE-2012-1939) Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman reported memory safety problems and crashes that affect Firefox ESR and Firefox 13. (CVE-2012-1937) Ken Russell of Google reported a bug in NVIDIA graphics drivers that they needed to work around in the Chromium WebGL implementation. Mozilla has done the same in Firefox 13 and ESR 10.0.5. (CVE-2011-3101) * MFSA 2012-35 Security researcher James Forshaw of Context Information Security found two issues with the Mozilla updater and the Mozilla updater service introduced in Firefox 12 for Windows. The first issue allows Mozilla's updater to load a local DLL file in a privileged context. The updater can be called by the Updater Service or independently on systems that do not use the service. The second of these issues allows for the updater service to load an arbitrary local DLL file, which can then be run with the same system privileges used by the service. Both of these issues require local file system access to be exploitable. Possible Arbitrary Code Execution by Update Service (CVE-2012-1942) Updater.exe loads wsock32.dll from application directory (CVE-2012-1943) * MFSA 2012-36 Security researcher Adam Barth found that inline event handlers, such as onclick, were no longer blocked by Content Security Policy's (CSP) inline-script blocking feature. Web applications relying on this feature of CSP to protect against cross-site scripting (XSS) were not fully protected. (CVE-2012-1944) * MFSA 2012-37 Security researcher Paul Stone reported an attack where an HTML page hosted on a Windows share and then loaded could then load Windows shortcut files (.lnk) in the same share. These shortcut files could then link to arbitrary locations on the local file system of the individual loading the HTML page. That page could show the contents of these linked files or directories from the local file system in an iframe, causing information disclosure. This issue could potentially affect Linux machines with samba shares enabled. (CVE-2012-1945) * MFSA 2012-38 Security researcher Arthur Gerkis used the Address Sanitizer tool to find a use-after-free while replacing/inserting a node in a document. This use-after-free could possibly allow for remote code execution. (CVE-2012-1946) * MFSA 2012-39 Security researcher Kaspar Brand found a flaw in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. Effects of this issue depend on the field. One known symptom is an unexploitable crash in handling OCSP responses. NSS also mishandles zero-length basic constraints, assuming default values for some types that should be rejected as malformed. These issues have been addressed in NSS 3.13.4, which is now being used by Mozilla. (CVE-2012-0441) * MFSA 2012-40 Security researcher Abhishek Arya of Google used the Address Sanitizer tool to uncover several issues: two heap buffer overflow bugs and a use-after-free problem. The first heap buffer overflow was found in conversion from unicode to native character sets when the function fails. The use-after-free occurs in nsFrameList when working with column layout with absolute positioning in a container that changes size. The second buffer overflow occurs in nsHTMLReflowState when a window is resized on a page with nested columns and a combination of absolute and relative positioning. All three of these issues are potentially exploitable. Heap-buffer-overflow in utf16_to_isolatin1 (CVE-2012-1947) Heap-use-after-free in nsFrameList::FirstChild (CVE-2012-1940) Heap-buffer-overflow in nsHTMLReflowState::CalculateHypotheticalBox, with nested multi-column, relative position, and absolute position (CVE-2012-1941) More information on security issues can be found on: http://www.mozilla.org/security/announce/ Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-MozillaFirefox-6425 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-MozillaFirefox-6425 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-MozillaFirefox-6425 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-MozillaFirefox-6425 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-MozillaFirefox-6425 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-MozillaFirefox-6425 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-MozillaFirefox-6425 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.13.5 and 4.9.1]: mozilla-nspr-devel-4.9.1-0.5.1 mozilla-nss-devel-3.13.5-0.4.2 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.13.5 and 4.9.1]: mozilla-nspr-devel-4.9.1-0.5.1 mozilla-nss-devel-3.13.5-0.4.2 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.5,3.13.5 and 4.9.1]: MozillaFirefox-10.0.5-0.3.6 MozillaFirefox-translations-10.0.5-0.3.6 libfreebl3-3.13.5-0.4.2 mozilla-nspr-4.9.1-0.5.1 mozilla-nss-3.13.5-0.4.2 mozilla-nss-tools-3.13.5-0.4.2 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 3.13.5 and 4.9.1]: libfreebl3-32bit-3.13.5-0.4.2 mozilla-nspr-32bit-4.9.1-0.5.1 mozilla-nss-32bit-3.13.5-0.4.2 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 3.13.5 and 4.9.1]: libfreebl3-x86-3.13.5-0.4.2 mozilla-nspr-x86-4.9.1-0.5.1 mozilla-nss-x86-3.13.5-0.4.2 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 10.0.5,3.13.5 and 4.9.1]: MozillaFirefox-10.0.5-0.3.6 MozillaFirefox-translations-10.0.5-0.3.6 libfreebl3-3.13.5-0.4.2 mozilla-nspr-4.9.1-0.5.1 mozilla-nss-3.13.5-0.4.2 mozilla-nss-tools-3.13.5-0.4.2 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version: 3.13.5 and 4.9.1]: libfreebl3-32bit-3.13.5-0.4.2 mozilla-nspr-32bit-4.9.1-0.5.1 mozilla-nss-32bit-3.13.5-0.4.2 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.5,3.13.5 and 4.9.1]: MozillaFirefox-10.0.5-0.3.6 MozillaFirefox-translations-10.0.5-0.3.6 libfreebl3-3.13.5-0.4.2 mozilla-nspr-4.9.1-0.5.1 mozilla-nss-3.13.5-0.4.2 mozilla-nss-tools-3.13.5-0.4.2 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64) [New Version: 3.13.5 and 4.9.1]: libfreebl3-32bit-3.13.5-0.4.2 mozilla-nspr-32bit-4.9.1-0.5.1 mozilla-nss-32bit-3.13.5-0.4.2 - SUSE Linux Enterprise Server 11 SP1 (ia64) [New Version: 3.13.5 and 4.9.1]: libfreebl3-x86-3.13.5-0.4.2 mozilla-nspr-x86-4.9.1-0.5.1 mozilla-nss-x86-3.13.5-0.4.2 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.13.5 and 4.9.1]: mozilla-nspr-4.9.1-0.8.1 mozilla-nspr-devel-4.9.1-0.8.1 mozilla-nss-3.13.5-0.7.2 mozilla-nss-devel-3.13.5-0.7.2 mozilla-nss-tools-3.13.5-0.7.2 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x): MozillaFirefox-10.0.5-0.8.4 MozillaFirefox-translations-10.0.5-0.8.4 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 3.13.5 and 4.9.1]: mozilla-nspr-32bit-4.9.1-0.8.1 mozilla-nss-32bit-3.13.5-0.7.2 - SUSE Linux Enterprise Server 10 SP4 (ia64) [New Version: 3.13.5 and 4.9.1]: mozilla-nspr-x86-4.9.1-0.8.1 mozilla-nss-x86-3.13.5-0.7.2 - SUSE Linux Enterprise Server 10 SP4 (ppc) [New Version: 3.13.5 and 4.9.1]: mozilla-nspr-64bit-4.9.1-0.8.1 mozilla-nss-64bit-3.13.5-0.7.2 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 10.0.5,3.13.5 and 4.9.1]: MozillaFirefox-10.0.5-0.3.6 MozillaFirefox-translations-10.0.5-0.3.6 libfreebl3-3.13.5-0.4.2 mozilla-nspr-4.9.1-0.5.1 mozilla-nss-3.13.5-0.4.2 mozilla-nss-tools-3.13.5-0.4.2 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 3.13.5 and 4.9.1]: libfreebl3-32bit-3.13.5-0.4.2 mozilla-nspr-32bit-4.9.1-0.5.1 mozilla-nss-32bit-3.13.5-0.4.2 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 10.0.5,3.13.5 and 4.9.1]: MozillaFirefox-10.0.5-0.3.6 MozillaFirefox-translations-10.0.5-0.3.6 libfreebl3-3.13.5-0.4.2 mozilla-nspr-4.9.1-0.5.1 mozilla-nss-3.13.5-0.4.2 mozilla-nss-tools-3.13.5-0.4.2 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 3.13.5 and 4.9.1]: libfreebl3-32bit-3.13.5-0.4.2 mozilla-nspr-32bit-4.9.1-0.5.1 mozilla-nss-32bit-3.13.5-0.4.2 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 3.13.5 and 4.9.1]: mozilla-nspr-4.9.1-0.8.1 mozilla-nspr-devel-4.9.1-0.8.1 mozilla-nss-3.13.5-0.7.2 mozilla-nss-devel-3.13.5-0.7.2 mozilla-nss-tools-3.13.5-0.7.2 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 3.13.5 and 4.9.1]: mozilla-nspr-32bit-4.9.1-0.8.1 mozilla-nss-32bit-3.13.5-0.7.2 - SUSE Linux Enterprise Desktop 10 SP4 (i586): MozillaFirefox-10.0.5-0.8.4 MozillaFirefox-translations-10.0.5-0.8.4 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.13.5]: mozilla-nss-tools-3.13.5-0.7.2 - SLE SDK 10 SP4 (i586 ia64 ppc s390x): MozillaFirefox-branding-upstream-10.0.5-0.8.4 References: https://bugzilla.novell.com/765204 http://download.novell.com/patch/finder/?keywords=07d017248ab36079da2d7b88d9bc2d80 http://download.novell.com/patch/finder/?keywords=17a6ba181710949a9ded0279ec9b1ffb From sle-security-updates at lists.suse.com Fri Jun 15 19:08:27 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 16 Jun 2012 03:08:27 +0200 (CEST) Subject: SUSE-SU-2012:0741-3: important: Security update for bind Message-ID: <20120616010827.9FD6B3283B@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0741-3 Rating: important References: #765315 Cross-References: CVE-2012-1667 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: The following issue has been fixed: * Records with zero length rdata field could have crashed named or disclosed portions of memory to clients (CVE-2012-1667). Security Issue references: * CVE-2012-1667 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 9.6ESVR7P1]: bind-9.6ESVR7P1-0.10.1 bind-chrootenv-9.6ESVR7P1-0.10.1 bind-devel-9.6ESVR7P1-0.10.1 bind-doc-9.6ESVR7P1-0.10.1 bind-libs-9.6ESVR7P1-0.10.1 bind-utils-9.6ESVR7P1-0.10.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 9.6ESVR7P1]: bind-libs-32bit-9.6ESVR7P1-0.10.1 - SUSE Linux Enterprise Server 10 SP4 (ia64) [New Version: 9.6ESVR7P1]: bind-libs-x86-9.6ESVR7P1-0.10.1 - SUSE Linux Enterprise Server 10 SP4 (ppc) [New Version: 9.6ESVR7P1]: bind-devel-64bit-9.6ESVR7P1-0.10.1 bind-libs-64bit-9.6ESVR7P1-0.10.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 9.6ESVR7P1]: bind-libs-9.6ESVR7P1-0.10.1 bind-utils-9.6ESVR7P1-0.10.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 9.6ESVR7P1]: bind-libs-32bit-9.6ESVR7P1-0.10.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 9.6ESVR7P1]: bind-9.6ESVR7P1-0.10.1 bind-chrootenv-9.6ESVR7P1-0.10.1 bind-devel-9.6ESVR7P1-0.10.1 bind-doc-9.6ESVR7P1-0.10.1 - SLE SDK 10 SP4 (ppc) [New Version: 9.6ESVR7P1]: bind-devel-64bit-9.6ESVR7P1-0.10.1 References: http://support.novell.com/security/cve/CVE-2012-1667.html https://bugzilla.novell.com/765315 http://download.novell.com/patch/finder/?keywords=4328ed71a96bc49951a61a9a05eab4f0 From sle-security-updates at lists.suse.com Mon Jun 18 13:08:29 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 18 Jun 2012 21:08:29 +0200 (CEST) Subject: SUSE-SU-2012:0741-4: important: Security update for bind Message-ID: <20120618190829.669E83283D@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0741-4 Rating: important References: #765315 Cross-References: CVE-2012-1667 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The following issue has been fixed: * Records with zero length rdata field could have crashed named or disclosed portions of memory to clients (CVE-2012-1667). Security Issue references: * CVE-2012-1667 Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): bind-9.3.4-1.36.1 bind-chrootenv-9.3.4-1.36.1 bind-devel-9.3.4-1.36.1 bind-doc-9.3.4-1.36.1 bind-libs-9.3.4-1.36.1 bind-utils-9.3.4-1.36.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): bind-libs-32bit-9.3.4-1.36.1 References: http://support.novell.com/security/cve/CVE-2012-1667.html https://bugzilla.novell.com/765315 http://download.novell.com/patch/finder/?keywords=fa5792b05ad6f009c42c5cd575b8e906 From sle-security-updates at lists.suse.com Tue Jun 19 14:08:25 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 19 Jun 2012 22:08:25 +0200 (CEST) Subject: SUSE-SU-2012:0762-1: critical: Security update for java-1_6_0-openjdk Message-ID: <20120619200825.179E13283B@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0762-1 Rating: critical References: #766802 Cross-References: CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: java-1_6_0-openjdk was updated to the IcedTea 1.11.3 release, fixing multiple security issues: * S7079902, CVE-2012-1711: Refine CORBA data models * S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. * S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement * S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations * S7143851, CVE-2012-1719: Improve IIOP stub and tie generation in RMIC * S7143872, CVE-2012-1718: Improve certificate extension processing * S7152811, CVE-2012-1723: Issues in client compiler * S7157609, CVE-2012-1724: Issues with loop * S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile Security Issue references: * CVE-2012-1725 * CVE-2012-1723 * CVE-2012-1713 * CVE-2012-1716 * CVE-2012-1711 * CVE-2012-1724 * CVE-2012-1719 * CVE-2012-1717 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-java-1_6_0-openjdk-6437 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-java-1_6_0-openjdk-6437 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b24.1.11.3-0.3.1 java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.3-0.3.1 java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.3-0.3.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b24.1.11.3-0.3.1 java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.3-0.3.1 java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.3-0.3.1 References: http://support.novell.com/security/cve/CVE-2012-1711.html http://support.novell.com/security/cve/CVE-2012-1713.html http://support.novell.com/security/cve/CVE-2012-1716.html http://support.novell.com/security/cve/CVE-2012-1717.html http://support.novell.com/security/cve/CVE-2012-1719.html http://support.novell.com/security/cve/CVE-2012-1723.html http://support.novell.com/security/cve/CVE-2012-1724.html http://support.novell.com/security/cve/CVE-2012-1725.html https://bugzilla.novell.com/766802 http://download.novell.com/patch/finder/?keywords=238a3f3249e53037791e1d82285d7523 From sle-security-updates at lists.suse.com Tue Jun 19 14:08:26 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 19 Jun 2012 22:08:26 +0200 (CEST) Subject: SUSE-SU-2012:0763-1: moderate: Security update for ImageMagick Message-ID: <20120619200826.EFA5C32837@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0763-1 Rating: moderate References: #746880 #752879 #754749 #758512 Cross-References: CVE-2012-0247 CVE-2012-0248 CVE-2012-0259 CVE-2012-0260 CVE-2012-1185 CVE-2012-1186 CVE-2012-1610 CVE-2012-1798 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update of ImageMagick fixes multiple security vulnerabilities that could be exploited by attackers via specially crafted image files: * CVE-2012-0259 / CVE-2012-1610: Integer overflow when processing EXIF directory entries with tags of e.g. format 5 (EXIF_FMT_URATIONAL) and a large components count. * CVE-2012-0247 / CVE-2012-1185: Integer overflows via "number_bytes" and "offset" could lead to memory corruption. CVE-2012-0248 / CVE-2012-1186: Denial of service via "profile.c". * CVE-2012-0260: Denial of service via JPEG restart markers (excessive CPU consumption). * CVE-2012-1798: Copying of invalid memory when reading TIFF EXIF IFD. Security Issue references: * CVE-2012-0247 * CVE-2012-0248 * CVE-2012-1185 * CVE-2012-1186 * CVE-2012-0259 * CVE-2012-0260 * CVE-2012-1798 * CVE-2012-1610 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-ImageMagick-6226 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-ImageMagick-6226 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-ImageMagick-6226 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-ImageMagick-6226 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-ImageMagick-6226 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-ImageMagick-6226 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-ImageMagick-6226 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-7.24.1 ImageMagick-devel-6.4.3.6-7.24.1 libMagick++-devel-6.4.3.6-7.24.1 libMagick++1-6.4.3.6-7.24.1 libMagickWand1-6.4.3.6-7.24.1 perl-PerlMagick-6.4.3.6-7.24.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-7.24.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-7.24.1 ImageMagick-devel-6.4.3.6-7.24.1 libMagick++-devel-6.4.3.6-7.24.1 libMagick++1-6.4.3.6-7.24.1 libMagickWand1-6.4.3.6-7.24.1 perl-PerlMagick-6.4.3.6-7.24.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-7.24.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-7.24.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.24.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): libMagickCore1-6.4.3.6-7.24.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): libMagickCore1-32bit-6.4.3.6-7.24.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-7.24.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.24.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): ImageMagick-6.4.3.6-7.24.1 libMagick++1-6.4.3.6-7.24.1 libMagickCore1-6.4.3.6-7.24.1 libMagickWand1-6.4.3.6-7.24.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libMagickCore1-32bit-6.4.3.6-7.24.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): ImageMagick-6.4.3.6-7.24.1 libMagick++1-6.4.3.6-7.24.1 libMagickCore1-6.4.3.6-7.24.1 libMagickWand1-6.4.3.6-7.24.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): libMagickCore1-32bit-6.4.3.6-7.24.1 References: http://support.novell.com/security/cve/CVE-2012-0247.html http://support.novell.com/security/cve/CVE-2012-0248.html http://support.novell.com/security/cve/CVE-2012-0259.html http://support.novell.com/security/cve/CVE-2012-0260.html http://support.novell.com/security/cve/CVE-2012-1185.html http://support.novell.com/security/cve/CVE-2012-1186.html http://support.novell.com/security/cve/CVE-2012-1610.html http://support.novell.com/security/cve/CVE-2012-1798.html https://bugzilla.novell.com/746880 https://bugzilla.novell.com/752879 https://bugzilla.novell.com/754749 https://bugzilla.novell.com/758512 http://download.novell.com/patch/finder/?keywords=02ea9cfe762a9d4a9f7250d6f994eb43 From sle-security-updates at lists.suse.com Tue Jun 19 15:08:29 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 19 Jun 2012 23:08:29 +0200 (CEST) Subject: SUSE-SU-2012:0764-1: moderate: Security update for ImageMagick Message-ID: <20120619210829.130CE32832@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0764-1 Rating: moderate References: #746880 #752879 #754749 #758512 Cross-References: CVE-2012-0247 CVE-2012-0248 CVE-2012-0259 CVE-2012-0260 CVE-2012-1185 CVE-2012-1186 CVE-2012-1610 Affected Products: SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update of ImageMagick fixes multiple security vulnerabilities that could have been exploited by attackers via specially crafted image files: * CVE-2012-0259 / CVE-2012-1610: Integer overflow when processing EXIF directory entries with tags of e.g. format 5 (EXIF_FMT_URATIONAL) and a large components count. * CVE-2012-0247 / CVE-2012-1185: Integer overflows via "number_bytes" and "offset" could lead to memory corruption. * CVE-2012-0248 / CVE-2012-1186: Denial of service via "profile.c". * CVE-2012-0260: Denial of service via JPEG restart markers (excessive CPU consumption). Security Issue references: * CVE-2012-0247 * CVE-2012-0248 * CVE-2012-1185 * CVE-2012-1186 * CVE-2012-0259 * CVE-2012-0260 * CVE-2012-1610 Package List: - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): ImageMagick-6.2.5-16.34.1 ImageMagick-Magick++-6.2.5-16.34.1 ImageMagick-devel-6.2.5-16.34.1 perl-PerlMagick-6.2.5-16.34.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): ImageMagick-6.2.5-16.34.1 ImageMagick-Magick++-6.2.5-16.34.1 ImageMagick-Magick++-devel-6.2.5-16.34.1 ImageMagick-devel-6.2.5-16.34.1 perl-PerlMagick-6.2.5-16.34.1 References: http://support.novell.com/security/cve/CVE-2012-0247.html http://support.novell.com/security/cve/CVE-2012-0248.html http://support.novell.com/security/cve/CVE-2012-0259.html http://support.novell.com/security/cve/CVE-2012-0260.html http://support.novell.com/security/cve/CVE-2012-1185.html http://support.novell.com/security/cve/CVE-2012-1186.html http://support.novell.com/security/cve/CVE-2012-1610.html https://bugzilla.novell.com/746880 https://bugzilla.novell.com/752879 https://bugzilla.novell.com/754749 https://bugzilla.novell.com/758512 http://download.novell.com/patch/finder/?keywords=73ca451abc4b60d47f7346db66e99f9a From sle-security-updates at lists.suse.com Wed Jun 20 08:08:21 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 20 Jun 2012 16:08:21 +0200 (CEST) Subject: SUSE-SU-2012:0765-1: important: Security update for oracle-update Message-ID: <20120620140821.D231A3283E@maintenance.suse.de> SUSE Security Update: Security update for oracle-update ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0765-1 Rating: important References: #736238 #757705 #760074 #760660 #763895 #764049 Cross-References: CVE-2012-1675 Affected Products: SUSE Manager 1.2 for SLE 11 SP1 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This package wraps the Oracle Server update process for the Oracle server included in SUSE Manager. On installation of this package it will pull and install the Oracle updates and patches, integrated so that SUSE Manager is correctly stopped, the databases converted and restarted. It contains a security helper script that may adjust the Oracle server listening on all network interfaces to just listen on localhost (CVE-2012-1675). To switch to a configuration that will restrict the listener to localhost only run the following command as root: spacewalk-service stop /opt/apps/db-update/smdba-netswitch localhost spacewalk-service start In case you want to revert to the previous configuration, just run: spacewalk-service stop /opt/apps/db-update/smdba-netswitch worldwide spacewalk-service start Security Issue references: * CVE-2012-1675 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.2 for SLE 11 SP1: zypper in -t patch sleman12sp1-oracle-update-6368 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.2 for SLE 11 SP1 (x86_64): oracle-update-0.1-0.5.8.1 References: http://support.novell.com/security/cve/CVE-2012-1675.html https://bugzilla.novell.com/736238 https://bugzilla.novell.com/757705 https://bugzilla.novell.com/760074 https://bugzilla.novell.com/760660 https://bugzilla.novell.com/763895 https://bugzilla.novell.com/764049 http://download.novell.com/patch/finder/?keywords=a0b8b5031c3d0c502432381a5213b6c2 From sle-security-updates at lists.suse.com Wed Jun 20 10:08:37 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 20 Jun 2012 18:08:37 +0200 (CEST) Subject: SUSE-SU-2012:0767-1: moderate: Security update for dhcpcd Message-ID: <20120620160837.499C13283D@maintenance.suse.de> SUSE Security Update: Security update for dhcpcd ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0767-1 Rating: moderate References: #758227 #760334 Cross-References: CVE-2012-2152 Affected Products: SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: A stack overflow in dhcpcd was fixed which could be used by network local attackers to crash the dhcpcd and so causing loss of DHCP functionality. (CVE-2012-2152) Security Issue references: * CVE-2012-2152 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-dhcpcd-6301 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-dhcpcd-6301 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-dhcpcd-6301 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-dhcpcd-6301 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-dhcpcd-6301 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): dhcpcd-3.2.3-44.30.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): dhcpcd-3.2.3-44.30.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): dhcpcd-3.2.3-44.30.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): dhcpcd-3.2.3-44.30.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): dhcpcd-3.2.3-44.30.1 References: http://support.novell.com/security/cve/CVE-2012-2152.html https://bugzilla.novell.com/758227 https://bugzilla.novell.com/760334 http://download.novell.com/patch/finder/?keywords=577fbcb78b8b81944e88bbcc835dbdf6 From sle-security-updates at lists.suse.com Wed Jun 20 14:08:26 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 20 Jun 2012 22:08:26 +0200 (CEST) Subject: SUSE-SU-2012:0771-1: moderate: Security update for puppet Message-ID: <20120620200826.D60CF3283D@maintenance.suse.de> SUSE Security Update: Security update for puppet ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0771-1 Rating: moderate References: #755726 #755869 #755870 #755871 #755872 Cross-References: CVE-2012-1986 CVE-2012-1987 CVE-2012-1988 CVE-2012-1989 Affected Products: SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. It includes one version update. Description: This update fixes the following issues: * CVE-2011-1986: Filebucket arbitrary file read * CVE-2012-1987: Filebucket DoS * CVE-2012-1988: Filebucket arbitrary code execution * CVE-2012-1989: insecure handling of temporary files Security Issue references: * CVE-2012-1988 * CVE-2012-1989 * CVE-2012-1986 * CVE-2012-1987 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-puppet-6115 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-puppet-6115 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-puppet-6115 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-puppet-6115 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-puppet-6115 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.12]: puppet-2.6.12-0.14.1 puppet-server-2.6.12-0.14.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 2.6.12]: puppet-2.6.12-0.14.1 puppet-server-2.6.12-0.14.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.12]: puppet-2.6.12-0.14.1 puppet-server-2.6.12-0.14.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 2.6.12]: puppet-2.6.12-0.14.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 2.6.12]: puppet-2.6.12-0.14.1 References: http://support.novell.com/security/cve/CVE-2012-1986.html http://support.novell.com/security/cve/CVE-2012-1987.html http://support.novell.com/security/cve/CVE-2012-1988.html http://support.novell.com/security/cve/CVE-2012-1989.html https://bugzilla.novell.com/755726 https://bugzilla.novell.com/755869 https://bugzilla.novell.com/755870 https://bugzilla.novell.com/755871 https://bugzilla.novell.com/755872 http://download.novell.com/patch/finder/?keywords=d5875dc9c1e3b6b7298be6f4723c1894 From sle-security-updates at lists.suse.com Wed Jun 20 15:08:32 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 20 Jun 2012 23:08:32 +0200 (CEST) Subject: SUSE-SU-2012:0772-1: moderate: Security update for expat Message-ID: <20120620210832.6A0193283D@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0772-1 Rating: moderate References: #750914 #751464 #751465 Cross-References: CVE-2012-0876 CVE-2012-1147 CVE-2012-1148 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: The following issues have been fixed: * expat was prone to a hash collision attack that could lead to excessive CPU usage (CVE-2012-0876) * expat didn't close file descriptors in some cases (CVE-2012-1147) * specially crafted XML files could lead to a memory leak (CVE-2012-1148) Security Issue references: * CVE-2012-0876 * CVE-2012-1147 * CVE-2012-1148 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): expat-2.0.0-13.17.25 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): expat-32bit-2.0.0-13.17.25 - SUSE Linux Enterprise Server 10 SP4 (ia64): expat-x86-2.0.0-13.17.25 - SUSE Linux Enterprise Server 10 SP4 (ppc): expat-64bit-2.0.0-13.17.25 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): expat-2.0.0-13.17.25 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): expat-32bit-2.0.0-13.17.25 References: http://support.novell.com/security/cve/CVE-2012-0876.html http://support.novell.com/security/cve/CVE-2012-1147.html http://support.novell.com/security/cve/CVE-2012-1148.html https://bugzilla.novell.com/750914 https://bugzilla.novell.com/751464 https://bugzilla.novell.com/751465 http://download.novell.com/patch/finder/?keywords=4a77c640139b9b5a7e5b29f40a1e6f95 From sle-security-updates at lists.suse.com Wed Jun 20 16:09:00 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 21 Jun 2012 00:09:00 +0200 (CEST) Subject: SUSE-SU-2012:0773-1: moderate: Security update for expat Message-ID: <20120620220900.833D83283D@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0773-1 Rating: moderate References: #750914 #751464 #751465 #755377 Cross-References: CVE-2012-0876 CVE-2012-1147 CVE-2012-1148 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update of expat fixes the following bugs: * hash collision attack that could lead to exessive CPU usage (CVE-2012-0876) * expat didn't close file descriptors in some cases (CVE-2012-1147) * specially crafted xml files could lead to a memory leak (CVE-2012-1148) Security Issue references: * CVE-2012-0876 * CVE-2012-1147 * CVE-2012-1148 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-expat-6200 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-expat-6200 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-expat-6200 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-expat-6200 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-expat-6200 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-expat-6200 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-expat-6200 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libexpat-devel-2.0.1-88.34.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): libexpat-devel-2.0.1-88.34.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): expat-2.0.1-88.34.1 libexpat1-2.0.1-88.34.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libexpat1-32bit-2.0.1-88.34.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libexpat1-x86-2.0.1-88.34.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): expat-2.0.1-88.34.1 libexpat1-2.0.1-88.34.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): libexpat1-32bit-2.0.1-88.34.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): expat-2.0.1-88.34.1 libexpat1-2.0.1-88.34.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): libexpat1-32bit-2.0.1-88.34.1 - SUSE Linux Enterprise Server 11 SP1 (ia64): libexpat1-x86-2.0.1-88.34.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): expat-2.0.1-88.34.1 libexpat1-2.0.1-88.34.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libexpat1-32bit-2.0.1-88.34.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): expat-2.0.1-88.34.1 libexpat1-2.0.1-88.34.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): libexpat1-32bit-2.0.1-88.34.1 References: http://support.novell.com/security/cve/CVE-2012-0876.html http://support.novell.com/security/cve/CVE-2012-1147.html http://support.novell.com/security/cve/CVE-2012-1148.html https://bugzilla.novell.com/750914 https://bugzilla.novell.com/751464 https://bugzilla.novell.com/751465 https://bugzilla.novell.com/755377 http://download.novell.com/patch/finder/?keywords=4f4720017d3689f1be23fb836976906d From sle-security-updates at lists.suse.com Fri Jun 22 11:08:36 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 22 Jun 2012 19:08:36 +0200 (CEST) Subject: SUSE-SU-2012:0782-1: important: Security update for finch, libpurple and pidgin Message-ID: <20120622170836.8FB4132843@maintenance.suse.de> SUSE Security Update: Security update for finch, libpurple and pidgin ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0782-1 Rating: important References: #752275 #760890 #761155 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: Various remote triggerable crashes in pidgin have been fixed: * CVE-2012-1178: In some situations the MSN server sends text that isn't UTF-8 encoded, and Pidgin fails to verify the text's encoding. In some cases this can lead to a crash when attempting to display the text (). * CVE-2012-1178/CVE-2012-2318: Incoming messages with certain characters or character encodings can cause clients to crash. * CVE-2012-2214: A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-finch-6294 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-finch-6294 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-finch-6294 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-finch-6294 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): finch-2.6.6-0.15.1 finch-devel-2.6.6-0.15.1 libpurple-2.6.6-0.15.1 libpurple-devel-2.6.6-0.15.1 libpurple-lang-2.6.6-0.15.1 pidgin-2.6.6-0.15.1 pidgin-devel-2.6.6-0.15.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): finch-2.6.6-0.15.1 finch-devel-2.6.6-0.15.1 libpurple-2.6.6-0.15.1 libpurple-devel-2.6.6-0.15.1 libpurple-lang-2.6.6-0.15.1 pidgin-2.6.6-0.15.1 pidgin-devel-2.6.6-0.15.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): finch-2.6.6-0.15.1 libpurple-2.6.6-0.15.1 libpurple-lang-2.6.6-0.15.1 libpurple-meanwhile-2.6.6-0.15.1 libpurple-tcl-2.6.6-0.15.1 pidgin-2.6.6-0.15.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): finch-2.6.6-0.15.1 libpurple-2.6.6-0.15.1 libpurple-lang-2.6.6-0.15.1 libpurple-meanwhile-2.6.6-0.15.1 libpurple-tcl-2.6.6-0.15.1 pidgin-2.6.6-0.15.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): finch-2.6.6-0.16.1 libpurple-2.6.6-0.16.1 pidgin-2.6.6-0.16.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): finch-2.6.6-0.16.1 finch-devel-2.6.6-0.16.1 libpurple-2.6.6-0.16.1 libpurple-devel-2.6.6-0.16.1 pidgin-2.6.6-0.16.1 pidgin-devel-2.6.6-0.16.1 References: https://bugzilla.novell.com/752275 https://bugzilla.novell.com/760890 https://bugzilla.novell.com/761155 http://download.novell.com/patch/finder/?keywords=1444b130f542f9e056af8af62199bd10 http://download.novell.com/patch/finder/?keywords=b0914368d9cc2257e01e528c5ffb01e8 From sle-security-updates at lists.suse.com Mon Jun 25 18:08:23 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 26 Jun 2012 02:08:23 +0200 (CEST) Subject: SUSE-SU-2012:0789-1: important: Security update for Linux kernel Message-ID: <20120626000823.243033283D@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0789-1 Rating: important References: #556135 #735909 #743579 #744404 #747404 #754690 #756050 #757315 #758243 #759336 #759545 #759805 #760237 #760806 #761087 #761245 #762991 #762992 #763267 #763307 #763485 #763717 #764091 #764150 #764209 #764500 #764900 #765102 #765253 #765320 #765524 Cross-References: CVE-2012-2119 CVE-2012-2136 CVE-2012-2373 CVE-2012-2375 CVE-2012-2390 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 26 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.34, fixing a lot of bugs and security issues. The update from Linux kernel 3.0.31 to 3.0.34 also fixes various bugs not listed here. The following security issues have been fixed: * CVE-2012-2136: Local attackers could trigger an overflow in sock_alloc_send_pksb(), potentially crashing the machine or escalate privileges. * CVE-2012-2390: A memory leak in transparent hugepages on mmap failure could be used by local attacker to run the machine out of memory (local denial of service). * CVE-2012-2119: A malicious guest driver could overflow the host stack by passing a long descriptor, so potentially crashing the host system or escalating privileges on the host. * CVE-2012-2375: Malicious NFS server could crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute requests, only incompletely fixed by CVE-2011-4131. The following non-security bugs have been fixed: Hyper-V: * storvsc: Properly handle errors from the host (bnc#747404). * HID: hid-hyperv: Do not use hid_parse_report() directly. * HID: hyperv: Set the hid drvdata correctly. * drivers/hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp(). * drivers/hv: util: Properly handle version negotiations. * hv: fix return type of hv_post_message(). * net/hyperv: Add flow control based on hi/low watermark. * usb/net: rndis: break out <1/rndis.h> defines. only net/hyperv part * usb/net: rndis: remove ambigous status codes. only net/hyperv part * usb/net: rndis: merge command codes. only net/hyperv part * net/hyperv: Adding cancellation to ensure rndis filter is closed. * update hv drivers to 3.4-rc1, requires new hv_kvp_daemon: * drivers: hv: kvp: Add/cleanup connector defines. * drivers: hv: kvp: Move the contents of hv_kvp.h to hyperv.h. * net/hyperv: Convert camel cased variables in rndis_filter.c to lower cases. * net/hyperv: Correct the assignment in netvsc_recv_callback(). * net/hyperv: Remove the unnecessary memset in rndis_filter_send(). * drivers: hv: Cleanup the kvp related state in hyperv.h. * tools: hv: Use hyperv.h to get the KVP definitions. * drivers: hv: kvp: Cleanup the kernel/user protocol. * drivers: hv: Increase the number of VCPUs supported in the guest. * net/hyperv: Fix data corruption in rndis_filter_receive(). * net/hyperv: Add support for vlan trunking from guests. * Drivers: hv: Add new message types to enhance KVP. * Drivers: hv: Support the newly introduced KVP messages in the driver. * Tools: hv: Fully support the new KVP verbs in the user level daemon. * Tools: hv: Support enumeration from all the pools. * net/hyperv: Fix the code handling tx busy. * patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant: ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices. Btrfs: * btrfs: more module message prefixes. * vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them * btrfs: flush all the dirty pages if try_to_writeback_inodes_sb_nr() fails * vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them * btrfs: fix locking in btrfs_destroy_delayed_refs * btrfs: wake up transaction waiters when aborting a transaction * btrfs: abort the transaction if the commit fails * btrfs: fix btrfs_destroy_marked_extents * btrfs: unlock everything properly in the error case for nocow * btrfs: fix return code in drop_objectid_items * btrfs: check to see if the inode is in the log before fsyncing * btrfs: pass locked_page into extent_clear_unlock_delalloc if theres an error * btrfs: check the return code of btrfs_save_ino_cache * btrfs: do not update atime for RO snapshots (FATE#306586). * btrfs: convert the inode bit field to use the actual bit operations * btrfs: fix deadlock when the process of delayed refs fails * btrfs: stop defrag the files automatically when doin readonly remount or umount * btrfs: avoid memory leak of extent state in error handling routine * btrfs: make sure that we have made everything in pinned tree clean * btrfs: destroy the items of the delayed inodes in error handling routine * btrfs: ulist realloc bugfix * btrfs: bugfix in btrfs_find_parent_nodes * btrfs: bugfix: ignore the wrong key for indirect tree block backrefs * btrfs: avoid buffer overrun in btrfs_printk * btrfs: fall back to non-inline if we do not have enough space * btrfs: NUL-terminate path buffer in DEV_INFO ioctl result * btrfs: avoid buffer overrun in mount option handling * btrfs: do not do balance in readonly mode * btrfs: fix the same inode id problem when doing auto defragment * btrfs: fix wrong error returned by adding a device * btrfs: use fastpath in extent state ops as much as possible Misc: * tcp: drop SYN+FIN messages (bnc#765102). * mm: avoid swapping out with swappiness==0 (swappiness). * thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE (bnc#762991). * paravirt: Split paravirt MMU ops (bnc#556135, bnc#754690, FATE#306453). * paravirt: Only export pv_mmu_ops symbol if PARAVIRT_MMU * parvirt: Stub support KABI for KVM_MMU (bnc#556135, bnc#754690, FATE#306453). * tmpfs: implement NUMA node interleaving (bnc#764209). * synaptics-hp-clickpad: Fix the detection of LED on the recent HP laptops (bnc#765524) * supported.conf: mark xt_AUDIT as supported (bnc#765253) * mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition (bnc#762991 CVE-2012-2373). * xhci: Do not free endpoints in xhci_mem_cleanup() (bnc#763307). * xhci: Fix invalid loop check in xhci_free_tt_info() (bnc#763307). * drm: Skip too big EDID extensions (bnc#764900). * drm/i915: Add HP EliteBook to LVDS-temporary-disable list (bnc#763717). * hwmon: (fam15h_power) Increase output resolution (bnc#759336). * hwmon: (k10temp) Add support for AMD Trinity CPUs (bnc#759336). * rpm/kernel-binary.spec.in: Own the right -kdump initrd (bnc#764500) * memcg: prevent from OOM with too many dirty pages. * dasd: re-prioritize partition detection message (bnc#764091,LTC#81617). * kernel: pfault task state race (bnc#764091,LTC#81724). * kernel: clear page table for sw large page emulation (bnc#764091,LTC#81933). * USB: fix bug of device descriptor got from superspeed device (bnc#761087). * xfrm: take net hdr len into account for esp payload size calculation (bnc#759545). * st: clean up dev cleanup in st_probe (bnc#760806). * st: clean up device file creation and removal (bnc#760806). * st: get rid of scsi_tapes array (bnc#760806). * st: raise device limit (bnc#760806). * st: Use static class attributes (bnc#760806). * mm: Optimize put_mems_allowed() usage (VM performance). * cifs: fix oops while traversing open file list (try #4) (bnc#756050). * scsi: Fix dm-multipath starvation when scsi host is busy (bnc#763485). * dasd: process all requests in the device tasklet (bnc#763267). * rt2x00:Add RT539b chipset support (bnc#760237). * kabi/severities: Ignore changes in drivers/net/wireless/rt2x00, these are just exports used among the rt2x00 modules. * rt2800: radio 3xxx: reprogram only lower bits of RF_R3 (bnc#759805). * rt2800: radio 3xxx: program RF_R1 during channel switch (bnc#759805). * rt2800: radio 3xxxx: channel switch RX/TX calibration fixes (bnc#759805). * rt2x00: Avoid unnecessary uncached (bnc#759805). * rt2x00: Introduce sta_add/remove callbacks (bnc#759805). * rt2x00: Add WCID to crypto struct (bnc#759805). * rt2x00: Add WCID to HT TX descriptor (bnc#759805). * rt2x00: Move bssidx calculation into its own function (bnc#759805). * rt2x00: Make use of sta_add/remove callbacks in rt2800 (bnc#759805). * rt2x00: Forbid aggregation for STAs not programmed into the hw (bnc#759805). * rt2x00: handle spurious pci interrupts (bnc#759805). * rt2800: disable DMA after firmware load. * rt2800: radio 3xxx: add channel switch calibration routines (bnc#759805). * rpm/kernel-binary.spec.in: Obsolete ath3k, as it is now in the tree. * floppy: remove floppy-specific O_EXCL handling (bnc#757315). * floppy: convert to delayed work and single-thread wq (bnc#761245). Security Issue references: * CVE-2012-2119 * CVE-2012-2136 * CVE-2012-2373 * CVE-2012-2390 * CVE-2012-2375 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kernel-6457 slessp2-kernel-6463 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kernel-6453 slessp2-kernel-6457 slessp2-kernel-6458 slessp2-kernel-6463 slessp2-kernel-6467 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-kernel-6453 sleshasp2-kernel-6457 sleshasp2-kernel-6458 sleshasp2-kernel-6463 sleshasp2-kernel-6467 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kernel-6457 sledsp2-kernel-6463 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.34]: kernel-default-3.0.34-0.7.9 kernel-default-base-3.0.34-0.7.9 kernel-default-devel-3.0.34-0.7.9 kernel-source-3.0.34-0.7.9 kernel-syms-3.0.34-0.7.9 kernel-trace-3.0.34-0.7.9 kernel-trace-base-3.0.34-0.7.9 kernel-trace-devel-3.0.34-0.7.9 kernel-xen-devel-3.0.34-0.7.9 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.34]: kernel-pae-3.0.34-0.7.9 kernel-pae-base-3.0.34-0.7.9 kernel-pae-devel-3.0.34-0.7.9 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.34]: kernel-default-3.0.34-0.7.9 kernel-default-base-3.0.34-0.7.9 kernel-default-devel-3.0.34-0.7.9 kernel-source-3.0.34-0.7.9 kernel-syms-3.0.34-0.7.9 kernel-trace-3.0.34-0.7.9 kernel-trace-base-3.0.34-0.7.9 kernel-trace-devel-3.0.34-0.7.9 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.34]: kernel-ec2-3.0.34-0.7.9 kernel-ec2-base-3.0.34-0.7.9 kernel-ec2-devel-3.0.34-0.7.9 kernel-xen-3.0.34-0.7.9 kernel-xen-base-3.0.34-0.7.9 kernel-xen-devel-3.0.34-0.7.9 - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.34]: kernel-default-man-3.0.34-0.7.9 - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.34]: kernel-ppc64-3.0.34-0.7.9 kernel-ppc64-base-3.0.34-0.7.9 kernel-ppc64-devel-3.0.34-0.7.9 - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.34]: kernel-pae-3.0.34-0.7.9 kernel-pae-base-3.0.34-0.7.9 kernel-pae-devel-3.0.34-0.7.9 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.34_0.7-2.10.30 cluster-network-kmp-trace-1.4_3.0.34_0.7-2.10.30 gfs2-kmp-default-2_3.0.34_0.7-0.7.30 gfs2-kmp-trace-2_3.0.34_0.7-0.7.30 ocfs2-kmp-default-1.6_3.0.34_0.7-0.7.30 ocfs2-kmp-trace-1.6_3.0.34_0.7-0.7.30 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.34_0.7-2.10.30 gfs2-kmp-xen-2_3.0.34_0.7-0.7.30 ocfs2-kmp-xen-1.6_3.0.34_0.7-0.7.30 - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.34_0.7-2.10.30 gfs2-kmp-ppc64-2_3.0.34_0.7-0.7.30 ocfs2-kmp-ppc64-1.6_3.0.34_0.7-0.7.30 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586): cluster-network-kmp-pae-1.4_3.0.34_0.7-2.10.30 gfs2-kmp-pae-2_3.0.34_0.7-0.7.30 ocfs2-kmp-pae-1.6_3.0.34_0.7-0.7.30 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.34]: kernel-default-3.0.34-0.7.9 kernel-default-base-3.0.34-0.7.9 kernel-default-devel-3.0.34-0.7.9 kernel-default-extra-3.0.34-0.7.9 kernel-source-3.0.34-0.7.9 kernel-syms-3.0.34-0.7.9 kernel-trace-3.0.34-0.7.9 kernel-trace-base-3.0.34-0.7.9 kernel-trace-devel-3.0.34-0.7.9 kernel-trace-extra-3.0.34-0.7.9 kernel-xen-3.0.34-0.7.9 kernel-xen-base-3.0.34-0.7.9 kernel-xen-devel-3.0.34-0.7.9 kernel-xen-extra-3.0.34-0.7.9 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.34]: kernel-pae-3.0.34-0.7.9 kernel-pae-base-3.0.34-0.7.9 kernel-pae-devel-3.0.34-0.7.9 kernel-pae-extra-3.0.34-0.7.9 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): ext4-writeable-kmp-default-0_3.0.34_0.7-0.14.11 kernel-default-extra-3.0.34-0.7.9 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.34_0.7-0.14.11 kernel-xen-extra-3.0.34-0.7.9 - SLE 11 SERVER Unsupported Extras (ppc64): ext4-writeable-kmp-ppc64-0_3.0.34_0.7-0.14.11 kernel-ppc64-extra-3.0.34-0.7.9 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.34_0.7-0.14.11 kernel-pae-extra-3.0.34-0.7.9 References: http://support.novell.com/security/cve/CVE-2012-2119.html http://support.novell.com/security/cve/CVE-2012-2136.html http://support.novell.com/security/cve/CVE-2012-2373.html http://support.novell.com/security/cve/CVE-2012-2375.html http://support.novell.com/security/cve/CVE-2012-2390.html https://bugzilla.novell.com/556135 https://bugzilla.novell.com/735909 https://bugzilla.novell.com/743579 https://bugzilla.novell.com/744404 https://bugzilla.novell.com/747404 https://bugzilla.novell.com/754690 https://bugzilla.novell.com/756050 https://bugzilla.novell.com/757315 https://bugzilla.novell.com/758243 https://bugzilla.novell.com/759336 https://bugzilla.novell.com/759545 https://bugzilla.novell.com/759805 https://bugzilla.novell.com/760237 https://bugzilla.novell.com/760806 https://bugzilla.novell.com/761087 https://bugzilla.novell.com/761245 https://bugzilla.novell.com/762991 https://bugzilla.novell.com/762992 https://bugzilla.novell.com/763267 https://bugzilla.novell.com/763307 https://bugzilla.novell.com/763485 https://bugzilla.novell.com/763717 https://bugzilla.novell.com/764091 https://bugzilla.novell.com/764150 https://bugzilla.novell.com/764209 https://bugzilla.novell.com/764500 https://bugzilla.novell.com/764900 https://bugzilla.novell.com/765102 https://bugzilla.novell.com/765253 https://bugzilla.novell.com/765320 https://bugzilla.novell.com/765524 http://download.novell.com/patch/finder/?keywords=1a7682fe55225a6d2fb7535ed5b3a6f0 http://download.novell.com/patch/finder/?keywords=31fea157a35016e51d4182b32fcb4191 http://download.novell.com/patch/finder/?keywords=4011009aab039f02db913a7bce208f8f http://download.novell.com/patch/finder/?keywords=5a7bc846608efdf1aca0d4f66ea9c9bb http://download.novell.com/patch/finder/?keywords=643ef9cef491ee6820b78654f2716745 http://download.novell.com/patch/finder/?keywords=681e25e2cce92c21c5a62ccbf5cc5678 http://download.novell.com/patch/finder/?keywords=8d123a34ca9f20522bea6195c39428aa http://download.novell.com/patch/finder/?keywords=970acd862c76b234643d06e43d4048ed http://download.novell.com/patch/finder/?keywords=e33c406efece164f0fd3b33e3b387568 http://download.novell.com/patch/finder/?keywords=f2bfce4b05959a193517d5099e8b3451 From sle-security-updates at lists.suse.com Tue Jun 26 07:08:31 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 26 Jun 2012 15:08:31 +0200 (CEST) Subject: SUSE-SU-2012:0791-1: Security update for perl-DBD-Pg Message-ID: <20120626130831.A6AE732843@maintenance.suse.de> SUSE Security Update: Security update for perl-DBD-Pg ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0791-1 Rating: low References: #751500 Cross-References: CVE-2012-1151 Affected Products: SUSE Studio Standard Edition 1.2 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: perl-DBD-Pg was prone to format string errors which could have crashed applications (CVE-2012-1151). This has been fixed. Security Issue references: * CVE-2012-1151 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Standard Edition 1.2: zypper in -t patch sleslms12-perl-DBD-Pg-6019 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Standard Edition 1.2 (x86_64): perl-DBD-Pg-2.10.3-1.20.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): perl-DBD-Pg-1.43-13.10.1 References: http://support.novell.com/security/cve/CVE-2012-1151.html https://bugzilla.novell.com/751500 http://download.novell.com/patch/finder/?keywords=24930e6a7dc80c0177ce9a6232051c1e http://download.novell.com/patch/finder/?keywords=2d5014b83f526c4ec74e9a1e2eade2e2 From sle-security-updates at lists.suse.com Tue Jun 26 09:08:31 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 26 Jun 2012 17:08:31 +0200 (CEST) Subject: SUSE-SU-2012:0792-1: moderate: Security update for wireshark Message-ID: <20120626150831.DAE6132846@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0792-1 Rating: moderate References: #763855 #763857 #763859 Cross-References: CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes one version update. Description: This version upgrade of wireshark fixes multiple denial of service flaws: * CVE-2012-2394: denial of service via memory alignment flaw * CVE-2012-2393: DIAMETER memory allocation flaw * CVE-2012-2392: denial of service in multiple dissectors / parsers Additionally, various other non-security bug fixes have been introduced. Security Issue references: * CVE-2012-2392 * CVE-2012-2393 * CVE-2012-2394 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-wireshark-6381 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-wireshark-6381 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-wireshark-6381 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-wireshark-6381 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-wireshark-6381 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-wireshark-6381 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-wireshark-6381 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.4.13]: wireshark-devel-1.4.13-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 1.4.13]: wireshark-1.4.13-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.4.13]: wireshark-devel-1.4.13-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64) [New Version: 1.4.13]: wireshark-1.4.13-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.4.13]: wireshark-1.4.13-0.2.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 1.4.13]: wireshark-1.4.13-0.2.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.4.13]: wireshark-1.4.13-0.2.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): wireshark-1.4.13-0.5.1 wireshark-devel-1.4.13-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.4.13]: wireshark-1.4.13-0.2.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 1.4.13]: wireshark-1.4.13-0.2.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): wireshark-1.4.13-0.5.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): wireshark-devel-1.4.13-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-2392.html http://support.novell.com/security/cve/CVE-2012-2393.html http://support.novell.com/security/cve/CVE-2012-2394.html https://bugzilla.novell.com/763855 https://bugzilla.novell.com/763857 https://bugzilla.novell.com/763859 http://download.novell.com/patch/finder/?keywords=5983708b2e2f0e4b7509a75f22ba2a57 http://download.novell.com/patch/finder/?keywords=5fa5091667b27983282e5dac3c593ef4 From sle-security-updates at lists.suse.com Tue Jun 26 10:08:31 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 26 Jun 2012 18:08:31 +0200 (CEST) Subject: SUSE-SU-2012:0793-1: moderate: Security update for libxml2 Message-ID: <20120626160831.AE0F532845@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0793-1 Rating: moderate References: #764538 Cross-References: CVE-2011-3102 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Specially crafted XML could have caused a denial of service via an out-of-bounds write (application crash) to applications that are linked against libxml2 (CVE-2011-3102). This has been fixed. Security Issue references: * CVE-2011-3102 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-libxml2-6365 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-libxml2-6365 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-libxml2-6365 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-libxml2-6365 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-libxml2-6365 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-libxml2-6365 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-libxml2-6365 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.17.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.17.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.17.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.17.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.17.1 libxml2-doc-2.7.6-0.17.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.17.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libxml2-x86-2.7.6-0.17.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): libxml2-2.7.6-0.17.1 libxml2-doc-2.7.6-0.17.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): libxml2-32bit-2.7.6-0.17.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.17.1 libxml2-doc-2.7.6-0.17.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.17.1 - SUSE Linux Enterprise Server 11 SP1 (ia64): libxml2-x86-2.7.6-0.17.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): libxml2-2.6.23-15.31.4 libxml2-devel-2.6.23-15.31.4 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): libxml2-32bit-2.6.23-15.31.4 libxml2-devel-32bit-2.6.23-15.31.4 - SUSE Linux Enterprise Server 10 SP4 (ia64): libxml2-x86-2.6.23-15.31.4 - SUSE Linux Enterprise Server 10 SP4 (ppc): libxml2-64bit-2.6.23-15.31.4 libxml2-devel-64bit-2.6.23-15.31.4 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libxml2-2.7.6-0.17.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libxml2-32bit-2.7.6-0.17.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): libxml2-2.7.6-0.17.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): libxml2-32bit-2.7.6-0.17.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): libxml2-2.6.23-15.31.4 libxml2-devel-2.6.23-15.31.4 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): libxml2-32bit-2.6.23-15.31.4 libxml2-devel-32bit-2.6.23-15.31.4 References: http://support.novell.com/security/cve/CVE-2011-3102.html https://bugzilla.novell.com/764538 http://download.novell.com/patch/finder/?keywords=7b174cf04bc60f0775dbbdbb0c987eb1 http://download.novell.com/patch/finder/?keywords=850fa3835152c3c596cbd2ee604d57f6 From sle-security-updates at lists.suse.com Tue Jun 26 11:08:22 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 26 Jun 2012 19:08:22 +0200 (CEST) Subject: SUSE-SU-2012:0791-2: Security update for perl-DBD-Pg Message-ID: <20120626170822.891D432843@maintenance.suse.de> SUSE Security Update: Security update for perl-DBD-Pg ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0791-2 Rating: low References: #751500 Cross-References: CVE-2012-1151 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: perl-DBD-Pg was prone to format string errors which could have crashed applications (CVE-2012-1151). This has been fixed. Security Issue reference: * CVE-2012-1151 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-perl-DBD-Pg-6018 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-perl-DBD-Pg-6018 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): perl-DBD-Pg-2.10.3-1.20.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): perl-DBD-Pg-2.10.3-1.20.1 References: http://support.novell.com/security/cve/CVE-2012-1151.html https://bugzilla.novell.com/751500 http://download.novell.com/patch/finder/?keywords=959e32728c02fbf15529c5272c2e91ef From sle-security-updates at lists.suse.com Wed Jun 27 12:08:23 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 27 Jun 2012 20:08:23 +0200 (CEST) Subject: SUSE-SU-2012:0741-5: important: Security update for bind Message-ID: <20120627180823.F052532847@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0741-5 Rating: important References: #765315 Cross-References: CVE-2012-1667 Affected Products: SUSE Linux Enterprise Server 10 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The following issue has been fixed: * Records with zero length rdata field could have crashed named or disclose portions of memory to clients (CVE-2012-1667). Security Issue reference: * CVE-2012-1667 Package List: - SUSE Linux Enterprise Server 10 SP2 (i586 s390x x86_64): bind-9.3.4-1.31.31.1 bind-chrootenv-9.3.4-1.31.31.1 bind-devel-9.3.4-1.31.31.1 bind-doc-9.3.4-1.31.31.1 bind-libs-9.3.4-1.31.31.1 bind-utils-9.3.4-1.31.31.1 - SUSE Linux Enterprise Server 10 SP2 (s390x x86_64): bind-libs-32bit-9.3.4-1.31.31.1 References: http://support.novell.com/security/cve/CVE-2012-1667.html https://bugzilla.novell.com/765315 http://download.novell.com/patch/finder/?keywords=aba1373453815722878a790dee66f659